-
Bug
-
Resolution: Done
-
High
-
Beijing Release
-
None
-
Policy Beijing RC1
It seems that the AAI username and password are not being used when communicating with AAI, as a consequence Request are being denied by AAI with a 403.
[2018-04-19T19:04:20.649+00:00|INFO|AaiManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] https://aai.api.simpledemo.openecomp.org:8443/aai/v11/network/generic-vnfs/generic-vnf?vnf-name=vFWCntlLoopHealth1
[2018-04-19T19:04:20.649+00:00|INFO|AaiManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] 403
[2018-04-19T19:04:20.649+00:00|INFO|AaiManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] {"requestError":{"policyException":{"messageId":"POL3300","text":"Unauthorized (msg=%1) (ec=%2)","variables":["Unauthorized","ERR.5.1.3300"]}}}
[2018-04-19T19:04:21.662+00:00|INFO|AaiManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] https://aai.api.simpledemo.openecomp.org:8443/aai/v11/network/generic-vnfs/generic-vnf?vnf-name=vFWCntlLoopHealth1
[2018-04-19T19:04:21.662+00:00|INFO|AaiManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] 403
[2018-04-19T19:04:21.662+00:00|INFO|AaiManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] {"requestError":{"policyException":{"messageId":"POL3300","text":"Unauthorized (msg=%1) (ec=%2)","variables":["Unauthorized","ERR.5.1.3300"]}}}
Additional trace information:
[2018-04-19T21:02:13.534+00:00|ERROR|ControlLoopEventManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Exception from queryAai:
org.onap.policy.aai.util.AaiException: AAI Response is null (query by vnf-name)
at org.onap.policy.controlloop.eventmanager.ControlLoopEventManager.processVNFResponse(ControlLoopEventManager.java:678)
at org.onap.policy.controlloop.eventmanager.ControlLoopEventManager.queryAai(ControlLoopEventManager.java:655)
at org.onap.policy.controlloop.eventmanager.ControlLoopEventManager.onNewEvent(ControlLoopEventManager.java:513)
at org.onap.policy.controlloop.Rule_com$u46$Config_BRMS_Param_BRMSParamvFirewall$u46$EVENT$u46$MANAGER843398118.defaultConsequence(Rule_com$u46$Config_BRMS_Param_BRMSParamvFirewall$u46$EVENT$u46$MANAGER843398118.java:16)
at org.onap.policy.controlloop.Rule_com$u46$Config_BRMS_Param_BRMSParamvFirewall$u46$EVENT$u46$MANAGER843398118DefaultConsequenceInvokerGenerated.evaluate(Unknown Source)
at org.onap.policy.controlloop.Rule_com$u46$Config_BRMS_Param_BRMSParamvFirewall$u46$EVENT$u46$MANAGER843398118DefaultConsequenceInvoker.evaluate(Unknown Source)
at org.drools.core.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1052)
at org.drools.core.phreak.RuleExecutor.fire(RuleExecutor.java:121)
at org.drools.core.phreak.RuleExecutor.evaluateNetworkAndFire(RuleExecutor.java:74)
at org.drools.core.common.DefaultAgenda.fireNextItem(DefaultAgenda.java:970)
at org.drools.core.common.DefaultAgenda.fireLoop(DefaultAgenda.java:1312)
at org.drools.core.common.DefaultAgenda.fireUntilHalt(DefaultAgenda.java:1232)
at org.drools.core.impl.StatefulKnowledgeSessionImpl.fireUntilHalt(StatefulKnowledgeSessionImpl.java:1398)
at org.drools.core.impl.StatefulKnowledgeSessionImpl.fireUntilHalt(StatefulKnowledgeSessionImpl.java:1377)
at org.onap.policy.drools.core.PolicySession$DefaultThreadModel.run(PolicySession.java:563)
at java.lang.Thread.run(Thread.java:748)
Note in the debug trace below, the basic authentication header is not placed:
[2018-04-19T21:02:10.500+00:00|DEBUG|SSLConnectionSocketFactory|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Secure session established
[2018-04-19T21:02:10.500+00:00|DEBUG|SSLConnectionSocketFactory|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] negotiated protocol: TLSv1.2
[2018-04-19T21:02:10.500+00:00|DEBUG|SSLConnectionSocketFactory|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[2018-04-19T21:02:10.500+00:00|DEBUG|SSLConnectionSocketFactory|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] peer principal: EMAILADDRESS=aai-host@api.simpledemo.openecomp.org, CN=aai.api.simpledemo.openecomp.org, O=ONAP, L=Bedminister, ST=NJ, C=US
[2018-04-19T21:02:10.500+00:00|DEBUG|SSLConnectionSocketFactory|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] issuer principal: EMAILADDRESS=simpledemo@openecomp.org, CN=OpenECOMP simpledemo Server CA X1, OU=simpledemo, O=OpenECOMP, L=Bedminster, ST=NJ, C=US
[2018-04-19T21:02:10.500+00:00|DEBUG|DefaultHttpClientConnectionOperator|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Connection established 172.18.0.5:56994<->10.0.1.1:8443
[2018-04-19T21:02:10.500+00:00|DEBUG|MainClientExec|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Executing request GET /aai/v11/network/generic-vnfs/generic-vnf?vnf-name=vFWCntlLoopHealth1 HTTP/1.1
[2018-04-19T21:02:10.501+00:00|DEBUG|MainClientExec|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Target auth state: UNCHALLENGED
[2018-04-19T21:02:10.501+00:00|DEBUG|MainClientExec|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Proxy auth state: UNCHALLENGED
[2018-04-19T21:02:10.501+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> GET /aai/v11/network/generic-vnfs/generic-vnf?vnf-name=vFWCntlLoopHealth1 HTTP/1.1
[2018-04-19T21:02:10.501+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> X-FromAppId: POLICY
[2018-04-19T21:02:10.501+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> Accept: application/json
[2018-04-19T21:02:10.501+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> X-TransactionId: 052ec7e7-672e-42f7-b18f-c8f5adfabd93
[2018-04-19T21:02:10.501+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> Host: aai.api.simpledemo.openecomp.org:8443
[2018-04-19T21:02:10.501+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> Connection: Keep-Alive
[2018-04-19T21:02:10.501+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_162)
[2018-04-19T21:02:10.501+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> Accept-Encoding: gzip,deflate
[2018-04-19T21:02:10.501+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> "GET /aai/v11/network/generic-vnfs/generic-vnf?vnf-name=vFWCntlLoopHealth1 HTTP/1.1[\r][\n]"
[2018-04-19T21:02:10.501+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> "X-FromAppId: POLICY[\r][\n]"
[2018-04-19T21:02:10.501+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> "Accept: application/json[\r][\n]"
[2018-04-19T21:02:10.501+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> "X-TransactionId: 052ec7e7-672e-42f7-b18f-c8f5adfabd93[\r][\n]"
[2018-04-19T21:02:10.501+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> "Host: aai.api.simpledemo.openecomp.org:8443[\r][\n]"
[2018-04-19T21:02:10.501+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> "Connection: Keep-Alive[\r][\n]"
[2018-04-19T21:02:10.501+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> "User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_162)[\r][\n]"
[2018-04-19T21:02:10.501+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> "Accept-Encoding: gzip,deflate[\r][\n]"
[2018-04-19T21:02:10.501+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 >> "[\r][\n]"
[2018-04-19T21:02:10.504+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << "HTTP/1.1 403 Forbidden[\r][\n]"
[2018-04-19T21:02:10.504+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << "Date: Thu, 19 Apr 2018 21:02:10 GMT[\r][\n]"
[2018-04-19T21:02:10.504+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << "X-AAI-TXID: 2-aai-resources.api.simpledemo.onap.org-180419-21:02:10:781-55962[\r][\n]"
[2018-04-19T21:02:10.504+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << "Content-Length: 143[\r][\n]"
[2018-04-19T21:02:10.504+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << "Strict-Transport-Security: max-age=16000000; includeSubDomains; preload;[\r][\n]"
[2018-04-19T21:02:10.504+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << "[\r][\n]"
[2018-04-19T21:02:10.504+00:00|DEBUG|wire|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << "{"requestError":{"policyException":{"messageId":"POL3300","text":"Unauthorized (msg=%1) (ec=%2)","variables":["Unauthorized","ERR.5.1.3300"]}}}"
[2018-04-19T21:02:10.504+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << HTTP/1.1 403 Forbidden
[2018-04-19T21:02:10.504+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << Date: Thu, 19 Apr 2018 21:02:10 GMT
[2018-04-19T21:02:10.504+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << X-AAI-TXID: 2-aai-resources.api.simpledemo.onap.org-180419-21:02:10:781-55962
[2018-04-19T21:02:10.504+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << Content-Length: 143
[2018-04-19T21:02:10.504+00:00|DEBUG|headers|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155 << Strict-Transport-Security: max-age=16000000; includeSubDomains; preload;
[2018-04-19T21:02:10.504+00:00|DEBUG|MainClientExec|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Connection can be kept alive indefinitely
[2018-04-19T21:02:10.504+00:00|DEBUG|PoolingHttpClientConnectionManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Connection [id: 155][route: \{s}->https://aai.api.simpledemo.openecomp.org:8443] can be kept alive indefinitely
[2018-04-19T21:02:10.504+00:00|DEBUG|DefaultManagedHttpClientConnection|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155: set socket timeout to 0
[2018-04-19T21:02:10.504+00:00|DEBUG|PoolingHttpClientConnectionManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Connection released: [id: 155][route: \{s}->https://aai.api.simpledemo.openecomp.org:8443][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
[2018-04-19T21:02:10.504+00:00|DEBUG|RESTManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] HTTP GET Response Status Code: 403
[2018-04-19T21:02:10.504+00:00|DEBUG|RESTManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] HTTP GET Response Body:
[2018-04-19T21:02:10.504+00:00|DEBUG|RESTManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] {"requestError":{"policyException":{"messageId":"POL3300","text":"Unauthorized (msg=%1) (ec=%2)","variables":["Unauthorized","ERR.5.1.3300"]}}}
[2018-04-19T21:02:10.504+00:00|DEBUG|PoolingHttpClientConnectionManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] Connection manager is shutting down
[2018-04-19T21:02:10.504+00:00|DEBUG|DefaultManagedHttpClientConnection|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.4.0:closedloop-amsterdam] http-outgoing-155: Close connection
There also seems that multiple queries for AAI are retried but are not necessary (that would be only for SO).