diff --git a/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/ConnectorIdConstraintFunction.java b/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/ClientClaimConstraintFunction.java similarity index 50% rename from policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/ConnectorIdConstraintFunction.java rename to policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/ClientClaimConstraintFunction.java index fd490ea..1c43806 100644 --- a/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/ConnectorIdConstraintFunction.java +++ b/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/ClientClaimConstraintFunction.java @@ -3,24 +3,26 @@ import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction; import org.eclipse.edc.policy.engine.spi.PolicyContext; import org.eclipse.edc.policy.model.Operator; -import org.eclipse.edc.policy.model.Permission; import org.eclipse.edc.policy.model.Rule; import org.eclipse.edc.spi.agent.ParticipantAgent; import org.eclipse.edc.spi.monitor.Monitor; import java.util.Arrays; -import java.util.Collection; import java.util.Map; import java.util.Objects; import static java.lang.String.format; -public class ConnectorIdConstraintFunction implements AtomicConstraintFunction { +public class ClientClaimConstraintFunction implements AtomicConstraintFunction { private final Monitor monitor; + private final String clientClaimName; + private final boolean verbose; - public ConnectorIdConstraintFunction(Monitor monitor) { + public ClientClaimConstraintFunction(Monitor monitor, String clientClaimName, boolean verbose) { this.monitor = monitor; + this.clientClaimName = clientClaimName; + this.verbose = verbose; } @Override @@ -36,27 +38,30 @@ public boolean evaluate(Operator operator, Object rightValue, R rule, PolicyCont return false; } - for (Map.Entry e : contextData.getClaims().entrySet()) { - monitor.info(format("Found claim %s : %s", e.getKey(), e.getValue())); - } + if (verbose) { + for (Map.Entry e : contextData.getClaims().entrySet()) { + monitor.info(format("Found claim %s : %s", e.getKey(), e.getValue())); + } - for (Map.Entry e : contextData.getAttributes().entrySet()) { - monitor.info(format("Found attribute %s : %s", e.getKey(), e.getValue())); + for (Map.Entry e : contextData.getAttributes().entrySet()) { + monitor.info(format("Found attribute %s : %s", e.getKey(), e.getValue())); + } } - String clientIdClaim = (String) contextData.getClaims().get("client_id"); + String clientClaim = (String) contextData.getClaims().get(clientClaimName); - if (clientIdClaim == null) { + if (clientClaim == null) { + monitor.info(format("Required claim %s not found.", clientClaimName)); return false; } - monitor.info(format("Evaluating constraint: connectorId %s %s %s", clientIdClaim, operator, rightValue)); + monitor.info(format("Evaluating constraint: %s %s %s %s", clientClaimName, clientClaim, operator, rightValue)); return switch (operator) { - case EQ -> Objects.equals(clientIdClaim, rightValue); - case NEQ -> !Objects.equals(clientIdClaim, rightValue); - case IN, IS_ANY_OF -> Arrays.asList(((String) rightValue).split(",")).contains(clientIdClaim); - case IS_NONE_OF -> !Arrays.asList(((String) rightValue).split(",")).contains(clientIdClaim); + case EQ -> Objects.equals(clientClaim, rightValue); + case NEQ -> !Objects.equals(clientClaim, rightValue); + case IN, IS_ANY_OF -> Arrays.asList(((String) rightValue).split(",")).contains(clientClaim); + case IS_NONE_OF -> !Arrays.asList(((String) rightValue).split(",")).contains(clientClaim); default -> false; }; } diff --git a/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/LocationConstraintFunction.java b/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/LocationConstraintFunction.java deleted file mode 100644 index aeb18dd..0000000 --- a/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/LocationConstraintFunction.java +++ /dev/null @@ -1,37 +0,0 @@ -package org.eclipse.edc.extension.possiblepolicy; - - -import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction; -import org.eclipse.edc.policy.engine.spi.PolicyContext; -import org.eclipse.edc.policy.model.Operator; -import org.eclipse.edc.policy.model.Permission; -import org.eclipse.edc.spi.agent.ParticipantAgent; -import org.eclipse.edc.spi.monitor.Monitor; - -import java.util.Collection; -import java.util.Objects; - -import static java.lang.String.format; - -public class LocationConstraintFunction implements AtomicConstraintFunction { - - private final Monitor monitor; - - public LocationConstraintFunction(Monitor monitor) { - this.monitor = monitor; - } - - @Override - public boolean evaluate(Operator operator, Object rightValue, Permission rule, PolicyContext context) { - var region = context.getContextData(ParticipantAgent.class).getClaims().get("region"); - - monitor.info(format("Evaluating constraint: location %s %s", operator, rightValue.toString())); - - return switch (operator) { - case EQ -> Objects.equals(region, rightValue); - case NEQ -> !Objects.equals(region, rightValue); - case IN -> ((Collection) rightValue).contains(region); - default -> false; - }; - } -} diff --git a/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/PossiblePolicyExtension.java b/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/PossiblePolicyExtension.java index 956948b..13e4474 100644 --- a/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/PossiblePolicyExtension.java +++ b/policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/PossiblePolicyExtension.java @@ -24,14 +24,21 @@ import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; +import java.util.Map; + import static org.eclipse.edc.policy.engine.spi.PolicyEngine.ALL_SCOPES; -@Extension(value = PossiblePolicyExtension.NAME) +@Extension(value = PossiblePolicyExtension.EXTENSION_NAME) public class PossiblePolicyExtension implements ServiceExtension { - public static final String NAME = "POSSIBLE-POLICY-EXTENSION"; + public static final String EXTENSION_NAME = "POSSIBLE-POLICY-EXTENSION"; + + private static final boolean VERBOSE = true; - private static final String CONNECTORID_CONSTRAINT_KEY = "connectorId"; + private static final Map CONSTRAINT_KEY_MAP = Map.of( + "connectorId", "client_id", + "did", "did" + ); @Inject private RuleBindingRegistry ruleBindingRegistry; @@ -40,7 +47,7 @@ public class PossiblePolicyExtension implements ServiceExtension { @Override public String name() { - return "Sample policy functions"; + return EXTENSION_NAME; } @Override @@ -48,8 +55,13 @@ public void initialize(ServiceExtensionContext context) { var monitor = context.getMonitor(); ruleBindingRegistry.bind("use", ALL_SCOPES); - ruleBindingRegistry.bind(CONNECTORID_CONSTRAINT_KEY, ALL_SCOPES); - policyEngine.registerFunction(ALL_SCOPES, Permission.class, CONNECTORID_CONSTRAINT_KEY, new ConnectorIdConstraintFunction<>(monitor)); - policyEngine.registerFunction(ALL_SCOPES, Prohibition.class, CONNECTORID_CONSTRAINT_KEY, new ConnectorIdConstraintFunction<>(monitor)); + + for (Map.Entry entry : CONSTRAINT_KEY_MAP.entrySet()) { + ruleBindingRegistry.bind(entry.getKey(), ALL_SCOPES); + policyEngine.registerFunction(ALL_SCOPES, Permission.class, entry.getKey(), + new ClientClaimConstraintFunction<>(monitor, entry.getValue(), VERBOSE)); + policyEngine.registerFunction(ALL_SCOPES, Prohibition.class, entry.getKey(), + new ClientClaimConstraintFunction<>(monitor, entry.getValue(), VERBOSE)); + } } }