From de080f40b2e8821c13bb8a54339269248d2d5d17 Mon Sep 17 00:00:00 2001 From: Pamela Dragosh Date: Tue, 14 Apr 2020 13:20:05 -0400 Subject: Fix blacklist translator and vs or The blacklist entries should be treated as an or (AnyOf) vs an and (AllOf). Issue-ID: POLICY-2490 Change-Id: Id4eb823e18c59d84d4ca28b13f6a09794d36365f Signed-off-by: Pamela Dragosh --- .../pdp/application/guard/GuardTranslator.java | 26 ++++++++++++++++------ .../pdp/application/guard/GuardTranslatorTest.java | 16 ++++++++----- 2 files changed, 30 insertions(+), 12 deletions(-) (limited to 'applications/guard') diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java index 1e4333ea..854f3260 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java @@ -480,9 +480,25 @@ public class GuardTranslator implements ToscaPolicyTranslator { if (! toscaPolicy.getProperties().containsKey(FIELD_BLACKLIST)) { throw new ToscaPolicyConversionException("Missing blacklist field"); } - final AllOfType allOf = new AllOfType(); - this.addMatch(allOf, toscaPolicy.getProperties().get(FIELD_BLACKLIST), - ToscaDictionary.ID_RESOURCE_GUARD_TARGETID); + // + // Get the blacklist, which should be an array or collection. + // + Object arrayBlacklisted = toscaPolicy.getProperties().get(FIELD_BLACKLIST); + if (!(arrayBlacklisted instanceof Collection)) { + throw new ToscaPolicyConversionException("Blacklist is not a collection"); + } + // + // Iterate the entries and create individual AnyOf so each entry is + // treated as an OR. + // + TargetType target = new TargetType(); + for (Object blacklisted : ((Collection) arrayBlacklisted)) { + AllOfType allOf = new AllOfType(); + this.addMatch(allOf, blacklisted, ToscaDictionary.ID_RESOURCE_GUARD_TARGETID); + AnyOfType anyOf = new AnyOfType(); + anyOf.getAllOf().add(allOf); + target.getAnyOf().add(anyOf); + } // // Create our rule and add the target // @@ -490,10 +506,6 @@ public class GuardTranslator implements ToscaPolicyTranslator { blacklistRule.setEffect(EffectType.DENY); blacklistRule.setDescription("blacklist the entities"); blacklistRule.setRuleId(policyName + ":blacklist"); - TargetType target = new TargetType(); - AnyOfType anyOf = new AnyOfType(); - anyOf.getAllOf().add(allOf); - target.getAnyOf().add(anyOf); blacklistRule.setTarget(target); // // Add the rule to the policy diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java index c785a50c..a48e3c93 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java @@ -300,16 +300,22 @@ public class GuardTranslatorTest { if (! (rule instanceof RuleType)) { continue; } + assertThat(((RuleType) rule).getTarget()).isNotNull(); + assertThat(((RuleType) rule).getTarget().getAnyOf()).hasSize(2); for (AnyOfType anyOf : ((RuleType)rule).getTarget().getAnyOf()) { assertThat(anyOf.getAllOf()).isNotEmpty(); for (AllOfType allOf : anyOf.getAllOf()) { assertThat(allOf.getMatch()).isNotEmpty(); + assertThat(allOf.getMatch()).hasSize(1); for (MatchType match : allOf.getMatch()) { - if (ToscaDictionary.ID_RESOURCE_GUARD_TARGETID.toString().equals( - match.getAttributeDesignator().getAttributeId())) { - assertThat(policy.getProperties()).containsKey(GuardTranslator.FIELD_BLACKLIST); - foundBlacklist = true; - } + assertThat(match.getAttributeDesignator().getAttributeId()) + .isEqualTo(ToscaDictionary.ID_RESOURCE_GUARD_TARGETID.toString()); + assertThat(match.getAttributeValue().getContent()).containsAnyOf("vnf1", "vnf2"); + // + // This just checks that policy did have a blacklist in it. + // + assertThat(policy.getProperties()).containsKey(GuardTranslator.FIELD_BLACKLIST); + foundBlacklist = true; } } } -- cgit 1.2.3-korg