From 48905c8e7baf2adead225155117db2c12a9c7dc7 Mon Sep 17 00:00:00 2001 From: Stefan Wiedemann Date: Mon, 10 Jun 2024 09:19:32 +0200 Subject: [PATCH 1/4] tmf --- doc/REGO.md | 9 ++++++++- src/main/resources/mapping.json | 18 +++++++++++------ src/main/resources/rego-resources.txt | 15 ++++++++++++++ src/main/resources/rego/dome/leftOperand.rego | 4 ---- src/main/resources/rego/odrl/assignee.rego | 5 ----- src/main/resources/rego/tmf/leftOperand.rego | 20 +++++++++++++++++++ src/main/resources/rego/vc/assignee.rego | 7 +++++++ 7 files changed, 62 insertions(+), 16 deletions(-) create mode 100644 src/main/resources/rego/tmf/leftOperand.rego create mode 100644 src/main/resources/rego/vc/assignee.rego diff --git a/doc/REGO.md b/doc/REGO.md index 28c5625..e114461 100644 --- a/doc/REGO.md +++ b/doc/REGO.md @@ -10,7 +10,6 @@ | leftOperand | dome-op:relatedParty | related_party(http_part) | get the entity from tm-forum and extract related party | | leftOperand | dome-op:owner | owner(related_party) | filter the given list of related_party(ies) for one with role "Owner" | | leftOperand | dome-op:relatedParty_role | related_party_role(entity) | return the role from the related party of an entity | -| leftOperand | TMF-PCMA:lifecycleStatus | life_cycle_status(entity) | return the lifeCycleStatus of a given entity | | leftOperand | dome-op:validFor_endDateTime | valid_for_end_date_time(entity) | return the end of the validity of an entity | | leftOperand | dome-op:validFor_startDateTime | valid_for_start_date_time(entity) | return the start of the validity of an entity | | action | dome-op:create | is_creation(request) | Check if the given request is a creation | @@ -68,6 +67,7 @@ | --- | --- | --- | --- | | leftOperand | vc:role | role(verifiable_credential,organization_id) | retrieves the roles from the credential, that target the current organization | | leftOperand | vc:currentParty | current_party(credential) | the current (organization)party, | +| assignee | odrl:any | is_any | allows for any user | ## ngsild @@ -78,3 +78,10 @@ | leftOperand | ngsi-ld:_observedAt | # | retrieves the observedAt of the property The method should be concretized in the mapping.json, to match a concrete property. | | leftOperand | ngsi-ld:_modifiedAt | # | retrieves the modifiedAt of the property The method should be concretized in the mapping.json, to match a concrete property. | | leftOperand | ngsi-ld: | # | retrieves the object of the relationship, only applies to properties of type "Relationship". The method should be concretized in the mapping.json, to match a concrete property. | + +## tmf + +| ODRL Class | ODRL Key | Rego-Method | Description | +| --- | --- | --- | --- | +| leftOperand | tmf:lifecycleStatus | life_cycle_status(entity) | return the lifeCycleStatus of a given entity | +| leftOperand | tmf:resource | resource_type(http_part) | retrieves the type of the resource from the path | diff --git a/src/main/resources/mapping.json b/src/main/resources/mapping.json index 844147e..0aa4318 100644 --- a/src/main/resources/mapping.json +++ b/src/main/resources/mapping.json @@ -176,10 +176,14 @@ "regoMethod": "dome_lo.valid_for_end_date_time(helper.entity)" } }, - "TMF-PCMA": { + "tmf": { "lifecycleStatus": { - "regoPackage": "dome.leftOperand as dome_lo", - "regoMethod": "dome_lo.life_cycle_status(helper.entity)" + "regoPackage": "tmf.leftOperand as tmf_lo", + "regoMethod": "tmf_lo.life_cycle_status(helper.entity)" + }, + "resource": { + "regoPackage": "tmf.leftOperand as tmf_lo", + "regoMethod": "tmf_lo.resource_type(helper.http_part)" } } }, @@ -192,10 +196,12 @@ "assignee": { "regoPackage": "odrl.assignee as odrl_assignee", "regoMethod": "odrl_assignee.is_user(helper.issuer,%s)" - }, + } + }, + "vc": { "any": { - "regoPackage": "odrl.assignee as odrl_assignee", - "regoMethod": "odrl_assignee.is_any" + "regoPackage": "vc.assignee as vc_assignee", + "regoMethod": "vc_assignee.is_any" } } }, diff --git a/src/main/resources/rego-resources.txt b/src/main/resources/rego-resources.txt index c80b3de..459a7e7 100644 --- a/src/main/resources/rego-resources.txt +++ b/src/main/resources/rego-resources.txt @@ -57,3 +57,18 @@ rego/utils/kong.rego rego/utils/apisix.rego rego/vc/leftOperand.rego rego/ngsi-ld/leftOperand.rego +rego/dome/leftOperand.rego +rego/dome/action.rego +rego/odrl/operand.rego +rego/odrl/rightOperand.rego +rego/odrl/operator.rego +rego/odrl/leftOperand.rego +rego/odrl/target.rego +rego/odrl/action.rego +rego/odrl/assignee.rego +rego/utils/kong.rego +rego/utils/apisix.rego +rego/vc/leftOperand.rego +rego/vc/assignee.rego +rego/ngsi-ld/leftOperand.rego +rego/tmf/leftOperand.rego diff --git a/src/main/resources/rego/dome/leftOperand.rego b/src/main/resources/rego/dome/leftOperand.rego index b7fe90f..3e58f93 100644 --- a/src/main/resources/rego/dome/leftOperand.rego +++ b/src/main/resources/rego/dome/leftOperand.rego @@ -34,10 +34,6 @@ owner(related_party) := o_id if { # return the role from the related party of an entity related_party_role(entity) := related_party(entity).role -## TMF-PCMA:lifecycleStatus -# return the lifeCycleStatus of a given entity -life_cycle_status(entity) := entity.lifeCycleStatus - ## dome-op:validFor_endDateTime # return the end of the validity of an entity valid_for_end_date_time(entity) := time.parse_rfc3339_ns(entity.validFor.endDataTime) diff --git a/src/main/resources/rego/odrl/assignee.rego b/src/main/resources/rego/odrl/assignee.rego index cf03d72..0e603c1 100644 --- a/src/main/resources/rego/odrl/assignee.rego +++ b/src/main/resources/rego/odrl/assignee.rego @@ -5,8 +5,3 @@ import rego.v1 ## odrl:uid,odrl:assignee # is the given user id the same as the given uid is_user(user,uid) if user == uid - -## odrl:any -# allows for any user -is_any := true - diff --git a/src/main/resources/rego/tmf/leftOperand.rego b/src/main/resources/rego/tmf/leftOperand.rego new file mode 100644 index 0000000..bada7c2 --- /dev/null +++ b/src/main/resources/rego/tmf/leftOperand.rego @@ -0,0 +1,20 @@ +package tmf.leftOperand + +import rego.v1 + +## tmf:lifecycleStatus +# return the lifeCycleStatus of a given entity +life_cycle_status(entity) := entity.lifeCycleStatus + +## tmf:resource +# retrieves the type of the resource from the path +resource_type(http_part) := resource if { + path_without_query := split(path, "?")[0] + path_elements := split(path_without_query, "/") + # reverse the path to get the potential id element first + reversed := array.reverse(path_elements) + # remove the (potential) id element from the path array + non_id_parts := [non_id_part | some path_element in reversed; not contains(path_element, "ngsi-ld")] + # after removal of the id, the resource is the first one to be retrieved + resource = non_id_parts[0] +} diff --git a/src/main/resources/rego/vc/assignee.rego b/src/main/resources/rego/vc/assignee.rego new file mode 100644 index 0000000..f7b063a --- /dev/null +++ b/src/main/resources/rego/vc/assignee.rego @@ -0,0 +1,7 @@ +package vc.assignee + +import rego.v1 + +## odrl:any +# allows for any user +is_any := true From e7ff5da2a5df18d1ce33d2e2249d2a79f79d0a6d Mon Sep 17 00:00:00 2001 From: Stefan Wiedemann Date: Mon, 10 Jun 2024 09:52:47 +0200 Subject: [PATCH 2/4] fix --- src/main/resources/rego/tmf/leftOperand.rego | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/rego/tmf/leftOperand.rego b/src/main/resources/rego/tmf/leftOperand.rego index bada7c2..0b733f0 100644 --- a/src/main/resources/rego/tmf/leftOperand.rego +++ b/src/main/resources/rego/tmf/leftOperand.rego @@ -9,7 +9,7 @@ life_cycle_status(entity) := entity.lifeCycleStatus ## tmf:resource # retrieves the type of the resource from the path resource_type(http_part) := resource if { - path_without_query := split(path, "?")[0] + path_without_query := split(http_part.path, "?")[0] path_elements := split(path_without_query, "/") # reverse the path to get the potential id element first reversed := array.reverse(path_elements) From 39b18a9af0be16c71d0a9aef49bb7208d5eeb0b7 Mon Sep 17 00:00:00 2001 From: Stefan Wiedemann Date: Mon, 10 Jun 2024 10:07:44 +0200 Subject: [PATCH 3/4] fix var --- src/main/resources/rego-resources.txt | 15 +++++++++++++++ src/main/resources/rego/tmf/leftOperand.rego | 2 +- .../resources/examples/dome/1004/1004.json | Bin 4208 -> 4198 bytes 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/main/resources/rego-resources.txt b/src/main/resources/rego-resources.txt index 459a7e7..c66edae 100644 --- a/src/main/resources/rego-resources.txt +++ b/src/main/resources/rego-resources.txt @@ -72,3 +72,18 @@ rego/vc/leftOperand.rego rego/vc/assignee.rego rego/ngsi-ld/leftOperand.rego rego/tmf/leftOperand.rego +rego/dome/leftOperand.rego +rego/dome/action.rego +rego/odrl/operand.rego +rego/odrl/rightOperand.rego +rego/odrl/operator.rego +rego/odrl/leftOperand.rego +rego/odrl/target.rego +rego/odrl/action.rego +rego/odrl/assignee.rego +rego/utils/kong.rego +rego/utils/apisix.rego +rego/vc/leftOperand.rego +rego/vc/assignee.rego +rego/ngsi-ld/leftOperand.rego +rego/tmf/leftOperand.rego diff --git a/src/main/resources/rego/tmf/leftOperand.rego b/src/main/resources/rego/tmf/leftOperand.rego index 0b733f0..4f15cb9 100644 --- a/src/main/resources/rego/tmf/leftOperand.rego +++ b/src/main/resources/rego/tmf/leftOperand.rego @@ -14,7 +14,7 @@ resource_type(http_part) := resource if { # reverse the path to get the potential id element first reversed := array.reverse(path_elements) # remove the (potential) id element from the path array - non_id_parts := [non_id_part | some path_element in reversed; not contains(path_element, "ngsi-ld")] + non_id_parts := [path_element | some path_element in reversed; not contains(path_element, "ngsi-ld")] # after removal of the id, the resource is the first one to be retrieved resource = non_id_parts[0] } diff --git a/src/test/resources/examples/dome/1004/1004.json b/src/test/resources/examples/dome/1004/1004.json index c21f0e24cec48b781686d0e424c1b025f2e1bdbc..98355f6458450ddc58cfa7a4c19d450b8be32121 100644 GIT binary patch delta 18 ZcmeyM@JwOD9S+tKhFpfU&96CH*#S#k2Ppsm delta 28 icmaE+@Ihh29S;5w244m@23>{#24^74aq~ltR(1e`n+O*G From 9d5eaf044da037442b5b39e5806f3bdc6f651295 Mon Sep 17 00:00:00 2001 From: Stefan Wiedemann Date: Mon, 10 Jun 2024 10:23:39 +0200 Subject: [PATCH 4/4] fix test policy --- src/test/resources/examples/ngsi-ld/types/types.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/resources/examples/ngsi-ld/types/types.json b/src/test/resources/examples/ngsi-ld/types/types.json index 4ae8ac6..f2557ee 100644 --- a/src/test/resources/examples/ngsi-ld/types/types.json +++ b/src/test/resources/examples/ngsi-ld/types/types.json @@ -30,7 +30,7 @@ ] }, "odrl:assignee": { - "@id": "odrl:any" + "@id": "vc:any" }, "odrl:action": { "@id": "dome-op:read"