Loading my_deploy.sh +1 −1 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ export TFS_REGISTRY_IMAGE="http://localhost:32000/tfs/" # interdomain slice pathcomp dlt # dbscanserving opticalattackmitigator opticalattackdetector # l3_attackmitigator l3_centralizedattackdetector l3_distributedattackdetector export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui" export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui policy" # Set the tag you want to use for your images. export TFS_IMAGE_TAG="dev" Loading src/policy/src/main/docker/Dockerfile.multistage.jvm +1 −0 Original line number Diff line number Diff line Loading @@ -51,6 +51,7 @@ RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} \ && chmod 540 /deployments/run-java.sh \ && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/conf/security/java.security ENV QUARKUS_LAUNCH_DEVMODE="true" # Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size. ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager" # We make four distinct layers so if there are application changes the library layers can be re-used Loading src/policy/src/main/java/eu/teraflow/policy/PolicyRuleConditionValidator.java +28 −11 Original line number Diff line number Diff line Loading @@ -58,8 +58,8 @@ public class PolicyRuleConditionValidator { return isDeviceIdValid; } public Uni<Boolean> validateServiceId(ServiceId serviceId) { final var isServiceIdValid = isServiceIdValid(serviceId); public Uni<Boolean> validateServiceId(ServiceId serviceId, List<String> deviceIds) { final var isServiceIdValid = isServiceIdValid(serviceId, deviceIds); isServiceIdValid .subscribe() Loading Loading @@ -101,14 +101,27 @@ public class PolicyRuleConditionValidator { return deviceDeviceId.equals(deviceId); } private Uni<Boolean> isServiceIdValid(ServiceId serviceId) { public Uni<Boolean> isServiceIdValid(ServiceId serviceId, List<String> deviceIds) { return contextService .getService(serviceId) .onFailure() .recoverWithItem((Service) null) .onItem() .transform(service -> checkIfServiceIdExists(service, serviceId)); .transform(service -> checkIfServiceIsValid(service, serviceId, deviceIds)); } private boolean checkIfServiceIsValid( Service service, ServiceId serviceId, List<String> deviceIds) { return (checkIfServiceIdExists(service, serviceId) && checkIfServicesDeviceIdsExist(service, deviceIds)); } private boolean checkIfServiceIdExists(Service service, ServiceId serviceId) { if (service == null) { return false; } final var serviceServiceIdServiceId = service.getServiceId(); final var serviceServiceIdContextId = serviceServiceIdServiceId.getContextId(); final var serviceServiceIdId = serviceServiceIdServiceId.getId(); Loading @@ -117,14 +130,11 @@ public class PolicyRuleConditionValidator { && serviceServiceIdId.equals(serviceId.getId()); } public Uni<Boolean> isServicesDeviceIdsValid(ServiceId serviceId, List<String> deviceIds) { return contextService .getService(serviceId) .onItem() .transform(service -> checkIfServicesDeviceIdsExist(service, deviceIds)); private boolean checkIfServicesDeviceIdsExist(Service service, List<String> deviceIds) { if (deviceIds.isEmpty()) { return true; } private boolean checkIfServicesDeviceIdsExist(Service service, List<String> deviceIds) { List<String> serviceDeviceIds = new ArrayList<>(); for (EndPointId serviceEndPointId : service.getServiceEndPointIds()) { serviceDeviceIds.add(serviceEndPointId.getDeviceId()); Loading @@ -133,6 +143,13 @@ public class PolicyRuleConditionValidator { return deviceIds.containsAll(serviceDeviceIds); } public Uni<Boolean> isServicesDeviceIdsValid(ServiceId serviceId, List<String> deviceIds) { return contextService .getService(serviceId) .onItem() .transform(service -> checkIfServicesDeviceIdsExist(service, deviceIds)); } private Uni<Boolean> isUpdatedPolicyRuleIdValid(String updatedPolicyRuleId) { return contextService .getPolicyRule(updatedPolicyRuleId) Loading src/policy/src/main/java/eu/teraflow/policy/PolicyServiceImpl.java +35 −28 Original line number Diff line number Diff line Loading @@ -160,23 +160,27 @@ public class PolicyServiceImpl implements PolicyService { final var policyRuleBasic = policyRuleService.getPolicyRuleBasic(); if (!policyRuleBasic.areArgumentsValid()) { LOGGER.error(policyRuleService.getExeceptionMessage()); setPolicyRuleServiceToContext( policyRuleService, final var policyRuleState = new PolicyRuleState( PolicyRuleStateEnum.POLICY_FAILED, policyRuleBasic.getExeceptionMessage())); return Uni.createFrom().item(policyRuleBasic.getPolicyRuleState()); PolicyRuleStateEnum.POLICY_FAILED, policyRuleBasic.getExeceptionMessage()); return Uni.createFrom().item(policyRuleState); } policyRuleBasic.setPolicyRuleState(INSERTED_POLICYRULE_STATE); policyRuleService.setPolicyRuleBasic(policyRuleBasic); final var policyRuleTypeService = new PolicyRuleTypeService(policyRuleService); final var policyRule = new PolicyRule(policyRuleTypeService); final var serviceId = policyRuleService.getServiceId(); final var deviceIds = policyRuleService.getDeviceIds(); contextService .setPolicyRule(policyRule) .subscribe() .with(id -> validateService(policyRuleService)); return Uni.createFrom().item(policyRuleBasic.getPolicyRuleState()); return policyRuleConditionValidator .isServiceIdValid(serviceId, deviceIds) .onItem() .transform( isService -> { if (!isService) { return new PolicyRuleState( PolicyRuleStateEnum.POLICY_FAILED, String.format(INVALID_MESSAGE, "Service with id: " + serviceId.getId())); } return VALIDATED_POLICYRULE_STATE; }); } @Override Loading @@ -195,24 +199,27 @@ public class PolicyServiceImpl implements PolicyService { final var policyRuleBasic = policyRuleService.getPolicyRuleBasic(); if (!policyRuleBasic.areArgumentsValid()) { LOGGER.error(policyRuleService.getExeceptionMessage()); setPolicyRuleServiceToContext( policyRuleService, final var policyRuleState = new PolicyRuleState( PolicyRuleStateEnum.POLICY_FAILED, policyRuleBasic.getExeceptionMessage())); return Uni.createFrom().item(policyRuleBasic.getPolicyRuleState()); PolicyRuleStateEnum.POLICY_FAILED, policyRuleBasic.getExeceptionMessage()); return Uni.createFrom().item(policyRuleState); } policyRuleBasic.setPolicyRuleState(UPDATED_POLICYRULE_STATE); policyRuleService.setPolicyRuleBasic(policyRuleBasic); final var policyRuleTypeService = new PolicyRuleTypeService(policyRuleService); final var policyRule = new PolicyRule(policyRuleTypeService); contextService .setPolicyRule(policyRule) .subscribe() .with(id -> validateUpdatedPolicyService(policyRuleService)); final var serviceId = policyRuleService.getServiceId(); final var deviceIds = policyRuleService.getDeviceIds(); return Uni.createFrom().item(policyRuleBasic.getPolicyRuleState()); return policyRuleConditionValidator .isServiceIdValid(serviceId, deviceIds) .onItem() .transform( isService -> { if (!isService) { return new PolicyRuleState( PolicyRuleStateEnum.POLICY_FAILED, String.format(INVALID_MESSAGE, "Service with id: " + serviceId.getId())); } return UPDATED_POLICYRULE_STATE; }); } @Override Loading Loading @@ -650,7 +657,7 @@ public class PolicyServiceImpl implements PolicyService { final var policyRuleBasic = policyRuleService.getPolicyRuleBasic(); Boolean isServiceIdValid = policyRuleConditionValidator.validateServiceId(serviceId).await().indefinitely(); policyRuleConditionValidator.validateServiceId(serviceId, deviceIds).await().indefinitely(); if (!isServiceIdValid) { String message = Loading src/policy/src/main/resources/application.yml +8 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,11 @@ # limitations under the License. quarkus: package: type: mutable-jar live-reload: password: 1234 url: http://0.0.0.0:8080 banner: path: teraflow-policy-banner.txt grpc: Loading @@ -23,6 +28,9 @@ quarkus: context: host: ${quarkus.kubernetes.env.vars.context-service-host} port: 1010 context_policy: host: ${quarkus.kubernetes.env.vars.context-service-host} port: 1010 monitoring: host: ${quarkus.kubernetes.env.vars.monitoring-service-host} port: 7070 Loading Loading
my_deploy.sh +1 −1 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ export TFS_REGISTRY_IMAGE="http://localhost:32000/tfs/" # interdomain slice pathcomp dlt # dbscanserving opticalattackmitigator opticalattackdetector # l3_attackmitigator l3_centralizedattackdetector l3_distributedattackdetector export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui" export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui policy" # Set the tag you want to use for your images. export TFS_IMAGE_TAG="dev" Loading
src/policy/src/main/docker/Dockerfile.multistage.jvm +1 −0 Original line number Diff line number Diff line Loading @@ -51,6 +51,7 @@ RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} \ && chmod 540 /deployments/run-java.sh \ && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/conf/security/java.security ENV QUARKUS_LAUNCH_DEVMODE="true" # Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size. ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager" # We make four distinct layers so if there are application changes the library layers can be re-used Loading
src/policy/src/main/java/eu/teraflow/policy/PolicyRuleConditionValidator.java +28 −11 Original line number Diff line number Diff line Loading @@ -58,8 +58,8 @@ public class PolicyRuleConditionValidator { return isDeviceIdValid; } public Uni<Boolean> validateServiceId(ServiceId serviceId) { final var isServiceIdValid = isServiceIdValid(serviceId); public Uni<Boolean> validateServiceId(ServiceId serviceId, List<String> deviceIds) { final var isServiceIdValid = isServiceIdValid(serviceId, deviceIds); isServiceIdValid .subscribe() Loading Loading @@ -101,14 +101,27 @@ public class PolicyRuleConditionValidator { return deviceDeviceId.equals(deviceId); } private Uni<Boolean> isServiceIdValid(ServiceId serviceId) { public Uni<Boolean> isServiceIdValid(ServiceId serviceId, List<String> deviceIds) { return contextService .getService(serviceId) .onFailure() .recoverWithItem((Service) null) .onItem() .transform(service -> checkIfServiceIdExists(service, serviceId)); .transform(service -> checkIfServiceIsValid(service, serviceId, deviceIds)); } private boolean checkIfServiceIsValid( Service service, ServiceId serviceId, List<String> deviceIds) { return (checkIfServiceIdExists(service, serviceId) && checkIfServicesDeviceIdsExist(service, deviceIds)); } private boolean checkIfServiceIdExists(Service service, ServiceId serviceId) { if (service == null) { return false; } final var serviceServiceIdServiceId = service.getServiceId(); final var serviceServiceIdContextId = serviceServiceIdServiceId.getContextId(); final var serviceServiceIdId = serviceServiceIdServiceId.getId(); Loading @@ -117,14 +130,11 @@ public class PolicyRuleConditionValidator { && serviceServiceIdId.equals(serviceId.getId()); } public Uni<Boolean> isServicesDeviceIdsValid(ServiceId serviceId, List<String> deviceIds) { return contextService .getService(serviceId) .onItem() .transform(service -> checkIfServicesDeviceIdsExist(service, deviceIds)); private boolean checkIfServicesDeviceIdsExist(Service service, List<String> deviceIds) { if (deviceIds.isEmpty()) { return true; } private boolean checkIfServicesDeviceIdsExist(Service service, List<String> deviceIds) { List<String> serviceDeviceIds = new ArrayList<>(); for (EndPointId serviceEndPointId : service.getServiceEndPointIds()) { serviceDeviceIds.add(serviceEndPointId.getDeviceId()); Loading @@ -133,6 +143,13 @@ public class PolicyRuleConditionValidator { return deviceIds.containsAll(serviceDeviceIds); } public Uni<Boolean> isServicesDeviceIdsValid(ServiceId serviceId, List<String> deviceIds) { return contextService .getService(serviceId) .onItem() .transform(service -> checkIfServicesDeviceIdsExist(service, deviceIds)); } private Uni<Boolean> isUpdatedPolicyRuleIdValid(String updatedPolicyRuleId) { return contextService .getPolicyRule(updatedPolicyRuleId) Loading
src/policy/src/main/java/eu/teraflow/policy/PolicyServiceImpl.java +35 −28 Original line number Diff line number Diff line Loading @@ -160,23 +160,27 @@ public class PolicyServiceImpl implements PolicyService { final var policyRuleBasic = policyRuleService.getPolicyRuleBasic(); if (!policyRuleBasic.areArgumentsValid()) { LOGGER.error(policyRuleService.getExeceptionMessage()); setPolicyRuleServiceToContext( policyRuleService, final var policyRuleState = new PolicyRuleState( PolicyRuleStateEnum.POLICY_FAILED, policyRuleBasic.getExeceptionMessage())); return Uni.createFrom().item(policyRuleBasic.getPolicyRuleState()); PolicyRuleStateEnum.POLICY_FAILED, policyRuleBasic.getExeceptionMessage()); return Uni.createFrom().item(policyRuleState); } policyRuleBasic.setPolicyRuleState(INSERTED_POLICYRULE_STATE); policyRuleService.setPolicyRuleBasic(policyRuleBasic); final var policyRuleTypeService = new PolicyRuleTypeService(policyRuleService); final var policyRule = new PolicyRule(policyRuleTypeService); final var serviceId = policyRuleService.getServiceId(); final var deviceIds = policyRuleService.getDeviceIds(); contextService .setPolicyRule(policyRule) .subscribe() .with(id -> validateService(policyRuleService)); return Uni.createFrom().item(policyRuleBasic.getPolicyRuleState()); return policyRuleConditionValidator .isServiceIdValid(serviceId, deviceIds) .onItem() .transform( isService -> { if (!isService) { return new PolicyRuleState( PolicyRuleStateEnum.POLICY_FAILED, String.format(INVALID_MESSAGE, "Service with id: " + serviceId.getId())); } return VALIDATED_POLICYRULE_STATE; }); } @Override Loading @@ -195,24 +199,27 @@ public class PolicyServiceImpl implements PolicyService { final var policyRuleBasic = policyRuleService.getPolicyRuleBasic(); if (!policyRuleBasic.areArgumentsValid()) { LOGGER.error(policyRuleService.getExeceptionMessage()); setPolicyRuleServiceToContext( policyRuleService, final var policyRuleState = new PolicyRuleState( PolicyRuleStateEnum.POLICY_FAILED, policyRuleBasic.getExeceptionMessage())); return Uni.createFrom().item(policyRuleBasic.getPolicyRuleState()); PolicyRuleStateEnum.POLICY_FAILED, policyRuleBasic.getExeceptionMessage()); return Uni.createFrom().item(policyRuleState); } policyRuleBasic.setPolicyRuleState(UPDATED_POLICYRULE_STATE); policyRuleService.setPolicyRuleBasic(policyRuleBasic); final var policyRuleTypeService = new PolicyRuleTypeService(policyRuleService); final var policyRule = new PolicyRule(policyRuleTypeService); contextService .setPolicyRule(policyRule) .subscribe() .with(id -> validateUpdatedPolicyService(policyRuleService)); final var serviceId = policyRuleService.getServiceId(); final var deviceIds = policyRuleService.getDeviceIds(); return Uni.createFrom().item(policyRuleBasic.getPolicyRuleState()); return policyRuleConditionValidator .isServiceIdValid(serviceId, deviceIds) .onItem() .transform( isService -> { if (!isService) { return new PolicyRuleState( PolicyRuleStateEnum.POLICY_FAILED, String.format(INVALID_MESSAGE, "Service with id: " + serviceId.getId())); } return UPDATED_POLICYRULE_STATE; }); } @Override Loading Loading @@ -650,7 +657,7 @@ public class PolicyServiceImpl implements PolicyService { final var policyRuleBasic = policyRuleService.getPolicyRuleBasic(); Boolean isServiceIdValid = policyRuleConditionValidator.validateServiceId(serviceId).await().indefinitely(); policyRuleConditionValidator.validateServiceId(serviceId, deviceIds).await().indefinitely(); if (!isServiceIdValid) { String message = Loading
src/policy/src/main/resources/application.yml +8 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,11 @@ # limitations under the License. quarkus: package: type: mutable-jar live-reload: password: 1234 url: http://0.0.0.0:8080 banner: path: teraflow-policy-banner.txt grpc: Loading @@ -23,6 +28,9 @@ quarkus: context: host: ${quarkus.kubernetes.env.vars.context-service-host} port: 1010 context_policy: host: ${quarkus.kubernetes.env.vars.context-service-host} port: 1010 monitoring: host: ${quarkus.kubernetes.env.vars.monitoring-service-host} port: 7070 Loading
