applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdCombinedPolicyResultsTranslator.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * ONAP
   4  * ================================================================================
   5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  *
  19  * SPDX-License-Identifier: Apache-2.0
  20  * ============LICENSE_END=========================================================
  21  */
  22
  23 package org.onap.policy.pdp.xacml.application.common.std;
  24
  25 import com.att.research.xacml.api.AttributeAssignment;
  26 import com.att.research.xacml.api.DataTypeException;
  27 import com.att.research.xacml.api.Decision;
  28 import com.att.research.xacml.api.Obligation;
  29 import com.att.research.xacml.api.Request;
  30 import com.att.research.xacml.api.Response;
  31 import com.att.research.xacml.api.Result;
  32 import com.att.research.xacml.api.XACML3;
  33 import com.att.research.xacml.std.annotations.RequestParser;
  34 import com.google.gson.Gson;
  35
  36 import java.util.ArrayList;
  37 import java.util.Collection;
  38 import java.util.Map;
  39
  40 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
  41 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
  42 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
  43 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
  44 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
  45 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
  46 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
  47 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
  48 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
  49 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
  50 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
  51
  52 import org.onap.policy.common.utils.coder.CoderException;
  53 import org.onap.policy.common.utils.coder.StandardCoder;
  54 import org.onap.policy.models.decisions.concepts.DecisionRequest;
  55 import org.onap.policy.models.decisions.concepts.DecisionResponse;
  56 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
  57 import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
  58 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
  59 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
  60 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
  61 import org.slf4j.Logger;
  62 import org.slf4j.LoggerFactory;
  63
  64 public class StdCombinedPolicyResultsTranslator implements ToscaPolicyTranslator {
  65
  66     private static final Logger LOGGER = LoggerFactory.getLogger(StdCombinedPolicyResultsTranslator.class);
  67
  68     public StdCombinedPolicyResultsTranslator() {
  69         super();
  70     }
  71
  72     @Override
  73     public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
  74         //
  75         // Set it as the policy ID
  76         //
  77         PolicyType newPolicyType = new PolicyType();
  78         newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id"));
  79         //
  80         // Optional description
  81         //
  82         newPolicyType.setDescription(toscaPolicy.getDescription());
  83         //
  84         // There should be a metadata section
  85         //
  86         this.fillMetadataSection(newPolicyType, toscaPolicy.getMetadata());
  87         //
  88         // Set the combining rule
  89         //
  90         newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
  91         //
  92         // Generate the TargetType
  93         //
  94         TargetType target = this.generateTargetType(toscaPolicy.getMetadata().get("policy-id"),
  95                 toscaPolicy.getType(), toscaPolicy.getVersion());
  96         newPolicyType.setTarget(target);
  97         //
  98         // Now create the Permit Rule
  99         // No target since the policy has a target
 100         // With obligations.
 101         //
 102         RuleType rule = new RuleType();
 103         rule.setDescription("Default is to PERMIT if the policy matches.");
 104         rule.setRuleId(toscaPolicy.getMetadata().get("policy-id") + ":rule");
 105         rule.setEffect(EffectType.PERMIT);
 106         rule.setTarget(new TargetType());
 107         //
 108         // Now represent the policy as Json
 109         //
 110         StandardCoder coder = new StandardCoder();
 111         String jsonPolicy;
 112         try {
 113             jsonPolicy = coder.encode(toscaPolicy);
 114         } catch (CoderException e) {
 115             LOGGER.error("Failed to encode policy to json", e);
 116             throw new ToscaPolicyConversionException(e);
 117         }
 118         addObligation(rule, jsonPolicy);
 119         //
 120         // Add the rule to the policy
 121         //
 122         newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
 123         //
 124         // Return our new policy
 125         //
 126         return newPolicyType;
 127     }
 128
 129     @Override
 130     public Request convertRequest(DecisionRequest request) {
 131         LOGGER.debug("Converting Request {}", request);
 132         try {
 133             return RequestParser.parseRequest(StdCombinedPolicyRequest.createInstance(request));
 134         } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
 135             LOGGER.error("Failed to convert DecisionRequest: {}", e);
 136         }
 137         //
 138         // TODO throw exception
 139         //
 140         return null;
 141     }
 142
 143     @Override
 144     public DecisionResponse convertResponse(Response xacmlResponse) {
 145         LOGGER.debug("Converting Response {}", xacmlResponse);
 146         DecisionResponse decisionResponse = new DecisionResponse();
 147         //
 148         // Iterate through all the results
 149         //
 150         for (Result xacmlResult : xacmlResponse.getResults()) {
 151             //
 152             // Check the result
 153             //
 154             if (xacmlResult.getDecision() == Decision.PERMIT) {
 155                 //
 156                 // Setup policies
 157                 //
 158                 decisionResponse.setPolicies(new ArrayList<>());
 159                 //
 160                 // Go through obligations
 161                 //
 162                 scanObligations(xacmlResult.getObligations(), decisionResponse);
 163             }
 164             if (xacmlResult.getDecision() == Decision.NOTAPPLICABLE) {
 165                 //
 166                 // There is no policy
 167                 //
 168                 decisionResponse.setPolicies(new ArrayList<>());
 169             }
 170             if (xacmlResult.getDecision() == Decision.DENY
 171                     || xacmlResult.getDecision() == Decision.INDETERMINATE) {
 172                 //
 173                 // TODO we have to return an ErrorResponse object instead
 174                 //
 175                 decisionResponse.setStatus("A better error message");
 176             }
 177         }
 178
 179         return decisionResponse;
 180     }
 181
 182     protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
 183         for (Obligation obligation : obligations) {
 184             LOGGER.debug("Obligation: {}", obligation);
 185             for (AttributeAssignment assignment : obligation.getAttributeAssignments()) {
 186                 LOGGER.debug("Attribute Assignment: {}", assignment);
 187                 //
 188                 // We care about the content attribute
 189                 //
 190                 if (ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS
 191                         .equals(assignment.getAttributeId())) {
 192                     //
 193                     // The contents are in Json form
 194                     //
 195                     Object stringContents = assignment.getAttributeValue().getValue();
 196                     if (LOGGER.isDebugEnabled()) {
 197                         LOGGER.debug("DCAE contents: {}{}", System.lineSeparator(), stringContents);
 198                     }
 199                     //
 200                     // Let's parse it into a map using Gson
 201                     //
 202                     Gson gson = new Gson();
 203                     @SuppressWarnings("unchecked")
 204                     Map<String, Object> result = gson.fromJson(stringContents.toString() ,Map.class);
 205                     decisionResponse.getPolicies().add(result);
 206                 }
 207             }
 208         }
 209     }
 210
 211     /**
 212      * From the TOSCA metadata section, pull in values that are needed into the XACML policy.
 213      *
 214      * @param policy Policy Object to store the metadata
 215      * @param map The Metadata TOSCA Map
 216      * @return Same Policy Object
 217      * @throws ToscaPolicyConversionException If there is something missing from the metadata
 218      */
 219     protected PolicyType fillMetadataSection(PolicyType policy,
 220             Map<String, String> map) throws ToscaPolicyConversionException {
 221         if (! map.containsKey("policy-id")) {
 222             throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
 223         } else {
 224             //
 225             // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field
 226             //
 227         }
 228         if (! map.containsKey("policy-version")) {
 229             throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version");
 230         } else {
 231             //
 232             // Add in the Policy Version
 233             //
 234             policy.setVersion(map.get("policy-version").toString());
 235         }
 236         return policy;
 237     }
 238
 239     protected TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) {
 240         //
 241         // Create all the match's that are possible
 242         //
 243         // This is for the Policy Id
 244         //
 245         MatchType matchPolicyId = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
 246                 XACML3.ID_FUNCTION_STRING_EQUAL,
 247                 policyId,
 248                 XACML3.ID_DATATYPE_STRING,
 249                 ToscaDictionary.ID_RESOURCE_POLICY_ID,
 250                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 251         //
 252         // This is for the Policy Type
 253         //
 254         MatchType matchPolicyType = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
 255                 XACML3.ID_FUNCTION_STRING_EQUAL,
 256                 policyType,
 257                 XACML3.ID_DATATYPE_STRING,
 258                 ToscaDictionary.ID_RESOURCE_POLICY_TYPE,
 259                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 260         //
 261         // This is for the Policy Type version
 262         //
 263         MatchType matchPolicyTypeVersion = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
 264                 XACML3.ID_FUNCTION_STRING_EQUAL,
 265                 policyTypeVersion,
 266                 XACML3.ID_DATATYPE_STRING,
 267                 ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION,
 268                 XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
 269         //
 270         // This is our outer AnyOf - which is an OR
 271         //
 272         AnyOfType anyOf = new AnyOfType();
 273         //
 274         // Create AllOf (AND) of just Policy Id
 275         //
 276         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyId));
 277         //
 278         // Create AllOf (AND) of just Policy Type
 279         //
 280         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType));
 281         //
 282         // Create AllOf (AND) of Policy Type and Policy Type Version
 283         //
 284         anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion));
 285         //
 286         // Now we can create the TargetType, add the top-level anyOf (OR),
 287         // and return the value.
 288         //
 289         TargetType target = new TargetType();
 290         target.getAnyOf().add(anyOf);
 291         return target;
 292     }
 293
 294     protected RuleType addObligation(RuleType rule, String jsonPolicy) {
 295         //
 296         // Convert the YAML Policy to JSON Object
 297         //
 298         if (LOGGER.isDebugEnabled()) {
 299             LOGGER.debug("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
 300         }
 301         //
 302         // Create an AttributeValue for it
 303         //
 304         AttributeValueType value = new AttributeValueType();
 305         value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue());
 306         value.getContent().add(jsonPolicy);
 307         //
 308         // Create our AttributeAssignmentExpression where we will
 309         // store the contents of the policy in JSON format.
 310         //
 311         AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType();
 312         expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue());
 313         ObjectFactory factory = new ObjectFactory();
 314         expressionType.setExpression(factory.createAttributeValue(value));
 315         //
 316         // Create an ObligationExpression for it
 317         //
 318         ObligationExpressionType obligation = new ObligationExpressionType();
 319         obligation.setFulfillOn(EffectType.PERMIT);
 320         obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue());
 321         obligation.getAttributeAssignmentExpression().add(expressionType);
 322         //
 323         // Now we can add it into the rule
 324         //
 325         ObligationExpressionsType obligations = new ObligationExpressionsType();
 326         obligations.getObligationExpression().add(obligation);
 327         rule.setObligationExpressions(obligations);
 328         return rule;
 329     }
 330
 331 }