2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 * SPDX-License-Identifier: Apache-2.0
20 * ============LICENSE_END=========================================================
23 package org.onap.policy.pdp.xacml.application.common.std;
25 import com.att.research.xacml.api.AttributeAssignment;
26 import com.att.research.xacml.api.DataTypeException;
27 import com.att.research.xacml.api.Decision;
28 import com.att.research.xacml.api.Obligation;
29 import com.att.research.xacml.api.Request;
30 import com.att.research.xacml.api.Response;
31 import com.att.research.xacml.api.Result;
32 import com.att.research.xacml.api.XACML3;
33 import com.att.research.xacml.std.annotations.RequestParser;
34 import com.google.gson.Gson;
36 import java.util.Collection;
37 import java.util.HashMap;
40 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
41 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
42 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
43 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
44 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
45 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
46 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
47 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
48 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
49 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
50 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
52 import org.onap.policy.common.utils.coder.CoderException;
53 import org.onap.policy.common.utils.coder.StandardCoder;
54 import org.onap.policy.models.decisions.concepts.DecisionRequest;
55 import org.onap.policy.models.decisions.concepts.DecisionResponse;
56 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
57 import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
58 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
59 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
60 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
61 import org.slf4j.Logger;
62 import org.slf4j.LoggerFactory;
64 public class StdCombinedPolicyResultsTranslator implements ToscaPolicyTranslator {
66 private static final Logger LOGGER = LoggerFactory.getLogger(StdCombinedPolicyResultsTranslator.class);
67 private static final String POLICY_ID = "policy-id";
69 public StdCombinedPolicyResultsTranslator() {
74 public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
76 // Set it as the policy ID
78 PolicyType newPolicyType = new PolicyType();
79 newPolicyType.setPolicyId(toscaPolicy.getMetadata().get(POLICY_ID));
81 // Optional description
83 newPolicyType.setDescription(toscaPolicy.getDescription());
85 // There should be a metadata section
87 this.fillMetadataSection(newPolicyType, toscaPolicy.getMetadata());
89 // Set the combining rule
91 newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
93 // Generate the TargetType
95 TargetType target = this.generateTargetType(toscaPolicy.getMetadata().get(POLICY_ID),
96 toscaPolicy.getType(), toscaPolicy.getVersion());
97 newPolicyType.setTarget(target);
99 // Now create the Permit Rule
100 // No target since the policy has a target
103 RuleType rule = new RuleType();
104 rule.setDescription("Default is to PERMIT if the policy matches.");
105 rule.setRuleId(toscaPolicy.getMetadata().get(POLICY_ID) + ":rule");
106 rule.setEffect(EffectType.PERMIT);
107 rule.setTarget(new TargetType());
109 // Now represent the policy as Json
111 StandardCoder coder = new StandardCoder();
114 jsonPolicy = coder.encode(toscaPolicy);
115 } catch (CoderException e) {
116 LOGGER.error("Failed to encode policy to json", e);
117 throw new ToscaPolicyConversionException(e);
119 addObligation(rule, jsonPolicy);
121 // Add the rule to the policy
123 newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
125 // Return our new policy
127 return newPolicyType;
131 public Request convertRequest(DecisionRequest request) {
132 LOGGER.info("Converting Request {}", request);
134 return RequestParser.parseRequest(StdCombinedPolicyRequest.createInstance(request));
135 } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
136 LOGGER.error("Failed to convert DecisionRequest: {}", e);
139 // TODO throw exception
145 public DecisionResponse convertResponse(Response xacmlResponse) {
146 LOGGER.debug("Converting Response {}", xacmlResponse);
147 DecisionResponse decisionResponse = new DecisionResponse();
151 decisionResponse.setPolicies(new HashMap<>());
153 // Iterate through all the results
155 for (Result xacmlResult : xacmlResponse.getResults()) {
159 if (xacmlResult.getDecision() == Decision.PERMIT) {
161 // Go through obligations
163 scanObligations(xacmlResult.getObligations(), decisionResponse);
165 if (xacmlResult.getDecision() == Decision.DENY
166 || xacmlResult.getDecision() == Decision.INDETERMINATE) {
168 // TODO we have to return an ErrorResponse object instead
170 decisionResponse.setStatus("A better error message");
174 return decisionResponse;
177 protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
178 for (Obligation obligation : obligations) {
179 LOGGER.info("Obligation: {}", obligation);
180 for (AttributeAssignment assignment : obligation.getAttributeAssignments()) {
181 LOGGER.info("Attribute Assignment: {}", assignment);
183 // We care about the content attribute
185 if (ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS
186 .equals(assignment.getAttributeId())) {
188 // The contents are in Json form
190 Object stringContents = assignment.getAttributeValue().getValue();
191 if (LOGGER.isInfoEnabled()) {
192 LOGGER.info("DCAE contents: {}{}", System.lineSeparator(), stringContents);
195 // Let's parse it into a map using Gson
197 Gson gson = new Gson();
198 @SuppressWarnings("unchecked")
199 Map<String, Object> result = gson.fromJson(stringContents.toString() ,Map.class);
201 // Find the metadata section
203 @SuppressWarnings("unchecked")
204 Map<String, Object> metadata = (Map<String, Object>) result.get("metadata");
205 if (metadata != null) {
206 decisionResponse.getPolicies().put(metadata.get(POLICY_ID).toString(), result);
208 LOGGER.error("Missing metadata section in policy contained in obligation.");
216 * From the TOSCA metadata section, pull in values that are needed into the XACML policy.
218 * @param policy Policy Object to store the metadata
219 * @param map The Metadata TOSCA Map
220 * @return Same Policy Object
221 * @throws ToscaPolicyConversionException If there is something missing from the metadata
223 protected PolicyType fillMetadataSection(PolicyType policy,
224 Map<String, String> map) throws ToscaPolicyConversionException {
225 if (! map.containsKey(POLICY_ID)) {
226 throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
229 // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field
232 if (! map.containsKey("policy-version")) {
233 throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version");
236 // Add in the Policy Version
238 policy.setVersion(map.get("policy-version"));
243 protected TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) {
245 // Create all the match's that are possible
247 // This is for the Policy Id
249 MatchType matchPolicyId = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
250 XACML3.ID_FUNCTION_STRING_EQUAL,
252 XACML3.ID_DATATYPE_STRING,
253 ToscaDictionary.ID_RESOURCE_POLICY_ID,
254 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
256 // This is for the Policy Type
258 MatchType matchPolicyType = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
259 XACML3.ID_FUNCTION_STRING_EQUAL,
261 XACML3.ID_DATATYPE_STRING,
262 ToscaDictionary.ID_RESOURCE_POLICY_TYPE,
263 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
265 // This is for the Policy Type version
267 MatchType matchPolicyTypeVersion = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
268 XACML3.ID_FUNCTION_STRING_EQUAL,
270 XACML3.ID_DATATYPE_STRING,
271 ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION,
272 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
274 // This is our outer AnyOf - which is an OR
276 AnyOfType anyOf = new AnyOfType();
278 // Create AllOf (AND) of just Policy Id
280 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyId));
282 // Create AllOf (AND) of just Policy Type
284 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType));
286 // Create AllOf (AND) of Policy Type and Policy Type Version
288 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion));
290 // Now we can create the TargetType, add the top-level anyOf (OR),
291 // and return the value.
293 TargetType target = new TargetType();
294 target.getAnyOf().add(anyOf);
298 protected RuleType addObligation(RuleType rule, String jsonPolicy) {
300 // Convert the YAML Policy to JSON Object
302 if (LOGGER.isInfoEnabled()) {
303 LOGGER.info("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
306 // Create an AttributeValue for it
308 AttributeValueType value = new AttributeValueType();
309 value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue());
310 value.getContent().add(jsonPolicy);
312 // Create our AttributeAssignmentExpression where we will
313 // store the contents of the policy in JSON format.
315 AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType();
316 expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue());
317 ObjectFactory factory = new ObjectFactory();
318 expressionType.setExpression(factory.createAttributeValue(value));
320 // Create an ObligationExpression for it
322 ObligationExpressionType obligation = new ObligationExpressionType();
323 obligation.setFulfillOn(EffectType.PERMIT);
324 obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue());
325 obligation.getAttributeAssignmentExpression().add(expressionType);
327 // Now we can add it into the rule
329 ObligationExpressionsType obligations = new ObligationExpressionsType();
330 obligations.getObligationExpression().add(obligation);
331 rule.setObligationExpressions(obligations);