- updatePolicy(policyCtxBefore, policyCtxAfter);
- }
-
- /**
- * Looks for changed rule groups in {@code policyCtxBefore} and {@code policyCtxAfter}.
- * Access lists are updated for endpoints in {@code policyCtxAfter} affected by changed rule
- * groups.
- *
- * @param policyCtxBefore policy before
- * @param policyCtxAfter policy after
- */
- private void updatePolicy(PolicyContext policyCtxBefore, PolicyContext policyCtxAfter) {
- LOG.info("Updating policy by rule groups.");
- Set<RuleGroupKey> diffRuleGroups = new HashSet<>();
- diffRuleGroups.addAll(Sets.difference(policyCtxBefore.getRuleGroupByKey().keySet(),
- policyCtxAfter.getRuleGroupByKey().keySet()));
- diffRuleGroups.addAll(Sets.difference(policyCtxAfter.getRuleGroupByKey().keySet(), policyCtxBefore.getRuleGroupByKey().keySet()));
- LOG.trace("Rule groups changed: {} ", diffRuleGroups.size());
- Set<RendererEndpointKey> updates = new HashSet<>();
- for (PolicyContext policy : new PolicyContext[] {policyCtxBefore, policyCtxAfter}) {
- if (policy.getPolicy().getConfiguration() == null
- || policy.getPolicy().getConfiguration().getRendererEndpoints() == null
- || policy.getPolicy().getConfiguration().getRendererEndpoints().getRendererEndpoint() == null) {
- continue;
- }
- policy.getPolicy()
- .getConfiguration()
- .getRendererEndpoints()
- .getRendererEndpoint()
- .stream()
- .filter(rEp -> !updates.contains(rEp.getKey()))
- .forEach(rEp -> {
- for (PeerEndpoint pEp : rEp.getPeerEndpoint()) {
- for (RuleGroupWithRendererEndpointParticipation rg : pEp
- .getRuleGroupWithRendererEndpointParticipation()) {
- if (!diffRuleGroups.contains(
- new RuleGroupKey(rg.getContractId(), rg.getSubjectName(), rg.getTenantId()))) {
- continue;
- }
- if (!policy.equals(policyCtxBefore)) {
- updates.add(rEp.getKey());
- AddressEndpointKey k1 = AddressEndpointUtils.fromPeerEpKey(pEp.getKey());
- updates.add(AddressEndpointUtils.toRendererEpKey(k1));
- }
- }
- }
- });
- }
- for (RendererEndpointKey rEpKey : updates) {
- aclManager.updateAclsForRendEp(rEpKey, policyCtxAfter);
- }
+ ImmutableSet<RuleGroupKey> rulesBefore = policyCtxAfter.getRuleGroupByKey().keySet();
+ ImmutableSet<RuleGroupKey> rulesAfter = policyCtxBefore.getRuleGroupByKey().keySet();
+ SetView<RuleGroupKey> removedRules = Sets.difference(rulesAfter, rulesBefore);
+ SetView<RuleGroupKey> createdRules = Sets.difference(rulesBefore, rulesAfter);
+ LOG.debug("Updated rules: {}", Sets.intersection(rulesBefore, rulesAfter));
+ LOG.debug("Removed rules {}", removedRules);
+ LOG.debug("Created rules {}", createdRules);
+ LOG.debug("Updated renderer endpoints {}", updatedRendEps);
+ LOG.debug("Created renderer endpoints {}", createdRendEps);
+ LOG.debug("Updated renderer endpoints {}", updatedRendEps);
+ aclManager.resolveRulesToConfigure(policyCtxBefore, removedRendEps, removedRules, false);
+ aclManager.resolveRulesToConfigure(policyCtxAfter, createdRendEps, createdRules, true);