summaryrefslogtreecommitdiffstats
path: root/tutorials/tutorial-xacml-application
diff options
context:
space:
mode:
authorPamela Dragosh <pd1248@att.com>2021-07-21 10:58:13 -0400
committerPamela Dragosh <pd1248@att.com>2021-07-21 11:37:19 -0400
commitfe80c60ca766af048d7eb6f9bc073d40ee033046 (patch)
treec55029034b36c0e502a20c7d903f6b75af01b1cc /tutorials/tutorial-xacml-application
parentf01fce93c17db824d772240b9c68c07d15c6869a (diff)
Add attribute return example into Tutorial
Used the tutorial to demonstrate returning of attributes back into the Decision response. Needed to update the docker compose for both tutorials to ensure they are using the master branch versions of api and pap. Issue-ID: POLICY-2865 Change-Id: Ia568dfae27d659d940217ddf8d9295dd8409f0e3 Signed-off-by: Pamela Dragosh <pd1248@att.com>
Diffstat (limited to 'tutorials/tutorial-xacml-application')
-rw-r--r--tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml8
-rw-r--r--tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java12
-rw-r--r--tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java58
-rw-r--r--tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java18
4 files changed, 80 insertions, 16 deletions
diff --git a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml
index 72be1362..a3b72bea 100644
--- a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml
+++ b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml
@@ -38,8 +38,8 @@ services:
expose:
- 3904
api:
- # Honolulu released images
- image: nexus3.onap.org:10001/onap/policy-api:2.4.2
+ # Istanbul To Be released images
+ image: nexus3.onap.org:10001/onap/policy-api:2.5.0-SNAPSHOT
container_name: policy-api
depends_on:
- mariadb
@@ -49,8 +49,8 @@ services:
expose:
- 6767
pap:
- # Honolulu released images
- image: nexus3.onap.org:10001/onap/policy-pap:2.4.2
+ # Istanbul To Be released images
+ image: nexus3.onap.org:10001/onap/policy-pap:2.5.0-SNAPSHOT
container_name: policy-pap
depends_on:
- mariadb
diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
index 00d4fe70..356480bc 100644
--- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
+++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
@@ -34,18 +34,24 @@ import org.onap.policy.models.decisions.concepts.DecisionRequest;
@ToString
@XACMLRequest(ReturnPolicyIdList = true)
public class TutorialRequest {
- @XACMLSubject(includeInResults = true)
+ //
+ // Excluding from results to demonstrate control as to which attributes can be returned.
+ //
+ @XACMLSubject(includeInResults = false)
private String onapName;
- @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true)
+ @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = false)
private String onapComponent;
- @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true)
+ @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = false)
private String onapInstance;
@XACMLAction()
private String action;
+ //
+ // Including in results to demonstrate control as to which attributes can be returned.
+ //
@XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true)
private String user;
diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
index 3d9effe5..31bb1037 100644
--- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
+++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
@@ -18,15 +18,19 @@
package org.onap.policy.tutorial.tutorial;
+import com.att.research.xacml.api.Advice;
import com.att.research.xacml.api.DataTypeException;
import com.att.research.xacml.api.Decision;
import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Obligation;
import com.att.research.xacml.api.Request;
import com.att.research.xacml.api.Response;
import com.att.research.xacml.api.Result;
import com.att.research.xacml.api.XACML3;
import com.att.research.xacml.std.IdentifierImpl;
import com.att.research.xacml.std.annotations.RequestParser;
+import java.util.Collection;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
@@ -39,10 +43,10 @@ import org.onap.policy.models.decisions.concepts.DecisionResponse;
import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
-import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
+import org.onap.policy.pdp.xacml.application.common.std.StdBaseTranslator;
-public class TutorialTranslator implements ToscaPolicyTranslator {
+public class TutorialTranslator extends StdBaseTranslator {
private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
private static final Identifier ID_TUTORIAL_ENTITY =
@@ -51,9 +55,22 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission");
/**
+ * Constructor will setup some defaults.
+ */
+ public TutorialTranslator() {
+ //
+ // For demonstration purposes, this tutorial will have
+ // the original attributes returned in the request.
+ //
+ this.booleanReturnAttributes = true;
+ this.booleanReturnSingleValueAttributesAsCollection = false;
+ }
+
+ /**
* Convert Policy from TOSCA to XACML.
*/
@SuppressWarnings("unchecked")
+ @Override
public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
//
// Here is our policy with a version and default combining algo
@@ -127,6 +144,7 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
/**
* Convert ONAP DecisionRequest to XACML Request.
*/
+ @Override
public Request convertRequest(DecisionRequest request) {
try {
return RequestParser.parseRequest(TutorialRequest.createRequest(request));
@@ -136,12 +154,14 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
return null;
}
- /**
- * Convert XACML Response to ONAP DecisionResponse.
- */
+ @Override
public DecisionResponse convertResponse(Response xacmlResponse) {
var decisionResponse = new DecisionResponse();
//
+ // Setup policies
+ //
+ decisionResponse.setPolicies(new HashMap<>());
+ //
// Iterate through all the results
//
for (Result xacmlResult : xacmlResponse.getResults()) {
@@ -150,18 +170,42 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
//
if (xacmlResult.getDecision() == Decision.PERMIT) {
//
- // Just simply return a Permit response
+ // This tutorial will simply set the status to Permit
//
decisionResponse.setStatus(Decision.PERMIT.toString());
} else {
//
- // Just simply return a Deny response
+ // This tutorial will simply set the status to Deny
//
decisionResponse.setStatus(Decision.DENY.toString());
}
+ //
+ // Add attributes use the default scanAttributes. Note that one
+ // could override that method and return the structure as desired.
+ // The attributes returned by default method are in the format
+ // of XACML syntax. It may be more desirable to map them back to
+ // the original request name-value.
+ //
+ if (booleanReturnAttributes) {
+ scanAttributes(xacmlResult.getAttributes(), decisionResponse);
+ }
}
return decisionResponse;
}
+ @Override
+ protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
+ //
+ // No obligations in this tutorial yet.
+ //
+ }
+
+ @Override
+ protected void scanAdvice(Collection<Advice> advice, DecisionResponse decisionResponse) {
+ //
+ // No advice in this tutorial yet.
+ //
+ }
+
}
diff --git a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
index 4fda0983..66001260 100644
--- a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
+++ b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
@@ -18,9 +18,11 @@
package org.onap.policy.tutorial.tutorial;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals;
import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.XACML3;
import java.io.File;
import java.io.IOException;
import java.util.Properties;
@@ -101,19 +103,31 @@ public class TutorialApplicationTest {
TextFileUtils
.getTextFileAsString("src/test/resources/tutorial-decision-request.json"),
DecisionRequest.class);
+ LOGGER.info("{}", gson.encode(decisionRequest, true));
//
// Test a decision - should start with a permit
//
Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null);
- LOGGER.info(decision.getLeft().toString());
+ LOGGER.info("{}", gson.encode(decision.getLeft(), true));
assertEquals("Permit", decision.getLeft().getStatus());
//
+ // Check that there are attributes
+ //
+ assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1)
+ .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue());
+ //
// This should be a deny
//
decisionRequest.getResource().put("user", "audit");
+ LOGGER.info("{}", gson.encode(decisionRequest, true));
decision = service.makeDecision(decisionRequest, null);
- LOGGER.info(decision.getLeft().toString());
+ LOGGER.info("{}", gson.encode(decision.getLeft(), true));
assertEquals("Deny", decision.getLeft().getStatus());
+ //
+ // Check that there are attributes
+ //
+ assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1)
+ .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue());
}
}