From 50c786ff425de405252cccddea7ff776942ef671 Mon Sep 17 00:00:00 2001 From: Pamela Dragosh Date: Fri, 8 May 2020 16:45:03 -0400 Subject: Final blacklist fix for multiple entries The last change wasn't quite right, this has multiple AndOf's under a single AnyOf. Multiple AnyOf's are treated as AND's, but what we really want is a set of OR's. Issue-ID: POLICY-2490 Change-Id: I7336643302ccf7982c91a9c082d17bcf0adb4ac8 Signed-off-by: Pamela Dragosh --- .../onap/policy/xacml/pdp/application/guard/GuardTranslator.java | 4 ++-- .../xacml/pdp/application/guard/GuardPdpApplicationTest.java | 9 +++++++++ .../policy/xacml/pdp/application/guard/GuardTranslatorTest.java | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) (limited to 'applications') diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java index 854f3260..8699fec0 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslator.java @@ -492,13 +492,13 @@ public class GuardTranslator implements ToscaPolicyTranslator { // treated as an OR. // TargetType target = new TargetType(); + AnyOfType anyOf = new AnyOfType(); for (Object blacklisted : ((Collection) arrayBlacklisted)) { AllOfType allOf = new AllOfType(); this.addMatch(allOf, blacklisted, ToscaDictionary.ID_RESOURCE_GUARD_TARGETID); - AnyOfType anyOf = new AnyOfType(); anyOf.getAllOf().add(allOf); - target.getAnyOf().add(anyOf); } + target.getAnyOf().add(anyOf); // // Create our rule and add the target // diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java index ac45cf39..f5392cfa 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java @@ -341,6 +341,15 @@ public class GuardPdpApplicationTest { // vfcount=0 below min of 1: should get a Deny because target IS blacklisted // requestAndCheckDecision(requestVfCount, DENY); + // + // vfcount=1 between min of 1 and max of 2: change the + // + ((Map) requestVfCount.getResource().get("guard")).put("target", + "another-vfmodule-where-root-is-true"); + // + // vfcount=0 below min of 1: should get a Deny because target IS blacklisted + // + requestAndCheckDecision(requestVfCount, DENY); } @SuppressWarnings("unchecked") diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java index a48e3c93..d5dd16bf 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardTranslatorTest.java @@ -301,7 +301,7 @@ public class GuardTranslatorTest { continue; } assertThat(((RuleType) rule).getTarget()).isNotNull(); - assertThat(((RuleType) rule).getTarget().getAnyOf()).hasSize(2); + assertThat(((RuleType) rule).getTarget().getAnyOf()).hasSize(1); for (AnyOfType anyOf : ((RuleType)rule).getTarget().getAnyOf()) { assertThat(anyOf.getAllOf()).isNotEmpty(); for (AllOfType allOf : anyOf.getAllOf()) { -- cgit 1.2.3-korg