summaryrefslogtreecommitdiffstats
path: root/applications/guard/src/test
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2020-08-17 16:45:30 -0400
committerPamela Dragosh <pdragosh@research.att.com>2020-08-17 19:41:07 -0400
commitad9d827a43211c087fe4bcf575134aea3a5b316e (patch)
treecff37aeb77e3b7dc9ec899c7bb04961f40c695ea /applications/guard/src/test
parentabbabd038c2575d3fcdc07d25313e741d32c1c90 (diff)
Add new guard filter policy type feature
* Added new Policy Guard filter Policy type. * Enhanced translator tests to ensure bad filter policies are detected. * Added new filter application test to ensure new guard propertly creates xacml policies. Issue-ID: POLICY-2590 Change-Id: Ifc047a33084ce45b67be98a61f660d7a8c9d8615 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'applications/guard/src/test')
-rw-r--r--applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java75
-rw-r--r--applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPolicyRequestTest.java20
-rw-r--r--applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java74
-rw-r--r--applications/guard/src/test/resources/requests/guard.filter.json22
-rw-r--r--applications/guard/src/test/resources/requests/guard.vfCount.json8
-rw-r--r--applications/guard/src/test/resources/test-bad-policies.yaml151
-rw-r--r--applications/guard/src/test/resources/test-policies.yaml54
-rw-r--r--applications/guard/src/test/resources/test.policy.guard.filters.yaml39
8 files changed, 411 insertions, 32 deletions
diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java
index e83f4d29..08495a7e 100644
--- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java
+++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java
@@ -217,7 +217,7 @@ public class GuardPdpApplicationTest {
// can support the correct policy types.
//
assertThat(service.supportedPolicyTypes()).isNotEmpty();
- assertThat(service.supportedPolicyTypes().size()).isEqualTo(4);
+ assertThat(service.supportedPolicyTypes().size()).isEqualTo(5);
assertThat(service.canSupportPolicyType(
new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.FrequencyLimiter", "1.0.0")))
.isTrue();
@@ -237,6 +237,8 @@ public class GuardPdpApplicationTest {
assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier(
"onap.policies.controlloop.guard.coordination.FirstBlocksSecond", "1.0.1"))).isFalse();
assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier("onap.foo", "1.0.1"))).isFalse();
+ assertThat(service.canSupportPolicyType(
+ new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.Filter", "1.0.0"))).isTrue();
}
@Test
@@ -353,6 +355,77 @@ public class GuardPdpApplicationTest {
}
@SuppressWarnings("unchecked")
+ @Test
+ public void test6Filters() throws Exception {
+ LOGGER.info("**************** Running test6Filters ****************");
+ //
+ // Re-Load Decision Request - so we can start from scratch
+ //
+ requestVfCount =
+ gson.decode(TextFileUtils.getTextFileAsString("src/test/resources/requests/guard.vfCount.json"),
+ DecisionRequest.class);
+ //
+ // Ensure we are a permit to start
+ //
+ requestAndCheckDecision(requestVfCount, PERMIT);
+ //
+ // Load the filter policy in with the others.
+ //
+ List<ToscaPolicy> loadedPolicies =
+ TestUtils.loadPolicies("src/test/resources/test.policy.guard.filters.yaml", service);
+ assertThat(loadedPolicies).hasSize(2);
+ //
+ // Although the region is blacklisted, the id is not
+ //
+ requestAndCheckDecision(requestVfCount, PERMIT);
+ //
+ // Put in a different vnf id
+ //
+ ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("generic-vnf.vnf-id",
+ "different-vnf-id-should-be-denied");
+ //
+ // The region is blacklisted, and the id is not allowed
+ //
+ requestAndCheckDecision(requestVfCount, DENY);
+ //
+ // Let's switch to a different region
+ //
+ ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("cloud-region.cloud-region-id",
+ "RegionTwo");
+ //
+ // The region is whitelisted, and the id is also allowed
+ //
+ requestAndCheckDecision(requestVfCount, PERMIT);
+ //
+ // Put in a blacklisted vnf id
+ //
+ ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("generic-vnf.vnf-id",
+ "f17face5-69cb-4c88-9e0b-7426db7edddd");
+ //
+ // Although region is whitelisted, the id is blacklisted
+ //
+ requestAndCheckDecision(requestVfCount, DENY);
+ //
+ // Let's switch to a different region
+ //
+ ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("cloud-region.cloud-region-id",
+ "RegionThree");
+ //
+ // There is no filter for this region, but the id is still blacklisted
+ //
+ requestAndCheckDecision(requestVfCount, DENY);
+ //
+ // Put in a different vnf id
+ //
+ ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("generic-vnf.vnf-id",
+ "different-vnf-id-should-be-permitted");
+ //
+ // There is no filter for this region, and the id is not blacklisted
+ //
+ requestAndCheckDecision(requestVfCount, PERMIT);
+ }
+
+ @SuppressWarnings("unchecked")
private void insertOperationEvent(DecisionRequest request) {
//
// Get the properties
diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPolicyRequestTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPolicyRequestTest.java
index 41fd4705..1c925ce2 100644
--- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPolicyRequestTest.java
+++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPolicyRequestTest.java
@@ -28,6 +28,8 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import java.util.HashMap;
import java.util.Map;
import org.junit.Test;
+import org.onap.policy.common.utils.coder.StandardCoder;
+import org.onap.policy.common.utils.resources.TextFileUtils;
import org.onap.policy.models.decisions.concepts.DecisionRequest;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
@@ -92,4 +94,22 @@ public class GuardPolicyRequestTest {
GuardPolicyRequest.createInstance(decisionRequest));
}
+ @Test
+ public void testFilterResources() throws Exception {
+ StandardCoder gson = new StandardCoder();
+
+ DecisionRequest request = gson.decode(
+ TextFileUtils.getTextFileAsString("src/test/resources/requests/guard.filter.json"),
+ DecisionRequest.class);
+
+ GuardPolicyRequest guardRequest = GuardPolicyRequest.createInstance(request);
+
+ assertThat(guardRequest.getVnfName()).isEqualTo("my-name");
+ assertThat(guardRequest.getVnfId()).isEqualTo("my-id");
+ assertThat(guardRequest.getVnfType()).isEqualTo("my-type");
+ assertThat(guardRequest.getVnfNfNamingCode()).isEqualTo("my-naming-code");
+ assertThat(guardRequest.getVserverId()).isEqualTo("my-server-id");
+ assertThat(guardRequest.getCloudRegionId()).isEqualTo("my-region");
+ }
+
}
diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java
index 6f7edac4..07e60c61 100644
--- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java
+++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java
@@ -115,6 +115,7 @@ public class GuardTranslatorTest {
//
for (Map<String, ToscaPolicy> policies : completedJtst.getToscaTopologyTemplate().getPolicies()) {
for (ToscaPolicy policy : policies.values()) {
+ LOGGER.info("Testing policy " + policy.getName());
if ("frequency-missing-properties".equals(policy.getName())) {
assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
translator.convertPolicy(policy)
@@ -135,6 +136,55 @@ public class GuardTranslatorTest {
assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
translator.convertPolicy(policy)
).withMessageContaining("Missing blacklist");
+ } else if ("blacklist-noalgorithm".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Missing precedence");
+ } else if ("blacklist-badalgorithm".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class)
+ .isThrownBy(() -> translator.convertPolicy(policy))
+ .withMessageContaining(
+ "Unexpected value for algorithm, should be whitelist-overrides or blacklist-overrides");
+ } else if ("filter-nofilter".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class)
+ .isThrownBy(() -> translator.convertPolicy(policy))
+ .withMessageContaining("Missing filters");
+ } else if ("filter-nocollection".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Filters is not a collection");
+ } else if ("filter-noarray".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Filters is not a collection");
+ } else if ("filter-missingfield".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Missing \'field\' from filter");
+ } else if ("filter-badfield".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Unexpected value for field in filter");
+ } else if ("filter-missingfilter".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Missing \'filter\' from filter");
+ } else if ("filter-missingfunction".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Missing \'function\' from filter");
+ } else if ("filter-badfunction".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Unexpected value for function in filter");
+ } else if ("filter-missingblacklist".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Missing \'blacklist\' from filter");
+ } else if ("filter-badblacklist".equals(policy.getName())) {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() ->
+ translator.convertPolicy(policy)
+ ).withMessageContaining("Unexpected value for blacklist in filter");
}
}
}
@@ -190,6 +240,8 @@ public class GuardTranslatorTest {
validateMinMax(policy, xacmlPolicy);
} else if (GuardTranslator.POLICYTYPE_BLACKLIST.equals(policy.getType())) {
validateBlacklist(policy, xacmlPolicy);
+ } else if (GuardTranslator.POLICYTYPE_FILTER.equals(policy.getType())) {
+ validateFilter(policy, xacmlPolicy);
}
}
}
@@ -322,4 +374,26 @@ public class GuardTranslatorTest {
}
assertThat(foundBlacklist).isTrue();
}
+
+ private void validateFilter(ToscaPolicy policy, PolicyType xacmlPolicy) {
+ assertThat(xacmlPolicy.getRuleCombiningAlgId()).endsWith("-overrides");
+ for (Object rule : xacmlPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition()) {
+ if (! (rule instanceof RuleType)) {
+ continue;
+ }
+ assertThat(((RuleType) rule).getTarget()).isNotNull();
+ assertThat(((RuleType) rule).getTarget().getAnyOf()).hasSize(1);
+ for (AnyOfType anyOf : ((RuleType) rule).getTarget().getAnyOf()) {
+ assertThat(anyOf.getAllOf()).isNotEmpty();
+ for (AllOfType allOf : anyOf.getAllOf()) {
+ assertThat(allOf.getMatch()).isNotEmpty();
+ assertThat(allOf.getMatch()).hasSize(1);
+ for (MatchType match : allOf.getMatch()) {
+ assertThat(match.getAttributeDesignator().getAttributeId())
+ .startsWith(GuardPolicyRequest.PREFIX_RESOURCE_ATTRIBUTE_ID);
+ }
+ }
+ }
+ }
+ }
}
diff --git a/applications/guard/src/test/resources/requests/guard.filter.json b/applications/guard/src/test/resources/requests/guard.filter.json
new file mode 100644
index 00000000..710cf659
--- /dev/null
+++ b/applications/guard/src/test/resources/requests/guard.filter.json
@@ -0,0 +1,22 @@
+{
+ "ONAPName": "Policy",
+ "ONAPComponent": "drools-pdp",
+ "ONAPInstance": "usecase-template",
+ "requestId": "unique-request-id-1",
+ "action": "guard",
+ "resource": {
+ "guard": {
+ "actor": "SO",
+ "operation": "VF Module Create",
+ "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
+ "target": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e",
+ "vfCount": "0",
+ "generic-vnf.vnf-name": "my-name",
+ "generic-vnf.vnf-id": "my-id",
+ "generic-vnf.vnf-type": "my-type",
+ "generic-vnf.nf-naming-code": "my-naming-code",
+ "vserver.vserver-id": "my-server-id",
+ "cloud-region.cloud-region-id": "my-region"
+ }
+ }
+}
diff --git a/applications/guard/src/test/resources/requests/guard.vfCount.json b/applications/guard/src/test/resources/requests/guard.vfCount.json
index 1a0a6e55..86a0a963 100644
--- a/applications/guard/src/test/resources/requests/guard.vfCount.json
+++ b/applications/guard/src/test/resources/requests/guard.vfCount.json
@@ -10,7 +10,13 @@
"operation": "VF Module Create",
"clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
"target": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e",
- "vfCount": "0"
+ "vfCount": "0",
+ "generic-vnf.vnf-name": "Ete_vFWCLvFWSNK_7ba1fbde_0",
+ "generic-vnf.vnf-id": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e",
+ "generic-vnf.vnf-type": "vFWCL 2019-05-01 15:30:/vFWCL_vFWSNK bbefb8ce-2bde 0",
+ "generic-vnf.nf-naming-code": "aabbccddee",
+ "vserver.vserver-id": "e591441a-e649-4490-82e0-07dac05d674b",
+ "cloud-region.cloud-region-id": "RegionOne"
}
}
}
diff --git a/applications/guard/src/test/resources/test-bad-policies.yaml b/applications/guard/src/test/resources/test-bad-policies.yaml
index df2431d4..07040c54 100644
--- a/applications/guard/src/test/resources/test-bad-policies.yaml
+++ b/applications/guard/src/test/resources/test-bad-policies.yaml
@@ -1,35 +1,126 @@
tosca_definitions_version: tosca_simple_yaml_1_1_0
topology_template:
- policies:
- -
- frequency-missing-properties:
- type: onap.policies.controlloop.guard.common.FrequencyLimiter
- type_version: 1.0.0
- version: 1.0.0
- -
- frequency-timewindow:
- type: onap.policies.controlloop.guard.common.FrequencyLimiter
- type_version: 1.0.0
- version: 1.0.0
- properties:
+ policies:
+ - frequency-missing-properties:
+ type: onap.policies.controlloop.guard.common.FrequencyLimiter
+ type_version: 1.0.0
+ version: 1.0.0
+ - frequency-timewindow:
+ type: onap.policies.controlloop.guard.common.FrequencyLimiter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
limit: 5
timeWindow: i am a bad value
- -
- minmax-notarget:
- type: onap.policies.controlloop.guard.common.MinMax
- type_version: 1.0.0
- version: 1.0.0
- properties:
- -
- minmax-nominmax:
- type: onap.policies.controlloop.guard.common.MinMax
- type_version: 1.0.0
- version: 1.0.0
- properties:
+ - minmax-notarget:
+ type: onap.policies.controlloop.guard.common.MinMax
+ type_version: 1.0.0
+ version: 1.0.0
+ properties: null
+ - minmax-nominmax:
+ type: onap.policies.controlloop.guard.common.MinMax
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
target: foo
- -
- blacklist-noblacklist:
- type: onap.policies.controlloop.guard.common.Blacklist
- type_version: 1.0.0
- version: 1.0.0
- properties:
+ - blacklist-noblacklist:
+ type: onap.policies.controlloop.guard.common.Blacklist
+ type_version: 1.0.0
+ version: 1.0.0
+ properties: null
+ - filter-noalgorithm:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties: null
+ - filter-badalgorithm:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: idontknow
+ - filter-nofilter:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: whitelist-overrides
+ - filter-nocollection:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters: vnf1
+ - filter-noarray:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ field: geo
+ - filter-missingfield:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - filter: foo
+ - filter-badfield:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: notinaai
+ - filter-missingfilter:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ - filter-missingfunction:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ filter: vfwl*
+ - filter-badfunction:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ filter: vfwl*
+ function: notafunction
+ - filter-missingblacklist:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ filter: vfwl*
+ function: string-equal
+ - filter-badblacklist:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ algorithm: blacklist-overrides
+ filters:
+ - field: generic-vnf.vnf-name
+ filter: vfwl*
+ function: string-equal
+ blacklist: shouldbeboolean \ No newline at end of file
diff --git a/applications/guard/src/test/resources/test-policies.yaml b/applications/guard/src/test/resources/test-policies.yaml
index 1ac7271c..e33f116a 100644
--- a/applications/guard/src/test/resources/test-policies.yaml
+++ b/applications/guard/src/test/resources/test-policies.yaml
@@ -100,6 +100,60 @@ topology_template:
- vnf1
- vnf2
-
+ filter-1:
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ metadata:
+ policy-id : filter-1
+ policy-version: 1.0.0
+ properties:
+ actor: APPC
+ operation: "*"
+ id: loop-1
+ algorithm: blacklist-overrides
+ filters:
+ - field: "generic-vnf.vnf-id"
+ function: "string-equal"
+ filter: "vf-module-id-2"
+ blacklist: true
+ - field: "generic-vnf.vnf-name"
+ function: "string-equal-ignore-case"
+ filter: "vf-MODULE-id-2"
+ blacklist: true
+ - field: "generic-vnf.vnf-type"
+ function: "string-starts-with"
+ filter: "vf-module"
+ blacklist: true
+ - field: "generic-vnf.nf-naming-code"
+ function: "string-regexp-match"
+ filter: "[0-9][a-zA-Z]+"
+ blacklist: true
+ - field: "vserver.vserver-id"
+ function: "string-contains"
+ filter: "myserver"
+ blacklist: true
+ - field: "cloud-region.cloud-region-id"
+ function: "string-ends-with"
+ filter: "mycloud"
+ blacklist: false
+ - field: "cloud-region.cloud-region-id"
+ function: "string-greater-than"
+ filter: "00"
+ blacklist: false
+ - field: "cloud-region.cloud-region-id"
+ function: "string-greater-than-or-equal"
+ filter: "00"
+ blacklist: false
+ - field: "cloud-region.cloud-region-id"
+ function: "string-less-than"
+ filter: "99"
+ blacklist: false
+ - field: "cloud-region.cloud-region-id"
+ function: "string-less-than-or-equal"
+ filter: "99"
+ blacklist: false
+ -
unknown-1:
type: onap.policies.controlloop.guard.common.Unknown
type_version: 1.0.0
diff --git a/applications/guard/src/test/resources/test.policy.guard.filters.yaml b/applications/guard/src/test/resources/test.policy.guard.filters.yaml
new file mode 100644
index 00000000..261ffbee
--- /dev/null
+++ b/applications/guard/src/test/resources/test.policy.guard.filters.yaml
@@ -0,0 +1,39 @@
+tosca_definitions_version: tosca_simple_yaml_1_1_0
+topology_template:
+ policies:
+ - filter.block.region.allow.one.vnf:
+ description: Block this region from Control Loop actions, but allow a specific vnf.
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ actor: SO
+ operation: VF Module Create
+ algorithm: whitelist-overrides
+ filters:
+ - field: cloud-region.cloud-region-id
+ filter: RegionOne
+ function: string-equal
+ blacklist: true
+ - field: generic-vnf.vnf-id
+ filter: e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e
+ function: string-equal
+ blacklist: false
+ - filter.allow.region.block.one.vnf:
+ description: allow this region to do Control Loop actions, but block a specific vnf.
+ type: onap.policies.controlloop.guard.common.Filter
+ type_version: 1.0.0
+ version: 1.0.0
+ properties:
+ actor: SO
+ operation: VF Module Create
+ algorithm: blacklist-overrides
+ filters:
+ - field: cloud-region.cloud-region-id
+ filter: RegionTwo
+ function: string-equal
+ blacklist: false
+ - field: generic-vnf.vnf-id
+ filter: f17face5-69cb-4c88-9e0b-7426db7edddd
+ function: string-equal
+ blacklist: true \ No newline at end of file