1 package org.onap.policy.tutorial.tutorial;
5 import org.onap.policy.models.decisions.concepts.DecisionRequest;
6 import org.onap.policy.models.decisions.concepts.DecisionResponse;
7 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
8 import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
9 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
10 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
11 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
12 import com.att.research.xacml.api.DataTypeException;
13 import com.att.research.xacml.api.Decision;
14 import com.att.research.xacml.api.Identifier;
15 import com.att.research.xacml.api.Request;
16 import com.att.research.xacml.api.Response;
17 import com.att.research.xacml.api.Result;
18 import com.att.research.xacml.api.XACML3;
19 import com.att.research.xacml.std.IdentifierImpl;
20 import com.att.research.xacml.std.annotations.RequestParser;
21 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
22 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
23 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
24 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
25 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
26 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
28 public class TutorialTranslator implements ToscaPolicyTranslator {
30 private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
31 private static final Identifier ID_TUTORIAL_ENTITY =
32 new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity");
33 private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-perm");
35 public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
37 // Here is our policy with a version and default combining algo
39 PolicyType newPolicyType = new PolicyType();
40 newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id"));
41 newPolicyType.setVersion(toscaPolicy.getMetadata().get("policy-version"));
43 // When choosing the rule combining algorithm, be sure to be mindful of the
44 // setting xacml.att.policyFinderFactory.combineRootPolicies in the
45 // xacml.properties file. As that choice for ALL the policies together may have
46 // an impact on the decision rendered from each individual policy.
48 // In this case, we will only produce XACML rules for permissions. If no permission
49 // combo exists, then the default is to deny.
51 newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_DENY_UNLESS_PERMIT.stringValue());
53 // Create the target for the Policy.
55 // For simplicity, let's just match on the action "authorize" and the user
57 MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
58 "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
59 Map<String, Object> props = toscaPolicy.getProperties();
60 String user = props.get("user").toString();
61 MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user,
62 XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_USER, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
63 AnyOfType anyOf = new AnyOfType();
65 // Create AllOf (AND) of just Policy Id
67 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction));
68 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchUser));
69 TargetType target = new TargetType();
70 target.getAnyOf().add(anyOf);
71 newPolicyType.setTarget(target);
73 // Now add the rule for each permission
75 List<Object> permissions = (List<Object>) props.get("permissions");
76 for (Object permission : permissions) {
78 MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
79 ((Map<String, String>) permission).get("entity"), XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_ENTITY,
80 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
82 MatchType matchPermission = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
83 XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"),
84 XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
85 anyOf = new AnyOfType();
86 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity));
87 anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPermission));
88 target = new TargetType();
89 target.getAnyOf().add(anyOf);
91 RuleType rule = new RuleType();
92 rule.setDescription("Default is to PERMIT if the policy matches.");
93 rule.setRuleId(newPolicyType.getPolicyId() + ":rule");
94 rule.setEffect(EffectType.PERMIT);
95 rule.setTarget(target);
97 newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
102 public Request convertRequest(DecisionRequest request) {
104 return RequestParser.parseRequest(TutorialRequest.createRequest(request));
105 } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
110 public DecisionResponse convertResponse(Response xacmlResponse) {
111 DecisionResponse decisionResponse = new DecisionResponse();
113 // Iterate through all the results
115 for (Result xacmlResult : xacmlResponse.getResults()) {
119 if (xacmlResult.getDecision() == Decision.PERMIT) {
121 // Just simply return a Permit response
123 decisionResponse.setStatus(Decision.PERMIT.toString());
125 if (xacmlResult.getDecision() == Decision.DENY) {
127 // Just simply return a Deny response
129 decisionResponse.setStatus(Decision.DENY.toString());
131 if (xacmlResult.getDecision() == Decision.NOTAPPLICABLE) {
133 // There is no guard policy, so we return a permit
135 decisionResponse.setStatus(Decision.PERMIT.toString());
139 return decisionResponse;