aboutsummaryrefslogtreecommitdiffstats
path: root/applications/guard/src/test/resources
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2020-08-17 16:45:30 -0400
committerPamela Dragosh <pdragosh@research.att.com>2020-08-17 19:41:07 -0400
commitad9d827a43211c087fe4bcf575134aea3a5b316e (patch)
treecff37aeb77e3b7dc9ec899c7bb04961f40c695ea /applications/guard/src/test/resources
parentabbabd038c2575d3fcdc07d25313e741d32c1c90 (diff)
Add new guard filter policy type feature
* Added new Policy Guard filter Policy type. * Enhanced translator tests to ensure bad filter policies are detected. * Added new filter application test to ensure new guard propertly creates xacml policies. Issue-ID: POLICY-2590 Change-Id: Ifc047a33084ce45b67be98a61f660d7a8c9d8615 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'applications/guard/src/test/resources')
-rw-r--r--applications/guard/src/test/resources/requests/guard.filter.json22
-rw-r--r--applications/guard/src/test/resources/requests/guard.vfCount.json8
-rw-r--r--applications/guard/src/test/resources/test-bad-policies.yaml151
-rw-r--r--applications/guard/src/test/resources/test-policies.yaml54
-rw-r--r--applications/guard/src/test/resources/test.policy.guard.filters.yaml39
5 files changed, 243 insertions, 31 deletions
diff --git a/applications/guard/src/test/resources/requests/guard.filter.json b/applications/guard/src/test/resources/requests/guard.filter.json
new file mode 100644
index 00000000..710cf659
--- /dev/null
+++ b/applications/guard/src/test/resources/requests/guard.filter.json
@@ -0,0 +1,22 @@
+{
+ "ONAPName": "Policy",
+ "ONAPComponent": "drools-pdp",
+ "ONAPInstance": "usecase-template",
+ "requestId": "unique-request-id-1",
+ "action": "guard",
+ "resource": {
+ "guard": {
+ "actor": "SO",
+ "operation": "VF Module Create",
+ "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
+ "target": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e",
+ "vfCount": "0",
+ "generic-vnf.vnf-name": "my-name",
+ "generic-vnf.vnf-id": "my-id",
+ "generic-vnf.vnf-type": "my-type",
+ "generic-vnf.nf-naming-code": "my-naming-code",
+ "vserver.vserver-id": "my-server-id",
+ "cloud-region.cloud-region-id": "my-region"
+ }
+ }
+}
diff --git a/applications/guard/src/test/resources/requests/guard.vfCount.json b/applications/guard/src/test/resources/requests/guard.vfCount.json
index 1a0a6e55..86a0a963 100644
--- a/applications/guard/src/test/resources/requests/guard.vfCount.json
+++ b/applications/guard/src/test/resources/requests/guard.vfCount.json
@@ -10,7 +10,13 @@
"operation": "VF Module Create",
"clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
"target": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e",
- "vfCount": "0"
+ "vfCount": "0",
+ "generic-vnf.vnf-name": "Ete_vFWCLvFWSNK_7ba1fbde_0",
+ "generic-vnf.vnf-id": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e",
+ "generic-vnf.vnf-type": "vFWCL 2019-05-01 15:30:/vFWCL_vFWSNK bbefb8ce-2bde 0",
+ "generic-vnf.nf-naming-code": "aabbccddee",
+ "vserver.vserver-id": "e591441a-e649-4490-82e0-07dac05d674b",
+ "cloud-region.cloud-region-id": "RegionOne"
}
}
}
diff --git a/applications/guard/src/test/resources/test-bad-policies.yaml b/applications/guard/src/test/resources/test-bad-policies.yaml
index df2431d4..07040c54 100644
--- a/applications/guard/src/test/resources/test-bad-policies.yaml
+++ b/applications/guard/src/test/resources/test-bad-policies.yaml
@@ -1,35 +1,126 @@
tosca_definitions_version: tosca_simple_yaml_1_1_0
topology_template:
- policies:
- -
- frequency-missing-properties:
- type: onap.policies.controlloop.guard.common.FrequencyLimiter
- type_version: 1.0.0
- version: 1.0.0
- -
- frequency-timewindow:
- type: onap.policies.controlloop.guard.common.FrequencyLimiter
- type_version: 1.0.0
- version: 1.0.0
- properties:
+ policies:
+ - frequency-missing-properties:
+ type: onap.policies.controlloop.guard.common.FrequencyLimiter
+ type_version: 1.0.0
+ version: 1.0.0
+ - frequency-timewindow:
+ type: onap.policies.controlloop.guard.common.FrequencyLimiter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
limit: 5
timeWindow: i am a bad value
- -
- minmax-notarget:
- type: onap.policies.controlloop.guard.common.MinMax
- type_version: 1.0.0
- version: 1.0.0
- properties:
- -
- minmax-nominmax:
- type: onap.policies.controlloop.guard.common.MinMax
- type_version: 1.0.0
- version: 1.0.0
- properties:
+ - minmax-notarget:
+ type: onap.policies.controlloop.guard.common.MinMax
+ type_version: 1.0.0
+ version: 1.0.0
+ properties: null
+ - minmax-nominmax:
+ type: onap.policies.controlloop.guard.common.MinMax
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
target: foo
- -
- blacklist-noblacklist:
- type: onap.policies.controlloop.guard.common.Blacklist
- type_version: 1.0.0
- version: 1.0.0
- properties:
+ - blacklist-noblacklist:
+ type: onap.policies.controlloop.guard.common.Blacklist
+ type_version: 1.0.0
+ version: 1.0.0
+ properties: null
+ - filter-noalgorithm:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties: null
+ - filter-badalgorithm:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: idontknow
+ - filter-nofilter:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: whitelist-overrides
+ - filter-nocollection:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters: vnf1
+ - filter-noarray:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ field: geo
+ - filter-missingfield:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - filter: foo
+ - filter-badfield:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: notinaai
+ - filter-missingfilter:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ - filter-missingfunction:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ filter: vfwl*
+ - filter-badfunction:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ filter: vfwl*
+ function: notafunction
+ - filter-missingblacklist:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ filter: vfwl*
+ function: string-equal
+ - filter-badblacklist:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ filter: vfwl*
+ function: string-equal
+ blacklist: shouldbeboolean \ No newline at end of file
diff --git a/applications/guard/src/test/resources/test-policies.yaml b/applications/guard/src/test/resources/test-policies.yaml
index 1ac7271c..e33f116a 100644
--- a/applications/guard/src/test/resources/test-policies.yaml
+++ b/applications/guard/src/test/resources/test-policies.yaml
@@ -100,6 +100,60 @@ topology_template:
- vnf1
- vnf2
-
+ filter-1:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ metadata:
+ policy-id : filter-1
+ policy-version: 1.0.0
+ properties:
+ actor: APPC
+ operation: "*"
+ id: loop-1
+ algorithm: blacklist-overrides
+ filters:
+ - field: "generic-vnf.vnf-id"
+ function: "string-equal"
+ filter: "vf-module-id-2"
+ blacklist: true
+ - field: "generic-vnf.vnf-name"
+ function: "string-equal-ignore-case"
+ filter: "vf-MODULE-id-2"
+ blacklist: true
+ - field: "generic-vnf.vnf-type"
+ function: "string-starts-with"
+ filter: "vf-module"
+ blacklist: true
+ - field: "generic-vnf.nf-naming-code"
+ function: "string-regexp-match"
+ filter: "[0-9][a-zA-Z]+"
+ blacklist: true
+ - field: "vserver.vserver-id"
+ function: "string-contains"
+ filter: "myserver"
+ blacklist: true
+ - field: "cloud-region.cloud-region-id"
+ function: "string-ends-with"
+ filter: "mycloud"
+ blacklist: false
+ - field: "cloud-region.cloud-region-id"
+ function: "string-greater-than"
+ filter: "00"
+ blacklist: false
+ - field: "cloud-region.cloud-region-id"
+ function: "string-greater-than-or-equal"
+ filter: "00"
+ blacklist: false
+ - field: "cloud-region.cloud-region-id"
+ function: "string-less-than"
+ filter: "99"
+ blacklist: false
+ - field: "cloud-region.cloud-region-id"
+ function: "string-less-than-or-equal"
+ filter: "99"
+ blacklist: false
+ -
unknown-1:
type: onap.policies.controlloop.guard.common.Unknown
type_version: 1.0.0
diff --git a/applications/guard/src/test/resources/test.policy.guard.filters.yaml b/applications/guard/src/test/resources/test.policy.guard.filters.yaml
new file mode 100644
index 00000000..261ffbee
--- /dev/null
+++ b/applications/guard/src/test/resources/test.policy.guard.filters.yaml
@@ -0,0 +1,39 @@
+tosca_definitions_version: tosca_simple_yaml_1_1_0
+topology_template:
+ policies:
+ - filter.block.region.allow.one.vnf:
+ description: Block this region from Control Loop actions, but allow a specific vnf.
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ actor: SO
+ operation: VF Module Create
+ algorithm: whitelist-overrides
+ filters:
+ - field: cloud-region.cloud-region-id
+ filter: RegionOne
+ function: string-equal
+ blacklist: true
+ - field: generic-vnf.vnf-id
+ filter: e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e
+ function: string-equal
+ blacklist: false
+ - filter.allow.region.block.one.vnf:
+ description: allow this region to do Control Loop actions, but block a specific vnf.
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ actor: SO
+ operation: VF Module Create
+ algorithm: blacklist-overrides
+ filters:
+ - field: cloud-region.cloud-region-id
+ filter: RegionTwo
+ function: string-equal
+ blacklist: false
+ - field: generic-vnf.vnf-id
+ filter: f17face5-69cb-4c88-9e0b-7426db7edddd
+ function: string-equal
+ blacklist: true \ No newline at end of file