From 3ea16eaf7de96796007579c8ed46a7ebf53577de Mon Sep 17 00:00:00 2001 From: Ace Date: Sat, 18 Jul 2020 15:52:41 +0530 Subject: [PATCH] Adding capability for policies to be added/removed automatically when devices are added/removed from a group --- .../service/impl/DeviceAgentServiceImpl.java | 17 +++++ .../impl/GroupManagementServiceImpl.java | 68 ++++++++++++++++++- .../service/impl/DeviceAgentServiceTest.java | 4 ++ .../impl/GroupManagementServiceImplTest.java | 19 ++++++ 4 files changed, 105 insertions(+), 3 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceImpl.java index ca034edec3d..5c59a48982a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceImpl.java @@ -36,6 +36,7 @@ import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException; import org.wso2.carbon.device.mgt.common.exceptions.InvalidConfigurationException; import org.wso2.carbon.device.mgt.common.operation.mgt.Operation; import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException; +import org.wso2.carbon.device.mgt.common.policy.mgt.Policy; import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.ComplianceFeature; import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.PolicyComplianceException; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; @@ -50,6 +51,9 @@ import org.wso2.carbon.event.stream.stub.EventStreamAdminServiceStub; import org.wso2.carbon.event.stream.stub.types.EventStreamAttributeDto; import org.wso2.carbon.event.stream.stub.types.EventStreamDefinitionDto; import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException; +import org.wso2.carbon.policy.mgt.common.PolicyAdministratorPoint; +import org.wso2.carbon.policy.mgt.common.PolicyEvaluationException; +import org.wso2.carbon.policy.mgt.common.PolicyManagementException; import org.wso2.carbon.user.api.UserStoreException; import javax.validation.Valid; @@ -95,6 +99,13 @@ public class DeviceAgentServiceImpl implements DeviceAgentService { device.getEnrolmentInfo().setDateOfEnrolment(System.currentTimeMillis()); device.getEnrolmentInfo().setDateOfLastUpdate(System.currentTimeMillis()); boolean status = dms.enrollDevice(device); + PolicyAdministratorPoint pap = DeviceMgtAPIUtils.getPolicyManagementService().getPAP(); + List deviceIdentifierList = new ArrayList<>(); + DeviceIdentifier deviceId = new DeviceIdentifier(device.getDeviceIdentifier(), device.getType()); + deviceIdentifierList.add(deviceId); + Policy effectivePolicy = DeviceMgtAPIUtils.getPolicyManagementService().getPEP().getEffectivePolicy(deviceId); + pap.addPolicyToDevice(deviceIdentifierList, effectivePolicy); + pap.publishChanges(); return Response.status(Response.Status.OK).entity(status).build(); } catch (DeviceManagementException e) { String msg = "Error occurred while enrolling the device, which carries the id '" + @@ -104,6 +115,12 @@ public class DeviceAgentServiceImpl implements DeviceAgentService { } catch (InvalidConfigurationException e) { log.error("failed to add operation", e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (PolicyManagementException e) { + log.error("failed to add designated policies against newly enrolled device.", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (PolicyEvaluationException e) { + log.error("failed while retrieving policies for newly enrolled device.", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImpl.java index 3b10b8681d2..9d15dfe3625 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImpl.java @@ -25,15 +25,19 @@ import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; -import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException; +import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.GroupPaginationRequest; import org.wso2.carbon.device.mgt.common.PaginationResult; +import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException; +import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException; import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyExistException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; -import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupNotExistException; +import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException; +import org.wso2.carbon.device.mgt.common.policy.mgt.Policy; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceList; @@ -42,6 +46,9 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.service.api.GroupManagementService; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; +import org.wso2.carbon.policy.mgt.common.PolicyAdministratorPoint; +import org.wso2.carbon.policy.mgt.common.PolicyEvaluationException; +import org.wso2.carbon.policy.mgt.common.PolicyManagementException; import javax.ws.rs.core.Response; import java.util.ArrayList; @@ -259,6 +266,17 @@ public class GroupManagementServiceImpl implements GroupManagementService { public Response addDevicesToGroup(int groupId, List deviceIdentifiers) { try { DeviceMgtAPIUtils.getGroupManagementProviderService().addDevices(groupId, deviceIdentifiers); + PolicyAdministratorPoint pap = DeviceMgtAPIUtils.getPolicyManagementService().getPAP(); + DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService(); + Policy effectivePolicy = null; + for(DeviceIdentifier deviceIdentifier : deviceIdentifiers) { + Device device = dms.getDevice(deviceIdentifier, false); + if(!device.getEnrolmentInfo().getStatus().equals(EnrolmentInfo.Status.REMOVED)) { + effectivePolicy = DeviceMgtAPIUtils.getPolicyManagementService().getPEP().getEffectivePolicy(deviceIdentifier); + pap.addPolicyToDevice(deviceIdentifiers, effectivePolicy); + } + } + pap.publishChanges(); return Response.status(Response.Status.OK).build(); } catch (GroupManagementException e) { String msg = "Error occurred while adding devices to group."; @@ -266,6 +284,15 @@ public class GroupManagementServiceImpl implements GroupManagementService { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (DeviceNotFoundException e) { return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build(); + } catch (PolicyManagementException e) { + log.error("Error occurred while adding policies against device(s).", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (PolicyEvaluationException e) { + log.error("Error occurred while retrieving policies against device(s).", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (DeviceManagementException e) { + log.error("Error occurred while retrieving device information.", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } } @@ -273,6 +300,17 @@ public class GroupManagementServiceImpl implements GroupManagementService { public Response removeDevicesFromGroup(int groupId, List deviceIdentifiers) { try { DeviceMgtAPIUtils.getGroupManagementProviderService().removeDevice(groupId, deviceIdentifiers); + PolicyAdministratorPoint pap = DeviceMgtAPIUtils.getPolicyManagementService().getPAP(); + DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService(); + Policy effectivePolicy = null; + for(DeviceIdentifier deviceIdentifier : deviceIdentifiers) { + Device device = dms.getDevice(deviceIdentifier, false); + if(!device.getEnrolmentInfo().getStatus().equals(EnrolmentInfo.Status.REMOVED)) { + effectivePolicy = DeviceMgtAPIUtils.getPolicyManagementService().getPEP().getEffectivePolicy(deviceIdentifier); + pap.addPolicyToDevice(deviceIdentifiers, effectivePolicy); + } + } + pap.publishChanges(); return Response.status(Response.Status.OK).build(); } catch (GroupManagementException e) { String msg = "Error occurred while removing devices from group."; @@ -280,6 +318,15 @@ public class GroupManagementServiceImpl implements GroupManagementService { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (DeviceNotFoundException e) { return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build(); + }catch (PolicyManagementException e) { + log.error("Error occurred while adding policies against device(s).", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (PolicyEvaluationException e) { + log.error("Error occurred while retrieving policies against device(s).", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (DeviceManagementException e) { + log.error("Error occurred while retrieving device information.", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } } @@ -290,6 +337,10 @@ public class GroupManagementServiceImpl implements GroupManagementService { deviceIdentifiers.add(deviceToGroupsAssignment.getDeviceIdentifier()); GroupManagementProviderService service = DeviceMgtAPIUtils.getGroupManagementProviderService(); List deviceGroups = service.getGroups(deviceToGroupsAssignment.getDeviceIdentifier(), false); + PolicyAdministratorPoint pap = DeviceMgtAPIUtils.getPolicyManagementService().getPAP(); + DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService(); + Device device = null; + Policy effectivePolicy = null; for (DeviceGroup group : deviceGroups) { Integer groupId = group.getGroupId(); if (deviceToGroupsAssignment.getDeviceGroupIds().contains(groupId)) { @@ -300,7 +351,12 @@ public class GroupManagementServiceImpl implements GroupManagementService { } for (int groupId : deviceToGroupsAssignment.getDeviceGroupIds()) { DeviceMgtAPIUtils.getGroupManagementProviderService().addDevices(groupId, deviceIdentifiers); + for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) { + effectivePolicy = DeviceMgtAPIUtils.getPolicyManagementService().getPEP().getEffectivePolicy(deviceIdentifier); + pap.addPolicyToDevice(deviceIdentifiers, effectivePolicy); + } } + pap.publishChanges(); return Response.status(Response.Status.OK).build(); } catch (GroupManagementException e) { String msg = "Error occurred while assigning device to groups."; @@ -308,6 +364,12 @@ public class GroupManagementServiceImpl implements GroupManagementService { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (DeviceNotFoundException e) { return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build(); + } catch (PolicyManagementException e) { + log.error("Failed to add policies for device assigned to group.", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (PolicyEvaluationException e) { + log.error("Failed while retrieving policies device assigned to group.", e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } } @@ -325,4 +387,4 @@ public class GroupManagementServiceImpl implements GroupManagementService { } } -} \ No newline at end of file +} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceTest.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceTest.java index c1aa2d41bf7..729b1827cdd 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceTest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceTest.java @@ -93,6 +93,7 @@ public class DeviceAgentServiceTest { private static final String AUTHENTICATED_USER = "admin"; private static final String MONITOR_OPERATION = "POLICY_MONITOR"; private static Device demoDevice; + private PolicyManagerService policyManagerService; @ObjectFactory public IObjectFactory getObjectFactory() { @@ -108,6 +109,7 @@ public class DeviceAgentServiceTest { this.deviceAgentService = new DeviceAgentServiceImpl(); this.deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, Mockito.RETURNS_MOCKS); + this.policyManagerService = Mockito.mock(PolicyManagerService.class, Mockito.RETURNS_MOCKS); this.privilegedCarbonContext = Mockito.mock(PrivilegedCarbonContext.class, Mockito.RETURNS_MOCKS); this.eventStreamAdminServiceStub = Mockito.mock(EventStreamAdminServiceStub.class, Mockito.RETURNS_MOCKS); demoDevice = DeviceMgtAPITestHelper.generateDummyDevice(TEST_DEVICE_TYPE, TEST_DEVICE_IDENTIFIER); @@ -167,6 +169,8 @@ public class DeviceAgentServiceTest { .toReturn(this.deviceManagementProviderService); PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getAuthenticatedUser")) .toReturn(AUTHENTICATED_USER); + PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getPolicyManagementService")) + .toReturn(policyManagerService); EnrolmentInfo enrolmentInfo = demoDevice.getEnrolmentInfo(); enrolmentInfo.setStatus(EnrolmentInfo.Status.INACTIVE); demoDevice.setEnrolmentInfo(enrolmentInfo); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImplTest.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImplTest.java index d1bcbb27eb3..20136b172d7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImplTest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImplTest.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl; +import org.mockito.Mock; import org.mockito.Mockito; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; @@ -42,10 +43,12 @@ import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyExistException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupNotExistException; import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceToGroupsAssignment; import org.wso2.carbon.device.mgt.jaxrs.service.api.GroupManagementService; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; +import org.wso2.carbon.policy.mgt.core.PolicyManagerService; import javax.ws.rs.core.Response; import java.util.ArrayList; @@ -61,6 +64,8 @@ import java.util.List; public class GroupManagementServiceImplTest { private GroupManagementService groupManagementService; private GroupManagementProviderService groupManagementProviderService; + private PolicyManagerService policyManagerService; + private DeviceManagementProviderService deviceManagementProviderService; private PrivilegedCarbonContext context; @ObjectFactory @@ -72,6 +77,8 @@ public class GroupManagementServiceImplTest { public void init() { groupManagementService = new GroupManagementServiceImpl(); groupManagementProviderService = Mockito.mock(GroupManagementProviderService.class); + this.policyManagerService = Mockito.mock(PolicyManagerService.class, Mockito.RETURNS_MOCKS); + this.deviceManagementProviderService = Mockito.mock(DeviceManagementProviderService.class, Mockito.RETURNS_MOCKS); context = Mockito.mock(PrivilegedCarbonContext.class); Mockito.doReturn("admin").when(context).getUsername(); } @@ -298,6 +305,10 @@ public class GroupManagementServiceImplTest { public void testAddDevicesToGroup() throws GroupManagementException, DeviceNotFoundException { PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getGroupManagementProviderService")) .toReturn(groupManagementProviderService); + PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getPolicyManagementService")) + .toReturn(policyManagerService); + PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getDeviceManagementService")) + .toReturn(deviceManagementProviderService); List deviceIdentifiers = new ArrayList<>(); Mockito.doNothing().when(groupManagementProviderService).addDevices(1, deviceIdentifiers); Mockito.doThrow(new GroupManagementException()).when(groupManagementProviderService).addDevices(2, @@ -319,6 +330,10 @@ public class GroupManagementServiceImplTest { public void testRemoveDevicesFromGroup() throws GroupManagementException, DeviceNotFoundException { PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getGroupManagementProviderService")) .toReturn(groupManagementProviderService); + PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getPolicyManagementService")) + .toReturn(policyManagerService); + PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getDeviceManagementService")) + .toReturn(deviceManagementProviderService); List deviceIdentifiers = new ArrayList<>(); Mockito.doNothing().when(groupManagementProviderService).removeDevice(1, deviceIdentifiers); Mockito.doThrow(new GroupManagementException()).when(groupManagementProviderService).removeDevice(2, @@ -357,6 +372,10 @@ public class GroupManagementServiceImplTest { public void testUpdateDeviceAssigningToGroups() throws GroupManagementException, DeviceNotFoundException { PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getGroupManagementProviderService")) .toReturn(groupManagementProviderService); + PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getPolicyManagementService")) + .toReturn(policyManagerService); + PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getDeviceManagementService")) + .toReturn(deviceManagementProviderService); Mockito.reset(groupManagementProviderService); DeviceToGroupsAssignment deviceToGroupsAssignment = new DeviceToGroupsAssignment(); List groupIds = new ArrayList<>();