PI-554 generify claim constraint function, register did as option (#21)

* generify claim constraint function, register did as option

* add print when claim is not found

Author: M-Busk

policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/ConnectorIdConstraintFunction.java policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/ClientClaimConstraintFunction.java

@@ -3,24 +3,26 @@
 import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction;
 import org.eclipse.edc.policy.engine.spi.PolicyContext;
 import org.eclipse.edc.policy.model.Operator;
-import org.eclipse.edc.policy.model.Permission;
 import org.eclipse.edc.policy.model.Rule;
 import org.eclipse.edc.spi.agent.ParticipantAgent;
 import org.eclipse.edc.spi.monitor.Monitor;
 
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.Map;
 import java.util.Objects;
 
 import static java.lang.String.format;
 
-public class ConnectorIdConstraintFunction<R extends Rule> implements AtomicConstraintFunction<R> {
+public class ClientClaimConstraintFunction<R extends Rule> implements AtomicConstraintFunction<R> {
 
     private final Monitor monitor;
+    private final String clientClaimName;
+    private final boolean verbose;
 
-    public ConnectorIdConstraintFunction(Monitor monitor) {
+    public ClientClaimConstraintFunction(Monitor monitor, String clientClaimName, boolean verbose) {
         this.monitor = monitor;
+        this.clientClaimName = clientClaimName;
+        this.verbose = verbose;
     }
 
     @Override
@@ -36,27 +38,30 @@ public boolean evaluate(Operator operator, Object rightValue, R rule, PolicyCont
             return false;
         }
 
-        for (Map.Entry<String, Object> e : contextData.getClaims().entrySet()) {
-            monitor.info(format("Found claim %s : %s", e.getKey(), e.getValue()));
-        }
+        if (verbose) {
+            for (Map.Entry<String, Object> e : contextData.getClaims().entrySet()) {
+                monitor.info(format("Found claim %s : %s", e.getKey(), e.getValue()));
+            }
 
-        for (Map.Entry<String, String> e : contextData.getAttributes().entrySet()) {
-            monitor.info(format("Found attribute %s : %s", e.getKey(), e.getValue()));
+            for (Map.Entry<String, String> e : contextData.getAttributes().entrySet()) {
+                monitor.info(format("Found attribute %s : %s", e.getKey(), e.getValue()));
+            }
         }
 
-        String clientIdClaim = (String) contextData.getClaims().get("client_id");
+        String clientClaim = (String) contextData.getClaims().get(clientClaimName);
 
-        if (clientIdClaim == null) {
+        if (clientClaim == null) {
+            monitor.info(format("Required claim %s not found.", clientClaimName));
             return false;
         }
 
-        monitor.info(format("Evaluating constraint: connectorId %s %s %s", clientIdClaim, operator, rightValue));
+        monitor.info(format("Evaluating constraint: %s %s %s %s", clientClaimName, clientClaim, operator, rightValue));
 
         return switch (operator) {
-            case EQ -> Objects.equals(clientIdClaim, rightValue);
-            case NEQ -> !Objects.equals(clientIdClaim, rightValue);
-            case IN, IS_ANY_OF -> Arrays.asList(((String) rightValue).split(",")).contains(clientIdClaim);
-            case IS_NONE_OF -> !Arrays.asList(((String) rightValue).split(",")).contains(clientIdClaim);
+            case EQ -> Objects.equals(clientClaim, rightValue);
+            case NEQ -> !Objects.equals(clientClaim, rightValue);
+            case IN, IS_ANY_OF -> Arrays.asList(((String) rightValue).split(",")).contains(clientClaim);
+            case IS_NONE_OF -> !Arrays.asList(((String) rightValue).split(",")).contains(clientClaim);
             default -> false;
         };
     }

policy-extension/src/main/java/org/eclipse/edc/extension/possiblepolicy/LocationConstraintFunction.java

@@ -24,14 +24,21 @@
 import org.eclipse.edc.spi.system.ServiceExtension;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
 
+import java.util.Map;
+
 import static org.eclipse.edc.policy.engine.spi.PolicyEngine.ALL_SCOPES;
 
-@Extension(value = PossiblePolicyExtension.NAME)
+@Extension(value = PossiblePolicyExtension.EXTENSION_NAME)
 public class PossiblePolicyExtension implements ServiceExtension {
 
-    public static final String NAME = "POSSIBLE-POLICY-EXTENSION";
+    public static final String EXTENSION_NAME = "POSSIBLE-POLICY-EXTENSION";
+
+    private static final boolean VERBOSE = true;
 
-    private static final String CONNECTORID_CONSTRAINT_KEY = "connectorId";
+    private static final Map<String, String> CONSTRAINT_KEY_MAP = Map.of(
+        "connectorId", "client_id",
+        "did", "did"
+    );
 
     @Inject
     private RuleBindingRegistry ruleBindingRegistry;
@@ -40,16 +47,21 @@ public class PossiblePolicyExtension implements ServiceExtension {
 
     @Override
     public String name() {
-        return "Sample policy functions";
+        return EXTENSION_NAME;
     }
 
     @Override
     public void initialize(ServiceExtensionContext context) {
         var monitor = context.getMonitor();
 
         ruleBindingRegistry.bind("use", ALL_SCOPES);
-        ruleBindingRegistry.bind(CONNECTORID_CONSTRAINT_KEY, ALL_SCOPES);
-        policyEngine.registerFunction(ALL_SCOPES, Permission.class, CONNECTORID_CONSTRAINT_KEY, new ConnectorIdConstraintFunction<>(monitor));
-        policyEngine.registerFunction(ALL_SCOPES, Prohibition.class, CONNECTORID_CONSTRAINT_KEY, new ConnectorIdConstraintFunction<>(monitor));
+
+        for (Map.Entry<String, String> entry : CONSTRAINT_KEY_MAP.entrySet()) {
+            ruleBindingRegistry.bind(entry.getKey(), ALL_SCOPES);
+            policyEngine.registerFunction(ALL_SCOPES, Permission.class, entry.getKey(),
+                new ClientClaimConstraintFunction<>(monitor, entry.getValue(), VERBOSE));
+            policyEngine.registerFunction(ALL_SCOPES, Prohibition.class, entry.getKey(),
+                new ClientClaimConstraintFunction<>(monitor, entry.getValue(), VERBOSE));
+        }
     }
 }