From 28466280475baa4f450bf5a510231c2cf752a002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n?= Date: Fri, 24 May 2024 13:34:43 +0200 Subject: [PATCH] added Sovity policy-time-interval and policy-always-true extensions --- extensions/policy-always-true/LICENSE | 201 ++++++++++++++++++ extensions/policy-always-true/README.md | 31 +++ .../policy-always-true/build.gradle.kts | 11 + .../policy/AlwaysTruePolicyConstants.java | 25 +++ .../policy/AlwaysTruePolicyExtension.java | 66 ++++++ .../AlwaysTruePolicyDefinitionService.java | 71 +++++++ .../services/AlwaysTruePolicyService.java | 52 +++++ ...rg.eclipse.edc.spi.system.ServiceExtension | 1 + extensions/policy-time-interval/LICENSE | 201 ++++++++++++++++++ extensions/policy-time-interval/README.md | 35 +++ .../policy-time-interval/build.gradle.kts | 10 + .../policy/PolicyEvaluationTimeExtension.java | 54 +++++ .../policy/PolicyEvaluationTimeFunction.java | 52 +++++ ...rg.eclipse.edc.spi.system.ServiceExtension | 1 + gradle/libs.versions.toml | 4 +- launchers/connector/build.gradle.kts | 4 + settings.gradle.kts | 4 +- 17 files changed, 821 insertions(+), 2 deletions(-) create mode 100644 extensions/policy-always-true/LICENSE create mode 100644 extensions/policy-always-true/README.md create mode 100644 extensions/policy-always-true/build.gradle.kts create mode 100644 extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/AlwaysTruePolicyConstants.java create mode 100644 extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/AlwaysTruePolicyExtension.java create mode 100644 extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/services/AlwaysTruePolicyDefinitionService.java create mode 100644 extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/services/AlwaysTruePolicyService.java create mode 100644 extensions/policy-always-true/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension create mode 100644 extensions/policy-time-interval/LICENSE create mode 100644 extensions/policy-time-interval/README.md create mode 100644 extensions/policy-time-interval/build.gradle.kts create mode 100644 extensions/policy-time-interval/src/main/java/de/sovity/edc/extension/policy/PolicyEvaluationTimeExtension.java create mode 100644 extensions/policy-time-interval/src/main/java/de/sovity/edc/extension/policy/PolicyEvaluationTimeFunction.java create mode 100644 extensions/policy-time-interval/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension diff --git a/extensions/policy-always-true/LICENSE b/extensions/policy-always-true/LICENSE new file mode 100644 index 0000000..e4dafcf --- /dev/null +++ b/extensions/policy-always-true/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2022 sovity.de + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/extensions/policy-always-true/README.md b/extensions/policy-always-true/README.md new file mode 100644 index 0000000..fe61a0f --- /dev/null +++ b/extensions/policy-always-true/README.md @@ -0,0 +1,31 @@ + +
+
+ + Logo + + +

EDC-Connector Extension:
Always True Policy

+ +

+ Report Bug + · + Request Feature +

+
+ +## About this Extension +This extension creates a Policy Definition `always-true` on EDC startup. + +## Why does this extension exist? + +While the default behavior for contract definitions with empty policies is not "default deny", +our UI will be ensuring non-empty access and contract policies. + +Therefore, it is of interest to have an `always-true` policy to explicitly enable full access in contract definitions. + +## License +Apache License 2.0 - see [LICENSE](../../LICENSE) + +## Contact +sovity GmbH - contact@sovity.de diff --git a/extensions/policy-always-true/build.gradle.kts b/extensions/policy-always-true/build.gradle.kts new file mode 100644 index 0000000..bc0d897 --- /dev/null +++ b/extensions/policy-always-true/build.gradle.kts @@ -0,0 +1,11 @@ +plugins { + `java-library` + id("com.gmv.inesdata.edc-application") +} + +dependencies { + api(libs.edc.spi.core) + api(libs.edc.policy.engine.spi) + api(libs.edc.control.plane.spi) + implementation(libs.edc.api.core) +} diff --git a/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/AlwaysTruePolicyConstants.java b/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/AlwaysTruePolicyConstants.java new file mode 100644 index 0000000..ec9115b --- /dev/null +++ b/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/AlwaysTruePolicyConstants.java @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2022 sovity GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * sovity GmbH - initial API and implementation + * + */ + +package de.sovity.edc.extension.policy; + +public class AlwaysTruePolicyConstants { + public static final String EXTENSION_NAME = "Policy Function: ALWAYS_TRUE"; + public static final String EXPRESSION_LEFT_VALUE = "ALWAYS_TRUE"; + public static final String EXPRESSION_RIGHT_VALUE = "true"; + public static final String POLICY_DEFINITION_ID = "always-true"; + + private AlwaysTruePolicyConstants() { + } +} diff --git a/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/AlwaysTruePolicyExtension.java b/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/AlwaysTruePolicyExtension.java new file mode 100644 index 0000000..9d6d7bc --- /dev/null +++ b/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/AlwaysTruePolicyExtension.java @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2022 sovity GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * sovity GmbH - initial API and implementation + * + */ + +package de.sovity.edc.extension.policy; + +import de.sovity.edc.extension.policy.services.AlwaysTruePolicyDefinitionService; +import de.sovity.edc.extension.policy.services.AlwaysTruePolicyService; +import org.eclipse.edc.connector.controlplane.services.spi.policydefinition.PolicyDefinitionService; +import org.eclipse.edc.policy.engine.spi.PolicyEngine; +import org.eclipse.edc.policy.engine.spi.RuleBindingRegistry; +import org.eclipse.edc.runtime.metamodel.annotation.Inject; +import org.eclipse.edc.spi.monitor.Monitor; +import org.eclipse.edc.spi.system.ServiceExtension; +import org.eclipse.edc.spi.system.ServiceExtensionContext; + +import static de.sovity.edc.extension.policy.AlwaysTruePolicyConstants.EXTENSION_NAME; + +/** + * Extension: Policy Definition "Always True". + */ +public class AlwaysTruePolicyExtension implements ServiceExtension { + @Inject + private Monitor monitor; + + @Inject + private RuleBindingRegistry ruleBindingRegistry; + + @Inject + private PolicyDefinitionService policyDefinitionService; + + @Inject + private PolicyEngine policyEngine; + + @Override + public String name() { + return EXTENSION_NAME; + } + + @Override + public void initialize(ServiceExtensionContext context) { + var alwaysTruePolicyService = new AlwaysTruePolicyService(ruleBindingRegistry, policyEngine); + alwaysTruePolicyService.registerPolicy(); + } + + @Override + public void start() { + var alwaysTruePolicyDefinitionService = new AlwaysTruePolicyDefinitionService(policyDefinitionService); + if (!alwaysTruePolicyDefinitionService.exists()) { + monitor.info("Creating Always True Policy Definition."); + alwaysTruePolicyDefinitionService.create(); + } else { + monitor.debug("Skipping Always True Policy Definition creation, policy definition already exists."); + } + } +} diff --git a/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/services/AlwaysTruePolicyDefinitionService.java b/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/services/AlwaysTruePolicyDefinitionService.java new file mode 100644 index 0000000..cd89f7c --- /dev/null +++ b/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/services/AlwaysTruePolicyDefinitionService.java @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2022 sovity GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * sovity GmbH - initial API and implementation + * + */ + +package de.sovity.edc.extension.policy.services; + +import org.eclipse.edc.connector.controlplane.policy.spi.PolicyDefinition; +import org.eclipse.edc.connector.controlplane.services.spi.policydefinition.PolicyDefinitionService; +import org.eclipse.edc.policy.model.Action; +import org.eclipse.edc.policy.model.AtomicConstraint; +import org.eclipse.edc.policy.model.LiteralExpression; +import org.eclipse.edc.policy.model.Operator; +import org.eclipse.edc.policy.model.Permission; +import org.eclipse.edc.policy.model.Policy; + +import static de.sovity.edc.extension.policy.AlwaysTruePolicyConstants.EXPRESSION_LEFT_VALUE; +import static de.sovity.edc.extension.policy.AlwaysTruePolicyConstants.EXPRESSION_RIGHT_VALUE; +import static de.sovity.edc.extension.policy.AlwaysTruePolicyConstants.POLICY_DEFINITION_ID; + +/** + * Creates policy definition "always-true". + */ +public class AlwaysTruePolicyDefinitionService { + private final PolicyDefinitionService policyDefinitionService; + + public AlwaysTruePolicyDefinitionService(PolicyDefinitionService policyDefinitionService) { + this.policyDefinitionService = policyDefinitionService; + } + + /** + * Checks if policy definition "always-true" exists + * + * @return if exists + */ + public boolean exists() { + return policyDefinitionService.findById(POLICY_DEFINITION_ID) != null; + } + + /** + * Creates policy definition "always-true". + */ + public void create() { + var alwaysTrueConstraint = AtomicConstraint.Builder.newInstance() + .leftExpression(new LiteralExpression(EXPRESSION_LEFT_VALUE)) + .operator(Operator.EQ) + .rightExpression(new LiteralExpression(EXPRESSION_RIGHT_VALUE)) + .build(); + var alwaysTruePermission = Permission.Builder.newInstance() + .action(Action.Builder.newInstance().type("USE").build()) + .constraint(alwaysTrueConstraint) + .build(); + var policy = Policy.Builder.newInstance() + .permission(alwaysTruePermission) + .build(); + var policyDefinition = PolicyDefinition.Builder.newInstance() + .id(POLICY_DEFINITION_ID) + .policy(policy) + .build(); + policyDefinitionService.create(policyDefinition); + } +} diff --git a/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/services/AlwaysTruePolicyService.java b/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/services/AlwaysTruePolicyService.java new file mode 100644 index 0000000..7c1b82a --- /dev/null +++ b/extensions/policy-always-true/src/main/java/de/sovity/edc/extension/policy/services/AlwaysTruePolicyService.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2022 sovity GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * sovity GmbH - initial API and implementation + * + */ + +package de.sovity.edc.extension.policy.services; + +import de.sovity.edc.extension.policy.AlwaysTruePolicyConstants; +import org.eclipse.edc.policy.engine.spi.PolicyEngine; +import org.eclipse.edc.policy.engine.spi.RuleBindingRegistry; +import org.eclipse.edc.policy.model.Operator; +import org.eclipse.edc.policy.model.Permission; + +import static org.eclipse.edc.policy.engine.spi.PolicyEngine.ALL_SCOPES; + +/** + * Creates policy "Always True". + *

+ * To be exact, it resolves to true iff constraint is {@link AlwaysTruePolicyConstants#EXPRESSION_LEFT_VALUE} + * "EQ" {@link AlwaysTruePolicyConstants#EXPRESSION_RIGHT_VALUE}. + */ +public class AlwaysTruePolicyService { + private final RuleBindingRegistry ruleBindingRegistry; + private final PolicyEngine policyEngine; + + public AlwaysTruePolicyService(RuleBindingRegistry ruleBindingRegistry, PolicyEngine policyEngine) { + this.ruleBindingRegistry = ruleBindingRegistry; + this.policyEngine = policyEngine; + } + + public void registerPolicy() { + ruleBindingRegistry.bind("USE", ALL_SCOPES); + ruleBindingRegistry.bind(AlwaysTruePolicyConstants.EXPRESSION_LEFT_VALUE, ALL_SCOPES); + policyEngine.registerFunction( + ALL_SCOPES, + Permission.class, + AlwaysTruePolicyConstants.EXPRESSION_LEFT_VALUE, + (operator, rightValue, rule, context1) -> operator.equals(Operator.EQ) && + rightValue.toString().equals(AlwaysTruePolicyConstants.EXPRESSION_RIGHT_VALUE) + ); + } + +} diff --git a/extensions/policy-always-true/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/extensions/policy-always-true/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension new file mode 100644 index 0000000..1882fd0 --- /dev/null +++ b/extensions/policy-always-true/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension @@ -0,0 +1 @@ +de.sovity.edc.extension.policy.AlwaysTruePolicyExtension diff --git a/extensions/policy-time-interval/LICENSE b/extensions/policy-time-interval/LICENSE new file mode 100644 index 0000000..e4dafcf --- /dev/null +++ b/extensions/policy-time-interval/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2022 sovity.de + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/extensions/policy-time-interval/README.md b/extensions/policy-time-interval/README.md new file mode 100644 index 0000000..e6c543c --- /dev/null +++ b/extensions/policy-time-interval/README.md @@ -0,0 +1,35 @@ + +
+

+ + Logo + + +

EDC-Connector Extension:
Time Interval Restricted Policy

+ +

+ Report Bug + · + Request Feature +

+
+ +## About this Extension + +This extension adds a policy function that validates the time of data consumption. + +Adds permission function with left side expression `POLICY_EVALUATION_TIME` and supported +operators `EQ`, `NEQ`, `LT`, `LEQ`, `GT`, `GEQ`. The right side expression is expected to be in the following date +format `yyyy-MM-dd'T'HH:mm:ss.SSSXXX`. + +## Why does this extension exist? + +Limiting data offers to specific valid durations. + +## License + +Apache License 2.0 - see [LICENSE](../../LICENSE) + +## Contact + +sovity GmbH - contact@sovity.de diff --git a/extensions/policy-time-interval/build.gradle.kts b/extensions/policy-time-interval/build.gradle.kts new file mode 100644 index 0000000..7f6ecec --- /dev/null +++ b/extensions/policy-time-interval/build.gradle.kts @@ -0,0 +1,10 @@ +plugins { + `java-library` + id("com.gmv.inesdata.edc-application") +} + +dependencies { + api(libs.edc.auth.spi) + api(libs.edc.policy.engine.spi) + testImplementation(libs.edc.core.junit) +} diff --git a/extensions/policy-time-interval/src/main/java/de/sovity/edc/extension/policy/PolicyEvaluationTimeExtension.java b/extensions/policy-time-interval/src/main/java/de/sovity/edc/extension/policy/PolicyEvaluationTimeExtension.java new file mode 100644 index 0000000..feb80ae --- /dev/null +++ b/extensions/policy-time-interval/src/main/java/de/sovity/edc/extension/policy/PolicyEvaluationTimeExtension.java @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2022 sovity GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * sovity GmbH - initial API and implementation + * + */ + +package de.sovity.edc.extension.policy; + +import org.eclipse.edc.policy.engine.spi.PolicyEngine; +import org.eclipse.edc.policy.engine.spi.RuleBindingRegistry; +import org.eclipse.edc.policy.model.Permission; +import org.eclipse.edc.runtime.metamodel.annotation.Inject; +import org.eclipse.edc.spi.system.ServiceExtension; +import org.eclipse.edc.spi.system.ServiceExtensionContext; + +import static org.eclipse.edc.policy.engine.spi.PolicyEngine.ALL_SCOPES; + +public class PolicyEvaluationTimeExtension implements ServiceExtension { + + private static final String KEY_POLICY_EVALUATION_TIME = "POLICY_EVALUATION_TIME"; + private static final String EXTENSION_NAME = "Policy Function: POLICY_EVALUATION_TIME"; + + @Inject + private RuleBindingRegistry ruleBindingRegistry; + + @Inject + private PolicyEngine policyEngine; + + @Override + public String name() { + return EXTENSION_NAME; + } + + @Override + public void initialize(ServiceExtensionContext context) { + var monitor = context.getMonitor(); + + ruleBindingRegistry.bind("USE", ALL_SCOPES); + ruleBindingRegistry.bind(KEY_POLICY_EVALUATION_TIME, ALL_SCOPES); + policyEngine.registerFunction( + ALL_SCOPES, + Permission.class, + KEY_POLICY_EVALUATION_TIME, + new PolicyEvaluationTimeFunction(monitor)); + } +} diff --git a/extensions/policy-time-interval/src/main/java/de/sovity/edc/extension/policy/PolicyEvaluationTimeFunction.java b/extensions/policy-time-interval/src/main/java/de/sovity/edc/extension/policy/PolicyEvaluationTimeFunction.java new file mode 100644 index 0000000..0a46127 --- /dev/null +++ b/extensions/policy-time-interval/src/main/java/de/sovity/edc/extension/policy/PolicyEvaluationTimeFunction.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2022 sovity GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * sovity GmbH - initial API and implementation + * + */ + +package de.sovity.edc.extension.policy; + +import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction; +import org.eclipse.edc.policy.engine.spi.PolicyContext; +import org.eclipse.edc.policy.model.Operator; +import org.eclipse.edc.policy.model.Permission; +import org.eclipse.edc.spi.monitor.Monitor; + +import java.time.OffsetDateTime; +import java.time.format.DateTimeParseException; + +public class PolicyEvaluationTimeFunction implements AtomicConstraintFunction { + private final Monitor monitor; + + public PolicyEvaluationTimeFunction(Monitor monitor) { + this.monitor = monitor; + } + + @Override + public boolean evaluate(Operator operator, Object rightValue, Permission rule, PolicyContext context) { + try { + var policyDate = OffsetDateTime.parse((String) rightValue); + var nowDate = OffsetDateTime.now(); + return switch (operator) { + case LT -> nowDate.isBefore(policyDate); + case LEQ -> nowDate.isBefore(policyDate) || nowDate.equals(policyDate); + case GT -> nowDate.isAfter(policyDate); + case GEQ -> nowDate.isAfter(policyDate) || nowDate.equals(policyDate); + case EQ -> nowDate.equals(policyDate); + case NEQ -> !nowDate.equals(policyDate); + default -> false; + }; + } catch (DateTimeParseException e) { + monitor.severe("Failed to parse right value of constraint to date."); + return false; + } + } +} diff --git a/extensions/policy-time-interval/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/extensions/policy-time-interval/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension new file mode 100644 index 0000000..4deab3d --- /dev/null +++ b/extensions/policy-time-interval/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension @@ -0,0 +1 @@ +de.sovity.edc.extension.policy.PolicyEvaluationTimeExtension diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 9ec91d0..7c9ef3f 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -15,7 +15,7 @@ swagger-annotations-jakarta = "2.2.21" [libraries] edc-api-core = { module = "org.eclipse.edc:api-core", version.ref = "edc" } edc-api-management-config = { module = "org.eclipse.edc:management-api-configuration", version.ref = "edc" } -edc-auth-spi = { module = "org.eclipse.edc:api-core", version.ref = "edc" } +edc-auth-spi = { module = "org.eclipse.edc:auth-spi", version.ref = "edc" } edc-boot = { module = "org.eclipse.edc:boot", version.ref = "edc" } edc-build-plugin = { module = "org.eclipse.edc.edc-build:org.eclipse.edc.edc-build.gradle.plugin", version.ref = "edc" } edc-configuration-filesystem = { module = "org.eclipse.edc:configuration-filesystem", version.ref = "edc" } @@ -23,6 +23,7 @@ edc-connector-core = { module = "org.eclipse.edc:connector-core", version.ref = edc-control-plane-api = { module = "org.eclipse.edc:control-plane-api", version.ref = "edc" } edc-control-plane-api-client = { module = "org.eclipse.edc:control-plane-api-client", version.ref = "edc" } edc-control-plane-core = { module = "org.eclipse.edc:control-plane-core", version.ref = "edc" } +edc-control-plane-spi = { module = "org.eclipse.edc:control-plane-spi", version.ref = "edc" } edc-data-plane-api = { module = "org.eclipse.edc:data-plane-api", version.ref = "edc" } edc-data-plane-control-api = { module = "org.eclipse.edc:data-plane-control-api", version.ref = "edc" } edc-data-plane-core = { module = "org.eclipse.edc:data-plane-core", version.ref = "edc" } @@ -38,6 +39,7 @@ edc-iam-oauth2-service = { module = "org.eclipse.edc:oauth2-service", version.re edc-json-ld-lib = { module = "org.eclipse.edc:json-ld-lib", version.ref = "edc" } edc-management-api = { module = "org.eclipse.edc:management-api", version.ref = "edc" } edc-micrometer-core = { module = "org.eclipse.edc:micrometer-core", version.ref = "edc" } +edc-policy-engine-spi = { module = "org.eclipse.edc:policy-engine-spi", version.ref = "edc" } edc-spi-core = { module = "org.eclipse.edc:core-spi", version.ref = "edc" } edc-spi-jsonld = { module = "org.eclipse.edc:json-ld-spi", version.ref = "edc" } edc-spi-transform = { module = "org.eclipse.edc:transform-spi", version.ref = "edc" } diff --git a/launchers/connector/build.gradle.kts b/launchers/connector/build.gradle.kts index 726afe4..9c2ab18 100644 --- a/launchers/connector/build.gradle.kts +++ b/launchers/connector/build.gradle.kts @@ -39,6 +39,10 @@ dependencies { // Vocabularios implementation(project(":extensions:vocabulary-api")) + // Policies + implementation(project(":extensions:policy-always-true")) + implementation(project(":extensions:policy-time-interval")) + // Persistencia comun implementation(libs.edc.sql.core) implementation(libs.edc.sql.edr) diff --git a/settings.gradle.kts b/settings.gradle.kts index 2375bba..e5c3707 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -9,8 +9,10 @@ rootProject.name = "inesdata-connector" include(":spi:vocabulary-spi") // Extensions -include(":extensions:participants-from-configuration") include(":extensions:auth-oauth2-jwt") +include(":extensions:participants-from-configuration") +include(":extensions:policy-always-true") +include(":extensions:policy-time-interval") include(":extensions:vocabulary-api") include(":extensions:vocabulary-index-sql")