import com.att.research.xacml.api.XACML3;
import com.att.research.xacml.std.annotations.RequestParser;
import com.google.gson.Gson;
-
-import java.util.ArrayList;
import java.util.Collection;
+import java.util.HashMap;
import java.util.Map;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
public class StdCombinedPolicyResultsTranslator implements ToscaPolicyTranslator {
private static final Logger LOGGER = LoggerFactory.getLogger(StdCombinedPolicyResultsTranslator.class);
+ private static final String POLICY_ID = "policy-id";
public StdCombinedPolicyResultsTranslator() {
super();
// Set it as the policy ID
//
PolicyType newPolicyType = new PolicyType();
- newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id"));
+ newPolicyType.setPolicyId(toscaPolicy.getMetadata().get(POLICY_ID));
//
// Optional description
//
//
// Generate the TargetType
//
- TargetType target = this.generateTargetType(toscaPolicy.getMetadata().get("policy-id"),
+ TargetType target = this.generateTargetType(toscaPolicy.getMetadata().get(POLICY_ID),
toscaPolicy.getType(), toscaPolicy.getVersion());
newPolicyType.setTarget(target);
//
//
RuleType rule = new RuleType();
rule.setDescription("Default is to PERMIT if the policy matches.");
- rule.setRuleId(toscaPolicy.getMetadata().get("policy-id") + ":rule");
+ rule.setRuleId(toscaPolicy.getMetadata().get(POLICY_ID) + ":rule");
rule.setEffect(EffectType.PERMIT);
rule.setTarget(new TargetType());
//
@Override
public Request convertRequest(DecisionRequest request) {
- LOGGER.debug("Converting Request {}", request);
+ LOGGER.info("Converting Request {}", request);
try {
return RequestParser.parseRequest(StdCombinedPolicyRequest.createInstance(request));
} catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
@Override
public DecisionResponse convertResponse(Response xacmlResponse) {
- LOGGER.debug("Converting Response {}", xacmlResponse);
+ LOGGER.info("Converting Response {}", xacmlResponse);
DecisionResponse decisionResponse = new DecisionResponse();
//
+ // Setup policies
+ //
+ decisionResponse.setPolicies(new HashMap<>());
+ //
// Iterate through all the results
//
for (Result xacmlResult : xacmlResponse.getResults()) {
// Check the result
//
if (xacmlResult.getDecision() == Decision.PERMIT) {
- //
- // Setup policies
- //
- decisionResponse.setPolicies(new ArrayList<>());
//
// Go through obligations
//
scanObligations(xacmlResult.getObligations(), decisionResponse);
}
- if (xacmlResult.getDecision() == Decision.NOTAPPLICABLE) {
- //
- // There is no policy
- //
- decisionResponse.setPolicies(new ArrayList<>());
- }
if (xacmlResult.getDecision() == Decision.DENY
|| xacmlResult.getDecision() == Decision.INDETERMINATE) {
//
protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
for (Obligation obligation : obligations) {
- LOGGER.debug("Obligation: {}", obligation);
+ LOGGER.info("Obligation: {}", obligation);
for (AttributeAssignment assignment : obligation.getAttributeAssignments()) {
- LOGGER.debug("Attribute Assignment: {}", assignment);
+ LOGGER.info("Attribute Assignment: {}", assignment);
//
// We care about the content attribute
//
// The contents are in Json form
//
Object stringContents = assignment.getAttributeValue().getValue();
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("DCAE contents: {}{}", System.lineSeparator(), stringContents);
+ if (LOGGER.isInfoEnabled()) {
+ LOGGER.info("DCAE contents: {}{}", System.lineSeparator(), stringContents);
}
//
// Let's parse it into a map using Gson
Gson gson = new Gson();
@SuppressWarnings("unchecked")
Map<String, Object> result = gson.fromJson(stringContents.toString() ,Map.class);
- decisionResponse.getPolicies().add(result);
+ //
+ // Find the metadata section
+ //
+ @SuppressWarnings("unchecked")
+ Map<String, Object> metadata = (Map<String, Object>) result.get("metadata");
+ if (metadata != null) {
+ decisionResponse.getPolicies().put(metadata.get(POLICY_ID).toString(), result);
+ } else {
+ LOGGER.error("Missing metadata section in policy contained in obligation.");
+ }
}
}
}
*/
protected PolicyType fillMetadataSection(PolicyType policy,
Map<String, String> map) throws ToscaPolicyConversionException {
- if (! map.containsKey("policy-id")) {
+ if (! map.containsKey(POLICY_ID)) {
throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
} else {
//
//
// Add in the Policy Version
//
- policy.setVersion(map.get("policy-version").toString());
+ policy.setVersion(map.get("policy-version"));
}
return policy;
}
//
// Convert the YAML Policy to JSON Object
//
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
+ if (LOGGER.isInfoEnabled()) {
+ LOGGER.info("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy);
}
//
// Create an AttributeValue for it