import com.att.research.xacml.api.Result;
import com.att.research.xacml.api.XACML3;
import com.att.research.xacml.std.annotations.RequestParser;
-import com.att.research.xacml.util.XACMLPolicyWriter;
import com.google.gson.Gson;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.Collection;
+import java.util.HashMap;
import java.util.Map;
-import java.util.Map.Entry;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
-import org.json.JSONObject;
+import org.onap.policy.common.utils.coder.CoderException;
+import org.onap.policy.common.utils.coder.StandardCoder;
import org.onap.policy.models.decisions.concepts.DecisionRequest;
import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
public class StdCombinedPolicyResultsTranslator implements ToscaPolicyTranslator {
private static final Logger LOGGER = LoggerFactory.getLogger(StdCombinedPolicyResultsTranslator.class);
+ private static final String POLICY_ID = "policy-id";
public StdCombinedPolicyResultsTranslator() {
super();
}
- @SuppressWarnings("unchecked")
@Override
- public List<PolicyType> scanAndConvertPolicies(Map<String, Object> toscaObject)
- throws ToscaPolicyConversionException {
+ public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
//
- // Our return object
+ // Set it as the policy ID
//
- List<PolicyType> scannedPolicies = new ArrayList<>();
+ PolicyType newPolicyType = new PolicyType();
+ newPolicyType.setPolicyId(toscaPolicy.getMetadata().get(POLICY_ID));
//
- // Iterate each of the Policies
+ // Optional description
//
- List<Object> policies = (List<Object>) toscaObject.get("policies");
- for (Object policyObject : policies) {
- //
- // Get the contents
- //
- LOGGER.debug("Found policy {}", policyObject.getClass());
- Map<String, Object> policyContents = (Map<String, Object>) policyObject;
- for (Entry<String, Object> entrySet : policyContents.entrySet()) {
- LOGGER.debug("Entry set {}", entrySet);
- //
- // Convert this policy
- //
- PolicyType policy = this.convertPolicy(entrySet);
- try (ByteArrayOutputStream os = new ByteArrayOutputStream()) {
- XACMLPolicyWriter.writePolicyFile(os, policy);
- LOGGER.debug("{}", os);
- } catch (IOException e) {
- LOGGER.error("Failed to convert {}", e);
- }
- //
- // Convert and add in the new policy
- //
- scannedPolicies.add(policy);
- }
+ newPolicyType.setDescription(toscaPolicy.getDescription());
+ //
+ // There should be a metadata section
+ //
+ this.fillMetadataSection(newPolicyType, toscaPolicy.getMetadata());
+ //
+ // Set the combining rule
+ //
+ newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
+ //
+ // Generate the TargetType
+ //
+ TargetType target = this.generateTargetType(toscaPolicy.getMetadata().get(POLICY_ID),
+ toscaPolicy.getType(), toscaPolicy.getVersion());
+ newPolicyType.setTarget(target);
+ //
+ // Now create the Permit Rule
+ // No target since the policy has a target
+ // With obligations.
+ //
+ RuleType rule = new RuleType();
+ rule.setDescription("Default is to PERMIT if the policy matches.");
+ rule.setRuleId(toscaPolicy.getMetadata().get(POLICY_ID) + ":rule");
+ rule.setEffect(EffectType.PERMIT);
+ rule.setTarget(new TargetType());
+ //
+ // Now represent the policy as Json
+ //
+ StandardCoder coder = new StandardCoder();
+ String jsonPolicy;
+ try {
+ jsonPolicy = coder.encode(toscaPolicy);
+ } catch (CoderException e) {
+ LOGGER.error("Failed to encode policy to json", e);
+ throw new ToscaPolicyConversionException(e);
}
-
- return scannedPolicies;
+ addObligation(rule, jsonPolicy);
+ //
+ // Add the rule to the policy
+ //
+ newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
+ //
+ // Return our new policy
+ //
+ return newPolicyType;
}
@Override
public Request convertRequest(DecisionRequest request) {
- LOGGER.debug("Converting Request {}", request);
+ LOGGER.info("Converting Request {}", request);
try {
return RequestParser.parseRequest(StdCombinedPolicyRequest.createInstance(request));
} catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
@Override
public DecisionResponse convertResponse(Response xacmlResponse) {
- LOGGER.debug("Converting Response {}", xacmlResponse);
+ LOGGER.info("Converting Response {}", xacmlResponse);
DecisionResponse decisionResponse = new DecisionResponse();
//
+ // Setup policies
+ //
+ decisionResponse.setPolicies(new HashMap<>());
+ //
// Iterate through all the results
//
for (Result xacmlResult : xacmlResponse.getResults()) {
//
if (xacmlResult.getDecision() == Decision.PERMIT) {
//
- // Setup policies
+ // Go through obligations
//
- decisionResponse.setPolicies(new ArrayList<>());
+ scanObligations(xacmlResult.getObligations(), decisionResponse);
+ }
+ if (xacmlResult.getDecision() == Decision.DENY
+ || xacmlResult.getDecision() == Decision.INDETERMINATE) {
//
- // Go through obligations
+ // TODO we have to return an ErrorResponse object instead
//
- for (Obligation obligation : xacmlResult.getObligations()) {
- LOGGER.debug("Obligation: {}", obligation);
- for (AttributeAssignment assignment : obligation.getAttributeAssignments()) {
- LOGGER.debug("Attribute Assignment: {}", assignment);
- //
- // We care about the content attribute
- //
- if (ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS
- .equals(assignment.getAttributeId())) {
- //
- // The contents are in Json form
- //
- Object stringContents = assignment.getAttributeValue().getValue();
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("DCAE contents: {}{}", System.lineSeparator(), stringContents);
- }
- //
- // Let's parse it into a map using Gson
- //
- Gson gson = new Gson();
- @SuppressWarnings("unchecked")
- Map<String, Object> result = gson.fromJson(stringContents.toString() ,Map.class);
- decisionResponse.getPolicies().add(result);
- }
- }
- }
- } else {
- decisionResponse.setErrorMessage("A better error message");
+ decisionResponse.setStatus("A better error message");
}
}
return decisionResponse;
}
- @SuppressWarnings("unchecked")
- protected PolicyType convertPolicy(Entry<String, Object> entrySet) throws ToscaPolicyConversionException {
- //
- // Policy name should be at the root
- //
- String policyName = entrySet.getKey();
- Map<String, Object> policyDefinition = (Map<String, Object>) entrySet.getValue();
- //
- // Set it as the policy ID
- //
- PolicyType newPolicyType = new PolicyType();
- newPolicyType.setPolicyId(policyName);
- //
- // Optional description
- //
- if (policyDefinition.containsKey("description")) {
- newPolicyType.setDescription(policyDefinition.get("description").toString());
- }
- //
- // There should be a metadata section
- //
- if (! policyDefinition.containsKey("metadata")) {
- throw new ToscaPolicyConversionException(policyName + " missing metadata section");
- }
- this.fillMetadataSection(newPolicyType,
- (Map<String, Object>) policyDefinition.get("metadata"));
- //
- // Set the combining rule
- //
- newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
- //
- // Generate the TargetType
- //
- //
- // There should be a metadata section
- //
- if (! policyDefinition.containsKey("type")) {
- throw new ToscaPolicyConversionException(policyName + " missing type value");
- }
- if (! policyDefinition.containsKey("version")) {
- throw new ToscaPolicyConversionException(policyName + " missing version value");
+ protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
+ for (Obligation obligation : obligations) {
+ LOGGER.info("Obligation: {}", obligation);
+ for (AttributeAssignment assignment : obligation.getAttributeAssignments()) {
+ LOGGER.info("Attribute Assignment: {}", assignment);
+ //
+ // We care about the content attribute
+ //
+ if (ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS
+ .equals(assignment.getAttributeId())) {
+ //
+ // The contents are in Json form
+ //
+ Object stringContents = assignment.getAttributeValue().getValue();
+ if (LOGGER.isInfoEnabled()) {
+ LOGGER.info("DCAE contents: {}{}", System.lineSeparator(), stringContents);
+ }
+ //
+ // Let's parse it into a map using Gson
+ //
+ Gson gson = new Gson();
+ @SuppressWarnings("unchecked")
+ Map<String, Object> result = gson.fromJson(stringContents.toString() ,Map.class);
+ //
+ // Find the metadata section
+ //
+ @SuppressWarnings("unchecked")
+ Map<String, Object> metadata = (Map<String, Object>) result.get("metadata");
+ if (metadata != null) {
+ decisionResponse.getPolicies().put(metadata.get(POLICY_ID).toString(), result);
+ } else {
+ LOGGER.error("Missing metadata section in policy contained in obligation.");
+ }
+ }
+ }
}
- TargetType target = this.generateTargetType(policyName,
- policyDefinition.get("type").toString(),
- policyDefinition.get("version").toString());
- newPolicyType.setTarget(target);
- //
- // Now create the Permit Rule
- // No target since the policy has a target
- // With obligations.
- //
- RuleType rule = new RuleType();
- rule.setDescription("Default is to PERMIT if the policy matches.");
- rule.setRuleId(policyName + ":rule");
- rule.setEffect(EffectType.PERMIT);
- rule.setTarget(new TargetType());
- //
- // Now represent the policy as Json
- //
- JSONObject jsonObligation = new JSONObject();
- jsonObligation.put(policyName, policyDefinition);
- addObligation(rule, jsonObligation);
- //
- // Add the rule to the policy
- //
- newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
- //
- // Return our new policy
- //
- return newPolicyType;
}
/**
* From the TOSCA metadata section, pull in values that are needed into the XACML policy.
*
* @param policy Policy Object to store the metadata
- * @param metadata The Metadata TOSCA Map
+ * @param map The Metadata TOSCA Map
* @return Same Policy Object
* @throws ToscaPolicyConversionException If there is something missing from the metadata
*/
protected PolicyType fillMetadataSection(PolicyType policy,
- Map<String, Object> metadata) throws ToscaPolicyConversionException {
- if (! metadata.containsKey("policy-id")) {
+ Map<String, String> map) throws ToscaPolicyConversionException {
+ if (! map.containsKey(POLICY_ID)) {
throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
} else {
//
// Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field
//
}
- if (! metadata.containsKey("policy-version")) {
+ if (! map.containsKey("policy-version")) {
throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version");
} else {
//
// Add in the Policy Version
//
- policy.setVersion(metadata.get("policy-version").toString());
+ policy.setVersion(map.get("policy-version"));
}
return policy;
}
return target;
}
- protected RuleType addObligation(RuleType rule, JSONObject jsonPolicy) {
+ protected RuleType addObligation(RuleType rule, String jsonPolicy) {
//
// Convert the YAML Policy to JSON Object
//
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
+ if (LOGGER.isInfoEnabled()) {
+ LOGGER.info("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
}
//
// Create an AttributeValue for it
//
AttributeValueType value = new AttributeValueType();
value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue());
- value.getContent().add(jsonPolicy.toString());
+ value.getContent().add(jsonPolicy);
//
// Create our AttributeAssignmentExpression where we will
// store the contents of the policy in JSON format.