Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adds REST API for policy evaluation plan #4452

Merged
merged 1 commit into from
Sep 5, 2024
Merged

feat: adds REST API for policy evaluation plan #4452

merged 1 commit into from
Sep 5, 2024

Conversation

wolf4ood
Copy link
Contributor

@wolf4ood wolf4ood commented Sep 4, 2024
edited
Loading

What this PR changes/adds

introduces an alpha REST API for policy evaluation plan.

Why it does that

Improve policies management and debuggability

Further notes

For example given this policy in MVD:

policy example 
{
       "@id": "require-membership",
       "@type": "PolicyDefinition",
       "createdAt": 1725466366896,
       "policy": {
           "@id": "51d3c610-b141-4269-a4c0-df2a77122cfe",
           "@type": "odrl:Set",
           "odrl:permission": {
               "odrl:action": {
                   "@id": "use"
               },
               "odrl:constraint": {
                   "odrl:leftOperand": {
                       "@id": "MembershipCredential"
                   },
                   "odrl:operator": {
                       "@id": "odrl:eq"
                   },
                   "odrl:rightOperand": "active"
               }
           },
           "odrl:prohibition": [],
           "odrl:obligation": []
       },
       "@context": {
           "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
           "edc": "https://w3id.org/edc/v0.0.1/ns/",
           "odrl": "http://www.w3.org/ns/odrl/2/"
       }
   },

An evaluation plan output within the catalog scope will look like this:

evaluation plan in catalog scope 
{
    "@type": "PolicyEvaluationPlan",
    "preValidators": [],
    "permissionSteps": {
        "@type": "PermissionStep",
        "isFiltered": false,
        "filteringReasons": [],
        "ruleFunctionSteps": "ExamplePermissionFunction",
        "constraintSteps": {
            "@type": "AtomicConstraintStep",
            "isFiltered": false,
            "filteringReasons": [],
            "functionName": "MembershipCredentialEvaluationFunction",
            "functionParams": [
                "'MembershipCredential'",
                "EQ",
                "'active'"
            ]
        },
        "dutySteps": []
    },
    "prohibitionSteps": [],
    "obligationSteps": [],
    "postValidators": [],
    "@context": {
        "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
        "edc": "https://w3id.org/edc/v0.0.1/ns/",
        "odrl": "http://www.w3.org/ns/odrl/2/"
    }
}

while in the request.catalog scope will look like this:

evaluation plan in catalog scope 
{
    "@type": "PolicyEvaluationPlan",
    "preValidators": "DcpScopeExtractorFunction",
    "permissionSteps": {
        "@type": "PermissionStep",
        "isFiltered": false,
        "filteringReasons": [],
        "ruleFunctionSteps": [],
        "constraintSteps": {
            "@type": "AtomicConstraintStep",
            "isFiltered": true,
            "filteringReasons": [
                "leftOperand 'MembershipCredential' is not bound to scope 'request.catalog'",
                "leftOperand 'MembershipCredential' is not bound to any function within scope 'request.catalog'"
            ],
            "functionParams": [
                "'MembershipCredential'",
                "EQ",
                "'active'"
            ]
        },
        "dutySteps": []
    },
    "prohibitionSteps": [],
    "obligationSteps": [],
    "postValidators": "DefaultScopeMappingFunction",
    "@context": {
        "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
        "edc": "https://w3id.org/edc/v0.0.1/ns/",
        "odrl": "http://www.w3.org/ns/odrl/2/"
    }
}

Linked Issue(s)

Closes #4447

@wolf4ood wolf4ood self-assigned this Sep 4, 2024
@wolf4ood wolf4ood added the enhancement New feature or request label Sep 4, 2024
@wolf4ood wolf4ood force-pushed the feat/4447_rest_api_policy_evaluation_plan branch 3 times, most recently from bcc639a to 6a7e870 Compare September 4, 2024 16:03
@wolf4ood wolf4ood force-pushed the feat/4447_rest_api_policy_evaluation_plan branch 4 times, most recently from 8798c27 to e53a35d Compare September 5, 2024 08:04
@wolf4ood wolf4ood marked this pull request as ready for review September 5, 2024 08:41
@wolf4ood wolf4ood force-pushed the feat/4447_rest_api_policy_evaluation_plan branch from e53a35d to 3a55b24 Compare September 5, 2024 13:40
@wolf4ood wolf4ood merged commit 70ba9c2 into eclipse-edc:main Sep 5, 2024
21 checks passed
@wolf4ood wolf4ood deleted the feat/4447_rest_api_policy_evaluation_plan branch September 5, 2024 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ndr-brt ndr-brt ndr-brt approved these changes

@paullatzelsperger paullatzelsperger Awaiting requested review from paullatzelsperger paullatzelsperger is a code owner

Assignees

@wolf4ood wolf4ood

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add REST APIs for policy evaluation plan
2 participants
@wolf4ood @ndr-brt