-
Notifications
You must be signed in to change notification settings - Fork 215
/
PolicyEnforcerActor.java
121 lines (106 loc) · 5.27 KB
/
PolicyEnforcerActor.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/*
* Copyright (c) 2022 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.policies.service.persistence.actors;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.Function;
import javax.annotation.Nullable;
import org.eclipse.ditto.base.model.headers.DittoHeaders;
import org.eclipse.ditto.base.model.signals.Signal;
import org.eclipse.ditto.policies.api.commands.sudo.SudoRetrievePolicy;
import org.eclipse.ditto.policies.api.commands.sudo.SudoRetrievePolicyResponse;
import org.eclipse.ditto.policies.enforcement.AbstractEnforcerActor;
import org.eclipse.ditto.policies.enforcement.PolicyEnforcer;
import org.eclipse.ditto.policies.enforcement.PolicyEnforcerProvider;
import org.eclipse.ditto.policies.model.Policy;
import org.eclipse.ditto.policies.model.PolicyId;
import org.eclipse.ditto.policies.model.signals.commands.PolicyCommand;
import org.eclipse.ditto.policies.model.signals.commands.PolicyCommandResponse;
import org.eclipse.ditto.policies.model.signals.commands.exceptions.PolicyNotAccessibleException;
import org.eclipse.ditto.policies.model.signals.commands.modify.CreatePolicy;
import org.eclipse.ditto.policies.service.enforcement.PolicyCommandEnforcement;
import akka.actor.Props;
import akka.pattern.Patterns;
/**
* Enforcer responsible for enforcing {@link PolicyCommand}s and filtering {@link PolicyCommandResponse}s utilizing the
* {@link PolicyCommandEnforcement}.
*/
public final class PolicyEnforcerActor
extends AbstractEnforcerActor<PolicyId, PolicyCommand<?>, PolicyCommandResponse<?>, PolicyCommandEnforcement> {
private static final String ENFORCEMENT_DISPATCHER = "enforcement-dispatcher";
private final Function<PolicyId, Optional<Policy>> importedPolicyResolver =
importedPolicyId -> loadPolicy(importedPolicyId)
.toCompletableFuture()
.join();
private final PolicyEnforcerProvider policyEnforcerProvider = policyId -> {
if (null == policyId) {
return CompletableFuture.completedStage(Optional.empty());
} else {
return loadPolicy(policyId)
.thenApply(optPolicy -> optPolicy
.map(policy -> PolicyEnforcer.withResolvedImports(policy, importedPolicyResolver)));
}
};
@SuppressWarnings("unused")
private PolicyEnforcerActor(final PolicyId policyId, final PolicyCommandEnforcement policyCommandEnforcement) {
super(policyId, policyCommandEnforcement);
}
/**
* Creates Akka configuration object Props for this Actor.
*
* @param policyId the PolicyId this enforcer actor is responsible for.
* @param policyCommandEnforcement the policy command enforcement logic to apply in the enforcer.
* @return the {@link Props} to create this actor.
*/
public static Props props(final PolicyId policyId, final PolicyCommandEnforcement policyCommandEnforcement) {
return Props.create(PolicyEnforcerActor.class, policyId, policyCommandEnforcement)
.withDispatcher(ENFORCEMENT_DISPATCHER);
}
@Override
protected CompletionStage<PolicyId> providePolicyIdForEnforcement(final Signal<?> signal) {
return CompletableFuture.completedStage(entityId);
}
@Override
protected CompletionStage<Optional<PolicyEnforcer>> providePolicyEnforcer(@Nullable final PolicyId policyId) {
return policyEnforcerProvider.getPolicyEnforcer(policyId);
}
@Override
protected CompletionStage<Optional<PolicyEnforcer>> loadPolicyEnforcer(final Signal<?> signal) {
if (signal instanceof CreatePolicy createPolicy) {
return CompletableFuture.completedStage(
Optional.of(PolicyEnforcer.withResolvedImports(createPolicy.getPolicy(), importedPolicyResolver))
);
}
return super.loadPolicyEnforcer(signal);
}
private CompletionStage<Optional<Policy>> loadPolicy(final PolicyId policyId) {
return Patterns.ask(getContext().getParent(), SudoRetrievePolicy.of(policyId,
DittoHeaders.newBuilder()
.correlationId("sudoRetrievePolicyFromPolicyEnforcerActor-" + UUID.randomUUID())
.build()
), DEFAULT_LOCAL_ASK_TIMEOUT
).thenApply(PolicyEnforcerActor::handleSudoRetrievePolicyResponse);
}
private static Optional<Policy> handleSudoRetrievePolicyResponse(final Object response) {
if (response instanceof SudoRetrievePolicyResponse sudoRetrievePolicyResponse) {
final var policy = sudoRetrievePolicyResponse.getPolicy();
return Optional.of(policy);
} else if (response instanceof PolicyNotAccessibleException) {
return Optional.empty();
} else {
throw new IllegalStateException("expect SudoRetrievePolicyResponse, got: " + response);
}
}
}