From fe80c60ca766af048d7eb6f9bc073d40ee033046 Mon Sep 17 00:00:00 2001 From: Pamela Dragosh Date: Wed, 21 Jul 2021 10:58:13 -0400 Subject: Add attribute return example into Tutorial Used the tutorial to demonstrate returning of attributes back into the Decision response. Needed to update the docker compose for both tutorials to ensure they are using the master branch versions of api and pap. Issue-ID: POLICY-2865 Change-Id: Ia568dfae27d659d940217ddf8d9295dd8409f0e3 Signed-off-by: Pamela Dragosh --- .../src/main/docker/docker-compose.yml | 8 +-- .../src/main/docker/docker-compose.yml | 8 +-- .../policy/tutorial/tutorial/TutorialRequest.java | 12 +++-- .../tutorial/tutorial/TutorialTranslator.java | 58 +++++++++++++++++++--- .../tutorial/tutorial/TutorialApplicationTest.java | 18 ++++++- 5 files changed, 84 insertions(+), 20 deletions(-) diff --git a/tutorials/tutorial-enforcement/src/main/docker/docker-compose.yml b/tutorials/tutorial-enforcement/src/main/docker/docker-compose.yml index d93d4bb7..fada017f 100644 --- a/tutorials/tutorial-enforcement/src/main/docker/docker-compose.yml +++ b/tutorials/tutorial-enforcement/src/main/docker/docker-compose.yml @@ -38,8 +38,8 @@ services: expose: - 3904 pap: - # Released Honlulu image - image: nexus3.onap.org:10001/onap/policy-pap:2.4.2 + # Istanbul To Be released images + image: nexus3.onap.org:10001/onap/policy-pap:2.5.0-SNAPSHOT container_name: policy-pap depends_on: - mariadb @@ -50,8 +50,8 @@ services: expose: - 6868 api: - # Released Honolulu image - image: nexus3.onap.org:10001/onap/policy-api:2.4.2 + # Istanbul To Be released images + image: nexus3.onap.org:10001/onap/policy-api:2.5.0-SNAPSHOT container_name: policy-api depends_on: - mariadb diff --git a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml index 72be1362..a3b72bea 100644 --- a/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml +++ b/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml @@ -38,8 +38,8 @@ services: expose: - 3904 api: - # Honolulu released images - image: nexus3.onap.org:10001/onap/policy-api:2.4.2 + # Istanbul To Be released images + image: nexus3.onap.org:10001/onap/policy-api:2.5.0-SNAPSHOT container_name: policy-api depends_on: - mariadb @@ -49,8 +49,8 @@ services: expose: - 6767 pap: - # Honolulu released images - image: nexus3.onap.org:10001/onap/policy-pap:2.4.2 + # Istanbul To Be released images + image: nexus3.onap.org:10001/onap/policy-pap:2.5.0-SNAPSHOT container_name: policy-pap depends_on: - mariadb diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java index 00d4fe70..356480bc 100644 --- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java +++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java @@ -34,18 +34,24 @@ import org.onap.policy.models.decisions.concepts.DecisionRequest; @ToString @XACMLRequest(ReturnPolicyIdList = true) public class TutorialRequest { - @XACMLSubject(includeInResults = true) + // + // Excluding from results to demonstrate control as to which attributes can be returned. + // + @XACMLSubject(includeInResults = false) private String onapName; - @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true) + @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = false) private String onapComponent; - @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true) + @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = false) private String onapInstance; @XACMLAction() private String action; + // + // Including in results to demonstrate control as to which attributes can be returned. + // @XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true) private String user; diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java index 3d9effe5..31bb1037 100644 --- a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java +++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java @@ -18,15 +18,19 @@ package org.onap.policy.tutorial.tutorial; +import com.att.research.xacml.api.Advice; import com.att.research.xacml.api.DataTypeException; import com.att.research.xacml.api.Decision; import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Obligation; import com.att.research.xacml.api.Request; import com.att.research.xacml.api.Response; import com.att.research.xacml.api.Result; import com.att.research.xacml.api.XACML3; import com.att.research.xacml.std.IdentifierImpl; import com.att.research.xacml.std.annotations.RequestParser; +import java.util.Collection; +import java.util.HashMap; import java.util.List; import java.util.Map; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; @@ -39,10 +43,10 @@ import org.onap.policy.models.decisions.concepts.DecisionResponse; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils; +import org.onap.policy.pdp.xacml.application.common.std.StdBaseTranslator; -public class TutorialTranslator implements ToscaPolicyTranslator { +public class TutorialTranslator extends StdBaseTranslator { private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user"); private static final Identifier ID_TUTORIAL_ENTITY = @@ -50,10 +54,23 @@ public class TutorialTranslator implements ToscaPolicyTranslator { private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission"); + /** + * Constructor will setup some defaults. + */ + public TutorialTranslator() { + // + // For demonstration purposes, this tutorial will have + // the original attributes returned in the request. + // + this.booleanReturnAttributes = true; + this.booleanReturnSingleValueAttributesAsCollection = false; + } + /** * Convert Policy from TOSCA to XACML. */ @SuppressWarnings("unchecked") + @Override public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { // // Here is our policy with a version and default combining algo @@ -127,6 +144,7 @@ public class TutorialTranslator implements ToscaPolicyTranslator { /** * Convert ONAP DecisionRequest to XACML Request. */ + @Override public Request convertRequest(DecisionRequest request) { try { return RequestParser.parseRequest(TutorialRequest.createRequest(request)); @@ -136,12 +154,14 @@ public class TutorialTranslator implements ToscaPolicyTranslator { return null; } - /** - * Convert XACML Response to ONAP DecisionResponse. - */ + @Override public DecisionResponse convertResponse(Response xacmlResponse) { var decisionResponse = new DecisionResponse(); // + // Setup policies + // + decisionResponse.setPolicies(new HashMap<>()); + // // Iterate through all the results // for (Result xacmlResult : xacmlResponse.getResults()) { @@ -150,18 +170,42 @@ public class TutorialTranslator implements ToscaPolicyTranslator { // if (xacmlResult.getDecision() == Decision.PERMIT) { // - // Just simply return a Permit response + // This tutorial will simply set the status to Permit // decisionResponse.setStatus(Decision.PERMIT.toString()); } else { // - // Just simply return a Deny response + // This tutorial will simply set the status to Deny // decisionResponse.setStatus(Decision.DENY.toString()); } + // + // Add attributes use the default scanAttributes. Note that one + // could override that method and return the structure as desired. + // The attributes returned by default method are in the format + // of XACML syntax. It may be more desirable to map them back to + // the original request name-value. + // + if (booleanReturnAttributes) { + scanAttributes(xacmlResult.getAttributes(), decisionResponse); + } } return decisionResponse; } + @Override + protected void scanObligations(Collection obligations, DecisionResponse decisionResponse) { + // + // No obligations in this tutorial yet. + // + } + + @Override + protected void scanAdvice(Collection advice, DecisionResponse decisionResponse) { + // + // No advice in this tutorial yet. + // + } + } diff --git a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java index 4fda0983..66001260 100644 --- a/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java +++ b/tutorials/tutorial-xacml-application/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java @@ -18,9 +18,11 @@ package org.onap.policy.tutorial.tutorial; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.XACML3; import java.io.File; import java.io.IOException; import java.util.Properties; @@ -101,19 +103,31 @@ public class TutorialApplicationTest { TextFileUtils .getTextFileAsString("src/test/resources/tutorial-decision-request.json"), DecisionRequest.class); + LOGGER.info("{}", gson.encode(decisionRequest, true)); // // Test a decision - should start with a permit // Pair decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); + LOGGER.info("{}", gson.encode(decision.getLeft(), true)); assertEquals("Permit", decision.getLeft().getStatus()); // + // Check that there are attributes + // + assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1) + .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue()); + // // This should be a deny // decisionRequest.getResource().put("user", "audit"); + LOGGER.info("{}", gson.encode(decisionRequest, true)); decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); + LOGGER.info("{}", gson.encode(decision.getLeft(), true)); assertEquals("Deny", decision.getLeft().getStatus()); + // + // Check that there are attributes + // + assertThat(decision.getLeft().getAttributes()).isNotNull().hasSize(1) + .containsKey(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE.stringValue()); } } -- cgit 1.2.3-korg