@@ -156,4 +156,80 @@ private double calculateComplianceScore(ATPLPolicy policy, Map<String, Object> a
156156
157157 return Math .min (100.0 , baseScore );
158158 }
159+
160+ @ PostMapping ("/test-endpoint" )
161+ @ LimitAccess (applicationAccess = {ApplicationAccessEnum .CAN_MANAGE_APPLICATION })
162+ public ResponseEntity <?> testEndpointAccess (@ RequestBody Map <String , Object > testRequest ) {
163+ try {
164+ String policyId = (String ) testRequest .get ("policy_id" );
165+ String method = (String ) testRequest .get ("method" );
166+ String path = (String ) testRequest .get ("path" );
167+
168+ if (policyId == null || method == null || path == null ) {
169+ return ResponseEntity .badRequest ().body ("policy_id, method, and path are required" );
170+ }
171+
172+ ATPLPolicy policy = policyService .getPolicy (policyId );
173+ if (policy == null ) {
174+ return ResponseEntity .status (HttpStatus .NOT_FOUND ).body ("Policy not found" );
175+ }
176+
177+ // Simulate endpoint access test
178+ Map <String , Object > testResult = new HashMap <>();
179+ testResult .put ("policy_id" , policyId );
180+ testResult .put ("method" , method );
181+ testResult .put ("path" , path );
182+ testResult .put ("allowed" , true ); // Simplified - would need actual endpoint matching logic
183+ testResult .put ("reason" , "Endpoint access allowed by policy" );
184+ testResult .put ("timestamp" , System .currentTimeMillis ());
185+
186+ log .info ("Tested endpoint access for policy: {} - {} {}" , policyId , method , path );
187+ return ResponseEntity .ok (testResult );
188+
189+ } catch (Exception e ) {
190+ log .error ("Error testing endpoint access" , e );
191+ return ResponseEntity .status (HttpStatus .INTERNAL_SERVER_ERROR )
192+ .body ("Test error: " + e .getMessage ());
193+ }
194+ }
195+
196+ @ GetMapping ("/templates" )
197+ @ LimitAccess (applicationAccess = {ApplicationAccessEnum .CAN_MANAGE_APPLICATION })
198+ public ResponseEntity <?> getPolicyTemplates () {
199+ try {
200+ Map <String , Object > templates = new HashMap <>();
201+
202+ // Web server template
203+ Map <String , Object > webServer = new HashMap <>();
204+ webServer .put ("name" , "Web Server Policy" );
205+ webServer .put ("description" , "Policy for web servers with basic HTTP access" );
206+ webServer .put ("trust_score_minimum" , 70 );
207+ webServer .put ("endpoints" , List .of (
208+ Map .of ("method" , "GET" , "path" , "/" , "action" , "allow" , "description" , "Home page" ),
209+ Map .of ("method" , "GET" , "path" , "/static/*" , "action" , "allow" , "description" , "Static assets" ),
210+ Map .of ("method" , "GET" , "path" , "/health" , "action" , "allow" , "description" , "Health check" )
211+ ));
212+
213+ // API service template
214+ Map <String , Object > apiService = new HashMap <>();
215+ apiService .put ("name" , "API Service Policy" );
216+ apiService .put ("description" , "Policy for REST API services" );
217+ apiService .put ("trust_score_minimum" , 80 );
218+ apiService .put ("endpoints" , List .of (
219+ Map .of ("method" , "GET" , "path" , "/api/v1/*" , "action" , "allow" , "description" , "API endpoints" ),
220+ Map .of ("method" , "POST" , "path" , "/api/v1/*" , "action" , "allow" , "description" , "API creation" ),
221+ Map .of ("method" , "GET" , "path" , "/docs" , "action" , "allow" , "description" , "API documentation" )
222+ ));
223+
224+ templates .put ("web-server" , webServer );
225+ templates .put ("api-service" , apiService );
226+
227+ return ResponseEntity .ok (templates );
228+
229+ } catch (Exception e ) {
230+ log .error ("Error getting policy templates" , e );
231+ return ResponseEntity .status (HttpStatus .INTERNAL_SERVER_ERROR )
232+ .body ("Error getting templates: " + e .getMessage ());
233+ }
234+ }
159235}
0 commit comments