diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2020-04-14 13:20:05 -0400 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2020-04-14 13:20:10 -0400 |
commit | de080f40b2e8821c13bb8a54339269248d2d5d17 (patch) | |
tree | 75e08dd5a5c39fdb5d549d74bb73210700df826d /applications/guard | |
parent | 0cd930cf733d33662ada0da13d226b82bcc13684 (diff) |
Fix blacklist translator and vs or
The blacklist entries should be treated as an or (AnyOf) vs
an and (AllOf).
Issue-ID: POLICY-2490
Change-Id: Id4eb823e18c59d84d4ca28b13f6a09794d36365f
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'applications/guard')
2 files changed, 30 insertions, 12 deletions
diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java index 1e4333ea..854f3260 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java @@ -480,9 +480,25 @@ public class GuardTranslator implements ToscaPolicyTranslator { if (! toscaPolicy.getProperties().containsKey(FIELD_BLACKLIST)) { throw new ToscaPolicyConversionException("Missing blacklist field"); } - final AllOfType allOf = new AllOfType(); - this.addMatch(allOf, toscaPolicy.getProperties().get(FIELD_BLACKLIST), - ToscaDictionary.ID_RESOURCE_GUARD_TARGETID); + // + // Get the blacklist, which should be an array or collection. + // + Object arrayBlacklisted = toscaPolicy.getProperties().get(FIELD_BLACKLIST); + if (!(arrayBlacklisted instanceof Collection)) { + throw new ToscaPolicyConversionException("Blacklist is not a collection"); + } + // + // Iterate the entries and create individual AnyOf so each entry is + // treated as an OR. + // + TargetType target = new TargetType(); + for (Object blacklisted : ((Collection<?>) arrayBlacklisted)) { + AllOfType allOf = new AllOfType(); + this.addMatch(allOf, blacklisted, ToscaDictionary.ID_RESOURCE_GUARD_TARGETID); + AnyOfType anyOf = new AnyOfType(); + anyOf.getAllOf().add(allOf); + target.getAnyOf().add(anyOf); + } // // Create our rule and add the target // @@ -490,10 +506,6 @@ public class GuardTranslator implements ToscaPolicyTranslator { blacklistRule.setEffect(EffectType.DENY); blacklistRule.setDescription("blacklist the entities"); blacklistRule.setRuleId(policyName + ":blacklist"); - TargetType target = new TargetType(); - AnyOfType anyOf = new AnyOfType(); - anyOf.getAllOf().add(allOf); - target.getAnyOf().add(anyOf); blacklistRule.setTarget(target); // // Add the rule to the policy diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java index c785a50c..a48e3c93 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java @@ -300,16 +300,22 @@ public class GuardTranslatorTest { if (! (rule instanceof RuleType)) { continue; } + assertThat(((RuleType) rule).getTarget()).isNotNull(); + assertThat(((RuleType) rule).getTarget().getAnyOf()).hasSize(2); for (AnyOfType anyOf : ((RuleType)rule).getTarget().getAnyOf()) { assertThat(anyOf.getAllOf()).isNotEmpty(); for (AllOfType allOf : anyOf.getAllOf()) { assertThat(allOf.getMatch()).isNotEmpty(); + assertThat(allOf.getMatch()).hasSize(1); for (MatchType match : allOf.getMatch()) { - if (ToscaDictionary.ID_RESOURCE_GUARD_TARGETID.toString().equals( - match.getAttributeDesignator().getAttributeId())) { - assertThat(policy.getProperties()).containsKey(GuardTranslator.FIELD_BLACKLIST); - foundBlacklist = true; - } + assertThat(match.getAttributeDesignator().getAttributeId()) + .isEqualTo(ToscaDictionary.ID_RESOURCE_GUARD_TARGETID.toString()); + assertThat(match.getAttributeValue().getContent()).containsAnyOf("vnf1", "vnf2"); + // + // This just checks that policy did have a blacklist in it. + // + assertThat(policy.getProperties()).containsKey(GuardTranslator.FIELD_BLACKLIST); + foundBlacklist = true; } } } |