From 5c4dc69b4954985045149f683555ecff71928921 Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger Date: Mon, 21 Oct 2024 17:45:05 +0200 Subject: [PATCH] use single factory method --- .../DataAccessCredentialScopeExtractor.java | 3 +- .../dcp/policy/DataAccessLevelFunction.java | 32 ++-------------- ...embershipCredentialEvaluationFunction.java | 37 +++---------------- .../dcp/policy/PolicyEvaluationExtension.java | 17 ++++----- 4 files changed, 18 insertions(+), 71 deletions(-) diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java index b29a503f..d62a9a34 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/core/DataAccessCredentialScopeExtractor.java @@ -15,6 +15,7 @@ package org.eclipse.edc.demo.dcp.core; import org.eclipse.edc.iam.identitytrust.spi.scope.ScopeExtractor; +import org.eclipse.edc.policy.context.request.spi.RequestPolicyContext; import org.eclipse.edc.policy.engine.spi.PolicyContext; import org.eclipse.edc.policy.model.Operator; @@ -26,7 +27,7 @@ class DataAccessCredentialScopeExtractor implements ScopeExtractor { public static final String DATA_PROCESSOR_CREDENTIAL_TYPE = "DataProcessorCredential"; @Override - public Set extractScopes(Object leftValue, Operator operator, Object rightValue, PolicyContext context) { + public Set extractScopes(Object leftValue, Operator operator, Object rightValue, RequestPolicyContext context) { Set scopes = Set.of(); if (leftValue instanceof String leftOperand) { if (leftOperand.startsWith(DATA_ACCESS_CONSTRAINT_PREFIX)) { diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java index d0065ba2..49ac49b3 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java @@ -14,10 +14,6 @@ package org.eclipse.edc.demo.dcp.policy; -import org.eclipse.edc.connector.controlplane.catalog.spi.policy.CatalogPolicyContext; -import org.eclipse.edc.connector.controlplane.contract.spi.policy.ContractNegotiationPolicyContext; -import org.eclipse.edc.connector.controlplane.contract.spi.policy.TransferProcessPolicyContext; -import org.eclipse.edc.participant.spi.ParticipantAgent; import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext; import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction; import org.eclipse.edc.policy.model.Duty; @@ -25,34 +21,16 @@ import java.util.Objects; -public abstract class DataAccessLevelFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintRuleFunction { +public class DataAccessLevelFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintRuleFunction { private static final String DATAPROCESSOR_CRED_TYPE = "DataProcessorCredential"; - public static DataAccessLevelFunction createForTransferProcess() { - return new DataAccessLevelFunction<>() { - @Override - protected ParticipantAgent getAgent(TransferProcessPolicyContext policyContext) { - return policyContext.participantAgent(); - } - }; - } + private DataAccessLevelFunction() { - public static DataAccessLevelFunction createForNegotiation() { - return new DataAccessLevelFunction<>() { - @Override - protected ParticipantAgent getAgent(ContractNegotiationPolicyContext policyContext) { - return policyContext.participantAgent(); - } - }; } - public static DataAccessLevelFunction createForCatalog() { + public static DataAccessLevelFunction create() { return new DataAccessLevelFunction<>() { - @Override - protected ParticipantAgent getAgent(CatalogPolicyContext policyContext) { - return policyContext.participantAgent(); - } }; } @@ -62,7 +40,7 @@ public boolean evaluate(Operator operator, Object rightOperand, Duty duty, C pol policyContext.reportProblem("Cannot evaluate operator %s, only %s is supported".formatted(operator, Operator.EQ)); return false; } - var pa = getAgent(policyContext); + var pa = policyContext.participantAgent(); if (pa == null) { policyContext.reportProblem("ParticipantAgent not found on PolicyContext"); return false; @@ -88,6 +66,4 @@ public boolean evaluate(Operator operator, Object rightOperand, Duty duty, C pol } - protected abstract ParticipantAgent getAgent(C policyContext); - } diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java index cc118249..00fd83fb 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java @@ -14,52 +14,27 @@ package org.eclipse.edc.demo.dcp.policy; -import org.eclipse.edc.connector.controlplane.catalog.spi.policy.CatalogPolicyContext; -import org.eclipse.edc.connector.controlplane.contract.spi.policy.ContractNegotiationPolicyContext; -import org.eclipse.edc.connector.controlplane.contract.spi.policy.TransferProcessPolicyContext; -import org.eclipse.edc.participant.spi.ParticipantAgent; +import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext; import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction; -import org.eclipse.edc.policy.engine.spi.PolicyContext; import org.eclipse.edc.policy.model.Operator; import org.eclipse.edc.policy.model.Permission; import java.time.Instant; import java.util.Map; -public abstract class MembershipCredentialEvaluationFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintRuleFunction { +public class MembershipCredentialEvaluationFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintRuleFunction { public static final String MEMBERSHIP_CONSTRAINT_KEY = "MembershipCredential"; private static final String MEMBERSHIP_CLAIM = "membership"; private static final String SINCE_CLAIM = "since"; private static final String ACTIVE = "active"; - public static MembershipCredentialEvaluationFunction createForCatalog() { - return new MembershipCredentialEvaluationFunction<>() { + private MembershipCredentialEvaluationFunction(){ - @Override - protected ParticipantAgent getAgent(CatalogPolicyContext policyContext) { - return policyContext.participantAgent(); - } - }; } - public static MembershipCredentialEvaluationFunction createForTransfer() { + public static MembershipCredentialEvaluationFunction create() { return new MembershipCredentialEvaluationFunction<>() { - - @Override - protected ParticipantAgent getAgent(TransferProcessPolicyContext policyContext) { - return policyContext.participantAgent(); - } - }; - } - - public static MembershipCredentialEvaluationFunction createForNegotiation() { - return new MembershipCredentialEvaluationFunction<>() { - - @Override - protected ParticipantAgent getAgent(ContractNegotiationPolicyContext policyContext) { - return policyContext.participantAgent(); - } }; } @@ -75,7 +50,7 @@ public boolean evaluate(Operator operator, Object rightOperand, Permission permi return false; } - var pa = getAgent(policyContext); + var pa = policyContext.participantAgent(); if (pa == null) { policyContext.reportProblem("No ParticipantAgent found on context."); return false; @@ -97,6 +72,4 @@ public boolean evaluate(Operator operator, Object rightOperand, Permission permi }); } - protected abstract ParticipantAgent getAgent(C policyContext); - } diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java index ccee8f60..01b761a1 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java @@ -41,12 +41,9 @@ public class PolicyEvaluationExtension implements ServiceExtension { @Override public void initialize(ServiceExtensionContext context) { - - bindPermissionFunction(MembershipCredentialEvaluationFunction.createForTransfer(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); - bindPermissionFunction(MembershipCredentialEvaluationFunction.createForNegotiation(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); - bindPermissionFunction(MembershipCredentialEvaluationFunction.createForCatalog(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); - - policyEngine.registerFunction(TransferProcessPolicyContext.class, Permission.class, ); + bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); + bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); + bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); registerDataAccessLevelFunction(); @@ -55,9 +52,9 @@ public void initialize(ServiceExtensionContext context) { private void registerDataAccessLevelFunction() { var accessLevelKey = "DataAccess.level"; - bindDutyFunction(DataAccessLevelFunction.createForTransferProcess(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, accessLevelKey); - bindDutyFunction(DataAccessLevelFunction.createForNegotiation(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, accessLevelKey); - bindDutyFunction(DataAccessLevelFunction.createForCatalog(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, accessLevelKey); + bindDutyFunction(DataAccessLevelFunction.create(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, accessLevelKey); + bindDutyFunction(DataAccessLevelFunction.create(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, accessLevelKey); + bindDutyFunction(DataAccessLevelFunction.create(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, accessLevelKey); } private void bindPermissionFunction(AtomicConstraintRuleFunction function, Class contextClass, String scope, String constraintType) { @@ -65,7 +62,7 @@ private void bindPermissionFunction(AtomicConstraintRu ruleBindingRegistry.bind(ODRL_SCHEMA + "use", scope); ruleBindingRegistry.bind(constraintType, scope); -// policyEngine.registerFunction(contextClass, Permission.class, constraintType, function); + policyEngine.registerFunction(contextClass, Permission.class, constraintType, function); } private void bindDutyFunction(AtomicConstraintRuleFunction function, Class contextClass, String scope, String constraintType) {