/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at
 * docs/licenses/cddl.txt
 * or http://www.opensource.org/licenses/cddl1.php.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at
 * docs/licenses/cddl.txt.  If applicable,
 * add the following below this CDDL HEADER, with the fields enclosed
 * by brackets "[]" replaced with your own identifying information:
 *      Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 *
 *
 *      Copyright 2017-2019 Ping Identity Corporation
 */


package com.unboundid.directory.sdk.broker.api;

import com.unboundid.directory.sdk.broker.config.PolicyObligationConfig;
import com.unboundid.directory.sdk.broker.internal.BrokerExtension;
import com.unboundid.directory.sdk.broker.types.BrokerContext;
import com.unboundid.directory.sdk.broker.types.NotFulfilledException;
import com.unboundid.directory.sdk.broker.types.ObligationContext;
import com.unboundid.directory.sdk.common.internal.ExampleUsageProvider;
import com.unboundid.directory.sdk.common.internal.UnboundIDExtension;

import com.unboundid.scim2.common.GenericScimResource;
import com.unboundid.scim2.common.exceptions.ScimException;
import com.unboundid.scim2.common.messages.PatchRequest;
import com.unboundid.util.Extensible;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.args.ArgumentException;
import com.unboundid.util.args.ArgumentParser;

import java.util.Collections;
import java.util.List;
import java.util.Map;


/**
 * This class defines an API that must be implemented by extensions that
 * implement custom Policy Obligations.  This obligation is invoked when
 * policy evaluation results in this type of obligation being returned to the
 * Policy Enforcement Point.
 *
 * <H2>Configuring Policy Obligation</H2>
 * In order to configure a policy obligation created using this API,
 * use a command like:
 *
 * <PRE>
 *      dsconfig create-policy-obligation \
 *           --obligation-name "<I>{name}</I>" \
 *           --type third-party \
 *           --policy-name "<I>{policy-name}</I>" \
 *           --rule-name "<I>{rule-name}</I>" \
 *           --set "extension-class:<I>{class-name}</I>" \
 *           --set "extension-argument:<I>{name=value}</I>" \
 *           --set "obligation-arguments:<I>{name=jexlExpression}</I>" \
 *           --set "evaluation-order-index:<I>{index}</I>
 * </PRE>
 * where "<I>{name}</I>" is the name to use for the policy obligation
 * instance, "<I>{class-name}</I>" is the fully-qualified name of the Java
 * class that extends
 * {@code com.unboundid.directory.sdk.broker.api.PolicyObligation},
 * "<I>{policy-name}</I>" and <I>{rule-name}</I>" identify the policy and
 * policy rule, respectively, that will contain this obligation expression.
 * <I>{name=jexlExpression}</I> pairs specified using obligation-arguments
 * identify arguments whose value may be specified or computed during policy
 * evaluation before being passed into this obligation implementation.
 * "<I>{index}</I>" is an integer from 1 to 9999 that is used to determine the
 * order in which this type of obligation should be invoked relative to other
 * obligations that may be returned from the same policy evaluation.
 * "<I>{name=value}</I>" pairs specified using extension-arguments are
 * constant-valued arguments that are provided to the obligation implementation
 * at initialization time.
 * If multiple obligation arguments should be provided at each invocation, then
 * the "<CODE>--set obligation-argument:<I>{name=jexlExpression}</I></CODE>"
 * option should be provided multiple times.
 * If multiple initialization arguments should be provided to the extension,
 * then the "<CODE>--set extension-argument:<I>{name=value}</I></CODE>"
 * option should be provided multiple times.
 */
@Extensible()
@BrokerExtension
@ThreadSafety(level= ThreadSafetyLevel.INTERFACE_THREADSAFE)
public abstract class PolicyObligation
    implements UnboundIDExtension,
    ExampleUsageProvider {

  /**
   * No-args constructor.
   */
  public PolicyObligation() {
    // No implementation is required.
  }


  /**
   * {@inheritDoc}
   */
  @Override
  public abstract String getExtensionName();


  /**
   * {@inheritDoc}
   */
  @Override
  public abstract String[] getExtensionDescription();


  /**
   * {@inheritDoc}
   */
  @Override
  public Map<List<String>,String> getExamplesArgumentSets() {
    return Collections.emptyMap();
  }


  /**
   * {@inheritDoc}
   */
  @Override
  public void defineConfigArguments(final ArgumentParser parser)
      throws ArgumentException {
    // No arguments will be allowed by default.
  }


  /**
   * Initializes this Policy Obligation implementation.
   * @param  serverContext  A handle to the server context for the server in
   *                        which this extension is running.
   * @param  config         The general configuration for this policy
   *                        obligation.
   * @param  parser         The argument parser which has been initialized from
   *                        the configuration for this policy obligation.
   *
   * @throws Exception      If a problem occurs while initializing this
   *                        policy obligation.
   */
  public void initializePolicyObligation(
      final BrokerContext serverContext,
      final PolicyObligationConfig config,
      final ArgumentParser parser) throws Exception {
    // No initialization will be performed by default.
  }


  /**
   * Performs any cleanup which may be necessary when this policy obligation
   * is to be taken out of service.
   */
  public void finalizePolicyObligation() {
    // no implementation is required
  }


  /**
   * This method is invoked if this obligation is returned from policy during a
   * SCIM create operation.  The method is invoked before the new resource
   * has been saved to the data store.
   *
   * @param context     ObligationContext containing any arguments passed
   *                    from policy.
   * @param resource    The resource to be created.
   * @return            The (possibly modified) resource to be created.
   * @throws NotFulfilledException thrown if the obligation cannot be
   *                    fulfilled.   Will abort the SCIM create operation and
   *                    will cause an unauthorized response to be returned to
   *                    the caller.
   * @throws ScimException thrown if an internal error occurs.
   */
  public GenericScimResource onScimCreate(
      final ObligationContext context,
      final GenericScimResource resource)
      throws NotFulfilledException, ScimException {

    // no implementation required
    return resource;
  }


  /**
   * This method is invoked if this obligation is returned from policy during
   * a SCIM delete operation.   The method is invoked before the deletion is
   * committed to the data store.
   *
   * @param context     ObligationContext containing any arguments passed
   *                    from policy.
   * @throws NotFulfilledException thrown if the obligation cannot be
   *                    fulfilled.   Will abort the SCIM delete operation and
   *                    will cause an unauthorized response to be returned to
   *                    the caller.
   * @throws ScimException thrown if an internal error occurs.
   */
  public void onScimDelete(
      final ObligationContext context)
      throws NotFulfilledException, ScimException {

    // no implementation required
  }


  /**
   * This method is invoked if this obligation is returned from policy during a
   * SCIM PATCH or PUT operation.  The method is invoked before the modified
   * resource has been saved to the data store.
   *
   * @param context     ObligationContext containing any arguments passed
   *                    from policy.
   * @param patchRequest A normalized SCIM patch request describing the
   *                     requested modifications.  A "normalized" patch request
   *                     in this context means that the patch will have the
   *                     following characteristics:
   *
   *                     For add and remove operations, sub-attributes will
   *                     always appear in the value portion rather than in the
   *                     path.
   *
   *                     Paths referencing core attributes will not contain the
   *                     schema URN.
   *
   *                     Operations without a path will be broken down into
   *                     separate operations for each attribute originally
   *                     referenced in the value portion.
   *
   * @return            The (possibly modified) patch request.
   * @throws NotFulfilledException thrown if the obligation cannot be
   *                    fulfilled.   Will abort the SCIM modify operation and
   *                    will cause an unauthorized response to be returned to
   *                    the caller.
   * @throws ScimException thrown if an internal error occurs.
   */
  public PatchRequest onScimModify(
      final ObligationContext context,
      final PatchRequest patchRequest)
      throws NotFulfilledException, ScimException {

    // no implementation required
    return patchRequest;
  }


  /**
   * This method is invoked if this obligation is returned from policy during a
   * SCIM retrieve operation.  The method is invoked before the resource
   * is added to the SCIM response.
   *
   * @param context     ObligationContext containing any arguments passed
   *                    from policy.
   * @param resource    The resource to be returned to the client.
   * @return            The (possibly modified) resource to be returned.
   * @throws NotFulfilledException thrown if the obligation cannot be
   *                    fulfilled.   Will abort the SCIM retrieve operation and
   *                    will cause an unauthorized response to be returned to
   *                    the caller.
   * @throws ScimException thrown if an internal error occurs.
   */
  public GenericScimResource onScimRetrieve(
      final ObligationContext context,
      final GenericScimResource resource)
      throws NotFulfilledException, ScimException {

    // no implementation required
    return resource;
  }


  /**
   * This method is invoked if this obligation is returned from policy prior to
   * a SCIM search operation.  The method is invoked before the search is
   * executed.
   *
   * @param context     ObligationContext containing any arguments passed
   *                    from policy.
   * @param filter      The SCIM search filter requested by the client, or
   *                    null if no filter was specified.
   * @return            The (possibly modified) SCIM search filter.
   * @throws NotFulfilledException thrown if the obligation cannot be
   *                    fulfilled.   Will abort the SCIM search operation and
   *                    will cause an unauthorized response to be returned to
   *                    the caller.
   * @throws ScimException thrown if an internal error occurs.
   */
  public String onScimSearch(
      final ObligationContext context,
      final String filter)
      throws NotFulfilledException, ScimException {

    // no implementation required
    return filter;
  }

}