feat: create basic policy sample

README.md

@@ -49,6 +49,14 @@ Click the link above to learn about the transfer samples in more detail.
 
 All transfer samples are located in the `advanced` directory.
 
+### [Policy](./policy/README.md)
+
+These samples deal with the topic of policies and their evaluation and enforcement. They will teach you what
+configurations you need to make to enable the evaluation of specific policy rules and constraint and how to provide
+custom code for their enforcement.
+
+All policy samples are located in the `policy` directory.
+
 ## Contributing
 
 See [how to contribute](https://github.com/eclipse-edc/docs/blob/main/CONTRIBUTING.md).

policy/README.md

@@ -0,0 +1,12 @@
+# Policy samples
+
+The samples in this scope revolve around the topic of policies and policy evaluation/enforcement.
+
+> Before starting with these samples, be sure to check out the [basic samples](../basic/README.md)!
+
+## Samples
+
+### [Policy sample 01](./policy-01-policy-enforcement/README.md): Policy enforcement
+
+This sample will teach you the very basics of policy enforcement. It shows the necessary configurations to enable
+policy evaluation for certain rules as well as an example on how to enforce a policy with a constraint.

policy/policy-01-policy-enforcement/contractoffer.json

@@ -0,0 +1,24 @@
+{
+  "@context": {
+    "edc": "https://w3id.org/edc/v0.0.1/ns/",
+    "odrl": "http://www.w3.org/ns/odrl/2/"
+  },
+  "@type": "NegotiationInitiateRequestDto",
+  "connectorId": "provider",
+  "consumerId": "consumer",
+  "providerId": "provider",
+  "connectorAddress": "http://localhost:8282/protocol",
+  "protocol": "dataspace-protocol-http",
+  "offer": {
+    "offerId": "1:test-document:3a75736e-001d-4364-8bd4-9888490edb58",
+    "assetId": "test-document",
+    "policy": {
+      "@id": "1:test-document:13dce0f1-52ed-4554-a194-e83e92733ee5",
+      "@type": "set",
+      "odrl:permission": [],
+      "odrl:prohibition": [],
+      "odrl:obligation": [],
+      "odrl:target": "test-document"
+    }
+  }
+}

policy/policy-01-policy-enforcement/policy-enforcement-consumer/build.gradle.kts

@@ -0,0 +1,27 @@
+plugins {
+    `java-library`
+    id("application")
+    alias(libs.plugins.shadow)
+}
+
+dependencies {
+    implementation(libs.edc.control.plane.core)
+
+    implementation(libs.edc.configuration.filesystem)
+    implementation(libs.edc.iam.mock)
+
+    implementation(libs.edc.management.api)
+    implementation(libs.edc.data.plane.selector.core)
+
+    implementation(libs.edc.dsp)
+}
+
+application {
+    mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime")
+}
+
+tasks.withType<com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar> {
+    //exclude("**/pom.properties", "**/pom.xm")
+    mergeServiceFiles()
+    archiveFileName.set("consumer.jar")
+}

policy/policy-01-policy-enforcement/policy-enforcement-consumer/config.properties

@@ -0,0 +1,11 @@
+web.http.port=9191
+web.http.path=/api
+web.http.management.port=9192
+web.http.management.path=/management
+web.http.protocol.port=9292
+web.http.protocol.path=/protocol
+
+edc.api.auth.key=password
+edc.dsp.callback.address=http://localhost:9292/protocol
+edc.participant.id=consumer
+edc.ids.id=urn:connector:consumer

policy/policy-01-policy-enforcement/policy-enforcement-provider/build.gradle.kts

@@ -0,0 +1,28 @@
+plugins {
+    `java-library`
+    id("application")
+    alias(libs.plugins.shadow)
+}
+
+
+dependencies {
+    implementation(libs.edc.control.plane.core)
+
+    implementation(libs.edc.configuration.filesystem)
+    implementation(libs.edc.iam.mock)
+    implementation(libs.edc.data.plane.selector.core)
+
+    implementation(libs.edc.dsp)
+
+    implementation(project(":policy:policy-01-policy-enforcement:policy-functions"))
+}
+
+application {
+    mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime")
+}
+
+tasks.withType<com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar> {
+   // exclude("**/pom.properties", "**/pom.xm")
+    mergeServiceFiles()
+    archiveFileName.set("provider.jar")
+}

policy/policy-01-policy-enforcement/policy-enforcement-provider/config.properties

@@ -0,0 +1,13 @@
+web.http.port=8181
+web.http.path=/api
+web.http.management.port=8182
+web.http.management.path=/management
+web.http.protocol.port=8282
+web.http.protocol.path=/protocol
+web.http.control.port=8283
+web.http.control.path=/control
+edc.samples.policy-01.asset.path=/path/to/file
+edc.dsp.callback.address=http://localhost:8282/protocol
+edc.participant.id=provider
+edc.ids.id=urn:connector:provider
+edc.control.endpoint=http://localhost:8283/control

policy/policy-01-policy-enforcement/policy-functions/build.gradle.kts

@@ -0,0 +1,11 @@
+plugins {
+    `java-library`
+    id("application")
+}
+
+dependencies {
+    api(libs.edc.data.plane.spi)
+
+    implementation(libs.edc.control.plane.core)
+
+}

policy/policy-01-policy-enforcement/policy-functions/src/main/java/org/eclipse/edc/sample/extension/policy/PolicyFunctionsExtension.java

@@ -0,0 +1,165 @@
+/*
+ *  Copyright (c) 2023 Fraunhofer Institute for Software and Systems Engineering
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Fraunhofer Institute for Software and Systems Engineering - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.sample.extension.policy;
+
+import org.eclipse.edc.connector.contract.spi.offer.store.ContractDefinitionStore;
+import org.eclipse.edc.connector.contract.spi.types.offer.ContractDefinition;
+import org.eclipse.edc.connector.policy.spi.PolicyDefinition;
+import org.eclipse.edc.connector.policy.spi.store.PolicyDefinitionStore;
+import org.eclipse.edc.policy.engine.spi.PolicyEngine;
+import org.eclipse.edc.policy.engine.spi.RuleBindingRegistry;
+import org.eclipse.edc.policy.model.Action;
+import org.eclipse.edc.policy.model.AtomicConstraint;
+import org.eclipse.edc.policy.model.LiteralExpression;
+import org.eclipse.edc.policy.model.Operator;
+import org.eclipse.edc.policy.model.Permission;
+import org.eclipse.edc.policy.model.Policy;
+import org.eclipse.edc.runtime.metamodel.annotation.Inject;
+import org.eclipse.edc.spi.asset.AssetIndex;
+import org.eclipse.edc.spi.query.Criterion;
+import org.eclipse.edc.spi.system.ServiceExtension;
+import org.eclipse.edc.spi.system.ServiceExtensionContext;
+import org.eclipse.edc.spi.types.domain.DataAddress;
+import org.eclipse.edc.spi.types.domain.asset.Asset;
+
+import java.nio.file.Path;
+
+import static org.eclipse.edc.policy.engine.spi.PolicyEngine.ALL_SCOPES;
+
+public class PolicyFunctionsExtension implements ServiceExtension {
+    private final String policyTimeKey = "POLICY_EVALUATION_TIME";
+    private final String policyStartDateSetting = "edc.samples.policy-01.constraint.date.start";
+    private final String policyEndDateSetting = "edc.samples.policy-01.constraint.date.end";
+    private static final String EDC_ASSET_PATH = "edc.samples.policy-01.asset.path";
+
+    @Inject
+    private RuleBindingRegistry ruleBindingRegistry;
+
+    @Inject
+    private PolicyEngine policyEngine;
+
+    @Inject
+    private PolicyDefinitionStore policyStore;
+
+    @Inject
+    private ContractDefinitionStore contractDefinitionStore;
+
+    @Inject
+    private AssetIndex assetIndex;
+
+    @Override
+    public String name() {
+        return "Policy - contract-negotiation policies";
+    }
+
+    @Override
+    public void initialize(ServiceExtensionContext context) {
+        var monitor = context.getMonitor();
+
+        ruleBindingRegistry.bind("USE", ALL_SCOPES);
+        ruleBindingRegistry.bind(policyTimeKey, ALL_SCOPES);
+        policyEngine.registerFunction(ALL_SCOPES, Permission.class, policyTimeKey, new TimeIntervalFunction(monitor));
+
+        registerDataEntries(context);
+        registerContractDefinition(context);
+
+        context.getMonitor().info("Policy Extension for Policy Sample (contract-negotiation) initialized!");
+    }
+
+    private PolicyDefinition createAccessPolicy() {
+
+        var usePermission = Permission.Builder.newInstance()
+                .action(Action.Builder.newInstance().type("USE").build())
+                .build();
+
+        return PolicyDefinition.Builder.newInstance()
+                .id("use")
+                .policy(Policy.Builder.newInstance()
+                        .permission(usePermission)
+                        .build())
+                .build();
+    }
+
+    private PolicyDefinition createContractPolicy(ServiceExtensionContext context) {
+        var startDate = context.getSetting(policyStartDateSetting, "2023-01-01T00:00:00.000+02:00");
+        var notBeforeConstraint = AtomicConstraint.Builder.newInstance()
+                .leftExpression(new LiteralExpression(policyTimeKey))
+                .operator(Operator.GT)
+                .rightExpression(new LiteralExpression(startDate))
+                .build();
+
+        var endDate = context.getSetting(policyEndDateSetting, "2023-12-31T00:00:00.000+02:00");
+        var notAfterConstraint = AtomicConstraint.Builder.newInstance()
+                .leftExpression(new LiteralExpression(policyTimeKey))
+                .operator(Operator.LT)
+                .rightExpression(new LiteralExpression(endDate))
+                .build();
+
+
+        var permission = Permission.Builder.newInstance()
+                .action(Action.Builder.newInstance().type("USE").build())
+                .constraint(notBeforeConstraint)
+                .constraint(notAfterConstraint)
+                .build();
+
+
+        return PolicyDefinition.Builder.newInstance()
+                .id("use-time-restricted")
+                .policy(Policy.Builder.newInstance()
+                        .permission(permission)
+                        .build())
+                .build();
+    }
+
+
+    private void registerDataEntries(ServiceExtensionContext context) {
+        var assetPathSetting = context.getSetting(EDC_ASSET_PATH, "/tmp/provider/test-document.txt");
+        var assetPath = Path.of(assetPathSetting);
+
+        var dataAddress = DataAddress.Builder.newInstance()
+                .property("type", "File")
+                .property("path", assetPath.getParent().toString())
+                .property("filename", assetPath.getFileName().toString())
+                .build();
+
+        var assetId = "test-document";
+        var asset = Asset.Builder.newInstance()
+                .id(assetId)
+                .dataAddress(dataAddress)
+                .build();
+
+
+        assetIndex.create(asset);
+
+    }
+
+
+    private void registerContractDefinition(ServiceExtensionContext context) {
+        var accessPolicy = createAccessPolicy();
+        policyStore.create(accessPolicy);
+
+        var contractPolicy = createContractPolicy(context);
+        policyStore.create(contractPolicy);
+
+        var contractDefinition = ContractDefinition.Builder.newInstance()
+                .id("1")
+                .accessPolicyId(accessPolicy.getUid())
+                .contractPolicyId(contractPolicy.getUid())
+                .assetsSelectorCriterion(Criterion.criterion(Asset.PROPERTY_ID, "=", "test-document"))
+                .build();
+        contractDefinitionStore.save(contractDefinition);
+    }
+
+}

policy/policy-01-policy-enforcement/policy-functions/src/main/java/org/eclipse/edc/sample/extension/policy/TimeIntervalFunction.java

@@ -0,0 +1,62 @@
+/*
+ *  Copyright (c) 2023 Fraunhofer Institute for Software and Systems Engineering
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Fraunhofer Institute for Software and Systems Engineering - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.sample.extension.policy;
+
+
+import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction;
+import org.eclipse.edc.policy.engine.spi.PolicyContext;
+import org.eclipse.edc.policy.model.Operator;
+import org.eclipse.edc.policy.model.Permission;
+import org.eclipse.edc.spi.monitor.Monitor;
+
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+public class TimeIntervalFunction implements AtomicConstraintFunction<Permission> {
+
+    private Monitor monitor;
+
+    public TimeIntervalFunction(Monitor monitor) {
+        this.monitor = monitor;
+    }
+
+
+
+    @Override
+    public boolean evaluate(Operator operator, Object rightValue, Permission rule, PolicyContext context) {
+        var sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSXXX");
+
+        Date date;
+        try {
+            date = sdf.parse((String) rightValue);
+        } catch (ParseException e) {
+            monitor.severe("Failed to parse right value of constraint to date.");
+            return false;
+        }
+
+        switch (operator) {
+            case LT: var isBefore = new Date().before(date);
+                monitor.info("Current date is " + (isBefore ? "before" : "after") + " desired end date");
+                return isBefore;
+            case GT: var isAfter = new Date().after(date);
+                monitor.info("Current date is " + (isAfter ? "after" : "before") + " desired start date");
+                return isAfter;
+            default: return false;
+        }
+    }
+}
+
+

policy/policy-01-policy-enforcement/policy-functions/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension

@@ -0,0 +1 @@
+org.eclipse.edc.sample.extension.policy.PolicyFunctionsExtension

settings.gradle.kts

@@ -47,6 +47,10 @@ include(":transfer:streaming:streaming-03-kafka-broker:streaming-03-runtime")
 
 include(":advanced:advanced-01-open-telemetry:open-telemetry-consumer")
 include(":advanced:advanced-01-open-telemetry:open-telemetry-provider")
+include(":policy:policy-01-policy-enforcement:policy-enforcement-provider")
+include(":policy:policy-01-policy-enforcement:policy-enforcement-consumer")
+include(":policy:policy-01-policy-enforcement:policy-functions")
+include(":policy:policy-01-policy-enforcement:policy-enforcement-integration-tests")
 
 include(":other:custom-runtime")