2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
6 * Modifications Copyright (C) 2021 Nordix Foundation.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
20 * SPDX-License-Identifier: Apache-2.0
21 * ============LICENSE_END=========================================================
24 package org.onap.policy.pdp.xacml.application.common.std;
26 import com.att.research.xacml.api.Request;
27 import com.att.research.xacml.api.Response;
28 import com.att.research.xacml.api.pdp.PDPEngine;
29 import com.att.research.xacml.api.pdp.PDPEngineFactory;
30 import com.att.research.xacml.api.pdp.PDPException;
31 import com.att.research.xacml.util.FactoryException;
32 import java.io.IOException;
33 import java.nio.charset.StandardCharsets;
34 import java.nio.file.Files;
35 import java.nio.file.Path;
36 import java.util.ArrayList;
37 import java.util.Collections;
38 import java.util.HashMap;
39 import java.util.List;
41 import java.util.Properties;
42 import lombok.AccessLevel;
44 import lombok.NoArgsConstructor;
45 import org.apache.commons.lang3.tuple.Pair;
46 import org.onap.policy.common.endpoints.event.comm.bus.internal.BusTopicParams;
47 import org.onap.policy.models.decisions.concepts.DecisionRequest;
48 import org.onap.policy.models.decisions.concepts.DecisionResponse;
49 import org.onap.policy.models.tosca.authorative.concepts.ToscaConceptIdentifier;
50 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
51 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
52 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
53 import org.onap.policy.pdp.xacml.application.common.XacmlApplicationException;
54 import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
55 import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils;
56 import org.slf4j.Logger;
57 import org.slf4j.LoggerFactory;
59 @NoArgsConstructor(access = AccessLevel.PROTECTED)
60 public abstract class StdXacmlApplicationServiceProvider implements XacmlApplicationServiceProvider {
62 private static final Logger LOGGER = LoggerFactory.getLogger(StdXacmlApplicationServiceProvider.class);
64 protected String applicationName = "Please Override";
65 protected List<String> actions = Collections.emptyList();
66 protected List<ToscaConceptIdentifier> supportedPolicyTypes = new ArrayList<>();
68 private Path pathForData = null;
70 private BusTopicParams policyApiParameters;
71 private Properties pdpProperties = null;
72 private PDPEngine pdpEngine = null;
73 private Map<ToscaPolicy, Path> mapLoadedPolicies = new HashMap<>();
76 public String applicationName() {
77 return applicationName;
81 public List<String> actionDecisionsSupported() {
86 public void initialize(Path pathForData, BusTopicParams policyApiParameters)
87 throws XacmlApplicationException {
91 this.pathForData = pathForData;
92 LOGGER.info("New Path is {}", this.pathForData.toAbsolutePath());
96 this.policyApiParameters = policyApiParameters;
98 // Look for and load the properties object
101 pdpProperties = XacmlPolicyUtils.loadXacmlProperties(XacmlPolicyUtils.getPropertiesPath(pathForData));
102 LOGGER.info("{}", pdpProperties);
103 } catch (IOException e) {
104 throw new XacmlApplicationException("Failed to load " + XacmlPolicyUtils.XACML_PROPERTY_FILE, e);
109 createEngine(pdpProperties);
113 public List<ToscaConceptIdentifier> supportedPolicyTypes() {
114 return supportedPolicyTypes;
118 public boolean canSupportPolicyType(ToscaConceptIdentifier policyTypeId) {
119 throw new UnsupportedOperationException("Please override and implement canSupportPolicyType");
123 public synchronized void loadPolicy(ToscaPolicy toscaPolicy) throws XacmlApplicationException {
126 // Convert the policies first
128 Object xacmlPolicy = this.getTranslator(toscaPolicy.getType()).convertPolicy(toscaPolicy);
129 if (xacmlPolicy == null) {
130 throw new ToscaPolicyConversionException("Failed to convert policy");
133 // Create a copy of the properties object
135 var newProperties = this.getProperties();
137 // Construct the filename
139 var refPath = XacmlPolicyUtils.constructUniquePolicyFilename(xacmlPolicy, this.getDataPath());
141 // Write the policy to disk
142 // Maybe check for an error
144 if (XacmlPolicyUtils.writePolicyFile(refPath, xacmlPolicy) == null) {
145 throw new ToscaPolicyConversionException("Unable to writePolicyFile");
147 if (LOGGER.isInfoEnabled()) {
148 LOGGER.info("Xacml Policy is {}{}", XacmlPolicyUtils.LINE_SEPARATOR,
149 new String(Files.readAllBytes(refPath), StandardCharsets.UTF_8));
152 // Add root policy to properties object
154 XacmlPolicyUtils.addRootPolicy(newProperties, refPath);
156 // Write the properties to disk
158 XacmlPolicyUtils.storeXacmlProperties(newProperties,
159 XacmlPolicyUtils.getPropertiesPath(this.getDataPath()));
163 this.createEngine(newProperties);
165 // Save the properties
167 this.pdpProperties = newProperties;
171 this.mapLoadedPolicies.put(toscaPolicy, refPath);
172 } catch (IOException | ToscaPolicyConversionException e) {
173 throw new XacmlApplicationException("loadPolicy failed", e);
178 public synchronized boolean unloadPolicy(ToscaPolicy toscaPolicy) throws XacmlApplicationException {
180 // Find it in our map
182 Path refPolicy = this.mapLoadedPolicies.get(toscaPolicy);
183 if (refPolicy == null) {
184 LOGGER.error("Failed to find ToscaPolicy {} in our map size {}", toscaPolicy.getMetadata(),
185 this.mapLoadedPolicies.size());
189 // Create a copy of the properties object
191 var newProperties = this.getProperties();
193 // Remove it from the properties
195 XacmlPolicyUtils.removeRootPolicy(newProperties, refPolicy);
197 // We can delete the file
200 Files.delete(refPolicy);
201 } catch (IOException e) {
202 LOGGER.error("Failed to delete policy {} from disk {}", toscaPolicy.getMetadata(),
203 refPolicy.toAbsolutePath(), e);
206 // Write the properties to disk
209 XacmlPolicyUtils.storeXacmlProperties(newProperties,
210 XacmlPolicyUtils.getPropertiesPath(this.getDataPath()));
211 } catch (IOException e) {
212 LOGGER.error("Failed to save the properties to disk {}", newProperties, e);
217 this.createEngine(newProperties);
219 // Save the properties
221 this.pdpProperties = newProperties;
225 if (this.mapLoadedPolicies.remove(toscaPolicy) == null) {
226 LOGGER.error("Failed to remove toscaPolicy {} from internal map size {}", toscaPolicy.getMetadata(),
227 this.mapLoadedPolicies.size());
230 // Not sure if any of the errors above warrant returning false
236 public Pair<DecisionResponse, Response> makeDecision(DecisionRequest request,
237 Map<String, String[]> requestQueryParams) {
239 // Convert to a XacmlRequest
241 Request xacmlRequest;
243 xacmlRequest = this.getTranslator().convertRequest(request);
244 } catch (ToscaPolicyConversionException e) {
245 LOGGER.error("Failed to convert request", e);
246 var response = new DecisionResponse();
247 response.setStatus("error");
248 response.setMessage(e.getLocalizedMessage());
249 return Pair.of(response, null);
252 // Now get a decision
254 var xacmlResponse = this.xacmlDecision(xacmlRequest);
256 // Convert to a DecisionResponse
258 return Pair.of(this.getTranslator().convertResponse(xacmlResponse), xacmlResponse);
261 protected abstract ToscaPolicyTranslator getTranslator(String type);
263 protected ToscaPolicyTranslator getTranslator() {
264 return this.getTranslator("");
267 protected synchronized PDPEngine getEngine() {
268 return this.pdpEngine;
271 protected synchronized Properties getProperties() {
272 var newProperties = new Properties();
273 newProperties.putAll(pdpProperties);
274 return newProperties;
277 protected synchronized Path getDataPath() {
282 * Creates an instance of PDP engine given the Properties object.
284 protected synchronized void createEngine(Properties properties) {
286 // Now initialize the XACML PDP Engine
289 var factory = getPdpEngineFactory();
290 PDPEngine engine = factory.newEngine(properties);
291 if (engine != null) {
293 // If there is a previous engine have it shutdown.
295 this.destroyEngine();
299 this.pdpEngine = engine;
301 } catch (FactoryException e) {
302 LOGGER.error("Failed to create XACML PDP Engine", e);
306 protected synchronized void destroyEngine() {
307 if (this.pdpEngine == null) {
311 this.pdpEngine.shutdown();
312 } catch (Exception e) {
313 LOGGER.warn("Exception thrown when destroying XACML PDP engine.", e);
315 this.pdpEngine = null;
319 * Make a decision call.
321 * @param request Incoming request object
322 * @return Response object
324 protected synchronized Response xacmlDecision(Request request) {
326 // This is what we need to return
328 Response response = null;
332 long timeStart = System.currentTimeMillis();
334 response = this.pdpEngine.decide(request);
335 } catch (PDPException e) {
336 LOGGER.error("Xacml PDP Engine decide failed", e);
339 // Track the end of timing
341 long timeEnd = System.currentTimeMillis();
342 LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart));
347 // these may be overridden by junit tests
349 protected PDPEngineFactory getPdpEngineFactory() throws FactoryException {
350 return PDPEngineFactory.newInstance();