use of org.wso2.carbon.apimgt.keymgt.model.entity.ApiPolicy in project carbon-apimgt by wso2.
the class ThrottlePolicyTemplateBuilder method getThrottlePolicyForAPILevel.
/**
* Generate policy for API level throttling
*
* @param policy Policy with level 'api'. Policy can have multiple pipelines and a default condition which will be
* used as else condition
* @return a Map containing a set of policies for each condition group
* @throws APITemplateException if failed to generate policy
*/
public Map<String, String> getThrottlePolicyForAPILevel(ApiPolicy policy) throws APITemplateException {
if (log.isDebugEnabled()) {
log.debug("Generating policy for API Level :" + policy.toString());
}
Map<String, String> policyArray = new HashMap<>();
try {
VelocityEngine velocityengine = new VelocityEngine();
APIUtil.initializeVelocityContext(velocityengine);
velocityengine.setProperty(RuntimeConstants.FILE_RESOURCE_LOADER_PATH, CarbonUtils.getCarbonHome());
velocityengine.init();
Template template = velocityengine.getTemplate(getTemplatePathForAPI());
StringWriter writer;
VelocityContext context;
if (policy.getConditionGroups() != null) {
for (APIPolicyConditionGroup conditionGroup : policy.getConditionGroups()) {
if (conditionGroup.getDefaultLimit() == null) {
continue;
}
context = new VelocityContext();
setConstantContext(context);
context.put("policy", policy);
context.put("quotaPolicy", conditionGroup.getDefaultLimit());
context.put("pipeline", "condition_" + conditionGroup.getConditionGroupId());
String conditionString = getPolicyCondition(conditionGroup.getCondition());
JSONArray conditions = new JSONArray();
conditions.add(getPolicyConditionJson(conditionGroup.getCondition()));
context.put("condition", " AND " + conditionString);
context.put("evaluatedConditions", new String(Base64.encodeBase64(conditions.toJSONString().getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
writer = new StringWriter();
template.merge(context, writer);
if (log.isDebugEnabled()) {
log.debug("Policy : " + writer.toString());
}
String policyName = policy.getTenantDomain() + APIConstants.DELEM_UNDERSCORE + PolicyConstants.POLICY_LEVEL_RESOURCE + APIConstants.DELEM_UNDERSCORE + policy.getName() + APIConstants.THROTTLE_POLICY_CONDITION + conditionGroup.getConditionGroupId();
policyArray.put(policyName, writer.toString());
}
}
} catch (VelocityException e) {
log.error("Velocity Error", e);
throw new APITemplateException("Velocity Error", e);
}
return policyArray;
}
use of org.wso2.carbon.apimgt.keymgt.model.entity.ApiPolicy in project carbon-apimgt by wso2.
the class PolicyRetriever method getApiPolicy.
/**
* Get a API policy given the name.
*
* @param policyName policy name
* @param tenantDomain tenant domain
* @return API policy
* @throws ThrottlePolicyDeployerException if failure occurs
*/
public ApiPolicy getApiPolicy(String policyName, String tenantDomain) throws ThrottlePolicyDeployerException {
String path = APIConstants.SubscriptionValidationResources.API_POLICIES + "?policyName=" + policyName;
ApiPolicyList apiPolicyList = getPolicies(path, tenantDomain, ApiPolicyList.class);
if (apiPolicyList.getList() != null && !apiPolicyList.getList().isEmpty()) {
return apiPolicyList.getList().get(0);
}
return null;
}
use of org.wso2.carbon.apimgt.keymgt.model.entity.ApiPolicy in project carbon-apimgt by wso2.
the class PublisherCommonUtils method prepareToCreateAPIByDTO.
/**
* Prepares the API Model object to be created using the DTO object.
*
* @param body APIDTO of the API
* @param apiProvider API Provider
* @param username Username
* @param organization Organization Identifier
* @return API object to be created
* @throws APIManagementException Error while creating the API
*/
public static API prepareToCreateAPIByDTO(APIDTO body, APIProvider apiProvider, String username, String organization) throws APIManagementException {
String context = body.getContext();
// Make sure context starts with "/". ex: /pizza
context = context.startsWith("/") ? context : ("/" + context);
if (body.getAccessControlRoles() != null) {
String errorMessage = PublisherCommonUtils.validateUserRoles(body.getAccessControlRoles());
if (!errorMessage.isEmpty()) {
throw new APIManagementException(errorMessage, ExceptionCodes.INVALID_USER_ROLES);
}
}
if (body.getAdditionalProperties() != null) {
String errorMessage = PublisherCommonUtils.validateAdditionalProperties(body.getAdditionalProperties());
if (!errorMessage.isEmpty()) {
throw new APIManagementException(errorMessage, ExceptionCodes.from(ExceptionCodes.INVALID_ADDITIONAL_PROPERTIES, body.getName(), body.getVersion()));
}
}
if (body.getContext() == null) {
throw new APIManagementException("Parameter: \"context\" cannot be null", ExceptionCodes.PARAMETER_NOT_PROVIDED);
} else if (body.getContext().endsWith("/")) {
throw new APIManagementException("Context cannot end with '/' character", ExceptionCodes.INVALID_CONTEXT);
}
if (apiProvider.isApiNameWithDifferentCaseExist(body.getName())) {
throw new APIManagementException("Error occurred while adding API. API with name " + body.getName() + " already exists.", ExceptionCodes.from(ExceptionCodes.API_NAME_ALREADY_EXISTS, body.getName()));
}
if (body.getAuthorizationHeader() == null) {
body.setAuthorizationHeader(APIUtil.getOAuthConfigurationFromAPIMConfig(APIConstants.AUTHORIZATION_HEADER));
}
if (body.getAuthorizationHeader() == null) {
body.setAuthorizationHeader(APIConstants.AUTHORIZATION_HEADER_DEFAULT);
}
if (body.getVisibility() == APIDTO.VisibilityEnum.RESTRICTED && body.getVisibleRoles().isEmpty()) {
throw new APIManagementException("Valid roles should be added under 'visibleRoles' to restrict " + "the visibility", ExceptionCodes.USER_ROLES_CANNOT_BE_NULL);
}
if (body.getVisibleRoles() != null) {
String errorMessage = PublisherCommonUtils.validateRoles(body.getVisibleRoles());
if (!errorMessage.isEmpty()) {
throw new APIManagementException(errorMessage, ExceptionCodes.INVALID_USER_ROLES);
}
}
// Get all existing versions of api been adding
List<String> apiVersions = apiProvider.getApiVersionsMatchingApiNameAndOrganization(body.getName(), username, organization);
if (apiVersions.size() > 0) {
// If any previous version exists
for (String version : apiVersions) {
if (version.equalsIgnoreCase(body.getVersion())) {
// If version already exists
if (apiProvider.isDuplicateContextTemplateMatchingOrganization(context, organization)) {
throw new APIManagementException("Error occurred while " + "adding the API. A duplicate API already exists for " + context + " in the organization : " + organization, ExceptionCodes.API_ALREADY_EXISTS);
} else {
throw new APIManagementException("Error occurred while adding API. API with name " + body.getName() + " already exists with different context" + context + " in the organization" + " : " + organization, ExceptionCodes.API_ALREADY_EXISTS);
}
}
}
} else {
// If no any previous version exists
if (apiProvider.isDuplicateContextTemplateMatchingOrganization(context, organization)) {
throw new APIManagementException("Error occurred while adding the API. A duplicate API context already exists for " + context + " in the organization" + " : " + organization, ExceptionCodes.from(ExceptionCodes.API_CONTEXT_ALREADY_EXISTS, context));
}
}
// Check if the user has admin permission before applying a different provider than the current user
String provider = body.getProvider();
if (!StringUtils.isBlank(provider) && !provider.equals(username)) {
if (!APIUtil.hasPermission(username, APIConstants.Permissions.APIM_ADMIN)) {
if (log.isDebugEnabled()) {
log.debug("User " + username + " does not have admin permission (" + APIConstants.Permissions.APIM_ADMIN + ") hence provider (" + provider + ") overridden with current user (" + username + ")");
}
provider = username;
} else {
if (!APIUtil.isUserExist(provider)) {
throw new APIManagementException("Specified provider " + provider + " not exist.", ExceptionCodes.PARAMETER_NOT_PROVIDED);
}
}
} else {
// Set username in case provider is null or empty
provider = username;
}
List<String> tiersFromDTO = body.getPolicies();
// check whether the added API's tiers are all valid
Set<Tier> definedTiers = apiProvider.getTiers();
List<String> invalidTiers = getInvalidTierNames(definedTiers, tiersFromDTO);
if (invalidTiers.size() > 0) {
throw new APIManagementException("Specified tier(s) " + Arrays.toString(invalidTiers.toArray()) + " are invalid", ExceptionCodes.TIER_NAME_INVALID);
}
APIPolicy apiPolicy = apiProvider.getAPIPolicy(username, body.getApiThrottlingPolicy());
if (apiPolicy == null && body.getApiThrottlingPolicy() != null) {
throw new APIManagementException("Specified policy " + body.getApiThrottlingPolicy() + " is invalid", ExceptionCodes.UNSUPPORTED_THROTTLE_LIMIT_TYPE);
}
API apiToAdd = APIMappingUtil.fromDTOtoAPI(body, provider);
// only allow CREATED as the stating state for the new api if not status is PROTOTYPED
if (!APIConstants.PROTOTYPED.equals(apiToAdd.getStatus())) {
apiToAdd.setStatus(APIConstants.CREATED);
}
if (!apiToAdd.isAdvertiseOnly() || StringUtils.isBlank(apiToAdd.getApiOwner())) {
// we are setting the api owner as the logged in user until we support checking admin privileges and
// assigning the owner as a different user
apiToAdd.setApiOwner(provider);
}
if (body.getKeyManagers() instanceof List) {
apiToAdd.setKeyManagers((List<String>) body.getKeyManagers());
} else if (body.getKeyManagers() == null) {
apiToAdd.setKeyManagers(Collections.singletonList(APIConstants.KeyManager.API_LEVEL_ALL_KEY_MANAGERS));
} else {
throw new APIManagementException("KeyManagers value need to be an array");
}
// Set default gatewayVendor
if (body.getGatewayVendor() == null) {
apiToAdd.setGatewayVendor(APIConstants.WSO2_GATEWAY_ENVIRONMENT);
}
apiToAdd.setOrganization(organization);
return apiToAdd;
}
use of org.wso2.carbon.apimgt.keymgt.model.entity.ApiPolicy in project carbon-apimgt by wso2.
the class PolicyUtil method deployPolicy.
/**
* Deploy the given throttle policy in the Traffic Manager.
*
* @param policy policy object
* @param policyEvent policy event object which was triggered
*/
public static void deployPolicy(Policy policy, PolicyEvent policyEvent) {
EventProcessorService eventProcessorService = ServiceReferenceHolder.getInstance().getEventProcessorService();
ThrottlePolicyTemplateBuilder policyTemplateBuilder = new ThrottlePolicyTemplateBuilder();
Map<String, String> policiesToDeploy = new HashMap<>();
List<String> policiesToUndeploy = new ArrayList<>();
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(APIConstants.SUPER_TENANT_DOMAIN, true);
String policyFile;
String policyString;
if (Policy.PolicyType.SUBSCRIPTION.equals(policy.getType()) && policy instanceof SubscriptionPolicy) {
// Add Subscription policy
policyFile = String.join(APIConstants.DELEM_UNDERSCORE, policy.getTenantDomain(), PolicyConstants.POLICY_LEVEL_SUB, policy.getName());
policyString = policyTemplateBuilder.getThrottlePolicyForSubscriptionLevel((SubscriptionPolicy) policy);
policiesToDeploy.put(policyFile, policyString);
} else if (Policy.PolicyType.APPLICATION.equals(policy.getType()) && policy instanceof ApplicationPolicy) {
// Add Application policy
policyFile = String.join(APIConstants.DELEM_UNDERSCORE, policy.getTenantDomain(), PolicyConstants.POLICY_LEVEL_APP, policy.getName());
policyString = policyTemplateBuilder.getThrottlePolicyForAppLevel((ApplicationPolicy) policy);
policiesToDeploy.put(policyFile, policyString);
} else if (Policy.PolicyType.API.equals(policy.getType()) && policy instanceof ApiPolicy) {
// Add API policy
policiesToDeploy = policyTemplateBuilder.getThrottlePolicyForAPILevel((ApiPolicy) policy);
String defaultPolicy = policyTemplateBuilder.getThrottlePolicyForAPILevelDefault((ApiPolicy) policy);
policyFile = String.join(APIConstants.DELEM_UNDERSCORE, policy.getTenantDomain(), PolicyConstants.POLICY_LEVEL_RESOURCE, policy.getName());
String defaultPolicyName = policyFile + APIConstants.THROTTLE_POLICY_DEFAULT;
policiesToDeploy.put(defaultPolicyName, defaultPolicy);
if (policyEvent instanceof APIPolicyEvent) {
List<Integer> deletedConditionGroupIds = ((APIPolicyEvent) policyEvent).getDeletedConditionGroupIds();
// Undeploy removed condition groups
if (deletedConditionGroupIds != null) {
for (int conditionGroupId : deletedConditionGroupIds) {
policiesToUndeploy.add(policyFile + APIConstants.THROTTLE_POLICY_CONDITION + conditionGroupId);
}
}
}
} else if (Policy.PolicyType.GLOBAL.equals(policy.getType()) && policy instanceof GlobalPolicy) {
// Add Global policy
GlobalPolicy globalPolicy = (GlobalPolicy) policy;
policyFile = String.join(APIConstants.DELEM_UNDERSCORE, PolicyConstants.POLICY_LEVEL_GLOBAL, policy.getName());
policyString = policyTemplateBuilder.getThrottlePolicyForGlobalLevel(globalPolicy);
policiesToDeploy.put(policyFile, policyString);
}
// Undeploy removed policies
undeployPolicies(policiesToUndeploy);
for (Map.Entry<String, String> pair : policiesToDeploy.entrySet()) {
String policyPlanName = pair.getKey();
String flowString = pair.getValue();
String executionPlan = null;
try {
executionPlan = eventProcessorService.getActiveExecutionPlan(policyPlanName);
} catch (ExecutionPlanConfigurationException e) {
// Deploy new policies
eventProcessorService.deployExecutionPlan(flowString);
}
if (executionPlan != null) {
// Update existing policies
eventProcessorService.editActiveExecutionPlan(flowString, policyPlanName);
}
}
} catch (APITemplateException e) {
log.error("Error in creating execution plan", e);
} catch (ExecutionPlanConfigurationException | ExecutionPlanDependencyValidationException e) {
log.error("Error in deploying execution plan", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
use of org.wso2.carbon.apimgt.keymgt.model.entity.ApiPolicy in project carbon-apimgt by wso2.
the class PolicyUtilTest method testUpdatePolicy_APIType.
@Test
public void testUpdatePolicy_APIType() throws ExecutionPlanConfigurationException, ExecutionPlanDependencyValidationException {
ApiPolicy policy = TestUtil.getPolicyAPILevel();
List<Integer> deletedConditionGroupIds = new ArrayList<>();
deletedConditionGroupIds.add(5);
deletedConditionGroupIds.add(6);
APIPolicyEvent policyEvent = new APIPolicyEvent(UUID.randomUUID().toString(), System.currentTimeMillis(), APIConstants.EventType.POLICY_UPDATE.name(), -1234, policy.getTenantDomain(), policy.getId(), policy.getName(), policy.getDefaultLimit().getQuotaType(), null, deletedConditionGroupIds);
ExecutionPlanConfigurationException executionPlanConfigurationException = Mockito.mock(ExecutionPlanConfigurationException.class);
Mockito.when(eventProcessorService.getActiveExecutionPlan(policy.getTenantDomain() + "_" + PolicyConstants.POLICY_LEVEL_RESOURCE + "_" + policy.getName() + "_condition_1")).thenThrow(executionPlanConfigurationException);
Mockito.when(eventProcessorService.getActiveExecutionPlan(policy.getTenantDomain() + "_" + PolicyConstants.POLICY_LEVEL_RESOURCE + "_" + policy.getName() + "_condition_5")).thenReturn("EXECUTION_PLAN");
Mockito.when(eventProcessorService.getActiveExecutionPlan(policy.getTenantDomain() + "_" + PolicyConstants.POLICY_LEVEL_RESOURCE + "_" + policy.getName() + "_condition_6")).thenReturn("EXECUTION_PLAN");
Mockito.when(eventProcessorService.getActiveExecutionPlan(policy.getTenantDomain() + "_" + PolicyConstants.POLICY_LEVEL_RESOURCE + "_" + policy.getName() + "_default")).thenReturn("EXECUTION_PLAN");
PolicyUtil.deployPolicy(policy, policyEvent);
Mockito.verify(eventProcessorService, Mockito.times(2)).undeployActiveExecutionPlan(Mockito.anyString());
Mockito.verify(eventProcessorService, Mockito.times(1)).editActiveExecutionPlan(Mockito.anyString(), Mockito.anyString());
Mockito.verify(eventProcessorService, Mockito.times(1)).deployExecutionPlan(Mockito.anyString());
}
Aggregations