summaryrefslogtreecommitdiffstats
path: root/tutorials/tutorial-xacml-application
diff options
context:
space:
mode:
Diffstat (limited to 'tutorials/tutorial-xacml-application')
-rw-r--r--tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml8
-rw-r--r--tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java12
-rw-r--r--tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java58
-rw-r--r--tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java18
4 files changed, 80 insertions, 16 deletions
diff --git a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml
index 72be1362..a3b72bea 100644
--- a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml
+++ b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml
@@ -38,8 +38,8 @@ services:
expose:
- 3904
api:
- # Honolulu released images
- image: nexus3.onap.org:10001/onap/policy-api:2.4.2
+ # Istanbul To Be released images
+ image: nexus3.onap.org:10001/onap/policy-api:2.5.0-SNAPSHOT
container_name: policy-api
depends_on:
- mariadb
@@ -49,8 +49,8 @@ services:
expose:
- 6767
pap:
- # Honolulu released images
- image: nexus3.onap.org:10001/onap/policy-pap:2.4.2
+ # Istanbul To Be released images
+ image: nexus3.onap.org:10001/onap/policy-pap:2.5.0-SNAPSHOT
container_name: policy-pap
depends_on:
- mariadb
diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
index 00d4fe70..356480bc 100644
--- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
+++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
@@ -34,18 +34,24 @@ import org.onap.policy.models.decisions.concepts.DecisionRequest;
@ToString
@XACMLRequest(ReturnPolicyIdList = true)
public class TutorialRequest {
- @XACMLSubject(includeInResults = true)
+ //
+ // Excluding from results to demonstrate control as to which attributes can be returned.
+ //
+ @XACMLSubject(includeInResults = false)
private String onapName;
- @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true)
+ @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = false)
private String onapComponent;
- @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true)
+ @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = false)
private String onapInstance;
@XACMLAction()
private String action;
+ //
+ // Including in results to demonstrate control as to which attributes can be returned.
+ //
@XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true)
private String user;
diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
index 3d9effe5..31bb1037 100644
--- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
+++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
@@ -18,15 +18,19 @@
package org.onap.policy.tutorial.tutorial;
+import com.att.research.xacml.api.Advice;
import com.att.research.xacml.api.DataTypeException;
import com.att.research.xacml.api.Decision;
import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Obligation;
import com.att.research.xacml.api.Request;
import com.att.research.xacml.api.Response;
import com.att.research.xacml.api.Result;
import com.att.research.xacml.api.XACML3;
import com.att.research.xacml.std.IdentifierImpl;
import com.att.research.xacml.std.annotations.RequestParser;
+import java.util.Collection;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
@@ -39,10 +43,10 @@ import org.onap.policy.models.decisions.concepts.DecisionResponse;
import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
-import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
+import org.onap.policy.pdp.xacml.application.common.std.StdBaseTranslator;
-public class TutorialTranslator implements ToscaPolicyTranslator {
+public class TutorialTranslator extends StdBaseTranslator {
private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
private static final Identifier ID_TUTORIAL_ENTITY =
@@ -51,9 +55,22 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission");
/**
+ * Constructor will setup some defaults.
+ */
+ public TutorialTranslator() {
+ //
+ // For demonstration purposes, this tutorial will have
+ // the original attributes returned in the request.
+ //
+ this.booleanReturnAttributes = true;
+ this.booleanReturnSingleValueAttributesAsCollection = false;
+ }
+
+ /**
* Convert Policy from TOSCA to XACML.
*/
@SuppressWarnings("unchecked")
+ @Override
public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
//
// Here is our policy with a version and default combining algo
@@ -127,6 +144,7 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
/**
* Convert ONAP DecisionRequest to XACML Request.
*/
+ @Override
public Request convertRequest(DecisionRequest request) {
try {
return RequestParser.parseRequest(TutorialRequest.createRequest(request));
@@ -136,12 +154,14 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
return null;
}
- /**
- * Convert XACML Response to ONAP DecisionResponse.
- */
+ @Override
public DecisionResponse convertResponse(Response xacmlResponse) {
var decisionResponse = new DecisionResponse();
//
+ // Setup policies
+ //
+ decisionResponse.setPolicies(new HashMap<>());
+ //
// Iterate through all the results
//
for (Result xacmlResult : xacmlResponse.getResults()) {
@@ -150,18 +170,42 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
//
if (xacmlResult.getDecision() == Decision.PERMIT) {
//
- // Just simply return a Permit response
+ // This tutorial will simply set the status to Permit
//
decisionResponse.setStatus(Decision.PERMIT.toString());
} else {
//
- // Just simply return a Deny response
+ // This tutorial will simply set the status to Deny
//
decisionResponse.setStatus(Decision.DENY.toString());
}
+ //
+ // Add attributes use the default scanAttributes. Note that one
+ // could override that method and return the structure as desired.
+ // The attributes returned by default method are in the format
+ // of XACML syntax. It may be more desirable to map them back to
+ // the original request name-value.
+ //
+ if (booleanReturnAttributes) {
+ scanAttributes(xacmlResult.getAttributes(), decisionResponse);
+ }
}
return decisionResponse;
}
+ @Override
+ protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) {
+ //
+ // No obligations in this tutorial yet.
+ //
+ }
+
+ @Override
+ protected void scanAdvice(Collection<Advice> advice, DecisionResponse decisionResponse) {
+ //
+ // No advice in this tutorial yet.
+ //
+ }
+
}
diff --git a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
index 4fda0983..66001260 100644
--- a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
+++ b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
@@ -18,9 +18,11 @@
package org.onap.policy.tutorial.tutorial;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals;
import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.XACML3;
import java.io.File;
import java.io.IOException;
import java.util.Properties;
@@ -101,19 +103,31 @@ public class TutorialApplicationTest {
TextFileUtils
.getTextFileAsString("src/test/resources/tutorial-decision-request.json"),
DecisionRequest.class);
+ LOGGER.info("{}", gson.encode(decisionRequest, true));
//
// Test a decision - should start with a permit
//
Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null);
- LOGGER.info(decision.getLeft().toString());
+ LOGGER.info("{}", gson.encode(decision.getLeft(), true));
assertEquals("Permit", decision.getLeft().getStatus());
//
+ // Check that there are attributes
+ //
+ assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1)
+ .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue());
+ //
// This should be a deny
//
decisionRequest.getResource().put("user", "audit");
+ LOGGER.info("{}", gson.encode(decisionRequest, true));
decision = service.makeDecision(decisionRequest, null);
- LOGGER.info(decision.getLeft().toString());
+ LOGGER.info("{}", gson.encode(decision.getLeft(), true));
assertEquals("Deny", decision.getLeft().getStatus());
+ //
+ // Check that there are attributes
+ //
+ assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1)
+ .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue());
}
}