* ============LICENSE_START=======================================================
* ONAP
* ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019-2022 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
package org.onap.policy.pdp.xacml.application.common.std;
-import com.att.research.xacml.api.AttributeAssignment;
+import com.att.research.xacml.api.Advice;
import com.att.research.xacml.api.DataTypeException;
-import com.att.research.xacml.api.Decision;
+import com.att.research.xacml.api.Identifier;
import com.att.research.xacml.api.Obligation;
import com.att.research.xacml.api.Request;
-import com.att.research.xacml.api.Response;
-import com.att.research.xacml.api.Result;
import com.att.research.xacml.api.XACML3;
import com.att.research.xacml.std.annotations.RequestParser;
-import com.att.research.xacml.util.XACMLPolicyWriter;
-import com.google.gson.Gson;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.ArrayList;
+import com.google.common.base.Strings;
import java.util.Collection;
-import java.util.List;
import java.util.Map;
-import java.util.Map.Entry;
-
+import lombok.NoArgsConstructor;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
-
-import org.json.JSONObject;
+import org.onap.policy.common.utils.coder.CoderException;
+import org.onap.policy.common.utils.coder.StandardCoder;
import org.onap.policy.models.decisions.concepts.DecisionRequest;
import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
+import org.onap.policy.pdp.xacml.application.common.OnapObligation;
import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
-import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class StdCombinedPolicyResultsTranslator implements ToscaPolicyTranslator {
+@NoArgsConstructor
+public class StdCombinedPolicyResultsTranslator extends StdBaseTranslator {
private static final Logger LOGGER = LoggerFactory.getLogger(StdCombinedPolicyResultsTranslator.class);
- public StdCombinedPolicyResultsTranslator() {
- super();
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public List<PolicyType> scanAndConvertPolicies(Map<String, Object> toscaObject)
- throws ToscaPolicyConversionException {
- //
- // Our return object
- //
- List<PolicyType> scannedPolicies = new ArrayList<>();
- //
- // Iterate each of the Policies
- //
- List<Object> policies = (List<Object>) toscaObject.get("policies");
- for (Object policyObject : policies) {
- //
- // Get the contents
- //
- LOGGER.debug("Found policy {}", policyObject.getClass());
- Map<String, Object> policyContents = (Map<String, Object>) policyObject;
- for (Entry<String, Object> entrySet : policyContents.entrySet()) {
- LOGGER.debug("Entry set {}", entrySet);
- //
- // Convert this policy
- //
- PolicyType policy = this.convertPolicy(entrySet);
- try (ByteArrayOutputStream os = new ByteArrayOutputStream()) {
- XACMLPolicyWriter.writePolicyFile(os, policy);
- LOGGER.debug("{}", os);
- } catch (IOException e) {
- LOGGER.error("Failed to convert {}", e);
- }
- //
- // Convert and add in the new policy
- //
- scannedPolicies.add(policy);
- }
- }
-
- return scannedPolicies;
- }
-
@Override
- public Request convertRequest(DecisionRequest request) {
- LOGGER.debug("Converting Request {}", request);
- try {
- return RequestParser.parseRequest(StdCombinedPolicyRequest.createInstance(request));
- } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
- LOGGER.error("Failed to convert DecisionRequest: {}", e);
- }
+ public Object convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
//
- // TODO throw exception
+ // Sanity checks
//
- return null;
- }
-
- @Override
- public DecisionResponse convertResponse(Response xacmlResponse) {
- LOGGER.debug("Converting Response {}", xacmlResponse);
- DecisionResponse decisionResponse = new DecisionResponse();
- //
- // Iterate through all the results
- //
- for (Result xacmlResult : xacmlResponse.getResults()) {
- //
- // Check the result
- //
- if (xacmlResult.getDecision() == Decision.PERMIT) {
- //
- // Setup policies
- //
- decisionResponse.setPolicies(new ArrayList<>());
- //
- // Go through obligations
- //
- scanObligations(xacmlResult.getObligations(), decisionResponse);
- }
- if (xacmlResult.getDecision() == Decision.NOTAPPLICABLE) {
- //
- // There is no policy
- //
- decisionResponse.setPolicies(new ArrayList<>());
- }
- if (xacmlResult.getDecision() == Decision.DENY
- || xacmlResult.getDecision() == Decision.INDETERMINATE) {
- //
- // TODO we have to return an ErrorResponse object instead
- //
- decisionResponse.setStatus("A better error message");
- }
+ if (toscaPolicy == null) {
+ throw new ToscaPolicyConversionException("Cannot convert a NULL policy");
}
-
- return decisionResponse;
- }
-
- protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
- for (Obligation obligation : obligations) {
- LOGGER.debug("Obligation: {}", obligation);
- for (AttributeAssignment assignment : obligation.getAttributeAssignments()) {
- LOGGER.debug("Attribute Assignment: {}", assignment);
- //
- // We care about the content attribute
- //
- if (ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS
- .equals(assignment.getAttributeId())) {
- //
- // The contents are in Json form
- //
- Object stringContents = assignment.getAttributeValue().getValue();
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("DCAE contents: {}{}", System.lineSeparator(), stringContents);
- }
- //
- // Let's parse it into a map using Gson
- //
- Gson gson = new Gson();
- @SuppressWarnings("unchecked")
- Map<String, Object> result = gson.fromJson(stringContents.toString() ,Map.class);
- decisionResponse.getPolicies().add(result);
- }
- }
+ if (toscaPolicy.getMetadata() == null) {
+ throw new ToscaPolicyConversionException("Cannot convert a policy with missing metadata section");
}
- }
-
- @SuppressWarnings("unchecked")
- protected PolicyType convertPolicy(Entry<String, Object> entrySet) throws ToscaPolicyConversionException {
//
- // Policy name should be at the root
+ // Get the policy Id
//
- String policyName = entrySet.getKey();
- Map<String, Object> policyDefinition = (Map<String, Object>) entrySet.getValue();
+ String policyId = String.valueOf(toscaPolicy.getMetadata().get(POLICY_ID));
//
// Set it as the policy ID
//
- PolicyType newPolicyType = new PolicyType();
- newPolicyType.setPolicyId(policyName);
+ var newPolicyType = new PolicyType();
+ newPolicyType.setPolicyId(policyId);
//
// Optional description
//
- if (policyDefinition.containsKey("description")) {
- newPolicyType.setDescription(policyDefinition.get("description").toString());
- }
+ newPolicyType.setDescription(toscaPolicy.getDescription());
//
// There should be a metadata section
//
- if (! policyDefinition.containsKey("metadata")) {
- throw new ToscaPolicyConversionException(policyName + " missing metadata section");
- }
- this.fillMetadataSection(newPolicyType,
- (Map<String, Object>) policyDefinition.get("metadata"));
+ this.fillMetadataSection(newPolicyType, toscaPolicy.getMetadata());
//
// Set the combining rule
//
//
// Generate the TargetType
//
- if (! policyDefinition.containsKey("type")) {
- throw new ToscaPolicyConversionException(policyName + " missing type value");
- }
- if (! policyDefinition.containsKey("version")) {
- throw new ToscaPolicyConversionException(policyName + " missing version value");
- }
- TargetType target = this.generateTargetType(policyName,
- policyDefinition.get("type").toString(),
- policyDefinition.get("version").toString());
+ var target = this.generateTargetType(policyId, toscaPolicy.getType(), toscaPolicy.getVersion());
newPolicyType.setTarget(target);
//
// Now create the Permit Rule
// No target since the policy has a target
// With obligations.
//
- RuleType rule = new RuleType();
+ var rule = new RuleType();
rule.setDescription("Default is to PERMIT if the policy matches.");
- rule.setRuleId(policyName + ":rule");
+ rule.setRuleId(policyId + ":rule");
rule.setEffect(EffectType.PERMIT);
rule.setTarget(new TargetType());
//
// Now represent the policy as Json
//
- JSONObject jsonObligation = new JSONObject();
- jsonObligation.put(policyName, policyDefinition);
- addObligation(rule, jsonObligation);
+ var coder = new StandardCoder();
+ String jsonPolicy;
+ try {
+ jsonPolicy = coder.encode(toscaPolicy);
+ } catch (CoderException e) {
+ throw new ToscaPolicyConversionException(e);
+ }
+ addObligation(rule, policyId, jsonPolicy, null, toscaPolicy.getType());
//
// Add the rule to the policy
//
return newPolicyType;
}
+ @Override
+ public Request convertRequest(DecisionRequest request) throws ToscaPolicyConversionException {
+ LOGGER.info("Converting Request {}", request);
+ try {
+ return RequestParser.parseRequest(StdCombinedPolicyRequest.createInstance(request));
+ } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
+ throw new ToscaPolicyConversionException("Failed to parse request", e);
+ }
+ }
+
/**
- * From the TOSCA metadata section, pull in values that are needed into the XACML policy.
+ * scanObligations - scans the list of obligations and make appropriate method calls to process
+ * obligations.
*
- * @param policy Policy Object to store the metadata
- * @param metadata The Metadata TOSCA Map
- * @return Same Policy Object
- * @throws ToscaPolicyConversionException If there is something missing from the metadata
+ * @param obligations Collection of obligation objects
+ * @param decisionResponse DecisionResponse object used to store any results from obligations.
*/
- protected PolicyType fillMetadataSection(PolicyType policy,
- Map<String, Object> metadata) throws ToscaPolicyConversionException {
- if (! metadata.containsKey("policy-id")) {
- throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
- } else {
- //
- // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field
- //
+ @Override
+ protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
+ for (Obligation obligation : obligations) {
+ Identifier obligationId = obligation.getId();
+ LOGGER.info("Obligation: {}", obligationId);
+ if (ToscaDictionary.ID_OBLIGATION_REST_BODY.equals(obligationId)) {
+ scanContentObligation(obligation, decisionResponse);
+ }
}
- if (! metadata.containsKey("policy-version")) {
- throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version");
+ }
+
+ /**
+ * scanAdvice - not implemented in this class.
+ *
+ * @param advice Collection of advice objects
+ * @param decisionResponse DecisionResponse object
+ */
+ @Override
+ protected void scanAdvice(Collection<Advice> advice, DecisionResponse decisionResponse) {
+ //
+ // By default there are no advice supported in this object. Please override and provide
+ // any needed functionality.
+ //
+ LOGGER.warn("Advice found - not supported in this class {}", this.getClass());
+ }
+
+ /**
+ * scanContentObligation - scans the specific obligation for policy-id and policy-content.
+ *
+ * @param obligation Obligation incoming obligation object
+ * @param decisionResponse DecisionResponse object
+ */
+ protected void scanContentObligation(Obligation obligation, DecisionResponse decisionResponse) {
+ //
+ // Create our OnapObligation which will scan for attributes
+ //
+ var onapObligation = new OnapObligation(obligation);
+ //
+ // Get the attributes we care about
+ //
+ String policyId = onapObligation.getPolicyId();
+ Map<String, Object> policyContent = onapObligation.getPolicyContentAsMap();
+ //
+ // Sanity check that we got the attributes we care about. NOTE: This translator
+ // ensures that these are set when convertPolicy is called.
+ //
+ if (! Strings.isNullOrEmpty(policyId) && !policyContent.isEmpty()) {
+ decisionResponse.getPolicies().put(policyId, policyContent);
} else {
- //
- // Add in the Policy Version
- //
- policy.setVersion(metadata.get("policy-version").toString());
+ LOGGER.error("Missing obligation policyId {} or policyContent {}", policyId,
+ policyContent == null ? "null" : policyContent.size());
}
- return policy;
}
+ /**
+ * generateTargetType - Generates a TargetType object for the policy-id and policy-type.
+ *
+ * @param policyId String policy-id
+ * @param policyType String policy type
+ * @param policyTypeVersion String policy type version
+ * @return TargetType object
+ */
protected TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) {
//
// Create all the match's that are possible
//
// This is for the Policy Id
//
- MatchType matchPolicyId = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
+ var matchPolicyId = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
XACML3.ID_FUNCTION_STRING_EQUAL,
policyId,
XACML3.ID_DATATYPE_STRING,
//
// This is for the Policy Type
//
- MatchType matchPolicyType = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
+ var matchPolicyType = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
XACML3.ID_FUNCTION_STRING_EQUAL,
policyType,
XACML3.ID_DATATYPE_STRING,
//
// This is for the Policy Type version
//
- MatchType matchPolicyTypeVersion = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
+ var matchPolicyTypeVersion = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
XACML3.ID_FUNCTION_STRING_EQUAL,
policyTypeVersion,
XACML3.ID_DATATYPE_STRING,
//
// This is our outer AnyOf - which is an OR
//
- AnyOfType anyOf = new AnyOfType();
+ var anyOf = new AnyOfType();
//
// Create AllOf (AND) of just Policy Id
//
// Now we can create the TargetType, add the top-level anyOf (OR),
// and return the value.
//
- TargetType target = new TargetType();
+ var target = new TargetType();
target.getAnyOf().add(anyOf);
return target;
}
- protected RuleType addObligation(RuleType rule, JSONObject jsonPolicy) {
- //
- // Convert the YAML Policy to JSON Object
- //
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
- }
- //
- // Create an AttributeValue for it
- //
- AttributeValueType value = new AttributeValueType();
- value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue());
- value.getContent().add(jsonPolicy.toString());
- //
- // Create our AttributeAssignmentExpression where we will
- // store the contents of the policy in JSON format.
- //
- AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType();
- expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue());
- ObjectFactory factory = new ObjectFactory();
- expressionType.setExpression(factory.createAttributeValue(value));
- //
- // Create an ObligationExpression for it
- //
- ObligationExpressionType obligation = new ObligationExpressionType();
- obligation.setFulfillOn(EffectType.PERMIT);
- obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue());
- obligation.getAttributeAssignmentExpression().add(expressionType);
- //
- // Now we can add it into the rule
- //
- ObligationExpressionsType obligations = new ObligationExpressionsType();
- obligations.getObligationExpression().add(obligation);
- rule.setObligationExpressions(obligations);
- return rule;
- }
-
}