docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java

   1 package org.onap.policy.tutorial.tutorial;
   2
   3 import java.util.List;
   4 import java.util.Map;
   5 import org.onap.policy.models.decisions.concepts.DecisionRequest;
   6 import org.onap.policy.models.decisions.concepts.DecisionResponse;
   7 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
   8 import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
   9 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
  10 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
  11 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
  12 import com.att.research.xacml.api.DataTypeException;
  13 import com.att.research.xacml.api.Decision;
  14 import com.att.research.xacml.api.Identifier;
  15 import com.att.research.xacml.api.Request;
  16 import com.att.research.xacml.api.Response;
  17 import com.att.research.xacml.api.Result;
  18 import com.att.research.xacml.api.XACML3;
  19 import com.att.research.xacml.std.IdentifierImpl;
  20 import com.att.research.xacml.std.annotations.RequestParser;
  21 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
  22 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
  23 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
  24 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
  25 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
  26 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
  27
  28 public class TutorialTranslator implements ToscaPolicyTranslator {
  29
  30     private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
  31     private static final Identifier ID_TUTORIAL_ENTITY =
  32             new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity");
  33     private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-perm");
  34
  35     public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
  36         //
  37         // Here is our policy with a version and default combining algo
  38         //
  39         PolicyType newPolicyType = new PolicyType();
  40         newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id"));
  41         newPolicyType.setVersion(toscaPolicy.getMetadata().get("policy-version"));
  42         //
  43         // When choosing the rule combining algorithm, be sure to be mindful of the
  44         // setting xacml.att.policyFinderFactory.combineRootPolicies in the
  45         // xacml.properties file. As that choice for ALL the policies together may have
  46         // an impact on the decision rendered from each individual policy.
  47         //
  48         // In this case, we will only produce XACML rules for permissions. If no permission
  49         // combo exists, then the default is to deny.
  50         //
  51         newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_DENY_UNLESS_PERMIT.stringValue());
  52         //
  53         // Create the target for the Policy.
  54         //
  55         // For simplicity, let's just match on the action "authorize" and the user
  56         //
  57         MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
  58                 "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
  59         Map<String, Object> props = toscaPolicy.getProperties();
  60         String user = props.get("user").toString();
  61         MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user,
  62                 XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_USER, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
  63         AnyOfType anyOf = new AnyOfType();
  64         //
  65         // Create AllOf (AND) of just Policy Id
  66         //
  67         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction));
  68         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchUser));
  69         TargetType target = new TargetType();
  70         target.getAnyOf().add(anyOf);
  71         newPolicyType.setTarget(target);
  72         //
  73         // Now add the rule for each permission
  74         //
  75         List<Object> permissions = (List<Object>) props.get("permissions");
  76         for (Object permission : permissions) {
  77
  78             MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
  79                     ((Map<String, String>) permission).get("entity"), XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_ENTITY,
  80                     XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
  81
  82             MatchType matchPermission = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
  83                     XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"),
  84                     XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
  85             anyOf = new AnyOfType();
  86             anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity));
  87             anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPermission));
  88             target = new TargetType();
  89             target.getAnyOf().add(anyOf);
  90
  91             RuleType rule = new RuleType();
  92             rule.setDescription("Default is to PERMIT if the policy matches.");
  93             rule.setRuleId(newPolicyType.getPolicyId() + ":rule");
  94             rule.setEffect(EffectType.PERMIT);
  95             rule.setTarget(target);
  96
  97             newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
  98         }
  99         return newPolicyType;
 100     }
 101
 102     public Request convertRequest(DecisionRequest request) {
 103         try {
 104             return RequestParser.parseRequest(TutorialRequest.createRequest(request));
 105         } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
 106         }
 107         return null;
 108     }
 109
 110     public DecisionResponse convertResponse(Response xacmlResponse) {
 111         DecisionResponse decisionResponse = new DecisionResponse();
 112         //
 113         // Iterate through all the results
 114         //
 115         for (Result xacmlResult : xacmlResponse.getResults()) {
 116             //
 117             // Check the result
 118             //
 119             if (xacmlResult.getDecision() == Decision.PERMIT) {
 120                 //
 121                 // Just simply return a Permit response
 122                 //
 123                 decisionResponse.setStatus(Decision.PERMIT.toString());
 124             }
 125             if (xacmlResult.getDecision() == Decision.DENY) {
 126                 //
 127                 // Just simply return a Deny response
 128                 //
 129                 decisionResponse.setStatus(Decision.DENY.toString());
 130             }
 131             if (xacmlResult.getDecision() == Decision.NOTAPPLICABLE) {
 132                 //
 133                 // There is no guard policy, so we return a permit
 134                 //
 135                 decisionResponse.setStatus(Decision.PERMIT.toString());
 136             }
 137         }
 138
 139         return decisionResponse;
 140     }
 141
 142 }