Make subjects and resources optional on policy entries

With entry-level references, an entry can inherit subjects and resources
from referenced entries, making explicit declaration unnecessary. Both
fields now default to empty when absent from JSON.

This enables patterns like:
- Entry with only references (inherits everything)
- Entry with only subjects (shared-subjects for local references)

Updated ImmutablePolicyEntry.fromJson, OpenAPI schema, and JSON schema.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: thjaeckle

documentation/src/main/resources/jsonschema/policy.json

@@ -202,11 +202,7 @@
               },
               "example": ["subjects"]
             }
-          },
-          "required": [
-            "subjects",
-            "resources"
-          ]
+          }
         }
       }
     },

documentation/src/main/resources/openapi/ditto-api-2.yml

@@ -10730,7 +10730,10 @@ components:
           $ref: '#/components/schemas/PolicyEntry'
     PolicyEntry:
       type: object
-      description: Single policy entry containing Subjects and Resources.
+      description: |-
+        Single policy entry. Both `subjects` and `resources` are optional — they
+        default to empty when absent. An entry may define `references` to inherit
+        subjects, resources, and namespaces from other entries (local or imported).
       properties:
         subjects:
           $ref: '#/components/schemas/Subjects'
@@ -10754,9 +10757,6 @@ components:
           $ref: '#/components/schemas/AllowedImportAdditions'
         references:
           $ref: '#/components/schemas/References'
-      required:
-        - subjects
-        - resources
     Subjects:
       type: object
       description: A SubjectEntry defines who is addressed.

documentation/src/main/resources/openapi/sources/schemas/policies/policyEntry.yml

@@ -9,7 +9,10 @@
 #
 # SPDX-License-Identifier: EPL-2.0
 type: object
-description: Single policy entry containing Subjects and Resources.
+description: |-
+  Single policy entry. Both `subjects` and `resources` are optional — they
+  default to empty when absent. An entry may define `references` to inherit
+  subjects, resources, and namespaces from other entries (local or imported).
 properties:
   subjects:
     $ref: 'subjects.yml'
@@ -23,6 +26,3 @@ properties:
     $ref: 'allowedImportAdditions.yml'
   references:
     $ref: 'references.yml'
-required:
-  - subjects
-  - resources

policies/model/src/main/java/org/eclipse/ditto/policies/model/ImmutablePolicyEntry.java

@@ -28,12 +28,10 @@
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
-import org.eclipse.ditto.base.model.exceptions.DittoJsonException;
 import org.eclipse.ditto.base.model.json.JsonSchemaVersion;
 import org.eclipse.ditto.json.JsonArrayBuilder;
 import org.eclipse.ditto.json.JsonFactory;
 import org.eclipse.ditto.json.JsonField;
-import org.eclipse.ditto.json.JsonMissingFieldException;
 import org.eclipse.ditto.json.JsonObject;
 import org.eclipse.ditto.json.JsonPointer;
 import org.eclipse.ditto.json.JsonValue;
@@ -197,30 +195,24 @@ public static PolicyEntry of(final Label label, final Subjects subjects, final R
      * @return a new Policy entry which is initialised with the extracted data from {@code jsonObject}.
      * @throws NullPointerException if {@code label} or {@code jsonObject} is {@code null}.
      * @throws IllegalArgumentException if {@code label} is empty.
-     * @throws DittoJsonException if {@code jsonObject}
-     * <ul>
-     *     <li>is empty or</li>
-     *     <li>contains only a field with the schema version.</li>
-     * </ul>
+     * @throws NullPointerException if {@code jsonObject} is {@code null}.
      */
     public static PolicyEntry fromJson(final CharSequence label, final JsonObject jsonObject) {
         checkNotNull(jsonObject, "JSON object");
         final Label lbl = Label.of(label);
 
-        try {
-            final JsonObject subjectsJsonObject = jsonObject.getValueOrThrow(JsonFields.SUBJECTS);
-            final Subjects subjectsFromJson = PoliciesModelFactory.newSubjects(subjectsJsonObject);
-            final JsonObject resourcesJsonObject = jsonObject.getValueOrThrow(JsonFields.RESOURCES);
-            final Resources resourcesFromJson = PoliciesModelFactory.newResources(resourcesJsonObject);
-            final List<String> namespacesFromJson = readNamespaces(jsonObject);
-            final ImportableType importType = readImportableType(jsonObject).orElse(ImportableType.IMPLICIT);
-            final Set<AllowedImportAddition> additions = readAllowedImportAdditions(jsonObject);
-            final List<EntryReference> referencesFromJson = readReferences(jsonObject);
-            return new ImmutablePolicyEntry(lbl, subjectsFromJson, resourcesFromJson, namespacesFromJson,
-                    importType, additions, referencesFromJson);
-        } catch (final JsonMissingFieldException e) {
-            throw new DittoJsonException(e);
-        }
+        final Subjects subjectsFromJson = jsonObject.getValue(JsonFields.SUBJECTS)
+                .map(PoliciesModelFactory::newSubjects)
+                .orElseGet(PoliciesModelFactory::emptySubjects);
+        final Resources resourcesFromJson = jsonObject.getValue(JsonFields.RESOURCES)
+                .map(PoliciesModelFactory::newResources)
+                .orElseGet(PoliciesModelFactory::emptyResources);
+        final List<String> namespacesFromJson = readNamespaces(jsonObject);
+        final ImportableType importType = readImportableType(jsonObject).orElse(ImportableType.IMPLICIT);
+        final Set<AllowedImportAddition> additions = readAllowedImportAdditions(jsonObject);
+        final List<EntryReference> referencesFromJson = readReferences(jsonObject);
+        return new ImmutablePolicyEntry(lbl, subjectsFromJson, resourcesFromJson, namespacesFromJson,
+                importType, additions, referencesFromJson);
     }
 
     private static Optional<ImportableType> readImportableType(final JsonObject json) {

policies/model/src/test/java/org/eclipse/ditto/policies/model/ImmutablePolicyEntryTest.java

@@ -21,7 +21,7 @@
 import java.util.NoSuchElementException;
 import java.util.Set;
 
-import org.eclipse.ditto.base.model.exceptions.DittoJsonException;
+
 import org.eclipse.ditto.base.model.json.JsonSchemaVersion;
 import org.eclipse.ditto.json.JsonArray;
 import org.eclipse.ditto.json.JsonFactory;
@@ -64,11 +64,13 @@ public void testFromJsonWithNullLabel() {
         ImmutablePolicyEntry.fromJson(null, JsonFactory.newObjectBuilder().build());
     }
 
-    @Test(expected = DittoJsonException.class)
+    @Test
     public void testFromJsonEmptyWithLabel() {
         final JsonObject jsonObject = JsonFactory.newObjectBuilder().build();
 
-        ImmutablePolicyEntry.fromJson(LABEL_END_USER, jsonObject);
+        final PolicyEntry entry = ImmutablePolicyEntry.fromJson(LABEL_END_USER, jsonObject);
+        assertThat(entry.getSubjects()).isEmpty();
+        assertThat(entry.getResources()).isEmpty();
     }
 
     @Test(expected = PolicyEntryInvalidException.class)
@@ -84,13 +86,15 @@ public void testFromJsonWithoutImportableType() {
         assertThat(entry.getImportableType()).isEqualTo(ImportableType.IMPLICIT);
     }
 
-    @Test(expected = DittoJsonException.class)
+    @Test
     public void testFromJsonOnlySchemaVersion() {
         final JsonObject jsonObject = JsonFactory.newObjectBuilder()
                 .set(JsonSchemaVersion.getJsonKey(), JsonSchemaVersion.V_2.toInt())
                 .build();
 
-        ImmutablePolicyEntry.fromJson("EndUser", jsonObject);
+        final PolicyEntry entry = ImmutablePolicyEntry.fromJson("EndUser", jsonObject);
+        assertThat(entry.getSubjects()).isEmpty();
+        assertThat(entry.getResources()).isEmpty();
     }
 
     @Test