applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdCombinedPolicyResultsTranslator.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * ONAP
   4  * ================================================================================
   5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  *
  19  * SPDX-License-Identifier: Apache-2.0
  20  * ============LICENSE_END=========================================================
  21  */
  22
  23 package org.onap.policy.pdp.xacml.application.common.std;
  24
  25 import com.att.research.xacml.api.AttributeAssignment;
  26 import com.att.research.xacml.api.DataTypeException;
  27 import com.att.research.xacml.api.Decision;
  28 import com.att.research.xacml.api.Obligation;
  29 import com.att.research.xacml.api.Request;
  30 import com.att.research.xacml.api.Response;
  31 import com.att.research.xacml.api.Result;
  32 import com.att.research.xacml.api.XACML3;
  33 import com.att.research.xacml.std.annotations.RequestParser;
  34 import com.google.gson.Gson;
  35 import java.util.Collection;
  36 import java.util.HashMap;
  37 import java.util.Map;
  38
  39 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
  40 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
  41 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
  42 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
  43 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
  44 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
  45 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
  46 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
  47 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
  48 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
  49 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
  50
  51 import org.onap.policy.common.utils.coder.CoderException;
  52 import org.onap.policy.common.utils.coder.StandardCoder;
  53 import org.onap.policy.models.decisions.concepts.DecisionRequest;
  54 import org.onap.policy.models.decisions.concepts.DecisionResponse;
  55 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
  56 import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
  57 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
  58 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
  59 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
  60 import org.slf4j.Logger;
  61 import org.slf4j.LoggerFactory;
  62
  63 public class StdCombinedPolicyResultsTranslator implements ToscaPolicyTranslator {
  64
  65     private static final Logger LOGGER = LoggerFactory.getLogger(StdCombinedPolicyResultsTranslator.class);
  66     private static final String POLICY_ID = "policy-id";
  67
  68     public StdCombinedPolicyResultsTranslator() {
  69         super();
  70     }
  71
  72     @Override
  73     public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
  74         //
  75         // Set it as the policy ID
  76         //
  77         PolicyType newPolicyType = new PolicyType();
  78         newPolicyType.setPolicyId(toscaPolicy.getMetadata().get(POLICY_ID));
  79         //
  80         // Optional description
  81         //
  82         newPolicyType.setDescription(toscaPolicy.getDescription());
  83         //
  84         // There should be a metadata section
  85         //
  86         this.fillMetadataSection(newPolicyType, toscaPolicy.getMetadata());
  87         //
  88         // Set the combining rule
  89         //
  90         newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
  91         //
  92         // Generate the TargetType
  93         //
  94         TargetType target = this.generateTargetType(toscaPolicy.getMetadata().get(POLICY_ID),
  95                 toscaPolicy.getType(), toscaPolicy.getVersion());
  96         newPolicyType.setTarget(target);
  97         //
  98         // Now create the Permit Rule
  99         // No target since the policy has a target
 100         // With obligations.
 101         //
 102         RuleType rule = new RuleType();
 103         rule.setDescription("Default is to PERMIT if the policy matches.");
 104         rule.setRuleId(toscaPolicy.getMetadata().get(POLICY_ID) + ":rule");
 105         rule.setEffect(EffectType.PERMIT);
 106         rule.setTarget(new TargetType());
 107         //
 108         // Now represent the policy as Json
 109         //
 110         StandardCoder coder = new StandardCoder();
 111         String jsonPolicy;
 112         try {
 113             jsonPolicy = coder.encode(toscaPolicy);
 114         } catch (CoderException e) {
 115             LOGGER.error("Failed to encode policy to json", e);
 116             throw new ToscaPolicyConversionException(e);
 117         }
 118         addObligation(rule, jsonPolicy);
 119         //
 120         // Add the rule to the policy
 121         //
 122         newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
 123         //
 124         // Return our new policy
 125         //
 126         return newPolicyType;
 127     }
 128
 129     @Override
 130     public Request convertRequest(DecisionRequest request) {
 131         LOGGER.info("Converting Request {}", request);
 132         try {
 133             return RequestParser.parseRequest(StdCombinedPolicyRequest.createInstance(request));
 134         } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
 135             LOGGER.error("Failed to convert DecisionRequest: {}", e);
 136         }
 137         //
 138         // TODO throw exception
 139         //
 140         return null;
 141     }
 142
 143     @Override
 144     public DecisionResponse convertResponse(Response xacmlResponse) {
 145         LOGGER.info("Converting Response {}", xacmlResponse);
 146         DecisionResponse decisionResponse = new DecisionResponse();
 147         //
 148         // Setup policies
 149         //
 150         decisionResponse.setPolicies(new HashMap<>());
 151         //
 152         // Iterate through all the results
 153         //
 154         for (Result xacmlResult : xacmlResponse.getResults()) {
 155             //
 156             // Check the result
 157             //
 158             if (xacmlResult.getDecision() == Decision.PERMIT) {
 159                 //
 160                 // Go through obligations
 161                 //
 162                 scanObligations(xacmlResult.getObligations(), decisionResponse);
 163             }
 164             if (xacmlResult.getDecision() == Decision.DENY
 165                     || xacmlResult.getDecision() == Decision.INDETERMINATE) {
 166                 //
 167                 // TODO we have to return an ErrorResponse object instead
 168                 //
 169                 decisionResponse.setStatus("A better error message");
 170             }
 171         }
 172
 173         return decisionResponse;
 174     }
 175
 176     protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
 177         for (Obligation obligation : obligations) {
 178             LOGGER.info("Obligation: {}", obligation);
 179             for (AttributeAssignment assignment : obligation.getAttributeAssignments()) {
 180                 LOGGER.info("Attribute Assignment: {}", assignment);
 181                 //
 182                 // We care about the content attribute
 183                 //
 184                 if (ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS
 185                         .equals(assignment.getAttributeId())) {
 186                     //
 187                     // The contents are in Json form
 188                     //
 189                     Object stringContents = assignment.getAttributeValue().getValue();
 190                     if (LOGGER.isInfoEnabled()) {
 191                         LOGGER.info("DCAE contents: {}{}", System.lineSeparator(), stringContents);
 192                     }
 193                     //
 194                     // Let's parse it into a map using Gson
 195                     //
 196                     Gson gson = new Gson();
 197                     @SuppressWarnings("unchecked")
 198                     Map<String, Object> result = gson.fromJson(stringContents.toString() ,Map.class);
 199                     //
 200                     // Find the metadata section
 201                     //
 202                     @SuppressWarnings("unchecked")
 203                     Map<String, Object> metadata = (Map<String, Object>) result.get("metadata");
 204                     if (metadata != null) {
 205                         decisionResponse.getPolicies().put(metadata.get(POLICY_ID).toString(), result);
 206                     } else {
 207                         LOGGER.error("Missing metadata section in policy contained in obligation.");
 208                     }
 209                 }
 210             }
 211         }
 212     }
 213
 214     /**
 215      * From the TOSCA metadata section, pull in values that are needed into the XACML policy.
 216      *
 217      * @param policy Policy Object to store the metadata
 218      * @param map The Metadata TOSCA Map
 219      * @return Same Policy Object
 220      * @throws ToscaPolicyConversionException If there is something missing from the metadata
 221      */
 222     protected PolicyType fillMetadataSection(PolicyType policy,
 223             Map<String, String> map) throws ToscaPolicyConversionException {
 224         if (! map.containsKey(POLICY_ID)) {
 225             throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
 226         } else {
 227             //
 228             // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field
 229             //
 230         }
 231         if (! map.containsKey("policy-version")) {
 232             throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version");
 233         } else {
 234             //
 235             // Add in the Policy Version
 236             //
 237             policy.setVersion(map.get("policy-version"));
 238         }
 239         return policy;
 240     }
 241
 242     protected TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) {
 243         //
 244         // Create all the match's that are possible
 245         //
 246         // This is for the Policy Id
 247         //
 248         MatchType matchPolicyId = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
 249                 XACML3.ID_FUNCTION_STRING_EQUAL,
 250                 policyId,
 251                 XACML3.ID_DATATYPE_STRING,
 252                 ToscaDictionary.ID_RESOURCE_POLICY_ID,
 253                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 254         //
 255         // This is for the Policy Type
 256         //
 257         MatchType matchPolicyType = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
 258                 XACML3.ID_FUNCTION_STRING_EQUAL,
 259                 policyType,
 260                 XACML3.ID_DATATYPE_STRING,
 261                 ToscaDictionary.ID_RESOURCE_POLICY_TYPE,
 262                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 263         //
 264         // This is for the Policy Type version
 265         //
 266         MatchType matchPolicyTypeVersion = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
 267                 XACML3.ID_FUNCTION_STRING_EQUAL,
 268                 policyTypeVersion,
 269                 XACML3.ID_DATATYPE_STRING,
 270                 ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION,
 271                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 272         //
 273         // This is our outer AnyOf - which is an OR
 274         //
 275         AnyOfType anyOf = new AnyOfType();
 276         //
 277         // Create AllOf (AND) of just Policy Id
 278         //
 279         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyId));
 280         //
 281         // Create AllOf (AND) of just Policy Type
 282         //
 283         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType));
 284         //
 285         // Create AllOf (AND) of Policy Type and Policy Type Version
 286         //
 287         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion));
 288         //
 289         // Now we can create the TargetType, add the top-level anyOf (OR),
 290         // and return the value.
 291         //
 292         TargetType target = new TargetType();
 293         target.getAnyOf().add(anyOf);
 294         return target;
 295     }
 296
 297     protected RuleType addObligation(RuleType rule, String jsonPolicy) {
 298         //
 299         // Convert the YAML Policy to JSON Object
 300         //
 301         if (LOGGER.isInfoEnabled()) {
 302             LOGGER.info("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
 303         }
 304         //
 305         // Create an AttributeValue for it
 306         //
 307         AttributeValueType value = new AttributeValueType();
 308         value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue());
 309         value.getContent().add(jsonPolicy);
 310         //
 311         // Create our AttributeAssignmentExpression where we will
 312         // store the contents of the policy in JSON format.
 313         //
 314         AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType();
 315         expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue());
 316         ObjectFactory factory = new ObjectFactory();
 317         expressionType.setExpression(factory.createAttributeValue(value));
 318         //
 319         // Create an ObligationExpression for it
 320         //
 321         ObligationExpressionType obligation = new ObligationExpressionType();
 322         obligation.setFulfillOn(EffectType.PERMIT);
 323         obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue());
 324         obligation.getAttributeAssignmentExpression().add(expressionType);
 325         //
 326         // Now we can add it into the rule
 327         //
 328         ObligationExpressionsType obligations = new ObligationExpressionsType();
 329         obligations.getObligationExpression().add(obligation);
 330         rule.setObligationExpressions(obligations);
 331         return rule;
 332     }
 333
 334 }