Skip to content
Snippets Groups Projects
Commit 20e13a8e authored by Jiahang Chen's avatar Jiahang Chen
Browse files

remove opa folder

parent a6540c19
Branches
No related tags found
1 merge request!6remove opa folder
Show whitespace changes
Inline Side-by-side
opa/data.json deleted 100644 → 0
+ 0
5
View file @ a6540c19
{
"idp_server_url": "http://idp.mmi-0.s3i.mmi-services.de/",
"aas_env_url": "http://repo.mmi-0.s3i.mmi-services.de/",
"realm_name": "KWH"
}
\ No newline at end of file
opa/input.json deleted 100644 → 0
+ 0
69
View file @ a6540c19
{
"sub": "urn:s3i:shell:01131334-bf78-4fbb-a664-509406669c7f",
"message": {
"frame": {
"semanticProtocol": {
"type": "ExternalReference",
"keys": [
{
"type": "GlobalReference",
"value": "https://admin-shell.io/aas/API/GetSubmodelElementByPath/3/0"
}
]
},
"type": "request",
"messageId": "d8b58fce-9e4e-4a26-ac1a-936a11cb37bf",
"sender": {
"identification": "urn:s3i:shell:01131334-bf78-4fbb-a664-509406669c7f",
"role": {
"name": "requester"
}
},
"receiver": {
"identification": "urn:s3i:shell:1e351ace-09e7-4df5-9cce-53dfbb1bd4db",
"role": {
"name": "replier"
}
},
"replyBy": 0,
"conversationId": ""
},
"interactionElements": [
{
"modelType": "Property",
"idShort": "Action",
"value": "SomeAction",
"valueType": "xs:string",
"qualifiers": [
{
"kind": "ConceptQualifier",
"type": "Cardinality",
"value": "ZeroToOne",
"valueType": "xs:string"
}
]
},
{
"idShort": "Target",
"modelType": "ReferenceElement",
"value": {
"type": "ModelReference",
"keys": [
{
"type": "Submodel",
"value": "urn:s3i:shell:1e351ace-09e7-4df5-9cce-53dfbb1bd4db/Resource"
},
{
"type": "SubmodelElementList",
"value": "Resources"
},
{
"type": "SubmodelElementCollection",
"value": "0"
}
]
}
}
]
}
}
\ No newline at end of file
opa/policy.rego deleted 100644 → 0
+ 0
132
View file @ a6540c19
package policy
default allow := false
compare_references(ref1, ref2) if {
count(ref1.keys) == count(ref2.keys)
compare_keys(ref1.keys, ref2.keys)
}
compare_keys(keys1, keys2) if {
key1 := keys1[_]
key2 := keys2[_]
key1.type == key2.type
key1.value == key2.value
}
compare_operands(left, right, operator) = result if {
operator == "eq"
result := left == right
} else = result if {
operator == "ne"
result := left != right
} else = result if {
operator == "gt"
result := left > right
} else = result if {
operator == "lt"
result := left < right
} else = result if {
operator == "ge"
result := left >= right
} else = result if {
operator == "le"
result := left <= right
} else = false if {
true
}
check_operator_constraints(operator_value, constraints, attributes) if {
operator_value == "and"
check_and(constraints, attributes)
}
check_operator_constraints(operator_value, constraints, attributes) if {
operator_value == "or"
check_or(constraints, attributes)
}
check_operator_constraints(operator_value, constraints, attributes) if {
operator_value == "noneOf"
check_none_of(constraints, attributes)
}
check_operator_constraints(operator_value, constraints, attributes) if {
operator_value == "oneOf"
check_one_of(constraints, attributes)
}
check_constraint(constraint, attributes) if {
some attribute in attributes
left_operand := constraint.value[_]; left_operand.idShort == "LeftOperand"
right_operand := constraint.value[_]; right_operand.idShort == "RightOperand"
operator := constraint.value[_]; operator.idShort == "Operator"
attribute.idShort == left_operand.value
compare_operands(attribute.value, right_operand.value, operator.value)
}
check_and(constraints, attributes) if {
every constraint in constraints {
check_constraint(constraint, attributes)
}
}
check_or(constraints, attributes) if {
some constraint in constraints
check_constraint(constraint, attributes)
}
check_none_of(constraints, attributes) if {
x := check_or(constraints, attributes)
not x == true
}
check_one_of(constraints, attributes) if {
count([constraint | constraint := constraints[_]; check_constraint(constraint, attributes)]) == 1
}
allow = true if {
print("test")
some target in input.message.interactionElements
target.idShort == "Target"
requested_target := target.value
thing_id := regex.find_n(`urn:s3i:shell:[^/]+`, target.value.keys[0].value, 1)[0]
print(thing_id)
sec_sm_id := sprintf("%s/Security", [thing_id])
print(sec_sm_id)
request := {
"method": "GET",
"url": sprintf("%ssubmodels/%s", [data.aas_env_url, base64.encode(sec_sm_id)])
}
sec_sm := http.send(request).body
print(sec_sm)
request2 := {
"method": "GET",
"url": sprintf("%ssubmodels/%s", [data.aas_env_url, base64.encode(sprintf("%s/Authorization", [input.sub]))])
}
authz_sm := http.send(request2).body
print(authz_sm)
security_sets := sec_sm.submodelElements[_]
security_sets.idShort == "SecuritySets"
# check action
requested_action = input.message.interactionElements[_]; requested_action.idShort == "Action"
security_set := security_sets.value[_]; security_set.semanticId.keys[_].value == "SecuritySet"
actions := security_set.value[_]; actions.idShort == "Actions"
actions.value[_].value == requested_action.value
# check target
targets := security_set.value[_]; targets.idShort == "Targets"
ref := targets.value[_].value
compare_references(ref, requested_target)
# check constraints
auth_sets := authz_sm.submodelElements[_]; auth_sets.idShort == "AuthorizationSets"
auth_set := auth_sets.value[_]; auth_set.semanticId.keys[_].value == "AuthorizationSet"
attr_collection := auth_set.value[_]; attr_collection.idShort == "Attributes"
attributes := attr_collection.value
constraint_set := security_set.value[_]; constraint_set.semanticId.keys[_].value == "ConstraintSet"
logical_constraint := constraint_set.value[_]; logical_constraint.semanticId.keys[_].value == "LogicalConstraint"
constraints = [constraint | constraint := logical_constraint.value[_]; constraint.semanticId.keys[_].value == "Constraint"]
op := logical_constraint.value[_]; op.idShort == "LogicalOperator"
check_operator_constraints(op.value, constraints, attributes)
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment