getDockerVersion xacml-pdp
export POLICY_XACML_PDP_VERSION="$docker_image_version"
- export POLICY_OPA_PDP_VERSION="1.0.0-SNAPSHOT"
+ export POLICY_OPA_PDP_VERSION="1.0.2-SNAPSHOT"
getDockerVersion distribution
export POLICY_DISTRIBUTION_VERSION="$docker_image_version"
--- /dev/null
+{
+ "output": {
+ "allow": true,
+ "role_grants": {
+ "billing": [
+ {
+ "action": "read",
+ "type": "finance"
+ },
+ {
+ "action": "update",
+ "type": "finance"
+ }
+ ],
+ "customer": [
+ {
+ "action": "read",
+ "type": "dog"
+ },
+ {
+ "action": "read",
+ "type": "cat"
+ },
+ {
+ "action": "adopt",
+ "type": "dog"
+ },
+ {
+ "action": "adopt",
+ "type": "cat"
+ }
+ ],
+ "employee": [
+ {
+ "action": "read",
+ "type": "dog"
+ },
+ {
+ "action": "read",
+ "type": "cat"
+ },
+ {
+ "action": "update",
+ "type": "dog"
+ },
+ {
+ "action": "update",
+ "type": "cat"
+ }
+ ]
+ },
+ "user_is_admin": true,
+ "user_is_granted": [],
+ "user_roles": {
+ "alice": ["admin"],
+ "bob": ["employee", "billing"],
+ "eve": ["customer"]
+ }
+ },
+ "policyName": "role"
+}
--- /dev/null
+{
+ "output": {
+ "role_grants": {
+ "billing": [
+ {"action": "read", "type": "finance"},
+ {"action": "update", "type": "finance"}
+ ],
+ "customer": [
+ {"action": "read", "type": "dog"},
+ {"action": "read", "type": "cat"},
+ {"action": "adopt", "type": "dog"},
+ {"action": "adopt", "type": "cat"}
+ ],
+ "employee": [
+ {"action": "read", "type": "dog"},
+ {"action": "read", "type": "cat"},
+ {"action": "update", "type": "dog"},
+ {"action": "update", "type": "cat"}
+ ]
+ }
+ },
+ "policyName": "role"
+}
-{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22", "currentTime": "2024-11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "+05:30", "currentDateTime": "2024-11-22T12:08:00Z", "policyName":"role/allow","input":{"user":"alice","action":"write","object":"id123","type":"dog"}}
+{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22", "currentTime": "2024-11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "+05:30", "currentDateTime": "2024-11-22T12:08:00Z", "policyName":"role","input":{"user":"alice","action":"write","object":"id123","type":"dog"}}
--- /dev/null
+{
+ "errorMessage": "Policy Filter is nil.",
+ "policyName": "",
+ "responseCode": "bad_request"
+}
-{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22", "currentTime": "2024-11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "+05:30", "currentDateTime": "2024-11-22T12:08:00Z", "policyName":"role1/allow","input":{"user":"alice","action":"write","object":"id123","type":"dog"}}
-
+{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22", "currentTime": "2024-11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "+05:30", "currentDateTime": "2024-11-22T12:08:00Z", "policyName":"role","policyFilter": ["role_grants"],"input":{"user":"alice","action":"write","object":"id123","type":"dog"}}
-{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22", "currentTime": "2024-11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "+05:30", "currentDateTime": "2024-11-22T12:08:00Z" "policyName":"role/allow","input":{"user":"carol","action":"write","object":"id123","type":"dog"}}
-
+{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22", "currentTime": "2024-11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "+05:30", "currentDateTime": "2024-11-22T12:08:00Z", "policyName":"role","policyFilter": [""],"input":{"user":"alice","action":"write","object":"id123","type":"dog"}}
+++ /dev/null
-{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22", "currentTime": "2024-11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "+05:30", "currentDateTime": "2024-11-22T12:08:00Z", "policyName":"role/allow","input":{"user":"carol","action":"write","object":"id123","type":"dog"}}
[Documentation] Verify OPA PDP health check
PdpxGetReq ${OPA_PDP_HOST} <Response [200]>
-RetrieveSuccessfulRequest
- [Documentation] Get Decision Request Successful for Opa Pdp
- DecisionRequest onap.policy.opa.pdp.decision.request.json PERMIT 200
-
-RetrieveDenyRequest
- [Documentation] Get Decision Request DENY for Opa Pdp
- DecisionRequest onap.policy.opa.pdp.decision.requestfailure.json DENY 200
-
-*** comments ***
-| RetrieveFailureRequest
-| |[Documentation] | Get Decision Request INDETERMINATE for Opa Pdp ***
-| | |DecisionRequest onap.policy.opa.pdp.decision.requestIndeterminate.json INDETERMINATE 200 ***
-
-RetrieveFailureBadRequest
- [Documentation] Get Decision Request Failure Bad Request for Opa Pdp
- DecisionRequest onap.policy.opa.pdp.decision.badRequest.json BAD_REQUEST 400
+ValidatingPolicyWithoutPolicyFilter
+ [Documentation] Validating the policy without giving policy filter
+ ValidatePolicyResponseWithoutFilter onap.policy.opa.pdp.decision.request.json 400 onap.policy.opa.pdp.decision.request.output.json
+
+ValidatingPolicyWithPolicyFilter
+ [Documentation] Validating the policy with policy filter
+ ValidatePolicyResponse onap.policy.opa.pdp.decision.request_filter.json 200 onap.policy.opa.pdp.decision.filter_response.json
+
+ValidatingPolicyWithEmptyPolicyFilter
+ [Documentation] Validating the policy with empty policy filter
+ ValidatePolicyResponse onap.policy.opa.pdp.decision.request_filter_empty.json 200 onap.policy.opa.pdp.decision.empty_filter_response.json
+
*** Keywords ***
PdpxGetReq
[Documentation] Verify the response of Health Check is Successful
${resp}= PerformGetRequest ${POLICY_OPA_IP} ${url} 200 null ${hcauth}
Should Be Equal As Strings ${resp} ${status}
-DecisionRequest
- [Arguments] ${jsonfile} ${keyword} ${status}
+ValidatePolicyResponse
+ [Documentation] Validating the output for the policy
+ [Arguments] ${jsonfile} ${status} ${jsonfile1}
+ ${expectedStatus}= Set Variable ${status}
${postjson}= Get file ${CURDIR}/data/${jsonfile}
- ${resp}= DecisionPostReq ${postjson} ${status} abbrev=true
- Should Contain ${resp.text} ${keyword}
+ ${expected_data}= Get file ${CURDIR}/data/${jsonfile1}
+ ${hcauth}= PolicyAdminAuth
+ ${resp}= PerformPostRequest ${POLICY_OPA_IP} ${url} ${expectedStatus} ${postjson} abbrev=true ${hcauth}
+ ${response_data}= Get From Dictionary ${resp.json()} output
+ ${expected_value}= Evaluate json.loads('''${expected_data}''') json
+ ${expected_output}= Get From Dictionary ${expected_value} output
+ Dictionaries Should Be Equal ${response_data} ${expected_output}
-DecisionPostReq
- [Arguments] ${postjson} ${status} ${abbr}
+ValidatePolicyResponseWithoutFilter
+ [Documentation] Validating the output for the policy
+ [Arguments] ${jsonfile} ${status} ${jsonfile1}
${expectedStatus}= Set Variable ${status}
+ ${postjson}= Get file ${CURDIR}/data/${jsonfile}
+ ${expected_data}= Get file ${CURDIR}/data/${jsonfile1}
${hcauth}= PolicyAdminAuth
- ${resp}= PerformPostRequest ${POLICY_OPA_IP} ${url} ${expectedStatus} ${postjson} ${abbr} ${hcauth}
- RETURN ${resp}
+ ${resp}= PerformPostRequest ${POLICY_OPA_IP} ${url} ${expectedStatus} ${postjson} abbrev=true ${hcauth}
+ ${response_data}= Get From Dictionary ${resp.json()} responseCode
+ ${expected_value}= Evaluate json.loads('''${expected_data}''') json
+ ${expected_output}= Get From Dictionary ${expected_value} responseCode
+ Should Be Equal As Strings ${response_data} ${expected_output}
+
+
-# ============LICENSE_START=======================================================\r
-# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-#\r
-# SPDX-License-Identifier: Apache-2.0\r
-# ============LICENSE_END=========================================================\r
-\r
-apiVersion: v2\r
-description: ONAP Policy OPA PDP\r
-name: policy-opa-pdp\r
-version: 11.0.0\r
-\r
+# ============LICENSE_START=======================================================
+# Copyright (C) 2024-2025 Deutsche Telekom Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy OPA PDP
+name: policy-opa-pdp
+version: 11.0.1
+
-# ============LICENSE_START=======================================================\r
-# Copyright (C) 2024-2025 Deutsche Telekom Intellectual Property. All rights reserved.\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-#\r
-# SPDX-License-Identifier: Apache-2.0\r
-# ============LICENSE_END=========================================================\r
-\r
-#################################################################\r
-# Global configuration defaults.\r
-#################################################################\r
-global:\r
- persistence: {}\r
- image:\r
- opapdp: nexus3.onap.org:10001/onap/policy-opa-pdp:1.0.0-SNAPSHOT\r
-log:\r
- loglevel: "debug"\r
-\r
-permissions:\r
- uid: 100\r
- gid: 102\r
-\r
-#################################################################\r
-# Secrets metaconfig\r
-#################################################################\r
-secrets:\r
- - uid: restserver-creds\r
- type: basicAuth\r
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'\r
- login: '{{ .Values.restServer.user }}'\r
- password: '{{ .Values.restServer.password }}'\r
-#################################################################\r
-# Application configuration defaults.\r
-#################################################################\r
-# application image\r
-pullPolicy: Always\r
-\r
-# flag to enable debugging - application support required\r
-debugEnabled: false\r
-\r
-# application configuration\r
-\r
-restServer:\r
- user: policyadmin\r
- password: zb!XztG34\r
-\r
-# default number of instances\r
-replicaCount: 1\r
-\r
-nodeSelector: {}\r
-\r
-affinity: {}\r
-\r
-# probe configuration parameters\r
-liveness:\r
- initialDelaySeconds: 20\r
- periodSeconds: 10\r
- # necessary to disable liveness probe when setting breakpoints\r
- # in debugger so K8s doesn't restart unresponsive container\r
- enabled: true\r
-\r
-readiness:\r
- initialDelaySeconds: 10\r
- periodSeconds: 120\r
- api: /ready\r
- successThreshold: 1\r
- failureThreshold: 3\r
- timeout: 60\r
-\r
-service:\r
- type: ClusterIP\r
- name: policy-opa-pdp\r
- portName: http\r
- externalPort: 8282\r
- internalPort: 8282\r
-\r
-ingress:\r
- enabled: false\r
-\r
-flavor: small\r
-resources:\r
- small:\r
- limits:\r
- cpu: 1\r
- memory: 4Gi\r
- requests:\r
- cpu: 100m\r
- memory: 1Gi\r
- unlimited: {}\r
-\r
-dirSizes:\r
- bundleDir:\r
- sizeLimit: 1000Mi\r
-\r
-#Pods Service Account\r
-serviceAccount:\r
- nameOverride: policy-opa-pdp\r
- roles:\r
- - read\r
-kafka:\r
- groupid: "policy-opa-pdp"\r
- topic: "policy-pdp-pap"\r
- useSASL: "false"\r
- username: ""\r
- password: ""\r
- brokers: "kafka.default.svc.cluster.local:9092"\r
-\r
+# ============LICENSE_START=======================================================
+# Copyright (C) 2024-2025 Deutsche Telekom Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ image:
+ opapdp: nexus3.onap.org:10001/onap/policy-opa-pdp:1.0.2-SNAPSHOT
+log:
+ loglevel: "debug"
+
+permissions:
+ uid: 100
+ gid: 102
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+ user: policyadmin
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 120
+ api: /ready
+ successThreshold: 1
+ failureThreshold: 3
+ timeout: 60
+
+service:
+ type: ClusterIP
+ name: policy-opa-pdp
+ portName: http
+ externalPort: 8282
+ internalPort: 8282
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+dirSizes:
+ bundleDir:
+ sizeLimit: 1000Mi
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-opa-pdp
+ roles:
+ - read
+kafka:
+ groupid: "policy-opa-pdp"
+ topic: "policy-pdp-pap"
+ useSASL: "false"
+ username: ""
+ password: ""
+ brokers: "kafka.default.svc.cluster.local:9092"
+
simulator: onap/policy-models-simulator:$tag
pdpdcl: onap/policy-pdpd-cl:$tag
xacml: onap/policy-xacml-pdp:$tag
- opa: onap/policy-opa-pdp:1.0.0-SNAPSHOT
+ opa: onap/policy-opa-pdp:1.0.2-SNAPSHOT
distribution: onap/policy-distribution:$tag
runtimeacm: onap/policy-clamp-runtime-acm:$tag
kserveparticipant: onap/policy-clamp-ac-kserve-ppnt:$tag
Code Review / policy / docker.git / commitdiff