Used the tutorial to demonstrate returning of attributes
back into the Decision response.
Needed to update the docker compose for both tutorials to
ensure they are using the master branch versions of api
and pap.
Issue-ID: POLICY-2865
Change-Id: Ia568dfae27d659d940217ddf8d9295dd8409f0e3
Signed-off-by: Pamela Dragosh <pd1248@att.com>
- # Released Honlulu image
- image: nexus3.onap.org:10001/onap/policy-pap:2.4.2
+ # Istanbul To Be released images
+ image: nexus3.onap.org:10001/onap/policy-pap:2.5.0-SNAPSHOT
container_name: policy-pap
depends_on:
- mariadb
container_name: policy-pap
depends_on:
- mariadb
- # Released Honolulu image
- image: nexus3.onap.org:10001/onap/policy-api:2.4.2
+ # Istanbul To Be released images
+ image: nexus3.onap.org:10001/onap/policy-api:2.5.0-SNAPSHOT
container_name: policy-api
depends_on:
- mariadb
container_name: policy-api
depends_on:
- mariadb
- # Honolulu released images
- image: nexus3.onap.org:10001/onap/policy-api:2.4.2
+ # Istanbul To Be released images
+ image: nexus3.onap.org:10001/onap/policy-api:2.5.0-SNAPSHOT
container_name: policy-api
depends_on:
- mariadb
container_name: policy-api
depends_on:
- mariadb
- # Honolulu released images
- image: nexus3.onap.org:10001/onap/policy-pap:2.4.2
+ # Istanbul To Be released images
+ image: nexus3.onap.org:10001/onap/policy-pap:2.5.0-SNAPSHOT
container_name: policy-pap
depends_on:
- mariadb
container_name: policy-pap
depends_on:
- mariadb
@ToString
@XACMLRequest(ReturnPolicyIdList = true)
public class TutorialRequest {
@ToString
@XACMLRequest(ReturnPolicyIdList = true)
public class TutorialRequest {
- @XACMLSubject(includeInResults = true)
+ //
+ // Excluding from results to demonstrate control as to which attributes can be returned.
+ //
+ @XACMLSubject(includeInResults = false)
- @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true)
+ @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = false)
private String onapComponent;
private String onapComponent;
- @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true)
+ @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = false)
private String onapInstance;
@XACMLAction()
private String action;
private String onapInstance;
@XACMLAction()
private String action;
+ //
+ // Including in results to demonstrate control as to which attributes can be returned.
+ //
@XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true)
private String user;
@XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true)
private String user;
package org.onap.policy.tutorial.tutorial;
package org.onap.policy.tutorial.tutorial;
+import com.att.research.xacml.api.Advice;
import com.att.research.xacml.api.DataTypeException;
import com.att.research.xacml.api.Decision;
import com.att.research.xacml.api.Identifier;
import com.att.research.xacml.api.DataTypeException;
import com.att.research.xacml.api.Decision;
import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Obligation;
import com.att.research.xacml.api.Request;
import com.att.research.xacml.api.Response;
import com.att.research.xacml.api.Result;
import com.att.research.xacml.api.XACML3;
import com.att.research.xacml.std.IdentifierImpl;
import com.att.research.xacml.std.annotations.RequestParser;
import com.att.research.xacml.api.Request;
import com.att.research.xacml.api.Response;
import com.att.research.xacml.api.Result;
import com.att.research.xacml.api.XACML3;
import com.att.research.xacml.std.IdentifierImpl;
import com.att.research.xacml.std.annotations.RequestParser;
+import java.util.Collection;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
import java.util.List;
import java.util.Map;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
-import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
+import org.onap.policy.pdp.xacml.application.common.std.StdBaseTranslator;
-public class TutorialTranslator implements ToscaPolicyTranslator {
+public class TutorialTranslator extends StdBaseTranslator {
private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
private static final Identifier ID_TUTORIAL_ENTITY =
private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
private static final Identifier ID_TUTORIAL_ENTITY =
private static final Identifier ID_TUTORIAL_PERM =
new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission");
private static final Identifier ID_TUTORIAL_PERM =
new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission");
+ /**
+ * Constructor will setup some defaults.
+ */
+ public TutorialTranslator() {
+ //
+ // For demonstration purposes, this tutorial will have
+ // the original attributes returned in the request.
+ //
+ this.booleanReturnAttributes = true;
+ this.booleanReturnSingleValueAttributesAsCollection = false;
+ }
+
/**
* Convert Policy from TOSCA to XACML.
*/
@SuppressWarnings("unchecked")
/**
* Convert Policy from TOSCA to XACML.
*/
@SuppressWarnings("unchecked")
public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
//
// Here is our policy with a version and default combining algo
public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
//
// Here is our policy with a version and default combining algo
/**
* Convert ONAP DecisionRequest to XACML Request.
*/
/**
* Convert ONAP DecisionRequest to XACML Request.
*/
public Request convertRequest(DecisionRequest request) {
try {
return RequestParser.parseRequest(TutorialRequest.createRequest(request));
public Request convertRequest(DecisionRequest request) {
try {
return RequestParser.parseRequest(TutorialRequest.createRequest(request));
- /**
- * Convert XACML Response to ONAP DecisionResponse.
- */
public DecisionResponse convertResponse(Response xacmlResponse) {
var decisionResponse = new DecisionResponse();
//
public DecisionResponse convertResponse(Response xacmlResponse) {
var decisionResponse = new DecisionResponse();
//
+ // Setup policies
+ //
+ decisionResponse.setPolicies(new HashMap<>());
+ //
// Iterate through all the results
//
for (Result xacmlResult : xacmlResponse.getResults()) {
// Iterate through all the results
//
for (Result xacmlResult : xacmlResponse.getResults()) {
//
if (xacmlResult.getDecision() == Decision.PERMIT) {
//
//
if (xacmlResult.getDecision() == Decision.PERMIT) {
//
- // Just simply return a Permit response
+ // This tutorial will simply set the status to Permit
//
decisionResponse.setStatus(Decision.PERMIT.toString());
} else {
//
//
decisionResponse.setStatus(Decision.PERMIT.toString());
} else {
//
- // Just simply return a Deny response
+ // This tutorial will simply set the status to Deny
//
decisionResponse.setStatus(Decision.DENY.toString());
}
//
decisionResponse.setStatus(Decision.DENY.toString());
}
+ //
+ // Add attributes use the default scanAttributes. Note that one
+ // could override that method and return the structure as desired.
+ // The attributes returned by default method are in the format
+ // of XACML syntax. It may be more desirable to map them back to
+ // the original request name-value.
+ //
+ if (booleanReturnAttributes) {
+ scanAttributes(xacmlResult.getAttributes(), decisionResponse);
+ }
}
return decisionResponse;
}
}
return decisionResponse;
}
+ @Override
+ protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
+ //
+ // No obligations in this tutorial yet.
+ //
+ }
+
+ @Override
+ protected void scanAdvice(Collection<Advice> advice, DecisionResponse decisionResponse) {
+ //
+ // No advice in this tutorial yet.
+ //
+ }
+
package org.onap.policy.tutorial.tutorial;
package org.onap.policy.tutorial.tutorial;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals;
import com.att.research.xacml.api.Response;
import static org.junit.Assert.assertEquals;
import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.XACML3;
import java.io.File;
import java.io.IOException;
import java.util.Properties;
import java.io.File;
import java.io.IOException;
import java.util.Properties;
TextFileUtils
.getTextFileAsString("src/test/resources/tutorial-decision-request.json"),
DecisionRequest.class);
TextFileUtils
.getTextFileAsString("src/test/resources/tutorial-decision-request.json"),
DecisionRequest.class);
+ LOGGER.info("{}", gson.encode(decisionRequest, true));
//
// Test a decision - should start with a permit
//
Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null);
//
// Test a decision - should start with a permit
//
Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null);
- LOGGER.info(decision.getLeft().toString());
+ LOGGER.info("{}", gson.encode(decision.getLeft(), true));
assertEquals("Permit", decision.getLeft().getStatus());
//
assertEquals("Permit", decision.getLeft().getStatus());
//
+ // Check that there are attributes
+ //
+ assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1)
+ .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue());
+ //
// This should be a deny
//
decisionRequest.getResource().put("user", "audit");
// This should be a deny
//
decisionRequest.getResource().put("user", "audit");
+ LOGGER.info("{}", gson.encode(decisionRequest, true));
decision = service.makeDecision(decisionRequest, null);
decision = service.makeDecision(decisionRequest, null);
- LOGGER.info(decision.getLeft().toString());
+ LOGGER.info("{}", gson.encode(decision.getLeft(), true));
assertEquals("Deny", decision.getLeft().getStatus());
assertEquals("Deny", decision.getLeft().getStatus());
+ //
+ // Check that there are attributes
+ //
+ assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1)
+ .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue());