Merge "Remove Policy dependencies"
diff --git a/docs/index.rst b/docs/index.rst
index 1f41485..548e277 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -112,18 +112,20 @@
 .. code-block:: json
 
     {
-        "spring.datasource.cldsdb.url": "jdbc:mariadb://anotherDB.onap.org:3306/cldsdb4?verifyServerCertificate=false&useSSL=false&requireSSL=false&autoReconnect=true",
-        "spring.datasource.cldsdb.username": "admin",
-        "spring.datasource.cldsdb.password": "password",
-
-        "clamp.config.dcae.inventory.url": "http://dcaegen2.host:8080",
-        "clamp.config.dcae.dispatcher.url": "http://dcaegen2.host:8188",
-        "clamp.config.policy.pdpUrl1": "https://policy-pdp.host:9091/pdp/ , testpdp, alpha123",
-        "clamp.config.policy.pdpUrl2": "https://policy-pdp.host:9091/pdp/ , testpdp, alpha123",
-        "clamp.config.policy.papUrl": "https://policy-pap.host:8443/pap/ , testpap, alpha123",
-        "clamp.config.policy.clientKey": "5CE79532B3A2CB4D132FC0C04BF916A7",
-        "clamp.config.files.sdcController":"file:/opt/clamp/config/sdc-controllers-config.json",
-        "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.onap:8095",
+        "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
+        "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
+        "clamp.config.dcae.inventory.url": "https://inventory.{{ include "common.namespace" . }}:8080",
+        "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
+        "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
+        "clamp.config.dcae.deployment.userName": "none",
+        "clamp.config.dcae.deployment.password": "none",
+        "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969",
+        "clamp.config.policy.api.userName": "healthcheck",
+        "clamp.config.policy.api.password": "zb!XztG34",
+        "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969",
+        "clamp.config.policy.pap.userName": "healthcheck",
+        "clamp.config.policy.pap.password": "zb!XztG34",
+        "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095",
         "com.att.eelf.logging.path": "/opt/clamp",
         "com.att.eelf.logging.file": "logback.xml"
     }
@@ -133,38 +135,39 @@
 This file is a JSON that must be specified to Spring config, here is an example:
 
 .. code-block:: json
- {
-  "sdc-connections":{
-    "sdc-controller1":{
-        "user": "clamp",
-        "consumerGroup": "consumerGroup1",
-        "consumerId": "consumerId1",
-        "environmentName": "AUTO",
-        "sdcAddress": "localhost:8443",
-        "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
-        "pollingInterval":30,
-        "pollingTimeout":30,
-        "activateServerTLSAuth":"false",
-        "keyStorePassword":"",
-        "keyStorePath":"",
-        "messageBusAddresses":["dmaaphost.com"]
-    },
-    "sdc-controller2":{
-        "user": "clamp",
-        "consumerGroup": "consumerGroup1",
-        "consumerId": "consumerId1",
-        "environmentName": "AUTO",
-        "sdcAddress": "localhost:8443",
-        "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
-        "pollingInterval":30,
-        "pollingTimeout":30,
-        "activateServerTLSAuth":"false",
-        "keyStorePassword":"",
-        "keyStorePath":"",
-        "messageBusAddresses":["dmaaphost.com"]
+
+    {
+     "sdc-connections":{
+       "sdc-controller1":{
+           "user": "clamp",
+           "consumerGroup": "consumerGroup1",
+           "consumerId": "consumerId1",
+           "environmentName": "AUTO",
+           "sdcAddress": "localhost:8443",
+           "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+           "pollingInterval":30,
+           "pollingTimeout":30,
+           "activateServerTLSAuth":"false",
+           "keyStorePassword":"",
+           "keyStorePath":"",
+           "messageBusAddresses":["dmaaphost.com"]
+       },
+       "sdc-controller2":{
+           "user": "clamp",
+           "consumerGroup": "consumerGroup1",
+           "consumerId": "consumerId1",
+           "environmentName": "AUTO",
+           "sdcAddress": "localhost:8443",
+           "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+           "pollingInterval":30,
+           "pollingTimeout":30,
+           "activateServerTLSAuth":"false",
+           "keyStorePassword":"",
+           "keyStorePath":"",
+           "messageBusAddresses":["dmaaphost.com"]
+       }
+     }
     }
-  }
- }
 
 Multiple controllers can be configured so that Clamp is able to receive the notifications from different SDC servers.
 Each Clamp existing in a cluster should have different consumerGroup and consumerId so that they can each consume the SDC notification.
@@ -174,11 +177,12 @@
 Administration
 --------------
 
-A user can access CLAMP UI at the following URL : https://localhost:8443/designer/index.html.
+A user can access CLAMP UI at the following URL : https://localhost:443/designer/index.html.
 (in this URL 'localhost' must be replaced by the actual host where CLAMP has been installed if it is not your current localhost)
-For OOM, the URL is https://<host-ip>:30258/designer/index.html
+For OOM, the URL is https://<host-ip>:30258
 
 .. code-block:: html
+
    - Without AAF, the credentials are
      Default username : admin
      Default password : password
@@ -187,6 +191,13 @@
      ca path: src/main/resources/clds/aaf/org.onap.clamp.p12, password "China in the Spring"
      Or get it from this page : https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca
 
+A user can access the Control-Loop DashBoard (ELK stack based) at the following URL : https://localhost:5601 .
+(in this URL 'localhost' must be replaced by the actual host where CLAMP has been installed if it is not your current localhost)
+For OOM, the URL is https://<host-ip>:30290. Since El Alto release, User access is protected using the Search Guard plugin, community Edition!,
+for Kibana and ElasticSearch. The initial users and credentials provided by the Search Guard plugins are used by default.
+(take a look at the files in the ElasticSearch docker image located in the folder: /usr/share/elasticsearch/config/sg/, 
+especially the file "sg_internal_users.yml").
+
 Human Interfaces
 ----------------
 .. Basic info on the interface type, ports/protocols provided over, etc.
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index c3c3fef..b6c91bb 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -8,7 +8,7 @@
 Version: 4.1.2
 --------------
 
-:Release Date: 2019-09-16
+:Release Date: 2019-09-18
 
 **New Features**
 
@@ -25,6 +25,8 @@
 
 **Known Issues**
 
+    - `CLAMP-506 <https://jira.onap.org/browse/CLAMP-506>`_ Elastic Search Clamp image cannot be built anymore(SearchGuard DMCA issue)
+
 
 **Security Notes**
 
diff --git a/pom.xml b/pom.xml
index eb0a70b..17cba6f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -829,7 +829,6 @@
 						</configuration>
 					</execution>
 				</executions>
-
 			</plugin>
 			<plugin>
 				<groupId>io.fabric8</groupId>
@@ -947,22 +946,6 @@
 							</build>
 						</image>
 						<image>
-							<name>onap/clamp-dashboard-elasticsearch</name>
-							<alias>onap-clamp-dashboard-elasticsearch</alias>
-							<run>
-								<skip>true</skip>
-							</run>
-							<build>
-								<cleanup>true</cleanup>
-								<tags>
-									<tag>latest</tag>
-									<tag>${project.docker.latesttagtimestamp.version}</tag>
-									<tag>${project.docker.latesttag.version}</tag>
-								</tags>
-								<dockerFile>elasticsearch/Dockerfile</dockerFile>
-							</build>
-						</image>
-						<image>
 							<name>onap/clamp-dashboard-logstash</name>
 							<alias>onap-clamp-dashboard-logstash</alias>
 							<run>
diff --git a/releases/4.1.2-container.yaml b/releases/4.1.2-container.yaml
new file mode 100644
index 0000000..9eae7d7
--- /dev/null
+++ b/releases/4.1.2-container.yaml
@@ -0,0 +1,14 @@
+distribution_type: 'container'
+container_release_tag: '4.1.2'
+project: 'clamp'
+log_dir: 'clamp-maven-docker-stage-master/121/'
+ref: 9fb87912f025e85b26c238d286d87e0e1c9c767a
+containers:
+    - name: 'clamp-backend'
+      version: '4.1-STAGING-20190916T192828Z'
+    - name: 'clamp-frontend'
+      version: '4.1-STAGING-20190916T192828Z'
+    - name: 'clamp-dashboard-logstash'
+      version: '4.1-STAGING-20190916T192828Z'
+    - name: 'clamp-dashboard-kibana'
+      version: '4.1-STAGING-20190916T192828Z'
diff --git a/releases/4.1.2.yaml b/releases/4.1.2.yaml
new file mode 100644
index 0000000..845a675
--- /dev/null
+++ b/releases/4.1.2.yaml
@@ -0,0 +1,5 @@
+---
+distribution_type: 'maven'
+version: '4.1.2'
+project: 'clamp'
+log_dir: 'clamp-maven-stage-master/133/'
\ No newline at end of file
diff --git a/src/main/docker/elasticsearch/config/sg/sg_config.yml b/src/main/docker/elasticsearch/config/sg/sg_config.yml
index 7d3a933..9a16a82 100644
--- a/src/main/docker/elasticsearch/config/sg/sg_config.yml
+++ b/src/main/docker/elasticsearch/config/sg/sg_config.yml
@@ -37,20 +37,22 @@
 # HTTP
 #   basic (challenging)
 #   proxy (not challenging, needs xff)
-#   kerberos (challenging) NOT FREE FOR COMMERCIAL
 #   clientcert (not challenging, needs https)
-#   jwt (not challenging) NOT FREE FOR COMMERCIAL
 #   host (not challenging) #DEPRECATED, will be removed in a future version.
 #                           host based authentication is configurable in sg_roles_mapping
 
 # Authc
 #   internal
 #   noop
-#   ldap  NOT FREE FOR COMMERCIAL USE
 
 # Authz
-#   ldap  NOT FREE FOR COMMERCIAL USE
 #   noop
+#
+# Some SearchGuard functionality is licensed under Apache-2.0, while other functionality is non-free;
+# see https://github.com/floragunncom/search-guard. The functionality enabled in this configuration
+# file only include those that are licensed under Apache-2.0. Please use care and review SearchGuard's
+# license details before enabling any additional features here.
+
 
 searchguard:
   dynamic:
@@ -59,7 +61,6 @@
     # Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently
     #filtered_alias_mode: warn
     #kibana:
-      # Kibana multitenancy - NOT FREE FOR COMMERCIAL USE
       # see https://github.com/floragunncom/search-guard-docs/blob/master/multitenancy.md
       # To make this work you need to install https://github.com/floragunncom/search-guard-module-kibana-multitenancy/wiki
       #multitenancy_enabled: true
@@ -80,20 +81,6 @@
         ###### and here https://tools.ietf.org/html/rfc7239
         ###### and https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_IP_Valve
     authc:
-      kerberos_auth_domain: 
-        http_enabled: false
-        transport_enabled: false
-        order: 6
-        http_authenticator:
-          type: kerberos # NOT FREE FOR COMMERCIAL USE
-          challenge: true
-          config:
-            # If true a lot of kerberos/security related debugging output will be logged to standard out
-            krb_debug: false
-            # If true then the realm will be stripped from the user name
-            strip_realm_from_principal: true
-        authentication_backend:
-          type: noop
       basic_internal_auth_domain: 
         http_enabled: true
         transport_enabled: true
@@ -141,84 +128,7 @@
           challenge: false
         authentication_backend:
           type: noop
-      ldap:
-        http_enabled: false
-        transport_enabled: false
-        order: 5
-        http_authenticator:
-          type: basic
-          challenge: false
-        authentication_backend:
-          # LDAP authentication backend (authenticate users against a LDAP or Active Directory)
-          type: ldap # NOT FREE FOR COMMERCIAL USE
-          config:
-            # enable ldaps
-            enable_ssl: false
-            # enable start tls, enable_ssl should be false
-            enable_start_tls: false
-            # send client certificate
-            enable_ssl_client_auth: false
-            # verify ldap hostname
-            verify_hostnames: true
-            hosts:
-              - localhost:8389
-            bind_dn: null
-            password: null
-            userbase: 'ou=people,dc=example,dc=com'
-            # Filter to search for users (currently in the whole subtree beneath userbase)
-            # {0} is substituted with the username 
-            usersearch: '(sAMAccountName={0})'
-            # Use this attribute from the user as username (if not set then DN is used)
-            username_attribute: null
     authz:    
-      roles_from_myldap:
-        http_enabled: false
-        transport_enabled: false
-        authorization_backend:
-          # LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too)
-          type: ldap # NOT FREE FOR COMMERCIAL USE
-          config:
-            # enable ldaps
-            enable_ssl: false
-            # enable start tls, enable_ssl should be false
-            enable_start_tls: false
-            # send client certificate
-            enable_ssl_client_auth: false
-            # verify ldap hostname
-            verify_hostnames: true
-            hosts:
-              - localhost:8389
-            bind_dn: null
-            password: null
-            rolebase: 'ou=groups,dc=example,dc=com'
-            # Filter to search for roles (currently in the whole subtree beneath rolebase)
-            # {0} is substituted with the DN of the user
-            # {1} is substituted with the username 
-            # {2} is substituted with an attribute value from user's directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute            
-            rolesearch: '(member={0})'
-            # Specify the name of the attribute which value should be substituted with {2} above
-            userroleattribute: null
-            # Roles as an attribute of the user entry
-            userrolename: disabled
-            #userrolename: memberOf
-            # The attribute in a role entry containing the name of that role, Default is "name".
-            # Can also be "dn" to use the full DN as rolename.
-            rolename: cn
-            # Resolve nested roles transitive (roles which are members of other roles and so on ...)
-            resolve_nested_roles: true
-            userbase: 'ou=people,dc=example,dc=com'
-            # Filter to search for users (currently in the whole subtree beneath userbase)
-            # {0} is substituted with the username 
-            usersearch: '(uid={0})'
-            # Skip users matching a user name, a wildcard or a regex pattern
-            #skip_users: 
-            #  - 'cn=Michael Jackson,ou*people,o=TEST'
-            #  - '/\S*/'    
-      roles_from_another_ldap:
-        enabled: false
-        authorization_backend:
-          type: ldap # NOT FREE FOR COMMERCIAL USE
-          #config goes here ...
 #    auth_failure_listeners:
 #      ip_rate_limiting:
 #        type: ip
diff --git a/src/main/docker/elasticsearch/config/sg/sg_roles.yml b/src/main/docker/elasticsearch/config/sg/sg_roles.yml
index 6902fba..1a3a80c 100644
--- a/src/main/docker/elasticsearch/config/sg/sg_roles.yml
+++ b/src/main/docker/elasticsearch/config/sg/sg_roles.yml
@@ -32,15 +32,11 @@
 # Reason is that we currently parse the config file into a elasticsearch settings object which cannot cope with dots in keys.
 # Workaround: Just configure something like '?kibana' instead of '.kibana' or 'my?index' instead of 'my.index'
 # This limitation will likely removed with Search Guard 6
-
-# DLS (Document level security) - NOT FREE FOR COMMERCIAL
-# http://docs.search-guard.com/v6/document-level-security
-
-# FLS (Field level security) - NOT FREE FOR COMMERCIAL
-# http://docs.search-guard.com/v6/field-level-security
-
-# Kibana multitenancy - NOT FREE FOR COMMERCIAL
-# http://docs.search-guard.com/v6/kibana-multi-tenancy
+#
+# Some SearchGuard functionality is licensed under Apache-2.0, while other functionality is non-free;
+# see https://github.com/floragunncom/search-guard. The functionality enabled in this configuration
+# file only include those that are licensed under Apache-2.0. Please use care and review SearchGuard's
+# license details before enabling any additional features here.
 
 # Allows everything, but no changes to searchguard configuration index
 sg_all_access:
diff --git a/src/test/java/org/onap/clamp/clds/client/DcaeInventoryServicesTest.java b/src/test/java/org/onap/clamp/clds/client/DcaeInventoryServicesTest.java
new file mode 100644
index 0000000..a66694c
--- /dev/null
+++ b/src/test/java/org/onap/clamp/clds/client/DcaeInventoryServicesTest.java
@@ -0,0 +1,125 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2019 Huawei Technologies Co., Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ * ================================================================================
+ *
+ */
+
+package org.onap.clamp.clds.client;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.core.Is.is;
+import static org.hamcrest.core.IsNull.nullValue;
+import static org.onap.clamp.clds.client.DcaeInventoryServices.DCAE_INVENTORY_RETRY_INTERVAL;
+import static org.onap.clamp.clds.client.DcaeInventoryServices.DCAE_INVENTORY_RETRY_LIMIT;
+import static org.onap.clamp.clds.client.DcaeInventoryServices.DCAE_INVENTORY_URL;
+import static org.powermock.api.mockito.PowerMockito.when;
+
+import java.io.IOException;
+
+import org.json.simple.parser.ParseException;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.onap.clamp.clds.config.ClampProperties;
+import org.onap.clamp.clds.model.dcae.DcaeInventoryResponse;
+import org.onap.clamp.clds.model.dcae.DcaeLinks;
+import org.onap.clamp.clds.model.dcae.DcaeOperationStatusResponse;
+import org.onap.clamp.util.HttpConnectionManager;
+
+
+@RunWith(MockitoJUnitRunner.class)
+public class DcaeInventoryServicesTest {
+
+    @Mock
+    private HttpConnectionManager httpConnectionManager;
+
+    @Mock
+    private ClampProperties properties;
+
+    private static final String resourceUuid = "023a3f0d-1161-45ff-b4cf-8918a8ccf3ad";
+    private static final String serviceUuid = "4cc5b45a-1f63-4194-8100-cd8e14248c92";
+    private static final String artifactName = "tca_2.yaml";
+    private static final String queryString = "?asdcResourceId=" + resourceUuid + "&asdcServiceId=" + serviceUuid
+            + "&typeName=" + artifactName;
+    private static final String url = "http://localhost:8085" + "/dcae-service-types" + queryString;
+
+    @Test
+    public void testDcaeInventoryResponse() throws ParseException, InterruptedException, IOException {
+        when(properties.getStringValue(DCAE_INVENTORY_URL)).thenReturn("http://localhost:8085");
+        when(properties.getStringValue(DCAE_INVENTORY_RETRY_LIMIT)).thenReturn("1");
+        when(properties.getStringValue(DCAE_INVENTORY_RETRY_INTERVAL)).thenReturn("100");
+        String responseStr = "{\"totalCount\":1, "
+                + "\"items\":[{\"typeId\":\"typeId-32147723-d323-48f9-a325-bcea8d728025\","
+                + " \"typeName\":\"typeName-32147723-d323-48f9-a325-bcea8d728025\"}]}";
+        when(httpConnectionManager.doHttpRequest(url, "GET", null, null,
+                                                 "DCAE", null, null))
+                .thenReturn(responseStr);
+
+        DcaeInventoryServices services = new DcaeInventoryServices(properties,
+                                                                   httpConnectionManager);
+        DcaeInventoryResponse response = services.getDcaeInformation(artifactName, serviceUuid, resourceUuid);
+        assertThat(response.getTypeId(),is("typeId-32147723-d323-48f9-a325-bcea8d728025"));
+        assertThat(response.getTypeName(),is("typeName-32147723-d323-48f9-a325-bcea8d728025"));
+    }
+
+    @Test
+    public void testDcaeInventoryResponseWithZeroCount() throws ParseException, InterruptedException, IOException {
+        when(properties.getStringValue(DCAE_INVENTORY_URL)).thenReturn("http://localhost:8085");
+        when(properties.getStringValue(DCAE_INVENTORY_RETRY_LIMIT)).thenReturn("1");
+        when(properties.getStringValue(DCAE_INVENTORY_RETRY_INTERVAL)).thenReturn("100");
+        when(httpConnectionManager.doHttpRequest(url, "GET", null, null,
+                                                 "DCAE", null, null))
+                .thenReturn("{\"totalCount\":0}\"}]}");
+        DcaeInventoryServices services = new DcaeInventoryServices(properties,
+                                                                   httpConnectionManager);
+        DcaeInventoryResponse response = services.getDcaeInformation(artifactName, serviceUuid, resourceUuid);
+        assertThat(response, nullValue());
+    }
+
+    @Test
+    public void testDcaeInventoryResponsePojo() {
+        DcaeInventoryResponse response = new DcaeInventoryResponse();
+        response.setTypeId("typeId-32147723-d323-48f9-a325-bcea8d728025");
+        response.setTypeName("typeName-32147723-d323-48f9-a325-bcea8d728025");
+        assertThat(response.getTypeId(),is("typeId-32147723-d323-48f9-a325-bcea8d728025"));
+        assertThat(response.getTypeName(),is("typeName-32147723-d323-48f9-a325-bcea8d728025"));
+    }
+
+    @Test
+    public void testDcaeOperationStatusResponsePojo() {
+        DcaeLinks links = new DcaeLinks();
+        links.setSelf("selfUrl");
+        links.setStatus("state");
+        links.setUninstall("uninstallUrl");
+        DcaeOperationStatusResponse response = new DcaeOperationStatusResponse();
+        response.setRequestId("testId");
+        response.setError("errorMessage");
+        response.setLinks(links);
+        response.setOperationType("install");
+        response.setStatus("state");
+        assertThat(response.getRequestId(),is("testId"));
+        assertThat(response.getError(),is("errorMessage"));
+        assertThat(response.getOperationType(),is("install"));
+        assertThat(response.getStatus(),is("state"));
+        assertThat(response.getLinks().getSelf(),is("selfUrl"));
+        assertThat(response.getLinks().getStatus(),is("state"));
+        assertThat(response.getLinks().getUninstall(),is("uninstallUrl"));
+    }
+}
\ No newline at end of file
diff --git a/src/test/java/org/onap/clamp/clds/service/CldsInfoProviderTest.java b/src/test/java/org/onap/clamp/clds/service/CldsInfoProviderTest.java
index d5f7c15..fa898c7 100644
--- a/src/test/java/org/onap/clamp/clds/service/CldsInfoProviderTest.java
+++ b/src/test/java/org/onap/clamp/clds/service/CldsInfoProviderTest.java
@@ -54,5 +54,7 @@
         assertThat(cldsInfo.isPermissionReadTemplate()).isTrue();
         assertThat(cldsInfo.isPermissionUpdateCl()).isTrue();
         assertThat(cldsInfo.isPermissionUpdateTemplate()).isTrue();
+        assertThat(cldsInfo.isPermissionReadTosca()).isTrue();
+        assertThat(cldsInfo.isPermissionUpdateTosca()).isTrue();
     }
 }
\ No newline at end of file
diff --git a/src/test/java/org/onap/clamp/clds/tosca/ToscaYamlToJsonConvertorTest.java b/src/test/java/org/onap/clamp/clds/tosca/ToscaYamlToJsonConvertorTest.java
index 65b95a1..00c9b7d 100644
--- a/src/test/java/org/onap/clamp/clds/tosca/ToscaYamlToJsonConvertorTest.java
+++ b/src/test/java/org/onap/clamp/clds/tosca/ToscaYamlToJsonConvertorTest.java
@@ -4,6 +4,7 @@
  * ================================================================================
  * Copyright (C) 2018 AT&T Intellectual Property. All rights
  *                             reserved.
+ * Modifications Copyright (C) 2019 Huawei Technologies Co., Ltd.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -37,8 +38,7 @@
      * This Test validates TOSCA yaml to JSON Schema conversion based on JSON Editor
      * Schema.
      *
-     * @throws IOException
-     *
+     * @throws IOException In case of issue when opening the tosca yaml file and converted json file
      */
     @Test
     public final void testParseToscaYaml() throws IOException {
@@ -50,4 +50,39 @@
         JSONAssert.assertEquals(ResourceFileUtil.getResourceAsString("tosca/policy-yaml-to-json.json"),
                 parsedJsonSchema, true);
     }
+
+    /**
+     * This Test validates TOSCA yaml with constraints to JSON Schema conversion based on JSON Editor
+     * Schema.
+     *
+     * @throws IOException In case of issue when opening the tosca yaml file and converted json file
+     */
+    @Test
+    public final void testParseToscaYamlWithConstraints() throws IOException {
+        String toscaModelYaml = ResourceFileUtil.getResourceAsString("tosca/tosca-with-constraints.yaml");
+        ToscaYamlToJsonConvertor convertor = new ToscaYamlToJsonConvertor();
+
+        String parsedJsonSchema = convertor.parseToscaYaml(toscaModelYaml);
+        assertNotNull(parsedJsonSchema);
+        JSONAssert.assertEquals(ResourceFileUtil.getResourceAsString("tosca/policy-yaml-to-json-with-constraints" +
+                                                                             ".json"),
+                                parsedJsonSchema, true);
+    }
+
+    /**
+     * This Test validates TOSCA yaml with different datatypes to JSON Schema conversion based on JSON Editor
+     * Schema.
+     *
+     * @throws IOException In case of issue when opening the tosca yaml file and converted json file
+     */
+    @Test
+    public final void testParseToscaYamlWithTypes() throws IOException {
+        String toscaModelYaml = ResourceFileUtil.getResourceAsString("tosca/tosca-with-datatypes.yaml");
+        ToscaYamlToJsonConvertor convertor = new ToscaYamlToJsonConvertor();
+
+        String parsedJsonSchema = convertor.parseToscaYaml(toscaModelYaml);
+        assertNotNull(parsedJsonSchema);
+        JSONAssert.assertEquals(ResourceFileUtil.getResourceAsString("tosca/policy-yaml-to-json-with-datatypes.json"),
+                                parsedJsonSchema, true);
+    }
 }
diff --git a/src/test/resources/tosca/policy-yaml-to-json-with-constraints.json b/src/test/resources/tosca/policy-yaml-to-json-with-constraints.json
new file mode 100644
index 0000000..b257548
--- /dev/null
+++ b/src/test/resources/tosca/policy-yaml-to-json-with-constraints.json
@@ -0,0 +1,63 @@
+{
+    "schema": {
+        "uniqueItems": "true",
+        "format": "tabs-top",
+        "type": "array",
+        "title": "Properties with constraints",
+        "items": {
+            "type": "object",
+            "title": "Properties with constraints",
+            "required": [
+                "cpus",
+                "memSize"
+            ],
+            "properties": {
+                "appPassword": {
+                    "propertyOrder": 1004,
+                    "minLength": 6,
+                    "title": "application password",
+                    "type": "string",
+                    "maxLength": 10
+                },
+                "cost": {
+                    "exclusiveMaximum": 100.5,
+                    "propertyOrder": 1005,
+                    "type": "integer",
+                    "exclusiveMinimum": 50.5
+                },
+                "keylength": {
+                    "propertyOrder": 1007,
+                    "type": "integer",
+                    "enum": [
+                        128,
+                        256
+                    ]
+                },
+                "cpus": {
+                    "propertyOrder": 1001,
+                    "default": 1,
+                    "minLength": 1,
+                    "type": "string",
+                    "maxLength": 4
+                },
+                "ports": {
+                    "propertyOrder": 1002,
+                    "maximum": 9010,
+                    "type": "integer",
+                    "minimum": 9000
+                },
+                "memSize": {
+                    "propertyOrder": 1003,
+                    "maximum": 10,
+                    "title": "memory size",
+                    "type": "integer",
+                    "minimum": 2
+                },
+                "algorithm": {
+                    "propertyOrder": 1006,
+                    "type": "string"
+                }
+            }
+        }
+    }
+}
diff --git a/src/test/resources/tosca/policy-yaml-to-json-with-datatypes.json b/src/test/resources/tosca/policy-yaml-to-json-with-datatypes.json
new file mode 100644
index 0000000..d470d92
--- /dev/null
+++ b/src/test/resources/tosca/policy-yaml-to-json-with-datatypes.json
@@ -0,0 +1,108 @@
+{
+    "schema": {
+        "uniqueItems": "true",
+        "format": "tabs-top",
+        "type": "array",
+        "title": "Properties with different types",
+        "items": {
+            "type": "object",
+            "title": "Properties with different types",
+            "required": [
+                "memSize"
+            ],
+            "properties": {
+                "cpus": {
+                    "propertyOrder": 1001,
+                    "uniqueItems": "true",
+                    "format": "tabs-top",
+                    "type": "array",
+                    "items": {
+                        "type": "object",
+                        "required": [],
+                        "properties": {
+                            "closedLoopControlName": {
+                                "propertyOrder": 1002,
+                                "type": "string"
+                            }
+                        }
+                    }
+                },
+                "domain": {
+                    "propertyOrder": 1009,
+                    "type": "object",
+                    "required": [],
+                    "properties": {
+                        "closedLoopControlName": {
+                            "propertyOrder": 1002,
+                            "type": "string"
+                        }
+                    }
+                },
+                "thresholdValue": {
+                    "propertyOrder": 1007,
+                    "uniqueItems": "true",
+                    "format": "select",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "ports": {
+                    "propertyOrder": 1003,
+                    "type": "object",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "closedLoopEventStatus": {
+                    "propertyOrder": 1004,
+                    "type": "object",
+                    "items": {
+                        "type": "integer"
+                    }
+                },
+                "version": {
+                    "propertyOrder": 1008,
+                    "uniqueItems": "true",
+                    "format": "tabs-top",
+                    "type": "array",
+                    "items": {
+                        "type": "object",
+                        "required": [],
+                        "properties": {
+                            "closedLoopControlName": {
+                                "propertyOrder": 1002,
+                                "type": "string"
+                            }
+                        }
+                    }
+                },
+                "memSize": {
+                    "propertyOrder": 1006,
+                    "required": [],
+                    "properties": {
+                        "name": {
+                            "propertyOrder": 20002,
+                            "required": [
+                                "severity"
+                            ],
+                            "properties": {
+                                "severity": {
+                                    "propertyOrder": 20003,
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "direction": {
+                    "propertyOrder": 1005,
+                    "type": "object",
+                    "items": {
+                        "type": "integer"
+                    }
+                }
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/test/resources/tosca/tosca-with-constraints.yaml b/src/test/resources/tosca/tosca-with-constraints.yaml
new file mode 100644
index 0000000..959bc48
--- /dev/null
+++ b/src/test/resources/tosca/tosca-with-constraints.yaml
@@ -0,0 +1,54 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policy_types:
+    onap.policies.Monitoring:
+        derived_from: tosca.policies.Root
+        description: a base policy type for all policies that governs monitoring provisioning
+    onap.policies.monitoring.example.app:
+        derived_from: onap.policies.Monitoring
+        version: 1.0.0
+        properties:
+            example_policy:
+                type: map
+                description: Properties with constraints
+                entry_schema:
+                    type: onap.datatypes.monitoring.example_policy
+data_types:
+    onap.datatypes.monitoring.example_policy:
+        derived_from: tosca.datatypes.Root
+        properties:
+            cpus:
+                type: string
+                required: true
+                default: 1
+                constraints:
+                  - in_range: [ 1, 4 ] 
+            ports:
+                type: integer
+                constraints:
+                  - in_range: [ 9000, 9010 ]
+            memSize:
+                type: integer
+                required: true
+                description: memory size
+                constraints:
+                  - greater_or_equal: 2
+                  - less_or_equal: 10
+            appPassword:
+                type: string
+                description: application password
+                constraints:
+                    - min_length: 6
+                    - max_length: 10
+            cost:
+                type: float
+                constraints:
+                    - less_than: 100.50
+                    - greater_than: 50.50
+            algorithm: 
+                type: string
+                constraints:
+                    - equal: aes
+            keylength:
+                type: integer
+                constraints:
+                    - valid_values: [ 128, 256 ]
diff --git a/src/test/resources/tosca/tosca-with-datatypes.yaml b/src/test/resources/tosca/tosca-with-datatypes.yaml
new file mode 100644
index 0000000..61d5dbc
--- /dev/null
+++ b/src/test/resources/tosca/tosca-with-datatypes.yaml
@@ -0,0 +1,63 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policy_types:
+    onap.policies.Monitoring:
+        derived_from: tosca.policies.Root
+        description: a base policy type for all policies that governs monitoring provisioning
+    onap.policies.monitoring.example.app:
+        derived_from: onap.policies.Monitoring
+        version: 1.0.0
+        properties:
+            example_policy:
+                type: map
+                description: Properties with different types
+                entry_schema:
+                    type: onap.datatypes.monitoring.example_policy
+data_types:
+    onap.datatypes.monitoring.example2:
+        derived_from: tosca.datatypes.Root
+        properties:
+            closedLoopControlName:
+                type: string
+    onap.datatypes.monitoring.example3:
+        derived_from: tosca.datatypes.Root
+        properties:
+            name:
+                type: onap.datatypes.monitoring.example4  
+    onap.datatypes.monitoring.example4:
+        derived_from: tosca.datatypes.Root
+        properties:
+            severity:
+                type: string
+                required: true  
+    onap.datatypes.monitoring.example_policy:
+        derived_from: tosca.datatypes.Root
+        properties:
+            cpus:
+                type: list
+                entry_schema:
+                    type: onap.datatypes.monitoring.example2
+            ports:
+                type: map
+                entry_schema:
+                    type: string
+            closedLoopEventStatus:
+                type: map
+                entry_schema:
+                    type: integer
+            direction:
+                type: map
+                entry_schema:
+                    type: float
+            memSize:
+                type: onap.datatypes.monitoring.example3
+                required: true
+            thresholdValue:
+                type: list
+                entry_schema:
+                    type: string
+            version:
+                type: list
+                entry_schema:
+                    type: onap.datatypes.monitoring.example2
+            domain:
+                type: onap.datatypes.monitoring.example2
\ No newline at end of file