Adding capability for policies to be added/removed automatically when devices are added/removed from a group

2025-10-06 02:01:45 +00:00 · 2020-07-18 15:52:41 +05:30 · 2020-07-18 15:52:41 +05:30 · 3ea16eaf7d
commit 3ea16eaf7d
parent 42ec923700
4 changed files with 105 additions and 3 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceImpl.java
@ -36,6 +36,7 @@ import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.exceptions.InvalidConfigurationException;
 import org.wso2.carbon.device.mgt.common.operation.mgt.Operation;
 import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException;
+import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
 import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.ComplianceFeature;
 import org.wso2.carbon.device.mgt.common.policy.mgt.monitor.PolicyComplianceException;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
@ -50,6 +51,9 @@ import org.wso2.carbon.event.stream.stub.EventStreamAdminServiceStub;
 import org.wso2.carbon.event.stream.stub.types.EventStreamAttributeDto;
 import org.wso2.carbon.event.stream.stub.types.EventStreamDefinitionDto;
 import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
+import org.wso2.carbon.policy.mgt.common.PolicyAdministratorPoint;
+import org.wso2.carbon.policy.mgt.common.PolicyEvaluationException;
+import org.wso2.carbon.policy.mgt.common.PolicyManagementException;
 import org.wso2.carbon.user.api.UserStoreException;

 import javax.validation.Valid;
@ -95,6 +99,13 @@ public class DeviceAgentServiceImpl implements DeviceAgentService {
            device.getEnrolmentInfo().setDateOfEnrolment(System.currentTimeMillis());
            device.getEnrolmentInfo().setDateOfLastUpdate(System.currentTimeMillis());
            boolean status = dms.enrollDevice(device);
+            PolicyAdministratorPoint pap = DeviceMgtAPIUtils.getPolicyManagementService().getPAP();
+            List<DeviceIdentifier> deviceIdentifierList = new ArrayList<>();
+            DeviceIdentifier deviceId = new DeviceIdentifier(device.getDeviceIdentifier(), device.getType());
+            deviceIdentifierList.add(deviceId);
+            Policy effectivePolicy = DeviceMgtAPIUtils.getPolicyManagementService().getPEP().getEffectivePolicy(deviceId);
+            pap.addPolicyToDevice(deviceIdentifierList, effectivePolicy);
+            pap.publishChanges();
            return Response.status(Response.Status.OK).entity(status).build();
        } catch (DeviceManagementException e) {
            String msg = "Error occurred while enrolling the device, which carries the id '" +
@ -104,6 +115,12 @@ public class DeviceAgentServiceImpl implements DeviceAgentService {
        } catch (InvalidConfigurationException e) {
            log.error("failed to add operation", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        } catch (PolicyManagementException e) {
+            log.error("failed to add designated policies against newly enrolled device.", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        } catch (PolicyEvaluationException e) {
+            log.error("failed while retrieving policies for newly enrolled device.", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        }
    }

--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImpl.java
@ -25,15 +25,19 @@ import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.Device;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
-import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException;
+import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
 import org.wso2.carbon.device.mgt.common.GroupPaginationRequest;
 import org.wso2.carbon.device.mgt.common.PaginationResult;
+import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
+import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException;
 import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
 import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyExistException;
 import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
-import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException;
 import org.wso2.carbon.device.mgt.common.group.mgt.GroupNotExistException;
+import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException;
+import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
+import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
 import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList;
 import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceList;
@ -42,6 +46,9 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
 import org.wso2.carbon.device.mgt.jaxrs.service.api.GroupManagementService;
 import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
 import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
+import org.wso2.carbon.policy.mgt.common.PolicyAdministratorPoint;
+import org.wso2.carbon.policy.mgt.common.PolicyEvaluationException;
+import org.wso2.carbon.policy.mgt.common.PolicyManagementException;

 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
@ -259,6 +266,17 @@ public class GroupManagementServiceImpl implements GroupManagementService {
    public Response addDevicesToGroup(int groupId, List<DeviceIdentifier> deviceIdentifiers) {
        try {
            DeviceMgtAPIUtils.getGroupManagementProviderService().addDevices(groupId, deviceIdentifiers);
+            PolicyAdministratorPoint pap = DeviceMgtAPIUtils.getPolicyManagementService().getPAP();
+            DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService();
+            Policy effectivePolicy = null;
+            for(DeviceIdentifier deviceIdentifier : deviceIdentifiers) {
+                Device device = dms.getDevice(deviceIdentifier, false);
+                if(!device.getEnrolmentInfo().getStatus().equals(EnrolmentInfo.Status.REMOVED)) {
+                    effectivePolicy = DeviceMgtAPIUtils.getPolicyManagementService().getPEP().getEffectivePolicy(deviceIdentifier);
+                    pap.addPolicyToDevice(deviceIdentifiers, effectivePolicy);
+                }
+            }
+            pap.publishChanges();
            return Response.status(Response.Status.OK).build();
        } catch (GroupManagementException e) {
            String msg = "Error occurred while adding devices to group.";
@ -266,6 +284,15 @@ public class GroupManagementServiceImpl implements GroupManagementService {
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
        } catch (DeviceNotFoundException e) {
            return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
+        } catch (PolicyManagementException e) {
+            log.error("Error occurred while adding policies against device(s).", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        } catch (PolicyEvaluationException e) {
+            log.error("Error occurred while retrieving policies against device(s).", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        } catch (DeviceManagementException e) {
+            log.error("Error occurred while retrieving device information.", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        }
    }

@ -273,6 +300,17 @@ public class GroupManagementServiceImpl implements GroupManagementService {
    public Response removeDevicesFromGroup(int groupId, List<DeviceIdentifier> deviceIdentifiers) {
        try {
            DeviceMgtAPIUtils.getGroupManagementProviderService().removeDevice(groupId, deviceIdentifiers);
+            PolicyAdministratorPoint pap = DeviceMgtAPIUtils.getPolicyManagementService().getPAP();
+            DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService();
+            Policy effectivePolicy = null;
+            for(DeviceIdentifier deviceIdentifier : deviceIdentifiers) {
+                Device device = dms.getDevice(deviceIdentifier, false);
+                if(!device.getEnrolmentInfo().getStatus().equals(EnrolmentInfo.Status.REMOVED)) {
+                    effectivePolicy = DeviceMgtAPIUtils.getPolicyManagementService().getPEP().getEffectivePolicy(deviceIdentifier);
+                    pap.addPolicyToDevice(deviceIdentifiers, effectivePolicy);
+                }
+            }
+            pap.publishChanges();
            return Response.status(Response.Status.OK).build();
        } catch (GroupManagementException e) {
            String msg = "Error occurred while removing devices from group.";
@ -280,6 +318,15 @@ public class GroupManagementServiceImpl implements GroupManagementService {
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
        } catch (DeviceNotFoundException e) {
            return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
+        }catch (PolicyManagementException e) {
+            log.error("Error occurred while adding policies against device(s).", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        } catch (PolicyEvaluationException e) {
+            log.error("Error occurred while retrieving policies against device(s).", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        } catch (DeviceManagementException e) {
+            log.error("Error occurred while retrieving device information.", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        }
    }

@ -290,6 +337,10 @@ public class GroupManagementServiceImpl implements GroupManagementService {
            deviceIdentifiers.add(deviceToGroupsAssignment.getDeviceIdentifier());
            GroupManagementProviderService service = DeviceMgtAPIUtils.getGroupManagementProviderService();
            List<DeviceGroup> deviceGroups = service.getGroups(deviceToGroupsAssignment.getDeviceIdentifier(), false);
+            PolicyAdministratorPoint pap = DeviceMgtAPIUtils.getPolicyManagementService().getPAP();
+            DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService();
+            Device device = null;
+            Policy effectivePolicy = null;
            for (DeviceGroup group : deviceGroups) {
                Integer groupId = group.getGroupId();
                if (deviceToGroupsAssignment.getDeviceGroupIds().contains(groupId)) {
@ -300,7 +351,12 @@ public class GroupManagementServiceImpl implements GroupManagementService {
            }
            for (int groupId : deviceToGroupsAssignment.getDeviceGroupIds()) {
                DeviceMgtAPIUtils.getGroupManagementProviderService().addDevices(groupId, deviceIdentifiers);
+                for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) {
+                    effectivePolicy = DeviceMgtAPIUtils.getPolicyManagementService().getPEP().getEffectivePolicy(deviceIdentifier);
+                    pap.addPolicyToDevice(deviceIdentifiers, effectivePolicy);
+                }
            }
+            pap.publishChanges();
            return Response.status(Response.Status.OK).build();
        } catch (GroupManagementException e) {
            String msg = "Error occurred while assigning device to groups.";
@ -308,6 +364,12 @@ public class GroupManagementServiceImpl implements GroupManagementService {
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
        } catch (DeviceNotFoundException e) {
            return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
+        } catch (PolicyManagementException e) {
+            log.error("Failed to add policies for device assigned to group.", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        } catch (PolicyEvaluationException e) {
+            log.error("Failed while retrieving policies device assigned to group.", e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        }
    }

@ -325,4 +387,4 @@ public class GroupManagementServiceImpl implements GroupManagementService {
        }
    }

-}
+}
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceTest.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/DeviceAgentServiceTest.java
@ -93,6 +93,7 @@ public class DeviceAgentServiceTest {
    private static final String AUTHENTICATED_USER = "admin";
    private static final String MONITOR_OPERATION = "POLICY_MONITOR";
    private static Device demoDevice;
+    private PolicyManagerService policyManagerService;

    @ObjectFactory
    public IObjectFactory getObjectFactory() {
@ -108,6 +109,7 @@ public class DeviceAgentServiceTest {
        this.deviceAgentService = new DeviceAgentServiceImpl();
        this.deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class,
                Mockito.RETURNS_MOCKS);
+        this.policyManagerService = Mockito.mock(PolicyManagerService.class, Mockito.RETURNS_MOCKS);
        this.privilegedCarbonContext = Mockito.mock(PrivilegedCarbonContext.class, Mockito.RETURNS_MOCKS);
        this.eventStreamAdminServiceStub = Mockito.mock(EventStreamAdminServiceStub.class, Mockito.RETURNS_MOCKS);
        demoDevice = DeviceMgtAPITestHelper.generateDummyDevice(TEST_DEVICE_TYPE, TEST_DEVICE_IDENTIFIER);
@ -167,6 +169,8 @@ public class DeviceAgentServiceTest {
                .toReturn(this.deviceManagementProviderService);
        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getAuthenticatedUser"))
                .toReturn(AUTHENTICATED_USER);
+        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getPolicyManagementService"))
+                .toReturn(policyManagerService);
        EnrolmentInfo enrolmentInfo = demoDevice.getEnrolmentInfo();
        enrolmentInfo.setStatus(EnrolmentInfo.Status.INACTIVE);
        demoDevice.setEnrolmentInfo(enrolmentInfo);
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImplTest.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/test/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/GroupManagementServiceImplTest.java
@ -19,6 +19,7 @@

 package org.wso2.carbon.device.mgt.jaxrs.service.impl;

+import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
@ -42,10 +43,12 @@ import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyExistException;
 import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
 import org.wso2.carbon.device.mgt.common.group.mgt.GroupNotExistException;
 import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException;
+import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
 import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceToGroupsAssignment;
 import org.wso2.carbon.device.mgt.jaxrs.service.api.GroupManagementService;
 import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
+import org.wso2.carbon.policy.mgt.core.PolicyManagerService;

 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
@ -61,6 +64,8 @@ import java.util.List;
 public class GroupManagementServiceImplTest {
    private GroupManagementService groupManagementService;
    private GroupManagementProviderService groupManagementProviderService;
+    private PolicyManagerService policyManagerService;
+    private DeviceManagementProviderService deviceManagementProviderService;
    private PrivilegedCarbonContext context;

    @ObjectFactory
@ -72,6 +77,8 @@ public class GroupManagementServiceImplTest {
    public void init() {
        groupManagementService = new GroupManagementServiceImpl();
        groupManagementProviderService = Mockito.mock(GroupManagementProviderService.class);
+        this.policyManagerService = Mockito.mock(PolicyManagerService.class, Mockito.RETURNS_MOCKS);
+        this.deviceManagementProviderService = Mockito.mock(DeviceManagementProviderService.class, Mockito.RETURNS_MOCKS);
        context = Mockito.mock(PrivilegedCarbonContext.class);
        Mockito.doReturn("admin").when(context).getUsername();
    }
@ -298,6 +305,10 @@ public class GroupManagementServiceImplTest {
    public void testAddDevicesToGroup() throws GroupManagementException, DeviceNotFoundException {
        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getGroupManagementProviderService"))
                .toReturn(groupManagementProviderService);
+        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getPolicyManagementService"))
+                .toReturn(policyManagerService);
+        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getDeviceManagementService"))
+                .toReturn(deviceManagementProviderService);
        List<DeviceIdentifier> deviceIdentifiers = new ArrayList<>();
        Mockito.doNothing().when(groupManagementProviderService).addDevices(1, deviceIdentifiers);
        Mockito.doThrow(new GroupManagementException()).when(groupManagementProviderService).addDevices(2,
@ -319,6 +330,10 @@ public class GroupManagementServiceImplTest {
    public void testRemoveDevicesFromGroup() throws GroupManagementException, DeviceNotFoundException {
        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getGroupManagementProviderService"))
                .toReturn(groupManagementProviderService);
+        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getPolicyManagementService"))
+                .toReturn(policyManagerService);
+        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getDeviceManagementService"))
+                .toReturn(deviceManagementProviderService);
        List<DeviceIdentifier> deviceIdentifiers = new ArrayList<>();
        Mockito.doNothing().when(groupManagementProviderService).removeDevice(1, deviceIdentifiers);
        Mockito.doThrow(new GroupManagementException()).when(groupManagementProviderService).removeDevice(2,
@ -357,6 +372,10 @@ public class GroupManagementServiceImplTest {
    public void testUpdateDeviceAssigningToGroups() throws GroupManagementException, DeviceNotFoundException {
        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getGroupManagementProviderService"))
                .toReturn(groupManagementProviderService);
+        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getPolicyManagementService"))
+                .toReturn(policyManagerService);
+        PowerMockito.stub(PowerMockito.method(DeviceMgtAPIUtils.class, "getDeviceManagementService"))
+                .toReturn(deviceManagementProviderService);
        Mockito.reset(groupManagementProviderService);
        DeviceToGroupsAssignment deviceToGroupsAssignment = new DeviceToGroupsAssignment();
        List<Integer> groupIds = new ArrayList<>();