diff options
author | Pamela Dragosh <pd1248@att.com> | 2021-07-21 10:58:13 -0400 |
---|---|---|
committer | Pamela Dragosh <pd1248@att.com> | 2021-07-21 11:37:19 -0400 |
commit | fe80c60ca766af048d7eb6f9bc073d40ee033046 (patch) | |
tree | c55029034b36c0e502a20c7d903f6b75af01b1cc /tutorials/tutorial-xacml-application | |
parent | f01fce93c17db824d772240b9c68c07d15c6869a (diff) |
Add attribute return example into Tutorial
Used the tutorial to demonstrate returning of attributes
back into the Decision response.
Needed to update the docker compose for both tutorials to
ensure they are using the master branch versions of api
and pap.
Issue-ID: POLICY-2865
Change-Id: Ia568dfae27d659d940217ddf8d9295dd8409f0e3
Signed-off-by: Pamela Dragosh <pd1248@att.com>
Diffstat (limited to 'tutorials/tutorial-xacml-application')
4 files changed, 80 insertions, 16 deletions
diff --git a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml index 72be1362..a3b72bea 100644 --- a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml +++ b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml @@ -38,8 +38,8 @@ services: expose: - 3904 api: - # Honolulu released images - image: nexus3.onap.org:10001/onap/policy-api:2.4.2 + # Istanbul To Be released images + image: nexus3.onap.org:10001/onap/policy-api:2.5.0-SNAPSHOT container_name: policy-api depends_on: - mariadb @@ -49,8 +49,8 @@ services: expose: - 6767 pap: - # Honolulu released images - image: nexus3.onap.org:10001/onap/policy-pap:2.4.2 + # Istanbul To Be released images + image: nexus3.onap.org:10001/onap/policy-pap:2.5.0-SNAPSHOT container_name: policy-pap depends_on: - mariadb diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java index 00d4fe70..356480bc 100644 --- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java +++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java @@ -34,18 +34,24 @@ import org.onap.policy.models.decisions.concepts.DecisionRequest; @ToString @XACMLRequest(ReturnPolicyIdList = true) public class TutorialRequest { - @XACMLSubject(includeInResults = true) + // + // Excluding from results to demonstrate control as to which attributes can be returned. + // + @XACMLSubject(includeInResults = false) private String onapName; - @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true) + @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = false) private String onapComponent; - @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true) + @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = false) private String onapInstance; @XACMLAction() private String action; + // + // Including in results to demonstrate control as to which attributes can be returned. + // @XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true) private String user; diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java index 3d9effe5..31bb1037 100644 --- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java +++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java @@ -18,15 +18,19 @@ package org.onap.policy.tutorial.tutorial; +import com.att.research.xacml.api.Advice; import com.att.research.xacml.api.DataTypeException; import com.att.research.xacml.api.Decision; import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Obligation; import com.att.research.xacml.api.Request; import com.att.research.xacml.api.Response; import com.att.research.xacml.api.Result; import com.att.research.xacml.api.XACML3; import com.att.research.xacml.std.IdentifierImpl; import com.att.research.xacml.std.annotations.RequestParser; +import java.util.Collection; +import java.util.HashMap; import java.util.List; import java.util.Map; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; @@ -39,10 +43,10 @@ import org.onap.policy.models.decisions.concepts.DecisionResponse; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils; +import org.onap.policy.pdp.xacml.application.common.std.StdBaseTranslator; -public class TutorialTranslator implements ToscaPolicyTranslator { +public class TutorialTranslator extends StdBaseTranslator { private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user"); private static final Identifier ID_TUTORIAL_ENTITY = @@ -51,9 +55,22 @@ public class TutorialTranslator implements ToscaPolicyTranslator { new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission"); /** + * Constructor will setup some defaults. + */ + public TutorialTranslator() { + // + // For demonstration purposes, this tutorial will have + // the original attributes returned in the request. + // + this.booleanReturnAttributes = true; + this.booleanReturnSingleValueAttributesAsCollection = false; + } + + /** * Convert Policy from TOSCA to XACML. */ @SuppressWarnings("unchecked") + @Override public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { // // Here is our policy with a version and default combining algo @@ -127,6 +144,7 @@ public class TutorialTranslator implements ToscaPolicyTranslator { /** * Convert ONAP DecisionRequest to XACML Request. */ + @Override public Request convertRequest(DecisionRequest request) { try { return RequestParser.parseRequest(TutorialRequest.createRequest(request)); @@ -136,12 +154,14 @@ public class TutorialTranslator implements ToscaPolicyTranslator { return null; } - /** - * Convert XACML Response to ONAP DecisionResponse. - */ + @Override public DecisionResponse convertResponse(Response xacmlResponse) { var decisionResponse = new DecisionResponse(); // + // Setup policies + // + decisionResponse.setPolicies(new HashMap<>()); + // // Iterate through all the results // for (Result xacmlResult : xacmlResponse.getResults()) { @@ -150,18 +170,42 @@ public class TutorialTranslator implements ToscaPolicyTranslator { // if (xacmlResult.getDecision() == Decision.PERMIT) { // - // Just simply return a Permit response + // This tutorial will simply set the status to Permit // decisionResponse.setStatus(Decision.PERMIT.toString()); } else { // - // Just simply return a Deny response + // This tutorial will simply set the status to Deny // decisionResponse.setStatus(Decision.DENY.toString()); } + // + // Add attributes use the default scanAttributes. Note that one + // could override that method and return the structure as desired. + // The attributes returned by default method are in the format + // of XACML syntax. It may be more desirable to map them back to + // the original request name-value. + // + if (booleanReturnAttributes) { + scanAttributes(xacmlResult.getAttributes(), decisionResponse); + } } return decisionResponse; } + @Override + protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) { + // + // No obligations in this tutorial yet. + // + } + + @Override + protected void scanAdvice(Collection<Advice> advice, DecisionResponse decisionResponse) { + // + // No advice in this tutorial yet. + // + } + } diff --git a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java index 4fda0983..66001260 100644 --- a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java +++ b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java @@ -18,9 +18,11 @@ package org.onap.policy.tutorial.tutorial; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.XACML3; import java.io.File; import java.io.IOException; import java.util.Properties; @@ -101,19 +103,31 @@ public class TutorialApplicationTest { TextFileUtils .getTextFileAsString("src/test/resources/tutorial-decision-request.json"), DecisionRequest.class); + LOGGER.info("{}", gson.encode(decisionRequest, true)); // // Test a decision - should start with a permit // Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); + LOGGER.info("{}", gson.encode(decision.getLeft(), true)); assertEquals("Permit", decision.getLeft().getStatus()); // + // Check that there are attributes + // + assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1) + .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue()); + // // This should be a deny // decisionRequest.getResource().put("user", "audit"); + LOGGER.info("{}", gson.encode(decisionRequest, true)); decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); + LOGGER.info("{}", gson.encode(decision.getLeft(), true)); assertEquals("Deny", decision.getLeft().getStatus()); + // + // Check that there are attributes + // + assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1) + .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue()); } } |