wso2 · AnuGayan · Jan 29, 2025 · Jan 29, 2025 · Jan 29, 2025
@@ -149,6 +149,8 @@ public enum GovernanceExceptionCodes implements ErrorHandler {
             " to pending.", 500, "Error while changing processing requests to pending",
             true),
 
+    ARTIFACT_NOT_FOUND(501009, "Artifact not found.", 404, "Artifact not found for artifact: %s in the organization: %s"),
+
     // Governance Results related codes
 
     ERROR_WHILE_SAVING_GOVERNANCE_RESULT(601001, "Error while saving governance result.", 500, "Error while saving " +

@@ -46,8 +46,9 @@ boolean isPoliciesWithBlockingActionExist(String artifactId, ArtifactType artifa
 
     /**
      * Evaluate compliance of the artifact asynchronously
-     * @param artifactId Artifact ID
-     * @param artifactType Artifact type (ArtifactType.API)
+     *
+     * @param artifactId   Artifact ID
+     * @param artifactType Artifact type (ArtifactType.REST_API)
      * @param state        State at which artifact should be governed (CREATE, UPDATE, DEPLOY, PUBLISH)
      * @param organization Organization
      * @throws GovernanceException If an error occurs while evaluating compliance
@@ -61,13 +62,15 @@ void evaluateComplianceAsync(String artifactId, ArtifactType artifactType,
      * Evaluate compliance of the artifact synchronously
      *
      * @param artifactId             Artifact ID
-     * @param artifactType           Artifact type (ArtifactType.API)
+     * @param artifactType           Artifact type (ArtifactType.REST_API)
      * @param state                  State at which artifact should be governed (CREATE, UPDATE, DEPLOY, PUBLISH)
      * @param artifactProjectContent This is a map of RuleType and String which contains the content of the artifact
      *                               project. This is used to evaluate the compliance of the artifact.
      *                               API_METADATA --> api.yaml content
      *                               API_DEFINITION --> api definition content
      *                               API_DOCUMENTATION --> api documentation content
+     *                               <p>
+     *                               If no content is specified content fetched from DB
      * @param organization           Organization
      * @return ArtifactComplianceInfo object
      * @throws GovernanceException If an error occurs while evaluating compliance
@@ -77,13 +80,37 @@ ArtifactComplianceInfo evaluateComplianceSync(String artifactId, ArtifactType ar
                                                   String organization) throws GovernanceException;
 
 
+    /**
+     * Evaluate compliance of the artifact synchronously
+     *
+     * @param artifactId   Artifact ID
+     * @param artifactType Artifact type (ArtifactType.REST_API)
+     * @param state        State at which artifact should be governed (CREATE, UPDATE, DEPLOY, PUBLISH)
+     * @param organization Organization
+     * @return ArtifactComplianceInfo object
+     * @throws GovernanceException If an error occurs while evaluating compliance
+     */
+    ArtifactComplianceInfo evaluateComplianceSync(String artifactId, ArtifactType artifactType,
+                                                  GovernableState state, String organization) throws GovernanceException;
+
+    /**
+     * Handle artifact label attach
+     *
+     * @param artifactId   Artifact ID
+     * @param artifactType Artifact type (ArtifactType.REST_API, etc)
+     * @param label        ID of the label to be attached
+     * @param organization Organization
+     * @throws GovernanceException If an error occurs while attaching the label
+     */
+    void evaluateComplianceOnLabelAttach(String artifactId, ArtifactType artifactType, String label,
+                                         String organization)
+            throws GovernanceException;
+
     /**
      * Delete all governance data related to the artifact
      *
      * @param artifactId Artifact ID
      * @throws GovernanceException If an error occurs while clearing the compliance information
      */
     void clearArtifactComplianceInfo(String artifactId) throws GovernanceException;
-
-
 }
@@ -482,17 +482,37 @@ public ArtifactComplianceInfo handleComplianceEvaluationSync(String artifactId,
                 .getValidationEngineService().getValidationEngine();
         ArtifactComplianceInfo artifactComplianceInfo = new ArtifactComplianceInfo();
 
-        if (artifactProjectContent == null || artifactProjectContent.isEmpty()) {
-            log.warn("No content found in the artifact project for artifact ID: " + artifactId);
-            return artifactComplianceInfo;
-        }
-
         // Check if artifact is SOAP or GRAPHQL TODO: Support SOAP and GraphQL
         if (ArtifactType.SOAP_API.equals(artifactType) || ArtifactType.GRAPHQL_API.equals(artifactType)) {
             log.warn("Artifact type " + artifactType + " not supported for artifact ID: " + artifactId + " " +
                     ". Skipping governance evaluation");
             return artifactComplianceInfo;
         }
+
+        if (artifactProjectContent == null || artifactProjectContent.isEmpty()) {
+            if (log.isDebugEnabled()) {
+                log.debug("No content found in the artifact project for artifact ID: " + artifactId +
+                        ". Loading content from DB.");
+            }
+
+            byte[] project = GovernanceUtil.getArtifactProject(artifactId, artifactType, organization);
+
+            if (project == null) {
+                log.warn("No content found in the artifact project for artifact ID: " + artifactId);
+                return artifactComplianceInfo;
+            }
+
+            // Only extract content if the artifact type requires it.
+            if (ArtifactType.isArtifactAPI(artifactType)) {
+                artifactProjectContent = APIMUtil.extractAPIProjectContent(project, artifactId, artifactType);
+            }
+
+            if (artifactProjectContent == null || artifactProjectContent.isEmpty()) {
+                log.warn("No content found in the artifact project for artifact ID: " + artifactId);
+                return artifactComplianceInfo;
+            }
+        }
+
         for (String policyId : govPolicies) {
             GovernancePolicy policy = policyMgtDAO.getGovernancePolicyByID(policyId);
             List<Ruleset> rulesets = policyMgtDAO.getRulesetsByPolicyId(policyId);

@@ -21,15 +21,19 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.osgi.service.component.annotations.Component;
+import org.wso2.carbon.apimgt.governance.api.ComplianceManager;
+import org.wso2.carbon.apimgt.governance.api.PolicyManager;
 import org.wso2.carbon.apimgt.governance.api.error.GovernanceException;
 import org.wso2.carbon.apimgt.governance.api.model.ArtifactComplianceInfo;
 import org.wso2.carbon.apimgt.governance.api.model.ArtifactType;
 import org.wso2.carbon.apimgt.governance.api.model.GovernableState;
 import org.wso2.carbon.apimgt.governance.api.model.RuleType;
 import org.wso2.carbon.apimgt.governance.api.service.APIMGovernanceService;
 import org.wso2.carbon.apimgt.governance.impl.ComplianceManagerImpl;
+import org.wso2.carbon.apimgt.governance.impl.PolicyManagerImpl;
 import org.wso2.carbon.apimgt.governance.impl.util.GovernanceUtil;
 
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 
@@ -40,10 +44,12 @@
 )
 public class APIMGovernanceServiceImpl implements APIMGovernanceService {
     private static final Log log = LogFactory.getLog(APIMGovernanceServiceImpl.class);
-    private ComplianceManagerImpl complianceManager;
+    private final ComplianceManager complianceManager;
+    private final PolicyManager policyManager;
 
     public APIMGovernanceServiceImpl() {
         complianceManager = new ComplianceManagerImpl();
+        policyManager = new PolicyManagerImpl();
     }
 
     /**
@@ -97,13 +103,16 @@ public void evaluateComplianceAsync(String artifactId, ArtifactType artifactType
      *
      * @param artifactId             Artifact ID
      * @param artifactType           Artifact type (ArtifactType.REST_API) , Needs to be specific ,
-     *                               DO NOT USE  use ArtifactType.API
+     *                               DO NOT USE ArtifactType.API
      * @param state                  State at which artifact should be governed (CREATE, UPDATE, DEPLOY, PUBLISH)
      * @param artifactProjectContent This is a map of RuleType and String which contains the content of the artifact
      *                               project. This is used to evaluate the compliance of the artifact.
      *                               API_METADATA --> api.yaml content
      *                               API_DEFINITION --> api definition content
-     *                               API_DOCUMENTATION --> api documentation content
+     *                               API_DOCUMENTATION --> api documentation content.
+     *
+     *                               If not provided the details will be taken from DB
+     *
      * @param organization           Organization
      * @return ArtifactComplianceInfo object
      * @throws GovernanceException If an error occurs while evaluating compliance
@@ -125,6 +134,44 @@ public ArtifactComplianceInfo evaluateComplianceSync(String artifactId, Artifact
         return artifactComplianceInfo;
     }
 
+    /**
+     * Evaluate compliance of the artifact synchronously
+     *
+     * @param artifactId   Artifact ID
+     * @param artifactType Artifact type (ArtifactType.REST_API)
+     * @param state        State at which artifact should be governed (CREATE, UPDATE, DEPLOY, PUBLISH)
+     * @param organization Organization
+     * @return ArtifactComplianceInfo object
+     * @throws GovernanceException If an error occurs while evaluating compliance
+     */
+    @Override
+    public ArtifactComplianceInfo evaluateComplianceSync(String artifactId, ArtifactType artifactType,
+                                                         GovernableState state, String organization)
+            throws GovernanceException {
+        return evaluateComplianceSync(artifactId, artifactType, state, null, organization);
+    }
+
+    /**
+     * Handle artifact label attach
+     *
+     * @param artifactId   Artifact ID
+     * @param artifactType Artifact type (ArtifactType.REST_API) , Needs to be specific ,
+     *                     DO NOT USE ArtifactType.API
+     * @param label        ID of the label to be attached
+     * @param organization Organization
+     * @throws GovernanceException If an error occurs while attaching the label
+     */
+    @Override
+    public void evaluateComplianceOnLabelAttach(String artifactId, ArtifactType artifactType,
+                                                String label, String organization) throws GovernanceException {
+
+        List<String> applicablePolicyIds = new ArrayList<>(policyManager.getPoliciesByLabel(label,
+                organization).keySet());
+
+        complianceManager.handleComplianceEvaluationAsync(artifactId, artifactType, applicablePolicyIds, organization);
+
+    }
+
     /**
      * Delete all governance data related to the artifact
      *

@@ -372,6 +372,8 @@ public static boolean isBlockingActionsPresent(List<String> policyIds, Governabl
      * @return boolean
      */
     public static boolean isArtifactAvailable(String artifactId, ArtifactType artifactType) {
+        artifactType = artifactType != null ? artifactType : ArtifactType.API;
+
         boolean isArtifactAPI = ArtifactType.isArtifactAPI(artifactType);
 
         // Check if artifact exists in APIM

@@ -59,6 +59,10 @@ public Response getArtifactComplianceByArtifactId(String artifactId, MessageCont
         ComplianceManager complianceManager = new ComplianceManagerImpl();
         String organization = GovernanceAPIUtil.getValidatedOrganization(messageContext);
 
+        if (!GovernanceUtil.isArtifactAvailable(artifactId, null)) {
+            throw new GovernanceException(GovernanceExceptionCodes.ARTIFACT_NOT_FOUND, artifactId, organization);
+        }
+
         // Get artifact type (API or other)
         ArtifactType artifactType = GovernanceUtil.getParentArtifactType(artifactId);
 
@@ -378,7 +382,7 @@ public Response getArtifactComplianceSummary(String artifactTypeString,
         ArtifactComplianceSummaryDTO summaryDTO = ResultsMappingUtil.getArtifactComplianceSummary(
                 totalArtifactsCount, compliantArtifactCount, nonCompliantArtifactCount);
         summaryDTO.setArtifactType(ArtifactComplianceSummaryDTO.ArtifactTypeEnum.fromValue(artifactTypeString));
-        
+
         return Response.ok().entity(summaryDTO).build();
     }
 

@@ -1614,7 +1614,6 @@ components:
             apim:gov_rule_manage: Manage governance rulesets
             apim:gov_policy_read: Read governance policies
             apim:gov_policy_manage: Manage governance policies
-            apim:gov_evaluate_compliance: Evaluate governance compliance
             apim:gov_result_read: Read governance results
   parameters:
     artifactId:

@@ -2,7 +2,6 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import io.swagger.v3.core.util.Json;
-
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.Operation;
 import io.swagger.v3.oas.models.PathItem;
@@ -18,7 +17,13 @@
 import org.joda.time.DateTime;
 import org.joda.time.format.DateTimeFormatter;
 import org.joda.time.format.ISODateTimeFormat;
-import org.wso2.carbon.apimgt.api.*;
+import org.wso2.carbon.apimgt.api.APIConsumer;
+import org.wso2.carbon.apimgt.api.APIDefinition;
+import org.wso2.carbon.apimgt.api.APIManagementException;
+import org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException;
+import org.wso2.carbon.apimgt.api.APIProvider;
+import org.wso2.carbon.apimgt.api.ExceptionCodes;
+import org.wso2.carbon.apimgt.api.OAuthTokenInfo;
 import org.wso2.carbon.apimgt.api.model.API;
 import org.wso2.carbon.apimgt.api.model.APIIdentifier;
 import org.wso2.carbon.apimgt.api.model.Scope;
@@ -36,11 +41,11 @@
 import java.util.Arrays;
 import java.util.Date;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
-import java.util.UUID;
 import java.util.Set;
-import java.util.HashSet;
+import java.util.UUID;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;