Adding policy schema validation check

Issue-ID: CCSDK-3996
Change-Id: I27cbdda829d55f963f80fe1316d838f531f67eb5
Signed-off-by: saul.gill <saul.gill@est.tech>

a1-policy-management/config/application.yaml

@@ -3,7 +3,7 @@
 # ONAP : ccsdk oran
 # ================================================================================
 # Copyright (C) 2020-2023 Nordix Foundation. All rights reserved.
-# Copyright (C) 2024-2025 OpenInfra Foundation Europe. All rights reserved.
+# Modifications Copyright (C) 2024-2025 OpenInfra Foundation Europe. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -58,6 +58,8 @@ app:
     trust-store: /opt/app/policy-agent/etc/cert/truststore.jks
   # path where the service can store data. This parameter is not relevant if S3 Object store is configured.
   vardata-directory: /var/policy-management-service
+  # Options for schema validation of the policy and policy status. Options: NONE, INFO, WARN, FAIL
+  validate-policy-instance-schema: NONE
 lifecycle:
   timeout-per-shutdown-phase: "20s"
 logging:

a1-policy-management/src/main/java/org/onap/ccsdk/oran/a1policymanagementservice/configuration/ApplicationConfig.java

@@ -3,7 +3,7 @@
  * ONAP : ccsdk oran
  * ======================================================================
  * Copyright (C) 2019-2020 Nordix Foundation. All rights reserved.
- * Copyright (C) 2023-2024 OpenInfra Foundation Europe. All rights reserved.
+ * Modifications Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
  * ======================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,20 +22,16 @@
 package org.onap.ccsdk.oran.a1policymanagementservice.configuration;
 
 import com.google.common.base.Strings;
-
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
-
 import lombok.Getter;
 import lombok.Setter;
-
 import org.onap.ccsdk.oran.a1policymanagementservice.configuration.WebClientConfig.HttpProxyConfig;
 import org.onap.ccsdk.oran.a1policymanagementservice.exceptions.ServiceException;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
-
 import reactor.core.publisher.Flux;
 import reactor.netty.transport.ProxyProvider;
 
@@ -110,6 +106,18 @@ public class ApplicationConfig {
     @Value("${app.database-enabled:}")
     private boolean databaseEnabled;
 
+    public enum ValidateSchema {
+        NONE,
+        INFO,
+        WARN,
+        FAIL
+    }
+
+    @Getter
+    @Setter
+    @Value("${app.validate-policy-instance-schema:NONE}")
+    private ValidateSchema validatePolicyInstanceSchema;
+
     private Map<String, RicConfig> ricConfigs = new HashMap<>();
 
     private WebClientConfig webClientConfig = null;

a1-policy-management/src/main/java/org/onap/ccsdk/oran/a1policymanagementservice/service/v3/PolicyService.java

@@ -70,6 +70,8 @@ public class PolicyService {
             Ric ric = rics.getRic(policyObjectInfo.getNearRtRicId());
             PolicyType policyType = policyTypes.getType(policyObjectInfo.getPolicyTypeId());
             Policy policy = helper.buildPolicy(policyObjectInfo, policyType, ric, helper.policyIdGeneration(policyObjectInfo), serverWebExchange);
+            if (Boolean.FALSE.equals(helper.performPolicySchemaValidation(policy, policyType)))
+                return Mono.error(new ServiceException("Policy Type Schema validation failed in create", HttpStatus.BAD_REQUEST));
             return helper.isPolicyAlreadyCreated(policy,policies)
                     .doOnError(errorHandlingService::handleError)
                     .flatMap(policyBuilt -> authorizationService.authCheck(serverWebExchange, policy, AccessType.WRITE)
@@ -105,6 +107,9 @@ public Mono<ResponseEntity<Object>> putPolicyService(String policyId, Object bod
             PolicyObjectInformation pos =
                     new PolicyObjectInformation(existingPolicy.getRic().getConfig().getRicId(), body, existingPolicy.getType().getId());
             Policy updatedPolicy = helper.buildPolicy(pos, existingPolicy.getType(), existingPolicy.getRic(), policyId, exchange);
+            PolicyType policyType = policyTypes.getType(pos.getPolicyTypeId());
+            if (Boolean.FALSE.equals(helper.performPolicySchemaValidation(updatedPolicy, policyType)))
+                return Mono.error(new ServiceException("Policy Type Schema validation failed in update", HttpStatus.BAD_REQUEST));
             Ric ric = existingPolicy.getRic();
             return authorizationService.authCheck(exchange, updatedPolicy, AccessType.WRITE)
                     .doOnError(errorHandlingService::handleError)

a1-policy-management/src/main/java/org/onap/ccsdk/oran/a1policymanagementservice/util/v3/Helper.java

@@ -2,7 +2,7 @@
  * ========================LICENSE_START=================================
  * ONAP : ccsdk oran
  * ======================================================================
- * Copyright (C) 2024 OpenInfra Foundation Europe. All rights reserved.
+ * Copyright (C) 2024-2025 OpenInfra Foundation Europe. All rights reserved.
  * ======================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,9 @@
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import lombok.RequiredArgsConstructor;
+import org.everit.json.schema.loader.SchemaLoader;
+import org.json.JSONObject;
+import org.onap.ccsdk.oran.a1policymanagementservice.configuration.ApplicationConfig;
 import org.onap.ccsdk.oran.a1policymanagementservice.exceptions.ServiceException;
 import org.onap.ccsdk.oran.a1policymanagementservice.models.v3.PolicyInformation;
 import org.onap.ccsdk.oran.a1policymanagementservice.models.v3.PolicyObjectInformation;
@@ -50,6 +53,8 @@
 @RequiredArgsConstructor
 public class Helper {
 
+    private final ApplicationConfig applicationConfig;
+
     @Autowired
     private TokenService tokenService;
 
@@ -105,6 +110,53 @@ public Boolean jsonSchemaValidation(Object jsonObject) {
         return true;
     }
 
+    private boolean policyTypeSchemaValidation(Policy policy, PolicyType policyType) {
+        try {
+            JSONObject schemaJson = new JSONObject(policyType.getSchema());
+            var schema = SchemaLoader.load(schemaJson);
+            JSONObject policyJson = new JSONObject(policy.getJson());
+
+            // PUT request body is not automatically deserialized - so we manually extract the desired policy object
+            if (policyJson.has("policyObject")) {
+                policyJson = policyJson.getJSONObject("policyObject");
+            }
+
+            schema.validate(policyJson);
+            logger.info("Policy type schema validation successful");
+            return true; // Validation passed
+        } catch (Exception e) {
+            logger.error("Policy type schema validation failed", e);
+            return false; // Validation failed
+        }
+    }
+
+    public Boolean performPolicySchemaValidation(Policy policy, PolicyType policyType) {
+
+        switch (applicationConfig.getValidatePolicyInstanceSchema()) {
+            case INFO:
+                if (policyTypeSchemaValidation(policy, policyType)) {
+                    return true;
+                }
+                logger.info("Policy Schema validation failed but not enforced.");
+                return true;
+            case WARN:
+                if (policyTypeSchemaValidation(policy, policyType)) {
+                    return true;
+                }
+                logger.warn("Policy Schema validation failed but not enforced.");
+                return true;
+            case FAIL:
+                if (policyTypeSchemaValidation(policy, policyType)) {
+                    return true;
+                }
+                logger.error("Policy Schema validation failed.");
+                return false;
+            default:
+                logger.info("Policy schema validation disabled.");
+                return true;
+        }
+    }
+
     public String policyIdGeneration(PolicyObjectInformation policyObjectInfo) {
         if (policyObjectInfo.getPolicyId() == null || policyObjectInfo.getPolicyId().isEmpty() ||
                 policyObjectInfo.getPolicyId().isBlank())