Add JUnit and Remove Technical Debt in Guard

Unit test for guard added and technical debt removed.

Issue-ID: POLICY-455
Change-Id: I440766660ddae078013e21b1991ee49c8e488bb3
Signed-off-by: liamfallon <liam.fallon@ericsson.com>

2 files changed, 113 insertions, 0 deletions

diff --git a/controlloop/common/guard/src/test/resources/blacklist_template.xml b/controlloop/common/guard/src/test/resources/blacklist_template.xml
new file mode 100644
index 000000000..5d31730db
--- /dev/null
+++ b/controlloop/common/guard/src/test/resources/blacklist_template.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny">
+        <Description>Policy for frequency limiter.</Description>
+        <Target>
+            <AnyOf>
+                <AllOf>
+                   	<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+                        <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>-->
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                   	</Match>
+             
+                   	<!--  <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">-->
+                   	<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                </AllOf>
+            </AnyOf>
+        </Target>
+        <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Deny">
+            <Description>DENY -  only if target is in black list and guard is active.</Description>
+            <Condition>
+            	<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+            		<VariableReference VariableId="isGuardActive"/>
+            		<VariableReference VariableId="isInBlackList"/>
+                </Apply>
+            </Condition>
+        </Rule>
+         <VariableDefinition VariableId="isInBlackList">
+		 	<Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
+				<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+					<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+				   		<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</Apply>
+					<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
+						${blackListElement}
+						<!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>-->
+		   			</Apply>
+		   </Apply>
+		</VariableDefinition>
+        <VariableDefinition VariableId="isGuardActive">	
+        	<Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
+        		<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
+	               	<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/>
+				</Apply>
+				<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue>
+				<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue>
+        	</Apply>
+        </VariableDefinition> 
+</Policy>
diff --git a/controlloop/common/guard/src/test/resources/frequency_limiter_template.xml b/controlloop/common/guard/src/test/resources/frequency_limiter_template.xml
new file mode 100644
index 000000000..2d73a1e6d
--- /dev/null
+++ b/controlloop/common/guard/src/test/resources/frequency_limiter_template.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny">
+        <Description>Policy for frequency limiter.</Description>
+        <Target>
+            <AnyOf>
+                <AllOf>
+                
+                	<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+                        <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>-->
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                   	</Match>
+             
+                   	<!--  <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">-->
+                   	<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                    
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${targets}</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                    
+                </AllOf>
+            </AnyOf>
+        </Target>
+        <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Deny">
+            <Description>DENY - only if number of operations performed in the past is larger than the limit and the Guard is active.</Description>
+            <Condition>
+            	<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+            		<VariableReference VariableId="isGuardActive"/>
+                	<VariableReference VariableId="isHistoryGreaterThanLimit"/>
+                </Apply>
+            </Condition>
+        </Rule>
+        <VariableDefinition VariableId="isGuardActive">	
+        	<Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
+        		<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
+	               	<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/>
+				</Apply>
+				<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue>
+				<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue>
+        	</Apply>
+        </VariableDefinition> 
+        <VariableDefinition VariableId="isHistoryGreaterThanLimit">     
+	    	<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+	        	<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+	        		<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:research:xacml:test:sql:resource:operations:count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="com:att:research:xacml:guard:historydb:tw:${twValue}:${twUnits}" MustBePresent="false"/>
+	        	</Apply>
+	        	<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue>
+	        </Apply>        
+        </VariableDefinition>
+</Policy>