2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 * SPDX-License-Identifier: Apache-2.0
20 * ============LICENSE_END=========================================================
23 package org.onap.policy.pdp.xacml.application.common.std;
25 import com.att.research.xacml.api.AttributeAssignment;
26 import com.att.research.xacml.api.DataTypeException;
27 import com.att.research.xacml.api.Decision;
28 import com.att.research.xacml.api.Obligation;
29 import com.att.research.xacml.api.Request;
30 import com.att.research.xacml.api.Response;
31 import com.att.research.xacml.api.Result;
32 import com.att.research.xacml.api.XACML3;
33 import com.att.research.xacml.std.annotations.RequestParser;
34 import com.google.gson.Gson;
35 import java.util.Collection;
36 import java.util.HashMap;
39 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
40 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
41 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
42 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
43 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
44 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
45 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
46 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
47 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
48 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
49 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
51 import org.onap.policy.common.utils.coder.CoderException;
52 import org.onap.policy.common.utils.coder.StandardCoder;
53 import org.onap.policy.models.decisions.concepts.DecisionRequest;
54 import org.onap.policy.models.decisions.concepts.DecisionResponse;
55 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
56 import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
57 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
58 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
59 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
60 import org.slf4j.Logger;
61 import org.slf4j.LoggerFactory;
63 public class StdCombinedPolicyResultsTranslator implements ToscaPolicyTranslator {
65 private static final Logger LOGGER = LoggerFactory.getLogger(StdCombinedPolicyResultsTranslator.class);
66 private static final String POLICY_ID = "policy-id";
68 public StdCombinedPolicyResultsTranslator() {
73 public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
75 // Set it as the policy ID
77 PolicyType newPolicyType = new PolicyType();
78 newPolicyType.setPolicyId(toscaPolicy.getMetadata().get(POLICY_ID));
80 // Optional description
82 newPolicyType.setDescription(toscaPolicy.getDescription());
84 // There should be a metadata section
86 this.fillMetadataSection(newPolicyType, toscaPolicy.getMetadata());
88 // Set the combining rule
90 newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
92 // Generate the TargetType
94 TargetType target = this.generateTargetType(toscaPolicy.getMetadata().get(POLICY_ID),
95 toscaPolicy.getType(), toscaPolicy.getVersion());
96 newPolicyType.setTarget(target);
98 // Now create the Permit Rule
99 // No target since the policy has a target
102 RuleType rule = new RuleType();
103 rule.setDescription("Default is to PERMIT if the policy matches.");
104 rule.setRuleId(toscaPolicy.getMetadata().get(POLICY_ID) + ":rule");
105 rule.setEffect(EffectType.PERMIT);
106 rule.setTarget(new TargetType());
108 // Now represent the policy as Json
110 StandardCoder coder = new StandardCoder();
113 jsonPolicy = coder.encode(toscaPolicy);
114 } catch (CoderException e) {
115 LOGGER.error("Failed to encode policy to json", e);
116 throw new ToscaPolicyConversionException(e);
118 addObligation(rule, jsonPolicy);
120 // Add the rule to the policy
122 newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
124 // Return our new policy
126 return newPolicyType;
130 public Request convertRequest(DecisionRequest request) {
131 LOGGER.info("Converting Request {}", request);
133 return RequestParser.parseRequest(StdCombinedPolicyRequest.createInstance(request));
134 } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
135 LOGGER.error("Failed to convert DecisionRequest: {}", e);
138 // TODO throw exception
144 public DecisionResponse convertResponse(Response xacmlResponse) {
145 LOGGER.info("Converting Response {}", xacmlResponse);
146 DecisionResponse decisionResponse = new DecisionResponse();
150 decisionResponse.setPolicies(new HashMap<>());
152 // Iterate through all the results
154 for (Result xacmlResult : xacmlResponse.getResults()) {
158 if (xacmlResult.getDecision() == Decision.PERMIT) {
160 // Go through obligations
162 scanObligations(xacmlResult.getObligations(), decisionResponse);
164 if (xacmlResult.getDecision() == Decision.DENY
165 || xacmlResult.getDecision() == Decision.INDETERMINATE) {
167 // TODO we have to return an ErrorResponse object instead
169 decisionResponse.setStatus("A better error message");
173 return decisionResponse;
176 protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
177 for (Obligation obligation : obligations) {
178 LOGGER.info("Obligation: {}", obligation);
179 for (AttributeAssignment assignment : obligation.getAttributeAssignments()) {
180 LOGGER.info("Attribute Assignment: {}", assignment);
182 // We care about the content attribute
184 if (ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS
185 .equals(assignment.getAttributeId())) {
187 // The contents are in Json form
189 Object stringContents = assignment.getAttributeValue().getValue();
190 if (LOGGER.isInfoEnabled()) {
191 LOGGER.info("DCAE contents: {}{}", System.lineSeparator(), stringContents);
194 // Let's parse it into a map using Gson
196 Gson gson = new Gson();
197 @SuppressWarnings("unchecked")
198 Map<String, Object> result = gson.fromJson(stringContents.toString() ,Map.class);
200 // Find the metadata section
202 @SuppressWarnings("unchecked")
203 Map<String, Object> metadata = (Map<String, Object>) result.get("metadata");
204 if (metadata != null) {
205 decisionResponse.getPolicies().put(metadata.get(POLICY_ID).toString(), result);
207 LOGGER.error("Missing metadata section in policy contained in obligation.");
215 * From the TOSCA metadata section, pull in values that are needed into the XACML policy.
217 * @param policy Policy Object to store the metadata
218 * @param map The Metadata TOSCA Map
219 * @return Same Policy Object
220 * @throws ToscaPolicyConversionException If there is something missing from the metadata
222 protected PolicyType fillMetadataSection(PolicyType policy,
223 Map<String, String> map) throws ToscaPolicyConversionException {
224 if (! map.containsKey(POLICY_ID)) {
225 throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
228 // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field
231 if (! map.containsKey("policy-version")) {
232 throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version");
235 // Add in the Policy Version
237 policy.setVersion(map.get("policy-version"));
242 protected TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) {
244 // Create all the match's that are possible
246 // This is for the Policy Id
248 MatchType matchPolicyId = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
249 XACML3.ID_FUNCTION_STRING_EQUAL,
251 XACML3.ID_DATATYPE_STRING,
252 ToscaDictionary.ID_RESOURCE_POLICY_ID,
253 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
255 // This is for the Policy Type
257 MatchType matchPolicyType = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
258 XACML3.ID_FUNCTION_STRING_EQUAL,
260 XACML3.ID_DATATYPE_STRING,
261 ToscaDictionary.ID_RESOURCE_POLICY_TYPE,
262 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
264 // This is for the Policy Type version
266 MatchType matchPolicyTypeVersion = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
267 XACML3.ID_FUNCTION_STRING_EQUAL,
269 XACML3.ID_DATATYPE_STRING,
270 ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION,
271 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
273 // This is our outer AnyOf - which is an OR
275 AnyOfType anyOf = new AnyOfType();
277 // Create AllOf (AND) of just Policy Id
279 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyId));
281 // Create AllOf (AND) of just Policy Type
283 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType));
285 // Create AllOf (AND) of Policy Type and Policy Type Version
287 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion));
289 // Now we can create the TargetType, add the top-level anyOf (OR),
290 // and return the value.
292 TargetType target = new TargetType();
293 target.getAnyOf().add(anyOf);
297 protected RuleType addObligation(RuleType rule, String jsonPolicy) {
299 // Convert the YAML Policy to JSON Object
301 if (LOGGER.isInfoEnabled()) {
302 LOGGER.info("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
305 // Create an AttributeValue for it
307 AttributeValueType value = new AttributeValueType();
308 value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue());
309 value.getContent().add(jsonPolicy);
311 // Create our AttributeAssignmentExpression where we will
312 // store the contents of the policy in JSON format.
314 AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType();
315 expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue());
316 ObjectFactory factory = new ObjectFactory();
317 expressionType.setExpression(factory.createAttributeValue(value));
319 // Create an ObligationExpression for it
321 ObligationExpressionType obligation = new ObligationExpressionType();
322 obligation.setFulfillOn(EffectType.PERMIT);
323 obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue());
324 obligation.getAttributeAssignmentExpression().add(expressionType);
326 // Now we can add it into the rule
328 ObligationExpressionsType obligations = new ObligationExpressionsType();
329 obligations.getObligationExpression().add(obligation);
330 rule.setObligationExpressions(obligations);