diff options
Diffstat (limited to 'tutorials/tutorial-xacml-application')
4 files changed, 80 insertions, 16 deletions
diff --git a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml index 72be1362..a3b72bea 100644 --- a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml +++ b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml @@ -38,8 +38,8 @@ services: expose: - 3904 api: - # Honolulu released images - image: nexus3.onap.org:10001/onap/policy-api:2.4.2 + # Istanbul To Be released images + image: nexus3.onap.org:10001/onap/policy-api:2.5.0-SNAPSHOT container_name: policy-api depends_on: - mariadb @@ -49,8 +49,8 @@ services: expose: - 6767 pap: - # Honolulu released images - image: nexus3.onap.org:10001/onap/policy-pap:2.4.2 + # Istanbul To Be released images + image: nexus3.onap.org:10001/onap/policy-pap:2.5.0-SNAPSHOT container_name: policy-pap depends_on: - mariadb diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java index 00d4fe70..356480bc 100644 --- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java +++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java @@ -34,18 +34,24 @@ import org.onap.policy.models.decisions.concepts.DecisionRequest; @ToString @XACMLRequest(ReturnPolicyIdList = true) public class TutorialRequest { - @XACMLSubject(includeInResults = true) + // + // Excluding from results to demonstrate control as to which attributes can be returned. + // + @XACMLSubject(includeInResults = false) private String onapName; - @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true) + @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = false) private String onapComponent; - @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true) + @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = false) private String onapInstance; @XACMLAction() private String action; + // + // Including in results to demonstrate control as to which attributes can be returned. + // @XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true) private String user; diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java index 3d9effe5..31bb1037 100644 --- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java +++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java @@ -18,15 +18,19 @@ package org.onap.policy.tutorial.tutorial; +import com.att.research.xacml.api.Advice; import com.att.research.xacml.api.DataTypeException; import com.att.research.xacml.api.Decision; import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Obligation; import com.att.research.xacml.api.Request; import com.att.research.xacml.api.Response; import com.att.research.xacml.api.Result; import com.att.research.xacml.api.XACML3; import com.att.research.xacml.std.IdentifierImpl; import com.att.research.xacml.std.annotations.RequestParser; +import java.util.Collection; +import java.util.HashMap; import java.util.List; import java.util.Map; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; @@ -39,10 +43,10 @@ import org.onap.policy.models.decisions.concepts.DecisionResponse; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils; +import org.onap.policy.pdp.xacml.application.common.std.StdBaseTranslator; -public class TutorialTranslator implements ToscaPolicyTranslator { +public class TutorialTranslator extends StdBaseTranslator { private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user"); private static final Identifier ID_TUTORIAL_ENTITY = @@ -51,9 +55,22 @@ public class TutorialTranslator implements ToscaPolicyTranslator { new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission"); /** + * Constructor will setup some defaults. + */ + public TutorialTranslator() { + // + // For demonstration purposes, this tutorial will have + // the original attributes returned in the request. + // + this.booleanReturnAttributes = true; + this.booleanReturnSingleValueAttributesAsCollection = false; + } + + /** * Convert Policy from TOSCA to XACML. */ @SuppressWarnings("unchecked") + @Override public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { // // Here is our policy with a version and default combining algo @@ -127,6 +144,7 @@ public class TutorialTranslator implements ToscaPolicyTranslator { /** * Convert ONAP DecisionRequest to XACML Request. */ + @Override public Request convertRequest(DecisionRequest request) { try { return RequestParser.parseRequest(TutorialRequest.createRequest(request)); @@ -136,12 +154,14 @@ public class TutorialTranslator implements ToscaPolicyTranslator { return null; } - /** - * Convert XACML Response to ONAP DecisionResponse. - */ + @Override public DecisionResponse convertResponse(Response xacmlResponse) { var decisionResponse = new DecisionResponse(); // + // Setup policies + // + decisionResponse.setPolicies(new HashMap<>()); + // // Iterate through all the results // for (Result xacmlResult : xacmlResponse.getResults()) { @@ -150,18 +170,42 @@ public class TutorialTranslator implements ToscaPolicyTranslator { // if (xacmlResult.getDecision() == Decision.PERMIT) { // - // Just simply return a Permit response + // This tutorial will simply set the status to Permit // decisionResponse.setStatus(Decision.PERMIT.toString()); } else { // - // Just simply return a Deny response + // This tutorial will simply set the status to Deny // decisionResponse.setStatus(Decision.DENY.toString()); } + // + // Add attributes use the default scanAttributes. Note that one + // could override that method and return the structure as desired. + // The attributes returned by default method are in the format + // of XACML syntax. It may be more desirable to map them back to + // the original request name-value. + // + if (booleanReturnAttributes) { + scanAttributes(xacmlResult.getAttributes(), decisionResponse); + } } return decisionResponse; } + @Override + protected void scanObligations(Collection<Obligation> obligations, DecisionResponse decisionResponse) { + // + // No obligations in this tutorial yet. + // + } + + @Override + protected void scanAdvice(Collection<Advice> advice, DecisionResponse decisionResponse) { + // + // No advice in this tutorial yet. + // + } + } diff --git a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java index 4fda0983..66001260 100644 --- a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java +++ b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java @@ -18,9 +18,11 @@ package org.onap.policy.tutorial.tutorial; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.XACML3; import java.io.File; import java.io.IOException; import java.util.Properties; @@ -101,19 +103,31 @@ public class TutorialApplicationTest { TextFileUtils .getTextFileAsString("src/test/resources/tutorial-decision-request.json"), DecisionRequest.class); + LOGGER.info("{}", gson.encode(decisionRequest, true)); // // Test a decision - should start with a permit // Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); + LOGGER.info("{}", gson.encode(decision.getLeft(), true)); assertEquals("Permit", decision.getLeft().getStatus()); // + // Check that there are attributes + // + assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1) + .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue()); + // // This should be a deny // decisionRequest.getResource().put("user", "audit"); + LOGGER.info("{}", gson.encode(decisionRequest, true)); decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); + LOGGER.info("{}", gson.encode(decision.getLeft(), true)); assertEquals("Deny", decision.getLeft().getStatus()); + // + // Check that there are attributes + // + assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1) + .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue()); } } |