Skip to content

Commit

Permalink
fix: use factory method to create policy eval functions (#363)
Browse files Browse the repository at this point in the history 
* use ParticipantAgentPolicyContext

* use single factory method

* terraform fmt

* checkstyle
  • Loading branch information
@paullatzelsperger
paullatzelsperger authored Oct 22, 2024
1 parent aa81c54 commit 5a4660a
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 90 deletions.
6 changes: 3 additions & 3 deletions ...-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,18 @@
package org.eclipse.edc.demo.dcp.core;

import org.eclipse.edc.iam.identitytrust.spi.scope.ScopeExtractor;
import org.eclipse.edc.policy.engine.spi.PolicyContext;
import org.eclipse.edc.policy.context.request.spi.RequestPolicyContext;
import org.eclipse.edc.policy.model.Operator;

import java.util.Set;

class DataAccessCredentialScopeExtractor implements ScopeExtractor {
public static final String DATA_PROCESSOR_CREDENTIAL_TYPE = "DataProcessorCredential";
private static final String DATA_ACCESS_CONSTRAINT_PREFIX = "DataAccess.";
private static final String CREDENTIAL_TYPE_NAMESPACE = "org.eclipse.edc.vc.type";
public static final String DATA_PROCESSOR_CREDENTIAL_TYPE = "DataProcessorCredential";

@Override
public Set<String> extractScopes(Object leftValue, Operator operator, Object rightValue, PolicyContext context) {
public Set<String> extractScopes(Object leftValue, Operator operator, Object rightValue, RequestPolicyContext context) {
Set<String> scopes = Set.of();
if (leftValue instanceof String leftOperand) {
if (leftOperand.startsWith(DATA_ACCESS_CONSTRAINT_PREFIX)) {
Expand Down
2 changes: 1 addition & 1 deletion ...l/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
package org.eclipse.edc.demo.dcp.policy;

import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential;
import org.eclipse.edc.spi.agent.ParticipantAgent;
import org.eclipse.edc.participant.spi.ParticipantAgent;
import org.eclipse.edc.spi.result.Result;

import java.util.List;
Expand Down
50 changes: 5 additions & 45 deletions ...sions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,46 +14,23 @@

package org.eclipse.edc.demo.dcp.policy;

import org.eclipse.edc.connector.controlplane.catalog.spi.policy.CatalogPolicyContext;
import org.eclipse.edc.connector.controlplane.contract.spi.policy.ContractNegotiationPolicyContext;
import org.eclipse.edc.connector.controlplane.contract.spi.policy.TransferProcessPolicyContext;
import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext;
import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction;
import org.eclipse.edc.policy.engine.spi.PolicyContext;
import org.eclipse.edc.policy.model.Duty;
import org.eclipse.edc.policy.model.Operator;
import org.eclipse.edc.spi.agent.ParticipantAgent;

import java.util.Map;
import java.util.Objects;

public abstract class DataAccessLevelFunction<C extends PolicyContext> extends AbstractCredentialEvaluationFunction implements AtomicConstraintRuleFunction<Duty, C> {
public class DataAccessLevelFunction<C extends ParticipantAgentPolicyContext> extends AbstractCredentialEvaluationFunction implements AtomicConstraintRuleFunction<Duty, C> {

private static final String DATAPROCESSOR_CRED_TYPE = "DataProcessorCredential";

public static DataAccessLevelFunction<TransferProcessPolicyContext> createForTransferProcess() {
return new DataAccessLevelFunction<>() {
@Override
protected ParticipantAgent getAgent(TransferProcessPolicyContext policyContext) {
return policyContext.agent();
}
};
}
private DataAccessLevelFunction() {

public static DataAccessLevelFunction<ContractNegotiationPolicyContext> createForNegotiation() {
return new DataAccessLevelFunction<>() {
@Override
protected ParticipantAgent getAgent(ContractNegotiationPolicyContext policyContext) {
return policyContext.agent();
}
};
}

public static DataAccessLevelFunction<CatalogPolicyContext> createForCatalog() {
public static <C extends ParticipantAgentPolicyContext> DataAccessLevelFunction<C> create() {
return new DataAccessLevelFunction<>() {
@Override
protected ParticipantAgent getAgent(CatalogPolicyContext policyContext) {
return policyContext.agent();
}
};
}

Expand All @@ -63,7 +40,7 @@ public boolean evaluate(Operator operator, Object rightOperand, Duty duty, C pol
policyContext.reportProblem("Cannot evaluate operator %s, only %s is supported".formatted(operator, Operator.EQ));
return false;
}
var pa = getAgent(policyContext);
var pa = policyContext.participantAgent();
if (pa == null) {
policyContext.reportProblem("ParticipantAgent not found on PolicyContext");
return false;
Expand All @@ -89,21 +66,4 @@ public boolean evaluate(Operator operator, Object rightOperand, Duty duty, C pol

}

protected abstract ParticipantAgent getAgent(C policyContext);

@SuppressWarnings("unchecked")
private <T> T getClaim(String postfix, Map<String, Object> claims) {
return (T) claims.entrySet().stream().filter(e -> e.getKey().endsWith(postfix))
.findFirst()
.map(Map.Entry::getValue)
.orElse(null);
}

private static class ForCatalog extends DataAccessLevelFunction<CatalogPolicyContext> {

@Override
protected ParticipantAgent getAgent(CatalogPolicyContext policyContext) {
return policyContext.agent();
}
}
}
38 changes: 5 additions & 33 deletions ...src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,52 +14,26 @@

package org.eclipse.edc.demo.dcp.policy;

import org.eclipse.edc.connector.controlplane.catalog.spi.policy.CatalogPolicyContext;
import org.eclipse.edc.connector.controlplane.contract.spi.policy.ContractNegotiationPolicyContext;
import org.eclipse.edc.connector.controlplane.contract.spi.policy.TransferProcessPolicyContext;
import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext;
import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction;
import org.eclipse.edc.policy.engine.spi.PolicyContext;
import org.eclipse.edc.policy.model.Operator;
import org.eclipse.edc.policy.model.Permission;
import org.eclipse.edc.spi.agent.ParticipantAgent;

import java.time.Instant;
import java.util.Map;

public abstract class MembershipCredentialEvaluationFunction<C extends PolicyContext> extends AbstractCredentialEvaluationFunction implements AtomicConstraintRuleFunction<Permission, C> {
public class MembershipCredentialEvaluationFunction<C extends ParticipantAgentPolicyContext> extends AbstractCredentialEvaluationFunction implements AtomicConstraintRuleFunction<Permission, C> {
public static final String MEMBERSHIP_CONSTRAINT_KEY = "MembershipCredential";

private static final String MEMBERSHIP_CLAIM = "membership";
private static final String SINCE_CLAIM = "since";
private static final String ACTIVE = "active";

public static MembershipCredentialEvaluationFunction<CatalogPolicyContext> createForCatalog() {
return new MembershipCredentialEvaluationFunction<>() {

@Override
protected ParticipantAgent getAgent(CatalogPolicyContext policyContext) {
return policyContext.agent();
}
};
}

public static MembershipCredentialEvaluationFunction<TransferProcessPolicyContext> createForTransfer() {
return new MembershipCredentialEvaluationFunction<>() {

@Override
protected ParticipantAgent getAgent(TransferProcessPolicyContext policyContext) {
return policyContext.agent();
}
};
private MembershipCredentialEvaluationFunction() {
}

public static MembershipCredentialEvaluationFunction<ContractNegotiationPolicyContext> createForNegotiation() {
public static <C extends ParticipantAgentPolicyContext> MembershipCredentialEvaluationFunction<C> create() {
return new MembershipCredentialEvaluationFunction<>() {

@Override
protected ParticipantAgent getAgent(ContractNegotiationPolicyContext policyContext) {
return policyContext.agent();
}
};
}

Expand All @@ -75,7 +49,7 @@ public boolean evaluate(Operator operator, Object rightOperand, Permission permi
return false;
}

var pa = getAgent(policyContext);
var pa = policyContext.participantAgent();
if (pa == null) {
policyContext.reportProblem("No ParticipantAgent found on context.");
return false;
Expand All @@ -97,6 +71,4 @@ public boolean evaluate(Operator operator, Object rightOperand, Permission permi
});
}

protected abstract ParticipantAgent getAgent(C policyContext);

}
13 changes: 6 additions & 7 deletions ...ons/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,9 @@ public class PolicyEvaluationExtension implements ServiceExtension {
@Override
public void initialize(ServiceExtensionContext context) {


bindPermissionFunction(MembershipCredentialEvaluationFunction.createForTransfer(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
bindPermissionFunction(MembershipCredentialEvaluationFunction.createForNegotiation(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
bindPermissionFunction(MembershipCredentialEvaluationFunction.createForCatalog(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);

registerDataAccessLevelFunction();

Expand All @@ -53,9 +52,9 @@ public void initialize(ServiceExtensionContext context) {
private void registerDataAccessLevelFunction() {
var accessLevelKey = "DataAccess.level";

bindDutyFunction(DataAccessLevelFunction.createForTransferProcess(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, accessLevelKey);
bindDutyFunction(DataAccessLevelFunction.createForNegotiation(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, accessLevelKey);
bindDutyFunction(DataAccessLevelFunction.createForCatalog(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, accessLevelKey);
bindDutyFunction(DataAccessLevelFunction.create(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, accessLevelKey);
bindDutyFunction(DataAccessLevelFunction.create(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, accessLevelKey);
bindDutyFunction(DataAccessLevelFunction.create(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, accessLevelKey);
}

private <C extends PolicyContext> void bindPermissionFunction(AtomicConstraintRuleFunction<Permission, C> function, Class<C> contextClass, String scope, String constraintType) {
Expand Down
2 changes: 1 addition & 1 deletion tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
import org.eclipse.edc.jsonld.util.JacksonJsonLd;
import org.eclipse.edc.junit.annotations.EndToEndTest;
import org.eclipse.edc.junit.testfixtures.TestUtils;
import org.eclipse.edc.spi.agent.ParticipantIdMapper;
import org.eclipse.edc.participant.spi.ParticipantIdMapper;
import org.eclipse.edc.spi.monitor.ConsoleMonitor;
import org.eclipse.edc.transform.TypeTransformerRegistryImpl;
import org.eclipse.edc.transform.spi.TypeTransformerRegistry;
Expand Down

0 comments on commit 5a4660a

Please sign in to comment.