-
Notifications
You must be signed in to change notification settings - Fork 215
/
PolicyEnforcerActor.java
103 lines (89 loc) · 4.4 KB
/
PolicyEnforcerActor.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
/*
* Copyright (c) 2022 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.policies.service.persistence.actors;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import javax.annotation.Nullable;
import org.eclipse.ditto.base.model.headers.DittoHeaders;
import org.eclipse.ditto.internal.utils.persistentactors.AbstractEnforcerActor;
import org.eclipse.ditto.policies.api.commands.sudo.SudoRetrievePolicy;
import org.eclipse.ditto.policies.api.commands.sudo.SudoRetrievePolicyResponse;
import org.eclipse.ditto.policies.enforcement.PolicyEnforcer;
import org.eclipse.ditto.policies.model.PolicyId;
import org.eclipse.ditto.policies.model.enforcers.PolicyEnforcers;
import org.eclipse.ditto.policies.model.signals.commands.PolicyCommand;
import org.eclipse.ditto.policies.model.signals.commands.PolicyCommandResponse;
import org.eclipse.ditto.policies.model.signals.commands.exceptions.PolicyNotAccessibleException;
import org.eclipse.ditto.policies.service.enforcement.PolicyCommandEnforcement;
import akka.actor.ActorRef;
import akka.actor.Props;
import akka.pattern.Patterns;
/**
* Enforcer responsible for enforcing {@link PolicyCommand}s and filtering {@link PolicyCommandResponse}s.
*/
public final class PolicyEnforcerActor
extends AbstractEnforcerActor<PolicyId, PolicyCommand<?>, PolicyCommandResponse<?>, PolicyCommandEnforcement> {
@SuppressWarnings("unused")
private PolicyEnforcerActor(final PolicyId policyId,
final PolicyCommandEnforcement policyCommandEnforcement,
final ActorRef pubSubMediator) {
super(policyId, policyCommandEnforcement, pubSubMediator);
}
/**
* Creates Akka configuration object Props for this Actor.
*
* @param policyId the PolicyId this enforcer actor is responsible for.
* @param policyCommandEnforcement the policy command enforcement logic to apply in the enforcer.
* @param pubSubMediator the ActorRef of the distributed pub-sub-mediator used to subscribe for policy updates in
* order to perform invalidations.
*/
public static Props props(final PolicyId policyId,
final PolicyCommandEnforcement policyCommandEnforcement,
final ActorRef pubSubMediator) {
return Props.create(PolicyEnforcerActor.class, policyId, policyCommandEnforcement, pubSubMediator);
}
@Override
protected CompletionStage<PolicyId> providePolicyIdForEnforcement() {
return CompletableFuture.completedStage(entityId);
}
@Override
protected CompletionStage<PolicyEnforcer> providePolicyEnforcer(@Nullable final PolicyId policyId) {
if (null == policyId) {
return CompletableFuture.completedStage(null);
} else {
return Patterns.ask(getContext().getParent(), SudoRetrievePolicy.of(policyId,
DittoHeaders.newBuilder()
.correlationId("sudoRetrievePolicyFromPolicyEnforcerActor-" + UUID.randomUUID())
.build()
), DEFAULT_LOCAL_ASK_TIMEOUT
).thenApply(response -> handleSudoRetrievePolicyResponse(response).orElse(null));
}
}
@Override
protected boolean shouldInvalidatePolicyEnforcerBeforeEnforcement(final PolicyCommand<?> command) {
// this should never be done - as the previous policy must be used in order to enforce incoming commands
return false;
}
private static Optional<PolicyEnforcer> handleSudoRetrievePolicyResponse(final Object response) {
if (response instanceof SudoRetrievePolicyResponse sudoRetrievePolicyResponse) {
final var policy = sudoRetrievePolicyResponse.getPolicy();
return Optional.of(PolicyEnforcer.of(policy, PolicyEnforcers.defaultEvaluator(policy)));
} else if (response instanceof PolicyNotAccessibleException) {
return Optional.empty();
} else {
throw new IllegalStateException("expect SudoRetrievePolicyResponse, got: " + response);
}
}
}