Add new guard filter policy type feature

* Added new Policy Guard filter Policy type.

* Enhanced translator tests to ensure bad filter policies
are detected.

* Added new filter application test to ensure new guard
propertly creates xacml policies.

Issue-ID: POLICY-2590
Change-Id: Ifc047a33084ce45b67be98a61f660d7a8c9d8615
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>

3 files changed, 168 insertions, 1 deletions

diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java
index e83f4d29..08495a7e 100644
--- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java
+++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java
@@ -217,7 +217,7 @@ public class GuardPdpApplicationTest {
         // can support the correct policy types.
         //
         assertThat(service.supportedPolicyTypes()).isNotEmpty();
-        assertThat(service.supportedPolicyTypes().size()).isEqualTo(4);
+        assertThat(service.supportedPolicyTypes().size()).isEqualTo(5);
         assertThat(service.canSupportPolicyType(
                 new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.FrequencyLimiter", "1.0.0")))
                         .isTrue();
@@ -237,6 +237,8 @@ public class GuardPdpApplicationTest {
         assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier(
                 "onap.policies.controlloop.guard.coordination.FirstBlocksSecond", "1.0.1"))).isFalse();
         assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier("onap.foo", "1.0.1"))).isFalse();
+        assertThat(service.canSupportPolicyType(
+                new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.Filter", "1.0.0"))).isTrue();
     }
 
     @Test
@@ -353,6 +355,77 @@ public class GuardPdpApplicationTest {
     }
 
     @SuppressWarnings("unchecked")
+    @Test
+    public void test6Filters() throws Exception {
+        LOGGER.info("**************** Running test6Filters ****************");
+        //
+        // Re-Load Decision Request - so we can start from scratch
+        //
+        requestVfCount =
+                gson.decode(TextFileUtils.getTextFileAsString("src/test/resources/requests/guard.vfCount.json"),
+                        DecisionRequest.class);
+        //
+        // Ensure we are a permit to start
+        //
+        requestAndCheckDecision(requestVfCount, PERMIT);
+        //
+        // Load the filter policy in with the others.
+        //
+        List<ToscaPolicy> loadedPolicies =
+                TestUtils.loadPolicies("src/test/resources/test.policy.guard.filters.yaml", service);
+        assertThat(loadedPolicies).hasSize(2);
+        //
+        // Although the region is blacklisted, the id is not
+        //
+        requestAndCheckDecision(requestVfCount, PERMIT);
+        //
+        // Put in a different vnf id
+        //
+        ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("generic-vnf.vnf-id",
+                "different-vnf-id-should-be-denied");
+        //
+        // The region is blacklisted, and the id is not allowed
+        //
+        requestAndCheckDecision(requestVfCount, DENY);
+        //
+        // Let's switch to a different region
+        //
+        ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("cloud-region.cloud-region-id",
+                "RegionTwo");
+        //
+        // The region is whitelisted, and the id is also allowed
+        //
+        requestAndCheckDecision(requestVfCount, PERMIT);
+        //
+        // Put in a blacklisted vnf id
+        //
+        ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("generic-vnf.vnf-id",
+                "f17face5-69cb-4c88-9e0b-7426db7edddd");
+        //
+        // Although region is whitelisted,  the id is blacklisted
+        //
+        requestAndCheckDecision(requestVfCount, DENY);
+        //
+        // Let's switch to a different region
+        //
+        ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("cloud-region.cloud-region-id",
+                "RegionThree");
+        //
+        // There is no filter for this region, but the id is still blacklisted
+        //
+        requestAndCheckDecision(requestVfCount, DENY);
+        //
+        // Put in a different vnf id
+        //
+        ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("generic-vnf.vnf-id",
+                "different-vnf-id-should-be-permitted");
+        //
+        // There is no filter for this region, and the id is not blacklisted
+        //
+        requestAndCheckDecision(requestVfCount, PERMIT);
+    }
+
+    @SuppressWarnings("unchecked")
     private void insertOperationEvent(DecisionRequest request) {
         //
         // Get the properties
diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPolicyRequestTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPolicyRequestTest.java
index 41fd4705..1c925ce2 100644
--- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPolicyRequestTest.java
+++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPolicyRequestTest.java
@@ -28,6 +28,8 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import java.util.HashMap;
 import java.util.Map;
 import org.junit.Test;
+import org.onap.policy.common.utils.coder.StandardCoder;
+import org.onap.policy.common.utils.resources.TextFileUtils;
 import org.onap.policy.models.decisions.concepts.DecisionRequest;
 import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
 
@@ -92,4 +94,22 @@ public class GuardPolicyRequestTest {
             GuardPolicyRequest.createInstance(decisionRequest));
     }
 
+    @Test
+    public void testFilterResources() throws Exception {
+        StandardCoder gson = new StandardCoder();
+
+        DecisionRequest request = gson.decode(
+                TextFileUtils.getTextFileAsString("src/test/resources/requests/guard.filter.json"),
+                DecisionRequest.class);
+
+        GuardPolicyRequest guardRequest = GuardPolicyRequest.createInstance(request);
+
+        assertThat(guardRequest.getVnfName()).isEqualTo("my-name");
+        assertThat(guardRequest.getVnfId()).isEqualTo("my-id");
+        assertThat(guardRequest.getVnfType()).isEqualTo("my-type");
+        assertThat(guardRequest.getVnfNfNamingCode()).isEqualTo("my-naming-code");
+        assertThat(guardRequest.getVserverId()).isEqualTo("my-server-id");
+        assertThat(guardRequest.getCloudRegionId()).isEqualTo("my-region");
+    }
+
 }
diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java
index 6f7edac4..07e60c61 100644
--- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java
+++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java
@@ -115,6 +115,7 @@ public class GuardTranslatorTest {
         //
         for (Map<String, ToscaPolicy> policies : completedJtst.getToscaTopologyTemplate().getPolicies()) {
             for (ToscaPolicy policy : policies.values()) {
+                LOGGER.info("Testing policy " + policy.getName());
                 if ("frequency-missing-properties".equals(policy.getName())) {
                     assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
                         translator.convertPolicy(policy)
@@ -135,6 +136,55 @@ public class GuardTranslatorTest {
                     assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
                         translator.convertPolicy(policy)
                     ).withMessageContaining("Missing blacklist");
+                } else if ("blacklist-noalgorithm".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Missing precedence");
+                } else if ("blacklist-badalgorithm".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class)
+                            .isThrownBy(() -> translator.convertPolicy(policy))
+                            .withMessageContaining(
+                                "Unexpected value for algorithm, should be whitelist-overrides or blacklist-overrides");
+                } else if ("filter-nofilter".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class)
+                            .isThrownBy(() -> translator.convertPolicy(policy))
+                            .withMessageContaining("Missing filters");
+                } else if ("filter-nocollection".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Filters is not a collection");
+                } else if ("filter-noarray".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Filters is not a collection");
+                } else if ("filter-missingfield".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Missing \'field\' from filter");
+                } else if ("filter-badfield".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Unexpected value for field in filter");
+                } else if ("filter-missingfilter".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Missing \'filter\' from filter");
+                } else if ("filter-missingfunction".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Missing \'function\' from filter");
+                } else if ("filter-badfunction".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Unexpected value for function in filter");
+                } else if ("filter-missingblacklist".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Missing \'blacklist\' from filter");
+                } else if ("filter-badblacklist".equals(policy.getName())) {
+                    assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+                        translator.convertPolicy(policy)
+                    ).withMessageContaining("Unexpected value for blacklist in filter");
                 }
             }
         }
@@ -190,6 +240,8 @@ public class GuardTranslatorTest {
                     validateMinMax(policy, xacmlPolicy);
                 } else if (GuardTranslator.POLICYTYPE_BLACKLIST.equals(policy.getType())) {
                     validateBlacklist(policy, xacmlPolicy);
+                } else if (GuardTranslator.POLICYTYPE_FILTER.equals(policy.getType())) {
+                    validateFilter(policy, xacmlPolicy);
                 }
             }
         }
@@ -322,4 +374,26 @@ public class GuardTranslatorTest {
         }
         assertThat(foundBlacklist).isTrue();
     }
+
+    private void validateFilter(ToscaPolicy policy, PolicyType xacmlPolicy) {
+        assertThat(xacmlPolicy.getRuleCombiningAlgId()).endsWith("-overrides");
+        for (Object rule : xacmlPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition()) {
+            if (! (rule instanceof RuleType)) {
+                continue;
+            }
+            assertThat(((RuleType) rule).getTarget()).isNotNull();
+            assertThat(((RuleType) rule).getTarget().getAnyOf()).hasSize(1);
+            for (AnyOfType anyOf : ((RuleType) rule).getTarget().getAnyOf()) {
+                assertThat(anyOf.getAllOf()).isNotEmpty();
+                for (AllOfType allOf : anyOf.getAllOf()) {
+                    assertThat(allOf.getMatch()).isNotEmpty();
+                    assertThat(allOf.getMatch()).hasSize(1);
+                    for (MatchType match : allOf.getMatch()) {
+                        assertThat(match.getAttributeDesignator().getAttributeId())
+                            .startsWith(GuardPolicyRequest.PREFIX_RESOURCE_ATTRIBUTE_ID);
+                    }
+                }
+            }
+        }
+    }
 }