//
newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
//
- // Generate the TargetType
+ // Generate the TargetType - the policy should not be evaluated
+ // unless all the matchable properties it cares about are matched.
//
- newPolicyType.setTarget(new TargetType());
+ newPolicyType.setTarget(generateTargetType(toscaPolicy.getProperties(), toscaPolicyTypes));
//
// Now represent the policy as Json
//
//
addObligation(newPolicyType, jsonPolicy);
//
- // Now create the Permit Rule for all the
- // matchable properties.
+ // Now create the Permit Rule.
//
RuleType rule = new RuleType();
rule.setDescription("Default is to PERMIT if the policy matches.");
rule.setRuleId(policyName + ":rule");
rule.setEffect(EffectType.PERMIT);
- rule.setTarget(generateTargetType(toscaPolicy.getProperties(), toscaPolicyTypes));
- rule.setCondition(generateConditionForPolicyType(toscaPolicy.getType()));
- //
- // Add the rule to the policy
- //
- newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
+ rule.setTarget(new TargetType());
//
- // If a Decision is for a specific policy-type, make sure
- // there is a rule for it.
+ // The rule contains the Condition which adds logic for
+ // optional policy-type filtering.
//
- rule = new RuleType();
- rule.setDescription("Match on policy-type " + toscaPolicy.getType());
- rule.setRuleId(policyName + ":rule:policy-type");
- rule.setEffect(EffectType.PERMIT);
- TargetType target = new TargetType();
- target.getAnyOf().add(this.generateAnyOfForPolicyType(toscaPolicy.getType()));
- rule.setTarget(target);
+ rule.setCondition(generateConditionForPolicyType(toscaPolicy.getType()));
//
// Add the rule to the policy
//
// Find matchable properties
//
if (isMatchable(entrySet.getKey(), policyTypes)) {
- LOGGER.info("Found matchable property {}", entrySet.getValue());
+ LOGGER.info("Found matchable property {}", entrySet.getKey());
generateMatchable(targetType, entrySet.getKey(), entrySet.getValue());
}
}
protected boolean isMatchable(String propertyName, Collection<ToscaPolicyType> policyTypes) {
for (ToscaPolicyType policyType : policyTypes) {
for (Entry<String, ToscaProperty> propertiesEntry : policyType.getProperties().entrySet()) {
- if (! propertiesEntry.getKey().equals(propertyName)
- || propertiesEntry.getValue().getMetadata() == null) {
- continue;
- }
- for (Entry<String, String> entrySet : propertiesEntry.getValue().getMetadata().entrySet()) {
- if ("matchable".equals(entrySet.getKey()) && "true".equals(entrySet.getValue())) {
- return true;
- }
+ if (checkIsMatchableProperty(propertyName, propertiesEntry)) {
+ return true;
}
}
}
return false;
}
+ /**
+ * checkIsMatchableProperty - checks the policy contents for matchable field. If the metadata doesn't exist,
+ * then definitely not. If the property doesn't exist, then definitely not. Otherwise need to have a metadata
+ * section with the matchable property set to true.
+ *
+ * @param propertyName String value of property
+ * @param propertiesEntry Section of the TOSCA Policy Type where properties and metadata sections are held
+ * @return true if matchable
+ */
+ protected boolean checkIsMatchableProperty(String propertyName, Entry<String, ToscaProperty> propertiesEntry) {
+ if (! propertiesEntry.getKey().equals(propertyName)
+ || propertiesEntry.getValue().getMetadata() == null) {
+ return false;
+ }
+ for (Entry<String, String> entrySet : propertiesEntry.getValue().getMetadata().entrySet()) {
+ if ("matchable".equals(entrySet.getKey()) && "true".equals(entrySet.getValue())) {
+ return true;
+ }
+ }
+ return false;
+ }
+
/**
* generateMatchable - Given the object, generates list of MatchType objects and add them
* to the TargetType object.
Code Review / policy / xacml-pdp.git / blobdiff