gerrit.onap Code Review - policy/xacml-pdp.git/blob

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * ONAP
   4  * ================================================================================
   5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  *
  19  * SPDX-License-Identifier: Apache-2.0
  20  * ============LICENSE_END=========================================================
  21  */
  22
  23 package org.onap.policy.pdp.xacml.application.common.std;
  24
  25 import com.att.research.xacml.api.AttributeAssignment;
  26 import com.att.research.xacml.api.DataTypeException;
  27 import com.att.research.xacml.api.Decision;
  28 import com.att.research.xacml.api.Obligation;
  29 import com.att.research.xacml.api.Request;
  30 import com.att.research.xacml.api.Response;
  31 import com.att.research.xacml.api.Result;
  32 import com.att.research.xacml.api.XACML3;
  33 import com.att.research.xacml.std.annotations.RequestParser;
  34 import com.google.gson.Gson;
  35
  36 import java.util.Collection;
  37 import java.util.HashMap;
  38 import java.util.Map;
  39
  40 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
  41 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
  42 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
  43 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
  44 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
  45 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
  46 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
  47 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
  48 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
  49 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
  50 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
  51
  52 import org.onap.policy.common.utils.coder.CoderException;
  53 import org.onap.policy.common.utils.coder.StandardCoder;
  54 import org.onap.policy.models.decisions.concepts.DecisionRequest;
  55 import org.onap.policy.models.decisions.concepts.DecisionResponse;
  56 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
  57 import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
  58 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
  59 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
  60 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
  61 import org.slf4j.Logger;
  62 import org.slf4j.LoggerFactory;
  63
  64 public class StdCombinedPolicyResultsTranslator implements ToscaPolicyTranslator {
  65
  66     private static final Logger LOGGER = LoggerFactory.getLogger(StdCombinedPolicyResultsTranslator.class);
  67     private static final String POLICY_ID = "policy-id";
  68
  69     public StdCombinedPolicyResultsTranslator() {
  70         super();
  71     }
  72
  73     @Override
  74     public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
  75         //
  76         // Set it as the policy ID
  77         //
  78         PolicyType newPolicyType = new PolicyType();
  79         newPolicyType.setPolicyId(toscaPolicy.getMetadata().get(POLICY_ID));
  80         //
  81         // Optional description
  82         //
  83         newPolicyType.setDescription(toscaPolicy.getDescription());
  84         //
  85         // There should be a metadata section
  86         //
  87         this.fillMetadataSection(newPolicyType, toscaPolicy.getMetadata());
  88         //
  89         // Set the combining rule
  90         //
  91         newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
  92         //
  93         // Generate the TargetType
  94         //
  95         TargetType target = this.generateTargetType(toscaPolicy.getMetadata().get(POLICY_ID),
  96                 toscaPolicy.getType(), toscaPolicy.getVersion());
  97         newPolicyType.setTarget(target);
  98         //
  99         // Now create the Permit Rule
 100         // No target since the policy has a target
 101         // With obligations.
 102         //
 103         RuleType rule = new RuleType();
 104         rule.setDescription("Default is to PERMIT if the policy matches.");
 105         rule.setRuleId(toscaPolicy.getMetadata().get(POLICY_ID) + ":rule");
 106         rule.setEffect(EffectType.PERMIT);
 107         rule.setTarget(new TargetType());
 108         //
 109         // Now represent the policy as Json
 110         //
 111         StandardCoder coder = new StandardCoder();
 112         String jsonPolicy;
 113         try {
 114             jsonPolicy = coder.encode(toscaPolicy);
 115         } catch (CoderException e) {
 116             LOGGER.error("Failed to encode policy to json", e);
 117             throw new ToscaPolicyConversionException(e);
 118         }
 119         addObligation(rule, jsonPolicy);
 120         //
 121         // Add the rule to the policy
 122         //
 123         newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
 124         //
 125         // Return our new policy
 126         //
 127         return newPolicyType;
 128     }
 129
 130     @Override
 131     public Request convertRequest(DecisionRequest request) {
 132         LOGGER.info("Converting Request {}", request);
 133         try {
 134             return RequestParser.parseRequest(StdCombinedPolicyRequest.createInstance(request));
 135         } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
 136             LOGGER.error("Failed to convert DecisionRequest: {}", e);
 137         }
 138         //
 139         // TODO throw exception
 140         //
 141         return null;
 142     }
 143
 144     @Override
 145     public DecisionResponse convertResponse(Response xacmlResponse) {
 146         LOGGER.debug("Converting Response {}", xacmlResponse);
 147         DecisionResponse decisionResponse = new DecisionResponse();
 148         //
 149         // Setup policies
 150         //
 151         decisionResponse.setPolicies(new HashMap<>());
 152         //
 153         // Iterate through all the results
 154         //
 155         for (Result xacmlResult : xacmlResponse.getResults()) {
 156             //
 157             // Check the result
 158             //
 159             if (xacmlResult.getDecision() == Decision.PERMIT) {
 160                 //
 161                 // Go through obligations
 162                 //
 163                 scanObligations(xacmlResult.getObligations(), decisionResponse);
 164             }
 165             if (xacmlResult.getDecision() == Decision.DENY
 166                     || xacmlResult.getDecision() == Decision.INDETERMINATE) {
 167                 //
 168                 // TODO we have to return an ErrorResponse object instead
 169                 //
 170                 decisionResponse.setStatus("A better error message");
 171             }
 172         }
 173
 174         return decisionResponse;
 175     }
 176
 177     protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
 178         for (Obligation obligation : obligations) {
 179             LOGGER.info("Obligation: {}", obligation);
 180             for (AttributeAssignment assignment : obligation.getAttributeAssignments()) {
 181                 LOGGER.info("Attribute Assignment: {}", assignment);
 182                 //
 183                 // We care about the content attribute
 184                 //
 185                 if (ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS
 186                         .equals(assignment.getAttributeId())) {
 187                     //
 188                     // The contents are in Json form
 189                     //
 190                     Object stringContents = assignment.getAttributeValue().getValue();
 191                     if (LOGGER.isInfoEnabled()) {
 192                         LOGGER.info("DCAE contents: {}{}", System.lineSeparator(), stringContents);
 193                     }
 194                     //
 195                     // Let's parse it into a map using Gson
 196                     //
 197                     Gson gson = new Gson();
 198                     @SuppressWarnings("unchecked")
 199                     Map<String, Object> result = gson.fromJson(stringContents.toString() ,Map.class);
 200                     //
 201                     // Find the metadata section
 202                     //
 203                     @SuppressWarnings("unchecked")
 204                     Map<String, Object> metadata = (Map<String, Object>) result.get("metadata");
 205                     if (metadata != null) {
 206                         decisionResponse.getPolicies().put(metadata.get(POLICY_ID).toString(), result);
 207                     } else {
 208                         LOGGER.error("Missing metadata section in policy contained in obligation.");
 209                     }
 210                 }
 211             }
 212         }
 213     }
 214
 215     /**
 216      * From the TOSCA metadata section, pull in values that are needed into the XACML policy.
 217      *
 218      * @param policy Policy Object to store the metadata
 219      * @param map The Metadata TOSCA Map
 220      * @return Same Policy Object
 221      * @throws ToscaPolicyConversionException If there is something missing from the metadata
 222      */
 223     protected PolicyType fillMetadataSection(PolicyType policy,
 224             Map<String, String> map) throws ToscaPolicyConversionException {
 225         if (! map.containsKey(POLICY_ID)) {
 226             throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
 227         } else {
 228             //
 229             // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field
 230             //
 231         }
 232         if (! map.containsKey("policy-version")) {
 233             throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version");
 234         } else {
 235             //
 236             // Add in the Policy Version
 237             //
 238             policy.setVersion(map.get("policy-version"));
 239         }
 240         return policy;
 241     }
 242
 243     protected TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) {
 244         //
 245         // Create all the match's that are possible
 246         //
 247         // This is for the Policy Id
 248         //
 249         MatchType matchPolicyId = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
 250                 XACML3.ID_FUNCTION_STRING_EQUAL,
 251                 policyId,
 252                 XACML3.ID_DATATYPE_STRING,
 253                 ToscaDictionary.ID_RESOURCE_POLICY_ID,
 254                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 255         //
 256         // This is for the Policy Type
 257         //
 258         MatchType matchPolicyType = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
 259                 XACML3.ID_FUNCTION_STRING_EQUAL,
 260                 policyType,
 261                 XACML3.ID_DATATYPE_STRING,
 262                 ToscaDictionary.ID_RESOURCE_POLICY_TYPE,
 263                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 264         //
 265         // This is for the Policy Type version
 266         //
 267         MatchType matchPolicyTypeVersion = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
 268                 XACML3.ID_FUNCTION_STRING_EQUAL,
 269                 policyTypeVersion,
 270                 XACML3.ID_DATATYPE_STRING,
 271                 ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION,
 272                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 273         //
 274         // This is our outer AnyOf - which is an OR
 275         //
 276         AnyOfType anyOf = new AnyOfType();
 277         //
 278         // Create AllOf (AND) of just Policy Id
 279         //
 280         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyId));
 281         //
 282         // Create AllOf (AND) of just Policy Type
 283         //
 284         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType));
 285         //
 286         // Create AllOf (AND) of Policy Type and Policy Type Version
 287         //
 288         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion));
 289         //
 290         // Now we can create the TargetType, add the top-level anyOf (OR),
 291         // and return the value.
 292         //
 293         TargetType target = new TargetType();
 294         target.getAnyOf().add(anyOf);
 295         return target;
 296     }
 297
 298     protected RuleType addObligation(RuleType rule, String jsonPolicy) {
 299         //
 300         // Convert the YAML Policy to JSON Object
 301         //
 302         if (LOGGER.isInfoEnabled()) {
 303             LOGGER.info("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
 304         }
 305         //
 306         // Create an AttributeValue for it
 307         //
 308         AttributeValueType value = new AttributeValueType();
 309         value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue());
 310         value.getContent().add(jsonPolicy);
 311         //
 312         // Create our AttributeAssignmentExpression where we will
 313         // store the contents of the policy in JSON format.
 314         //
 315         AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType();
 316         expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue());
 317         ObjectFactory factory = new ObjectFactory();
 318         expressionType.setExpression(factory.createAttributeValue(value));
 319         //
 320         // Create an ObligationExpression for it
 321         //
 322         ObligationExpressionType obligation = new ObligationExpressionType();
 323         obligation.setFulfillOn(EffectType.PERMIT);
 324         obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue());
 325         obligation.getAttributeAssignmentExpression().add(expressionType);
 326         //
 327         // Now we can add it into the rule
 328         //
 329         ObligationExpressionsType obligations = new ObligationExpressionsType();
 330         obligations.getObligationExpression().add(obligation);
 331         rule.setObligationExpressions(obligations);
 332         return rule;
 333     }
 334
 335 }