diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2020-08-17 16:45:30 -0400 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2020-08-17 19:41:07 -0400 |
commit | ad9d827a43211c087fe4bcf575134aea3a5b316e (patch) | |
tree | cff37aeb77e3b7dc9ec899c7bb04961f40c695ea /applications/guard/src/test/resources | |
parent | abbabd038c2575d3fcdc07d25313e741d32c1c90 (diff) |
Add new guard filter policy type feature
* Added new Policy Guard filter Policy type.
* Enhanced translator tests to ensure bad filter policies
are detected.
* Added new filter application test to ensure new guard
propertly creates xacml policies.
Issue-ID: POLICY-2590
Change-Id: Ifc047a33084ce45b67be98a61f660d7a8c9d8615
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'applications/guard/src/test/resources')
5 files changed, 243 insertions, 31 deletions
diff --git a/applications/guard/src/test/resources/requests/guard.filter.json b/applications/guard/src/test/resources/requests/guard.filter.json new file mode 100644 index 00000000..710cf659 --- /dev/null +++ b/applications/guard/src/test/resources/requests/guard.filter.json @@ -0,0 +1,22 @@ +{ + "ONAPName": "Policy", + "ONAPComponent": "drools-pdp", + "ONAPInstance": "usecase-template", + "requestId": "unique-request-id-1", + "action": "guard", + "resource": { + "guard": { + "actor": "SO", + "operation": "VF Module Create", + "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "target": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e", + "vfCount": "0", + "generic-vnf.vnf-name": "my-name", + "generic-vnf.vnf-id": "my-id", + "generic-vnf.vnf-type": "my-type", + "generic-vnf.nf-naming-code": "my-naming-code", + "vserver.vserver-id": "my-server-id", + "cloud-region.cloud-region-id": "my-region" + } + } +} diff --git a/applications/guard/src/test/resources/requests/guard.vfCount.json b/applications/guard/src/test/resources/requests/guard.vfCount.json index 1a0a6e55..86a0a963 100644 --- a/applications/guard/src/test/resources/requests/guard.vfCount.json +++ b/applications/guard/src/test/resources/requests/guard.vfCount.json @@ -10,7 +10,13 @@ "operation": "VF Module Create", "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", "target": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e", - "vfCount": "0" + "vfCount": "0", + "generic-vnf.vnf-name": "Ete_vFWCLvFWSNK_7ba1fbde_0", + "generic-vnf.vnf-id": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e", + "generic-vnf.vnf-type": "vFWCL 2019-05-01 15:30:/vFWCL_vFWSNK bbefb8ce-2bde 0", + "generic-vnf.nf-naming-code": "aabbccddee", + "vserver.vserver-id": "e591441a-e649-4490-82e0-07dac05d674b", + "cloud-region.cloud-region-id": "RegionOne" } } } diff --git a/applications/guard/src/test/resources/test-bad-policies.yaml b/applications/guard/src/test/resources/test-bad-policies.yaml index df2431d4..07040c54 100644 --- a/applications/guard/src/test/resources/test-bad-policies.yaml +++ b/applications/guard/src/test/resources/test-bad-policies.yaml @@ -1,35 +1,126 @@ tosca_definitions_version: tosca_simple_yaml_1_1_0 topology_template: - policies: - - - frequency-missing-properties: - type: onap.policies.controlloop.guard.common.FrequencyLimiter - type_version: 1.0.0 - version: 1.0.0 - - - frequency-timewindow: - type: onap.policies.controlloop.guard.common.FrequencyLimiter - type_version: 1.0.0 - version: 1.0.0 - properties: + policies: + - frequency-missing-properties: + type: onap.policies.controlloop.guard.common.FrequencyLimiter + type_version: 1.0.0 + version: 1.0.0 + - frequency-timewindow: + type: onap.policies.controlloop.guard.common.FrequencyLimiter + type_version: 1.0.0 + version: 1.0.0 + properties: limit: 5 timeWindow: i am a bad value - - - minmax-notarget: - type: onap.policies.controlloop.guard.common.MinMax - type_version: 1.0.0 - version: 1.0.0 - properties: - - - minmax-nominmax: - type: onap.policies.controlloop.guard.common.MinMax - type_version: 1.0.0 - version: 1.0.0 - properties: + - minmax-notarget: + type: onap.policies.controlloop.guard.common.MinMax + type_version: 1.0.0 + version: 1.0.0 + properties: null + - minmax-nominmax: + type: onap.policies.controlloop.guard.common.MinMax + type_version: 1.0.0 + version: 1.0.0 + properties: target: foo - - - blacklist-noblacklist: - type: onap.policies.controlloop.guard.common.Blacklist - type_version: 1.0.0 - version: 1.0.0 - properties: + - blacklist-noblacklist: + type: onap.policies.controlloop.guard.common.Blacklist + type_version: 1.0.0 + version: 1.0.0 + properties: null + - filter-noalgorithm: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: null + - filter-badalgorithm: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: idontknow + - filter-nofilter: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: whitelist-overrides + - filter-nocollection: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: blacklist-overrides + filters: vnf1 + - filter-noarray: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: blacklist-overrides + filters: + field: geo + - filter-missingfield: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: blacklist-overrides + filters: + - filter: foo + - filter-badfield: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: blacklist-overrides + filters: + - field: notinaai + - filter-missingfilter: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: blacklist-overrides + filters: + - field: generic-vnf.vnf-name + - filter-missingfunction: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: blacklist-overrides + filters: + - field: generic-vnf.vnf-name + filter: vfwl* + - filter-badfunction: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: blacklist-overrides + filters: + - field: generic-vnf.vnf-name + filter: vfwl* + function: notafunction + - filter-missingblacklist: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: blacklist-overrides + filters: + - field: generic-vnf.vnf-name + filter: vfwl* + function: string-equal + - filter-badblacklist: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + algorithm: blacklist-overrides + filters: + - field: generic-vnf.vnf-name + filter: vfwl* + function: string-equal + blacklist: shouldbeboolean
\ No newline at end of file diff --git a/applications/guard/src/test/resources/test-policies.yaml b/applications/guard/src/test/resources/test-policies.yaml index 1ac7271c..e33f116a 100644 --- a/applications/guard/src/test/resources/test-policies.yaml +++ b/applications/guard/src/test/resources/test-policies.yaml @@ -100,6 +100,60 @@ topology_template: - vnf1 - vnf2 - + filter-1: + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + metadata: + policy-id : filter-1 + policy-version: 1.0.0 + properties: + actor: APPC + operation: "*" + id: loop-1 + algorithm: blacklist-overrides + filters: + - field: "generic-vnf.vnf-id" + function: "string-equal" + filter: "vf-module-id-2" + blacklist: true + - field: "generic-vnf.vnf-name" + function: "string-equal-ignore-case" + filter: "vf-MODULE-id-2" + blacklist: true + - field: "generic-vnf.vnf-type" + function: "string-starts-with" + filter: "vf-module" + blacklist: true + - field: "generic-vnf.nf-naming-code" + function: "string-regexp-match" + filter: "[0-9][a-zA-Z]+" + blacklist: true + - field: "vserver.vserver-id" + function: "string-contains" + filter: "myserver" + blacklist: true + - field: "cloud-region.cloud-region-id" + function: "string-ends-with" + filter: "mycloud" + blacklist: false + - field: "cloud-region.cloud-region-id" + function: "string-greater-than" + filter: "00" + blacklist: false + - field: "cloud-region.cloud-region-id" + function: "string-greater-than-or-equal" + filter: "00" + blacklist: false + - field: "cloud-region.cloud-region-id" + function: "string-less-than" + filter: "99" + blacklist: false + - field: "cloud-region.cloud-region-id" + function: "string-less-than-or-equal" + filter: "99" + blacklist: false + - unknown-1: type: onap.policies.controlloop.guard.common.Unknown type_version: 1.0.0 diff --git a/applications/guard/src/test/resources/test.policy.guard.filters.yaml b/applications/guard/src/test/resources/test.policy.guard.filters.yaml new file mode 100644 index 00000000..261ffbee --- /dev/null +++ b/applications/guard/src/test/resources/test.policy.guard.filters.yaml @@ -0,0 +1,39 @@ +tosca_definitions_version: tosca_simple_yaml_1_1_0 +topology_template: + policies: + - filter.block.region.allow.one.vnf: + description: Block this region from Control Loop actions, but allow a specific vnf. + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + actor: SO + operation: VF Module Create + algorithm: whitelist-overrides + filters: + - field: cloud-region.cloud-region-id + filter: RegionOne + function: string-equal + blacklist: true + - field: generic-vnf.vnf-id + filter: e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e + function: string-equal + blacklist: false + - filter.allow.region.block.one.vnf: + description: allow this region to do Control Loop actions, but block a specific vnf. + type: onap.policies.controlloop.guard.common.Filter + type_version: 1.0.0 + version: 1.0.0 + properties: + actor: SO + operation: VF Module Create + algorithm: blacklist-overrides + filters: + - field: cloud-region.cloud-region-id + filter: RegionTwo + function: string-equal + blacklist: false + - field: generic-vnf.vnf-id + filter: f17face5-69cb-4c88-9e0b-7426db7edddd + function: string-equal + blacklist: true
\ No newline at end of file |