Skip to content

Commit

Permalink
Merge pull request #934 from catenax-ng/feature/534-get-policies-and-…
Browse files Browse the repository at this point in the history
…publish-assets

chore[534] updated createIrsPolicyIfMissing()
  • Loading branch information
ds-ashanmugavel authored Jan 30, 2024
2 parents 0afb9de + 01d0a14 commit 69d283d
Showing 4 changed files with 38 additions and 27 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -65,6 +65,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
- Updated github/codeql-action from 2 to 3
- Updated actions/download-artifact from 3 to 4actions/download-artifact from 3 to 4
- Updated com.nimbusds:nimbus-jose-jwt from 9.37.1 to 9.37.3
- Changed some java implementations according to security findings ( business logic unchanged )
- Updated createIrsPolicyIfMissing() method to validate policies based on rightOperand values rather than policyIDs

### Removed
- Shell descriptor entity with underlying logic
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/********************************************************************************
* Copyright (c) 2022, 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
* Copyright (c) 2022, 2023 ZF Friedrichshafen AG
* Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation
* Copyright (c) 2022, 2023, 2024 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
@@ -39,6 +39,7 @@
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
@@ -143,43 +144,53 @@ void saveOrUpdateAssets(AssetCallbackRepository repository, AssetBase asset) {
@Override
public void createIrsPolicyIfMissing() {
log.info("Check if irs policy exists");
List<PolicyResponse> irsPolicies = irsApiClient.getPolicies(adminApiKey);
List<PolicyResponse> irsPolicies = Objects.requireNonNullElse(irsApiClient.getPolicies(adminApiKey), Collections.emptyList());
log.info("Irs has following policies: {}", irsPolicies);

log.info("Required constraints from application yaml are : {}", traceabilityProperties.getRightOperand());


//update existing policies
irsPolicies.stream().filter(
irsPolicy -> traceabilityProperties.getRightOperand().equals(irsPolicy.policyId()))
.forEach(existingPolicy -> checkAndUpdatePolicy(irsPolicies));


//create missing policies
boolean missingPolicy = irsPolicies.stream().noneMatch(irsPolicy -> irsPolicy.policyId().equals(traceabilityProperties.getRightOperand()));
if (missingPolicy) {
createPolicy();
PolicyResponse matchingIrsPolicy = irsPolicies.stream()
.filter(irsPolicy -> irsPolicy.permissions().stream()
.flatMap(permission -> permission.getConstraints().stream())
.anyMatch(constraint ->
constraint.getOr().stream().anyMatch(rightO ->
rightO.getRightOperand().stream().anyMatch(value ->
value.equals(traceabilityProperties.getRightOperand())))
||
constraint.getAnd().stream().allMatch(rightO ->
rightO.getRightOperand().stream().allMatch(value ->
value.equals(traceabilityProperties.getRightOperand())))
))
.findFirst()
.orElse(null);

if (matchingIrsPolicy == null) {
createMissingPolicies();
} else {
checkAndUpdateExpiredPolicies((matchingIrsPolicy));
}
}

private void createPolicy() {
private void createMissingPolicies() {
log.info("Irs policy does not exist creating {}", traceabilityProperties.getRightOperand());
irsApiClient.registerPolicy(adminApiKey, RegisterPolicyRequest.from(traceabilityProperties.getLeftOperand(), OperatorType.fromValue(traceabilityProperties.getOperatorType()), traceabilityProperties.getRightOperand(), traceabilityProperties.getValidUntil()));
}

private void checkAndUpdatePolicy(List<PolicyResponse> requiredPolicies) {
Optional<PolicyResponse> requiredPolicy = requiredPolicies.stream().filter(policyItem -> policyItem.policyId().equals(traceabilityProperties.getRightOperand())).findFirst();
if (requiredPolicy.isPresent() &&
traceabilityProperties.getValidUntil().isAfter(requiredPolicy.get().validUntil())
) {
log.info("IRS Policy {} has outdated validity updating new ttl {}", traceabilityProperties.getRightOperand(), requiredPolicy);
private void checkAndUpdateExpiredPolicies(PolicyResponse matchingIrsPolicy) {
if (isPolicyExpired(matchingIrsPolicy)) {
log.info("IRS Policy {} has outdated validity updating new ttl {}", traceabilityProperties.getRightOperand(), matchingIrsPolicy);
irsApiClient.deletePolicy(adminApiKey, traceabilityProperties.getRightOperand());
irsApiClient.registerPolicy(adminApiKey, RegisterPolicyRequest.from(traceabilityProperties.getLeftOperand(), OperatorType.fromValue(traceabilityProperties.getOperatorType()), traceabilityProperties.getRightOperand(), traceabilityProperties.getValidUntil()));
}
}

private boolean isPolicyExpired(PolicyResponse requiredPolicy) {
return traceabilityProperties.getValidUntil().isAfter(requiredPolicy.validUntil());
}

public List<PolicyResponse> getPolicies() {
return irsApiClient.getPolicies(adminApiKey);
}


}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/********************************************************************************
* Copyright (c) 2023 Contributors to the Eclipse Foundation
* Copyright (c) 2023,2024 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
@@ -28,7 +28,6 @@
import java.time.Instant;
import java.time.OffsetDateTime;
import java.util.List;
import java.util.UUID;

public record RegisterPolicyRequest(
String policyId,
@@ -37,7 +36,7 @@ public record RegisterPolicyRequest(
) {
public static RegisterPolicyRequest from(String leftOperand, OperatorType operatorType, String rightOperand, OffsetDateTime ttl) {
return new RegisterPolicyRequest(
UUID.randomUUID().toString(),
rightOperand,
ttl.toInstant(),
List.of(new Permission(
PolicyType.USE,
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/********************************************************************************
* Copyright (c) 2023 Contributors to the Eclipse Foundation
* Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
@@ -34,7 +34,6 @@
import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.JobStatus;
import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.Parameter;
import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.PolicyResponse;
import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.RegisterJobResponse;
import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.Shell;
import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.relationship.Aspect;
import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.relationship.LinkedItem;
@@ -124,7 +123,7 @@ void givenNoPolicyExist_whenCreateIrsPolicyIfMissing_thenCreateIt() {
@Test
void givenPolicyExist_whenCreateIrsPolicyIfMissing_thenDoNotCreateIt() {
// given
final PolicyResponse existingPolicy = new PolicyResponse("test", OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), OffsetDateTime.now(), List.of());
final PolicyResponse existingPolicy = new PolicyResponse("test", OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), OffsetDateTime.now(), List.of(new Permission(PolicyType.USE, List.of(new Constraints(List.of(), List.of(new Constraint("leftOperand1", OperatorType.EQ, List.of("test"))))))));
when(irsClient.getPolicies(anyString())).thenReturn(List.of(existingPolicy));
when(traceabilityProperties.getRightOperand()).thenReturn("test");
when(traceabilityProperties.getValidUntil()).thenReturn(OffsetDateTime.parse("2023-07-02T16:01:05.309Z"));
@@ -139,7 +138,7 @@ void givenPolicyExist_whenCreateIrsPolicyIfMissing_thenDoNotCreateIt() {
@Test
void givenOutdatedPolicyExist_whenCreateIrsPolicyIfMissing_thenUpdateIt() {
// given
final PolicyResponse existingPolicy = new PolicyResponse("test", OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), List.of());
final PolicyResponse existingPolicy = new PolicyResponse("test", OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), List.of(new Permission(PolicyType.USE, List.of(new Constraints(List.of(), List.of(new Constraint("leftOperand1", OperatorType.EQ, List.of("test"))))))));
when(irsClient.getPolicies(anyString())).thenReturn(List.of(existingPolicy));
when(traceabilityProperties.getRightOperand()).thenReturn("test");
when(traceabilityProperties.getOperatorType()).thenReturn("eq");

0 comments on commit 69d283d

Please sign in to comment.