Merge pull request #12 from wistefan/http

add path checking

doc/REGO.md

@@ -5,25 +5,25 @@
 
 | ODRL Class | ODRL Key | Rego-Method | Description |
 | --- | --- | --- | --- |
+| action | dome-op:create | is_creation(request) | Check if the given request is a creation |
+| action | dome-op:set_published | is_set_published(request) | check if the entity is set to published in the request. |
 | leftOperand | dome-op:role | role(verifiable_credential,organization_id) | retrieves the roles from the (lear) credential, that target the current organization |
 | leftOperand | dome-op:currentParty | current_party(credential) | the current (organization)party, |
 | leftOperand | dome-op:relatedParty | related_party(http_part) | get the entity from tm-forum and extract related party |
 | leftOperand | dome-op:owner | owner(related_party) | filter the given list of related_party(ies) for one with role "Owner" |
 | leftOperand | dome-op:relatedParty_role | related_party_role(entity) | return the role from the related party of an entity |
 | leftOperand | dome-op:validFor_endDateTime | valid_for_end_date_time(entity) | return the end of the validity of an entity |
 | leftOperand | dome-op:validFor_startDateTime | valid_for_start_date_time(entity) | return the start of the validity of an entity |
-| action | dome-op:create | is_creation(request) | Check if the given request is a creation |
-| action | dome-op:set_published | is_set_published(request) | check if the entity is set to published in the request. |
 
 ## odrl
 
 | ODRL Class | ODRL Key | Rego-Method | Description |
 | --- | --- | --- | --- |
+| rightOperand | odrl:policyUsage | policy_usage | return the current time in ms, e.g. the time that the policy is used |
 | operand | odrl:and | and_operand(constraints) | checks if all given constraints are true |
 | operand | odrl:andSequence | and_sequence_operand(constraints) | checks if all given constraints are true |
 | operand | odrl:or | or_operand(constraints) | check that at least one of the constraints is true |
 | operand | odrl:xone | only_one_operand(constraints) | check that exactly one of the constraints is true |
-| rightOperand | odrl:policyUsage | policy_usage | return the current time in ms, e.g. the time that the policy is used |
 | operator | odrl:eq | eq_operator(leftOperand, | check that both operands are equal |
 | operator | odrl:hasPart | has_part_operator(leftOperand, | check that the rightOperand is in the leftOperand |
 | operator | odrl:gt | gt_operator(leftOperand, | check that the leftOperand is greater than the rightOperand |
@@ -35,13 +35,13 @@
 | operator | odrl:lt | lt_operator(leftOperand, | check that the leftOperand is less than the rightOperand |
 | operator | odrl:lteq | lt_eq_operator(leftOperand, | check that the leftOperand is less or equal to the rightOperand |
 | operator | odrl:neq | n_eq_operator(leftOperand, | check that the operands are unequal |
-| leftOperand | odrl:currentTime | current_time | returns the current time in ms |
-| target | odrl:target,odrl:uid | is_target(target, | check that the uid of the target is equal to the given uid |
 | action | odrl:modify | is_modification(request) | checks if the given request is a modification |
 | action | odrl:delete | is_deletion(request) | checks if the given request is a deletion |
 | action | odrl:read | is_read(request) | checks if the given request is a read operation |
 | action | odrl:use | is_use(request) | checks if the given request is a usage |
+| target | odrl:target,odrl:uid | is_target(target, | check that the uid of the target is equal to the given uid |
 | assignee | odrl:uid,odrl:assignee | is_user(user,uid) | is the given user id the same as the given uid |
+| leftOperand | odrl:currentTime | current_time | returns the current time in ms |
 
 ## utils
 
@@ -61,30 +61,37 @@
 | helper | ## | entity | the entity provided as http-body |
 | helper | ## | target | the target of the request, found as the last part of the path |
 
-## vc
-
-| ODRL Class | ODRL Key | Rego-Method | Description |
-| --- | --- | --- | --- |
-| leftOperand | vc:role | role(verifiable_credential,organization_id) | retrieves the roles from the credential, that target the current organization |
-| leftOperand | vc:currentParty | current_party(credential) | the current (organization)party, |
-| leftOperand | vc:type | types(verifiable_credential) | the type(s) of the current credential |
-| assignee | odrl:any | is_any | allows for any user |
-
 ## ngsild
 
 | ODRL Class | ODRL Key | Rego-Method | Description |
 | --- | --- | --- | --- |
+| action | ngsild:create | is_creation(request) | Check if the given request is a creation |
 | leftOperand | ngsi-ld:entityType | entity_type(http_part) | retrieves the type from an entity, either from the request path or from the body |
 | leftOperand | ngsi-ld:<property> | # | retrieves the value of the property, only applies to properties of type "Property". The method should be concretized in the mapping.json, to match a concrete property. |
 | leftOperand | ngsi-ld:<property>_observedAt | # | retrieves the observedAt of the property The method should be concretized in the mapping.json, to match a concrete property. |
 | leftOperand | ngsi-ld:<property>_modifiedAt | # | retrieves the modifiedAt of the property The method should be concretized in the mapping.json, to match a concrete property. |
 | leftOperand | ngsi-ld:<relationship> | # | retrieves the object of the relationship, only applies to properties of type "Relationship". The method should be concretized in the mapping.json, to match a concrete property. |
-| action | ngsild:create | is_creation(request) | Check if the given request is a creation |
 
 ## tmf
 
 | ODRL Class | ODRL Key | Rego-Method | Description |
 | --- | --- | --- | --- |
+| action | tmf:create | is_creation(request) | Check if the given request is a creation |
 | leftOperand | tmf:lifecycleStatus | life_cycle_status(entity) | return the lifeCycleStatus of a given entity |
 | leftOperand | tmf:resource | resource_type(http_part) | retrieves the type of the resource from the path |
-| action | tmf:create | is_creation(request) | Check if the given request is a creation |
+
+## vc
+
+| ODRL Class | ODRL Key | Rego-Method | Description |
+| --- | --- | --- | --- |
+| assignee | odrl:any | is_any | allows for any user |
+| leftOperand | vc:role | role(verifiable_credential,organization_id) | retrieves the roles from the credential, that target the current organization |
+| leftOperand | vc:currentParty | current_party(credential) | the current (organization)party, |
+| leftOperand | vc:type | types(verifiable_credential) | the type(s) of the current credential |
+
+## http
+
+| ODRL Class | ODRL Key | Rego-Method | Description |
+| --- | --- | --- | --- |
+| operator | http:isInPath | is_in_path_operator(leftOperand, | check that left operand is in the path of the right operand |
+| leftOperand | http:path | path(http_part) | returns the currently requested path |

src/main/resources/mapping.json

@@ -54,6 +54,12 @@
     }
   },
   "operator": {
+    "http": {
+      "isInPath": {
+        "regoPackage": "http.operator as http_operator",
+        "regoMethod": "http_operator.is_in_path_operator(%s,%s)"
+      }
+    },
     "odrl": {
       "eq": {
         "regoPackage": "odrl.operator as odrl_operator",
@@ -136,6 +142,12 @@
     }
   },
   "leftOperand": {
+    "http": {
+      "path": {
+        "regoPackage": "http.leftOperand as http_lo",
+        "regoMethod": "http_lo.path(helper.http_part)"
+      }
+    },
     "vc": {
       "role": {
         "regoPackage": "vc.leftOperand as vc_lo",

src/main/resources/rego-resources.txt

@@ -136,3 +136,41 @@ rego/ngsi-ld/leftOperand.rego
 rego/ngsi-ld/action.rego
 rego/tmf/leftOperand.rego
 rego/tmf/action.rego
+rego/dome/action.rego
+rego/dome/leftOperand.rego
+rego/odrl/rightOperand.rego
+rego/odrl/operand.rego
+rego/odrl/operator.rego
+rego/odrl/action.rego
+rego/odrl/target.rego
+rego/odrl/assignee.rego
+rego/odrl/leftOperand.rego
+rego/utils/apisix.rego
+rego/utils/kong.rego
+rego/ngsi-ld/action.rego
+rego/ngsi-ld/leftOperand.rego
+rego/tmf/action.rego
+rego/tmf/leftOperand.rego
+rego/vc/assignee.rego
+rego/vc/leftOperand.rego
+rego/http/operator.rego
+rego/http/leftOperand.rego
+rego/dome/action.rego
+rego/dome/leftOperand.rego
+rego/odrl/rightOperand.rego
+rego/odrl/operand.rego
+rego/odrl/operator.rego
+rego/odrl/action.rego
+rego/odrl/target.rego
+rego/odrl/assignee.rego
+rego/odrl/leftOperand.rego
+rego/utils/apisix.rego
+rego/utils/kong.rego
+rego/ngsi-ld/action.rego
+rego/ngsi-ld/leftOperand.rego
+rego/tmf/action.rego
+rego/tmf/leftOperand.rego
+rego/vc/assignee.rego
+rego/vc/leftOperand.rego
+rego/http/operator.rego
+rego/http/leftOperand.rego

src/main/resources/rego/http/leftOperand.rego

@@ -0,0 +1,7 @@
+package http.leftOperand
+
+import rego.v1
+
+## http:path
+# returns the currently requested path
+path(http_part) := http_part.path

src/main/resources/rego/http/operator.rego

@@ -0,0 +1,7 @@
+package http.operator
+
+import rego.v1
+
+## http:isInPath
+# check that left operand is in the path of the right operand
+is_in_path_operator(leftOperand, rightOperand) if startswith(leftOperand, rightOperand)

src/test/java/org/fiware/odrl/resources/OpenPolicyAgentTestResource.java

@@ -21,7 +21,7 @@ public class OpenPolicyAgentTestResource implements QuarkusTestResourceLifecycle
 
     @Override
     public Map<String, String> start() {
-        opaContainer = new GenericContainer("openpolicyagent/opa:0.63.0")
+        opaContainer = new GenericContainer("openpolicyagent/opa:0.64.1")
                 .withReuse(false)
                 .withCopyToContainer(MountableFile.forClasspathResource("opa.yaml"), "/opa.yaml")
                 .withCommand("run", "--server", "-l", "debug", "-c", "/opa.yaml", "--addr", "localhost:8181")