Skip to content

feat(policies): add Policy CRUD methods for Unified Policy Architecture#9

Merged
saurabhjain1592 merged 7 commits into
mainfrom
feat/policy-crud
Dec 24, 2025
Merged

feat(policies): add Policy CRUD methods for Unified Policy Architecture#9
saurabhjain1592 merged 7 commits into
mainfrom
feat/policy-crud

Conversation

@saurabhjain1592

Copy link
Copy Markdown
Member

Summary

Add comprehensive policy management methods to the Java SDK as part of the Unified Policy Architecture v2.0.0 (Phase 10 - SDKs).

Static Policies

  • listStaticPolicies() with filtering options
  • getStaticPolicy(), createStaticPolicy(), updateStaticPolicy()
  • deleteStaticPolicy(), toggleStaticPolicy()
  • getEffectiveStaticPolicies(), testPattern(), getStaticPolicyVersions()

Policy Overrides (Enterprise)

  • createPolicyOverride(), getPolicyOverride(), deletePolicyOverride()

Dynamic Policies

  • listDynamicPolicies() with filtering options
  • getDynamicPolicy(), createDynamicPolicy(), updateDynamicPolicy()
  • deleteDynamicPolicy(), toggleDynamicPolicy()
  • getEffectiveDynamicPolicies()

New Types (in PolicyTypes.java)

  • PolicyCategory, PolicyTier, PolicyAction, OverrideAction enums
  • StaticPolicy, DynamicPolicy, PolicyOverride classes
  • Request types with Builder pattern
  • Options types with Builder pattern

Test Plan

  • All 38 policy tests passing with WireMock
  • Verify against live API with manual testing

Part of: Epic #724 - Unified Policy Architecture v2.0.0

Add comprehensive policy management methods to the Java SDK as part of
the Unified Policy Architecture v2.0.0 (Phase 10 - SDKs).

Static Policies:
- listStaticPolicies() with filtering options
- getStaticPolicy(), createStaticPolicy(), updateStaticPolicy()
- deleteStaticPolicy(), toggleStaticPolicy()
- getEffectiveStaticPolicies(), testPattern(), getStaticPolicyVersions()

Policy Overrides (Enterprise):
- createPolicyOverride(), getPolicyOverride(), deletePolicyOverride()

Dynamic Policies:
- listDynamicPolicies() with filtering options
- getDynamicPolicy(), createDynamicPolicy(), updateDynamicPolicy()
- deleteDynamicPolicy(), toggleDynamicPolicy()
- getEffectiveDynamicPolicies()

New types in PolicyTypes.java:
- PolicyCategory, PolicyTier, PolicyAction, OverrideAction enums
- StaticPolicy, DynamicPolicy, PolicyOverride models
- CreateStaticPolicyRequest, UpdateStaticPolicyRequest builders
- CreateDynamicPolicyRequest, UpdateDynamicPolicyRequest builders
- ListStaticPoliciesOptions, ListDynamicPoliciesOptions
- TestPatternResult, PolicyVersion

Tests: 38 tests covering all methods and type validation

Part of: Epic #724 - Unified Policy Architecture v2.0.0
- Remove getPolicyOverride() method (no GET endpoint in backend)
- Change /api/v1/dynamic-policies to /api/v1/policies for all dynamic policy methods
- Update tests to reflect API changes
- Fix testPattern endpoint from /test-pattern to /test
- Add sortBy, sortOrder, search fields to ListDynamicPoliciesOptions
- Update buildDynamicPolicyQueryString to use new fields
…eader

- Add PolicySeverity enum (critical/high/medium/low)
- Change severity from int to PolicySeverity in StaticPolicy, CreateStaticPolicyRequest, UpdateStaticPolicyRequest
- Add tier field to CreateStaticPolicyRequest with default TENANT
- Fix TestPatternResult to use 'matches' instead of 'results'
- Add pattern and inputs fields to TestPatternResult
- Fix testPattern to send 'inputs' instead of 'test_inputs'
- Add X-Tenant-ID header for policy APIs using clientId
- Add StaticPoliciesResponse and EffectivePoliciesResponse wrappers
- Fix listStaticPolicies to parse {policies: []} wrapper response
- Fix getEffectiveStaticPolicies to parse {static: [], dynamic: []} wrapper
- Update SAMPLE_STATIC_POLICY to use 'critical' string
- Use PolicySeverity.CRITICAL/HIGH in request builders
- Fix UpdateStaticPolicyRequest assertions
- Use wrapped response format for list and effective APIs
- Change 'results' to 'matches' in testPattern mock
- Use PolicySeverity.MEDIUM for default severity assertion
@saurabhjain1592 saurabhjain1592 merged commit 5314fd8 into main Dec 24, 2025
9 checks passed
saurabhjain1592 added a commit that referenced this pull request Jan 6, 2026
…re (#9)

* feat(policies): add Policy CRUD methods for Unified Policy Architecture

Add comprehensive policy management methods to the Java SDK as part of
the Unified Policy Architecture v2.0.0 (Phase 10 - SDKs).

Static Policies:
- listStaticPolicies() with filtering options
- getStaticPolicy(), createStaticPolicy(), updateStaticPolicy()
- deleteStaticPolicy(), toggleStaticPolicy()
- getEffectiveStaticPolicies(), testPattern(), getStaticPolicyVersions()

Policy Overrides (Enterprise):
- createPolicyOverride(), getPolicyOverride(), deletePolicyOverride()

Dynamic Policies:
- listDynamicPolicies() with filtering options
- getDynamicPolicy(), createDynamicPolicy(), updateDynamicPolicy()
- deleteDynamicPolicy(), toggleDynamicPolicy()
- getEffectiveDynamicPolicies()

New types in PolicyTypes.java:
- PolicyCategory, PolicyTier, PolicyAction, OverrideAction enums
- StaticPolicy, DynamicPolicy, PolicyOverride models
- CreateStaticPolicyRequest, UpdateStaticPolicyRequest builders
- CreateDynamicPolicyRequest, UpdateDynamicPolicyRequest builders
- ListStaticPoliciesOptions, ListDynamicPoliciesOptions
- TestPatternResult, PolicyVersion

Tests: 38 tests covering all methods and type validation

Part of: Epic #724 - Unified Policy Architecture v2.0.0

* fix: correct API endpoints and remove non-existent getPolicyOverride

- Remove getPolicyOverride() method (no GET endpoint in backend)
- Change /api/v1/dynamic-policies to /api/v1/policies for all dynamic policy methods
- Update tests to reflect API changes

* fix: code review fixes for policy CRUD

- Fix testPattern endpoint from /test-pattern to /test
- Add sortBy, sortOrder, search fields to ListDynamicPoliciesOptions
- Update buildDynamicPolicyQueryString to use new fields

* fix(policies): fix severity type, response parsing, and X-Tenant-ID header

- Add PolicySeverity enum (critical/high/medium/low)
- Change severity from int to PolicySeverity in StaticPolicy, CreateStaticPolicyRequest, UpdateStaticPolicyRequest
- Add tier field to CreateStaticPolicyRequest with default TENANT
- Fix TestPatternResult to use 'matches' instead of 'results'
- Add pattern and inputs fields to TestPatternResult
- Fix testPattern to send 'inputs' instead of 'test_inputs'
- Add X-Tenant-ID header for policy APIs using clientId
- Add StaticPoliciesResponse and EffectivePoliciesResponse wrappers
- Fix listStaticPolicies to parse {policies: []} wrapper response
- Fix getEffectiveStaticPolicies to parse {static: [], dynamic: []} wrapper

* fix(tests): change getResults() to getMatches() in TestPatternResult

* fix(tests): use PolicySeverity enum instead of integers

- Update SAMPLE_STATIC_POLICY to use 'critical' string
- Use PolicySeverity.CRITICAL/HIGH in request builders
- Fix UpdateStaticPolicyRequest assertions

* fix(tests): fix mock response formats and severity type

- Use wrapped response format for list and effective APIs
- Change 'results' to 'matches' in testPattern mock
- Use PolicySeverity.MEDIUM for default severity assertion
@saurabhjain1592 saurabhjain1592 deleted the feat/policy-crud branch January 11, 2026 20:59
saurabhjain1592 added a commit that referenced this pull request Jun 16, 2026
…orkflow perms + example SDK bump

Three security alerts on axonflow-sdk-java:

1. CodeQL java/insecure-trustmanager (#8, high) at HttpClientFactory.java.
   The trust-all path is an intentional, double-gated development escape
   hatch for self-signed certs (requires BOTH insecureSkipVerify(true) AND
   AXONFLOW_INSECURE_TLS env var). Rather than remove the dev affordance,
   this adds a hard production guard: when a production-like deployment
   environment is detected (ENVIRONMENT / AXONFLOW_ENVIRONMENT / APP_ENV /
   SPRING_PROFILES_ACTIVE / NODE_ENV / ... carrying a 'prod'/'production'
   token), the insecure path is REFUSED outright, TLS verification stays
   enabled, and a SECURITY error is logged naming the signalling variable.
   New tests prove the guard PREVENTS the insecure path (not just logs),
   handles compound values (prod,metrics), and does not false-positive on
   non-production values. Alert to be dismissed-by-design on #2711 now that
   the production path is belt-and-suspenders hardened. Real code change ->
   VERSION bumped 8.5.0 -> 8.5.1 + CHANGELOG.

2. CodeQL actions/missing-workflow-permissions (#9, med) on
   heartbeat-real-stack.yml: added a top-level least-privilege
   'permissions: contents: read' block (workflow only checks out + tests).
   Block kept identical to the axonflow-sdk-typescript fix for coherence.

3. Dependabot #2 (med): examples/wcp-retry-idempotency/pom.xml pinned a
   stale com.getaxonflow:axonflow-sdk 5.5.0 (vulnerable < 6.0.0); bumped to
   the current released 8.5.0.

Refs getaxonflow/axonflow-enterprise#2711

Signed-off-by: Saurabh Jain <saurabh.jain@getaxonflow.com>
saurabhjain1592 added a commit that referenced this pull request Jun 16, 2026
…orkflow perms + example SDK bump (#193)

Three security alerts on axonflow-sdk-java:

1. CodeQL java/insecure-trustmanager (#8, high) at HttpClientFactory.java.
   The trust-all path is an intentional, double-gated development escape
   hatch for self-signed certs (requires BOTH insecureSkipVerify(true) AND
   AXONFLOW_INSECURE_TLS env var). Rather than remove the dev affordance,
   this adds a hard production guard: when a production-like deployment
   environment is detected (ENVIRONMENT / AXONFLOW_ENVIRONMENT / APP_ENV /
   SPRING_PROFILES_ACTIVE / NODE_ENV / ... carrying a 'prod'/'production'
   token), the insecure path is REFUSED outright, TLS verification stays
   enabled, and a SECURITY error is logged naming the signalling variable.
   New tests prove the guard PREVENTS the insecure path (not just logs),
   handles compound values (prod,metrics), and does not false-positive on
   non-production values. Alert to be dismissed-by-design on #2711 now that
   the production path is belt-and-suspenders hardened. Real code change ->
   VERSION bumped 8.5.0 -> 8.5.1 + CHANGELOG.

2. CodeQL actions/missing-workflow-permissions (#9, med) on
   heartbeat-real-stack.yml: added a top-level least-privilege
   'permissions: contents: read' block (workflow only checks out + tests).
   Block kept identical to the axonflow-sdk-typescript fix for coherence.

3. Dependabot #2 (med): examples/wcp-retry-idempotency/pom.xml pinned a
   stale com.getaxonflow:axonflow-sdk 5.5.0 (vulnerable < 6.0.0); bumped to
   the current released 8.5.0.

Refs getaxonflow/axonflow-enterprise#2711

Signed-off-by: Saurabh Jain <saurabh.jain@getaxonflow.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant