diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2020-05-08 16:45:03 -0400 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2020-05-08 16:45:09 -0400 |
commit | 50c786ff425de405252cccddea7ff776942ef671 (patch) | |
tree | 5d44f134625a4ae2e612ff2f38f22e761a1c6d76 /applications/guard | |
parent | 3f1d47dd8f14a948967f9a2b5b958f5d858c6809 (diff) |
Final blacklist fix for multiple entries
The last change wasn't quite right, this has multiple AndOf's under
a single AnyOf. Multiple AnyOf's are treated as AND's, but what we
really want is a set of OR's.
Issue-ID: POLICY-2490
Change-Id: I7336643302ccf7982c91a9c082d17bcf0adb4ac8
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'applications/guard')
3 files changed, 12 insertions, 3 deletions
diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java index 854f3260..8699fec0 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java @@ -492,13 +492,13 @@ public class GuardTranslator implements ToscaPolicyTranslator { // treated as an OR. // TargetType target = new TargetType(); + AnyOfType anyOf = new AnyOfType(); for (Object blacklisted : ((Collection<?>) arrayBlacklisted)) { AllOfType allOf = new AllOfType(); this.addMatch(allOf, blacklisted, ToscaDictionary.ID_RESOURCE_GUARD_TARGETID); - AnyOfType anyOf = new AnyOfType(); anyOf.getAllOf().add(allOf); - target.getAnyOf().add(anyOf); } + target.getAnyOf().add(anyOf); // // Create our rule and add the target // diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java index ac45cf39..f5392cfa 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java @@ -341,6 +341,15 @@ public class GuardPdpApplicationTest { // vfcount=0 below min of 1: should get a Deny because target IS blacklisted // requestAndCheckDecision(requestVfCount, DENY); + // + // vfcount=1 between min of 1 and max of 2: change the + // + ((Map<String, Object>) requestVfCount.getResource().get("guard")).put("target", + "another-vfmodule-where-root-is-true"); + // + // vfcount=0 below min of 1: should get a Deny because target IS blacklisted + // + requestAndCheckDecision(requestVfCount, DENY); } @SuppressWarnings("unchecked") diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java index a48e3c93..d5dd16bf 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java @@ -301,7 +301,7 @@ public class GuardTranslatorTest { continue; } assertThat(((RuleType) rule).getTarget()).isNotNull(); - assertThat(((RuleType) rule).getTarget().getAnyOf()).hasSize(2); + assertThat(((RuleType) rule).getTarget().getAnyOf()).hasSize(1); for (AnyOfType anyOf : ((RuleType)rule).getTarget().getAnyOf()) { assertThat(anyOf.getAllOf()).isNotEmpty(); for (AllOfType allOf : anyOf.getAllOf()) { |