feat(policies): add Policy CRUD methods for Unified Policy Architecture#9
Merged
Conversation
Add comprehensive policy management methods to the Java SDK as part of the Unified Policy Architecture v2.0.0 (Phase 10 - SDKs). Static Policies: - listStaticPolicies() with filtering options - getStaticPolicy(), createStaticPolicy(), updateStaticPolicy() - deleteStaticPolicy(), toggleStaticPolicy() - getEffectiveStaticPolicies(), testPattern(), getStaticPolicyVersions() Policy Overrides (Enterprise): - createPolicyOverride(), getPolicyOverride(), deletePolicyOverride() Dynamic Policies: - listDynamicPolicies() with filtering options - getDynamicPolicy(), createDynamicPolicy(), updateDynamicPolicy() - deleteDynamicPolicy(), toggleDynamicPolicy() - getEffectiveDynamicPolicies() New types in PolicyTypes.java: - PolicyCategory, PolicyTier, PolicyAction, OverrideAction enums - StaticPolicy, DynamicPolicy, PolicyOverride models - CreateStaticPolicyRequest, UpdateStaticPolicyRequest builders - CreateDynamicPolicyRequest, UpdateDynamicPolicyRequest builders - ListStaticPoliciesOptions, ListDynamicPoliciesOptions - TestPatternResult, PolicyVersion Tests: 38 tests covering all methods and type validation Part of: Epic #724 - Unified Policy Architecture v2.0.0
- Remove getPolicyOverride() method (no GET endpoint in backend) - Change /api/v1/dynamic-policies to /api/v1/policies for all dynamic policy methods - Update tests to reflect API changes
- Fix testPattern endpoint from /test-pattern to /test - Add sortBy, sortOrder, search fields to ListDynamicPoliciesOptions - Update buildDynamicPolicyQueryString to use new fields
…eader
- Add PolicySeverity enum (critical/high/medium/low)
- Change severity from int to PolicySeverity in StaticPolicy, CreateStaticPolicyRequest, UpdateStaticPolicyRequest
- Add tier field to CreateStaticPolicyRequest with default TENANT
- Fix TestPatternResult to use 'matches' instead of 'results'
- Add pattern and inputs fields to TestPatternResult
- Fix testPattern to send 'inputs' instead of 'test_inputs'
- Add X-Tenant-ID header for policy APIs using clientId
- Add StaticPoliciesResponse and EffectivePoliciesResponse wrappers
- Fix listStaticPolicies to parse {policies: []} wrapper response
- Fix getEffectiveStaticPolicies to parse {static: [], dynamic: []} wrapper
- Update SAMPLE_STATIC_POLICY to use 'critical' string - Use PolicySeverity.CRITICAL/HIGH in request builders - Fix UpdateStaticPolicyRequest assertions
- Use wrapped response format for list and effective APIs - Change 'results' to 'matches' in testPattern mock - Use PolicySeverity.MEDIUM for default severity assertion
saurabhjain1592
added a commit
that referenced
this pull request
Jan 6, 2026
…re (#9) * feat(policies): add Policy CRUD methods for Unified Policy Architecture Add comprehensive policy management methods to the Java SDK as part of the Unified Policy Architecture v2.0.0 (Phase 10 - SDKs). Static Policies: - listStaticPolicies() with filtering options - getStaticPolicy(), createStaticPolicy(), updateStaticPolicy() - deleteStaticPolicy(), toggleStaticPolicy() - getEffectiveStaticPolicies(), testPattern(), getStaticPolicyVersions() Policy Overrides (Enterprise): - createPolicyOverride(), getPolicyOverride(), deletePolicyOverride() Dynamic Policies: - listDynamicPolicies() with filtering options - getDynamicPolicy(), createDynamicPolicy(), updateDynamicPolicy() - deleteDynamicPolicy(), toggleDynamicPolicy() - getEffectiveDynamicPolicies() New types in PolicyTypes.java: - PolicyCategory, PolicyTier, PolicyAction, OverrideAction enums - StaticPolicy, DynamicPolicy, PolicyOverride models - CreateStaticPolicyRequest, UpdateStaticPolicyRequest builders - CreateDynamicPolicyRequest, UpdateDynamicPolicyRequest builders - ListStaticPoliciesOptions, ListDynamicPoliciesOptions - TestPatternResult, PolicyVersion Tests: 38 tests covering all methods and type validation Part of: Epic #724 - Unified Policy Architecture v2.0.0 * fix: correct API endpoints and remove non-existent getPolicyOverride - Remove getPolicyOverride() method (no GET endpoint in backend) - Change /api/v1/dynamic-policies to /api/v1/policies for all dynamic policy methods - Update tests to reflect API changes * fix: code review fixes for policy CRUD - Fix testPattern endpoint from /test-pattern to /test - Add sortBy, sortOrder, search fields to ListDynamicPoliciesOptions - Update buildDynamicPolicyQueryString to use new fields * fix(policies): fix severity type, response parsing, and X-Tenant-ID header - Add PolicySeverity enum (critical/high/medium/low) - Change severity from int to PolicySeverity in StaticPolicy, CreateStaticPolicyRequest, UpdateStaticPolicyRequest - Add tier field to CreateStaticPolicyRequest with default TENANT - Fix TestPatternResult to use 'matches' instead of 'results' - Add pattern and inputs fields to TestPatternResult - Fix testPattern to send 'inputs' instead of 'test_inputs' - Add X-Tenant-ID header for policy APIs using clientId - Add StaticPoliciesResponse and EffectivePoliciesResponse wrappers - Fix listStaticPolicies to parse {policies: []} wrapper response - Fix getEffectiveStaticPolicies to parse {static: [], dynamic: []} wrapper * fix(tests): change getResults() to getMatches() in TestPatternResult * fix(tests): use PolicySeverity enum instead of integers - Update SAMPLE_STATIC_POLICY to use 'critical' string - Use PolicySeverity.CRITICAL/HIGH in request builders - Fix UpdateStaticPolicyRequest assertions * fix(tests): fix mock response formats and severity type - Use wrapped response format for list and effective APIs - Change 'results' to 'matches' in testPattern mock - Use PolicySeverity.MEDIUM for default severity assertion
saurabhjain1592
added a commit
that referenced
this pull request
Jun 16, 2026
…orkflow perms + example SDK bump Three security alerts on axonflow-sdk-java: 1. CodeQL java/insecure-trustmanager (#8, high) at HttpClientFactory.java. The trust-all path is an intentional, double-gated development escape hatch for self-signed certs (requires BOTH insecureSkipVerify(true) AND AXONFLOW_INSECURE_TLS env var). Rather than remove the dev affordance, this adds a hard production guard: when a production-like deployment environment is detected (ENVIRONMENT / AXONFLOW_ENVIRONMENT / APP_ENV / SPRING_PROFILES_ACTIVE / NODE_ENV / ... carrying a 'prod'/'production' token), the insecure path is REFUSED outright, TLS verification stays enabled, and a SECURITY error is logged naming the signalling variable. New tests prove the guard PREVENTS the insecure path (not just logs), handles compound values (prod,metrics), and does not false-positive on non-production values. Alert to be dismissed-by-design on #2711 now that the production path is belt-and-suspenders hardened. Real code change -> VERSION bumped 8.5.0 -> 8.5.1 + CHANGELOG. 2. CodeQL actions/missing-workflow-permissions (#9, med) on heartbeat-real-stack.yml: added a top-level least-privilege 'permissions: contents: read' block (workflow only checks out + tests). Block kept identical to the axonflow-sdk-typescript fix for coherence. 3. Dependabot #2 (med): examples/wcp-retry-idempotency/pom.xml pinned a stale com.getaxonflow:axonflow-sdk 5.5.0 (vulnerable < 6.0.0); bumped to the current released 8.5.0. Refs getaxonflow/axonflow-enterprise#2711 Signed-off-by: Saurabh Jain <saurabh.jain@getaxonflow.com>
saurabhjain1592
added a commit
that referenced
this pull request
Jun 16, 2026
…orkflow perms + example SDK bump (#193) Three security alerts on axonflow-sdk-java: 1. CodeQL java/insecure-trustmanager (#8, high) at HttpClientFactory.java. The trust-all path is an intentional, double-gated development escape hatch for self-signed certs (requires BOTH insecureSkipVerify(true) AND AXONFLOW_INSECURE_TLS env var). Rather than remove the dev affordance, this adds a hard production guard: when a production-like deployment environment is detected (ENVIRONMENT / AXONFLOW_ENVIRONMENT / APP_ENV / SPRING_PROFILES_ACTIVE / NODE_ENV / ... carrying a 'prod'/'production' token), the insecure path is REFUSED outright, TLS verification stays enabled, and a SECURITY error is logged naming the signalling variable. New tests prove the guard PREVENTS the insecure path (not just logs), handles compound values (prod,metrics), and does not false-positive on non-production values. Alert to be dismissed-by-design on #2711 now that the production path is belt-and-suspenders hardened. Real code change -> VERSION bumped 8.5.0 -> 8.5.1 + CHANGELOG. 2. CodeQL actions/missing-workflow-permissions (#9, med) on heartbeat-real-stack.yml: added a top-level least-privilege 'permissions: contents: read' block (workflow only checks out + tests). Block kept identical to the axonflow-sdk-typescript fix for coherence. 3. Dependabot #2 (med): examples/wcp-retry-idempotency/pom.xml pinned a stale com.getaxonflow:axonflow-sdk 5.5.0 (vulnerable < 6.0.0); bumped to the current released 8.5.0. Refs getaxonflow/axonflow-enterprise#2711 Signed-off-by: Saurabh Jain <saurabh.jain@getaxonflow.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add comprehensive policy management methods to the Java SDK as part of the Unified Policy Architecture v2.0.0 (Phase 10 - SDKs).
Static Policies
listStaticPolicies()with filtering optionsgetStaticPolicy(),createStaticPolicy(),updateStaticPolicy()deleteStaticPolicy(),toggleStaticPolicy()getEffectiveStaticPolicies(),testPattern(),getStaticPolicyVersions()Policy Overrides (Enterprise)
createPolicyOverride(),getPolicyOverride(),deletePolicyOverride()Dynamic Policies
listDynamicPolicies()with filtering optionsgetDynamicPolicy(),createDynamicPolicy(),updateDynamicPolicy()deleteDynamicPolicy(),toggleDynamicPolicy()getEffectiveDynamicPolicies()New Types (in PolicyTypes.java)
PolicyCategory,PolicyTier,PolicyAction,OverrideActionenumsStaticPolicy,DynamicPolicy,PolicyOverrideclassesTest Plan
Part of: Epic #724 - Unified Policy Architecture v2.0.0