docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java

   1 package org.onap.policy.tutorial.tutorial;
   2
   3 import java.util.List;
   4 import java.util.Map;
   5
   6 import org.onap.policy.models.decisions.concepts.DecisionRequest;
   7 import org.onap.policy.models.decisions.concepts.DecisionResponse;
   8 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
   9 import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
  10 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
  11 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
  12 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
  13
  14 import com.att.research.xacml.api.DataTypeException;
  15 import com.att.research.xacml.api.Decision;
  16 import com.att.research.xacml.api.Identifier;
  17 import com.att.research.xacml.api.Request;
  18 import com.att.research.xacml.api.Response;
  19 import com.att.research.xacml.api.Result;
  20 import com.att.research.xacml.api.XACML3;
  21 import com.att.research.xacml.std.IdentifierImpl;
  22 import com.att.research.xacml.std.annotations.RequestParser;
  23
  24 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
  25 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
  26 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
  27 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
  28 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
  29 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
  30
  31 public class TutorialTranslator implements ToscaPolicyTranslator {
  32
  33         private static final Identifier ID_TUTORIAL_USER =
  34             new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
  35         private static final Identifier ID_TUTORIAL_ENTITY =
  36             new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity");
  37         private static final Identifier ID_TUTORIAL_PERM =
  38             new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-perm");
  39
  40         public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
  41                 //
  42                 // Here is our policy with a version and default combining algo
  43                 //
  44         PolicyType newPolicyType = new PolicyType();
  45         newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id"));
  46         newPolicyType.setVersion(toscaPolicy.getMetadata().get("policy-version"));
  47         //
  48         // When choosing the rule combining algorithm, be sure to be mindful of the
  49         // setting xacml.att.policyFinderFactory.combineRootPolicies in the
  50         // xacml.properties file. As that choice for ALL the policies together may have
  51         // an impact on the decision rendered from each individual policy.
  52         //
  53         // In this case, we will only produce XACML rules for permissions. If no permission
  54         // combo exists, then the default is to deny.
  55         //
  56         newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_DENY_UNLESS_PERMIT.stringValue());
  57         //
  58         // Create the target for the Policy.
  59         //
  60         // For simplicity, let's just match on the action "authorize" and the user
  61         //
  62         MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
  63                 XACML3.ID_FUNCTION_STRING_EQUAL,
  64                 "authorize",
  65                 XACML3.ID_DATATYPE_STRING,
  66                 XACML3.ID_ACTION,
  67                 XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
  68         Map<String, Object> props = toscaPolicy.getProperties();
  69         String user = props.get("user").toString();
  70         MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
  71                 XACML3.ID_FUNCTION_STRING_EQUAL,
  72                 user,
  73                 XACML3.ID_DATATYPE_STRING,
  74                 ID_TUTORIAL_USER,
  75                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
  76         AnyOfType anyOf = new AnyOfType();
  77         //
  78         // Create AllOf (AND) of just Policy Id
  79         //
  80         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction));
  81         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchUser));
  82         TargetType target = new TargetType();
  83         target.getAnyOf().add(anyOf);
  84         newPolicyType.setTarget(target);
  85         //
  86         // Now add the rule for each permission
  87         //
  88         List<Object> permissions = (List<Object>) props.get("permissions");
  89                 for (Object permission : permissions) {
  90
  91             MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
  92                     XACML3.ID_FUNCTION_STRING_EQUAL,
  93                     ((Map<String, String>) permission).get("entity"),
  94                     XACML3.ID_DATATYPE_STRING,
  95                     ID_TUTORIAL_ENTITY,
  96                     XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
  97
  98             MatchType matchPermission = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
  99                     XACML3.ID_FUNCTION_STRING_EQUAL,
 100                     ((Map<String, String>) permission).get("permission"),
 101                     XACML3.ID_DATATYPE_STRING,
 102                     ID_TUTORIAL_PERM,
 103                     XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 104             anyOf = new AnyOfType();
 105             anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity));
 106             anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPermission));
 107             target = new TargetType();
 108             target.getAnyOf().add(anyOf);
 109
 110             RuleType rule = new RuleType();
 111             rule.setDescription("Default is to PERMIT if the policy matches.");
 112             rule.setRuleId(newPolicyType.getPolicyId() + ":rule");
 113             rule.setEffect(EffectType.PERMIT);
 114             rule.setTarget(target);
 115
 116             newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
 117         }
 118                 return newPolicyType;
 119         }
 120
 121         public Request convertRequest(DecisionRequest request) {
 122         try {
 123             return RequestParser.parseRequest(TutorialRequest.createRequest(request));
 124         } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
 125         }
 126                 return null;
 127         }
 128
 129         public DecisionResponse convertResponse(Response xacmlResponse) {
 130         DecisionResponse decisionResponse = new DecisionResponse();
 131         //
 132         // Iterate through all the results
 133         //
 134         for (Result xacmlResult : xacmlResponse.getResults()) {
 135             //
 136             // Check the result
 137             //
 138             if (xacmlResult.getDecision() == Decision.PERMIT) {
 139                 //
 140                 // Just simply return a Permit response
 141                 //
 142                 decisionResponse.setStatus(Decision.PERMIT.toString());
 143             }
 144             if (xacmlResult.getDecision() == Decision.DENY) {
 145                 //
 146                 // Just simply return a Deny response
 147                 //
 148                 decisionResponse.setStatus(Decision.DENY.toString());
 149             }
 150             if (xacmlResult.getDecision() == Decision.NOTAPPLICABLE) {
 151                 //
 152                 // There is no guard policy, so we return a permit
 153                 //
 154                 decisionResponse.setStatus(Decision.PERMIT.toString());
 155             }
 156         }
 157
 158         return decisionResponse;
 159         }
 160
 161 }