Skip to content

Commit

Permalink
Merge pull request #6 from fabric-testbed/facility-tests
Browse files Browse the repository at this point in the history 
Facility tests
  • Loading branch information
@ibaldin
ibaldin authored Dec 20, 2022
2 parents b3300ad + 5a022e4 commit e8e5dc1
Show file tree
Hide file tree
Showing 4 changed files with 102 additions and 6 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ curl --include --header "Content-Type: application/xacml+json" --data @policies/

## Using a test harness

Make sure that `./authzforce-ce-core-pdp-cli-X.Y.Z.jar ` is present under `authzforce/` directory. Update `test/test-harness.py` appropriately, then run:
Make sure that `./authzforce-ce-core-pdp-cli-X.Y.Z.jar ` is present under `authzforce/` directory. Update `test/test-harness.py` appropriately, be sure to use a virtenv that has the latest (or appropriate) version of fabric-fim library, then run:
```
$ cd test/
$ pytest test-harness.py
Expand Down
4 changes: 2 additions & 2 deletions policies/alfa/FabricOrchestratorProjectTags/orchestrator-project-tags.alfa
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,10 +197,10 @@ namespace fabricTags {
}
rule withFacilityPorts {
deny
condition stringBagSize(Attributes.resourceFacilityPort) > 0 && not(map(function[stringConcatenate], "Net.FacilityPort.", Attributes.resourceFacilityPort) == Attributes.projectTag)
condition stringBagSize(Attributes.resourceFacilityPort) > 0 && not(allOfAny(function[stringEqual], map(function[stringConcatenate], "Net.FacilityPort.", Attributes.resourceFacilityPort), Attributes.projectTag))
on deny {
advice reasonToDeny {
Attributes.message = "Policy Violation: Your project is lacking Net.FacilityPort.<facility-port-name> tag to request a slice with facility ports."
Attributes.message = "Policy Violation: Your project is lacking Net.FacilityPort.<facility-port-name> tag to request a connection to one or more of the facilities."
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion src-gen/fabricTags.OrchestratorTags.xml
View file

Large diffs are not rendered by default.

100 changes: 98 additions & 2 deletions test/test-harness.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -479,7 +479,7 @@ def testFABNetv4ExtOK(self) -> None:
def testFABNetv4ExtFail(self) -> None:

"""
Test that adding FABNetv4 with proper tag works
Test that adding FABNetv4 with proper tag fails
"""
t = fu.ExperimentTopology()
n1 = t.add_node(name='n1', site='RENC', capacities=fu.Capacities(core=1, ram=10, disk=25))
Expand Down Expand Up @@ -555,7 +555,7 @@ def testFABNetv6ExtOK(self) -> None:
def testFABNetv6ExtFail(self) -> None:

"""
Test that adding FABNetv4 with proper tag works
Test that adding FABNetv4 with proper tag fails
"""
t = fu.ExperimentTopology()
n1 = t.add_node(name='n1', site='RENC', capacities=fu.Capacities(core=1, ram=10, disk=25))
Expand Down Expand Up @@ -588,4 +588,100 @@ def testFABNetv6ExtFail(self) -> None:
authz.set_resource_subject_and_project(subject_id='[email protected]', project='MyProject')

print(f"FABNetv4ExtFail: {authz.transform_to_pdp_request()}")
self.runOnStringRequest(authz.transform_to_pdp_request(), TAGPDP, 'Deny')

def testFacilityOK(self) -> None:

"""
Test that adding FABNetv4 with proper tag works
"""
t = fu.ExperimentTopology()
n1 = t.add_node(name='n1', site='RENC', capacities=fu.Capacities(core=1, ram=10, disk=25))
c1 = n1.add_component(name='c1', model_type=fu.ComponentModelType.SmartNIC_ConnectX_6)
c2 = n1.add_component(name='c2', model_type=fu.ComponentModelType.SharedNIC_ConnectX_6)
n1.add_component(name='c3', model_type=fu.ComponentModelType.NVME_P4510)
n2 = t.add_node(name='n2', site='UKY', capacities=fu.Capacities(core=10, ram=10, disk=35))
c4 = n2.add_component(name='c4', model_type=fu.ComponentModelType.SmartNIC_ConnectX_5)
s1 = t.add_network_service(name='s1', nstype=fu.ServiceType.FABNetv6Ext,
interfaces=[c1.interface_list[0]])
s2 = t.add_network_service(name='s2', nstype=fu.ServiceType.FABNetv6Ext,
interfaces=[c4.interface_list[0]])

fac1 = t.add_facility(name='UKY-DTN', site='UKY', capacities=fu.Capacities(bw=10),
labels=fu.Labels(vlan='100'))
# facility needs to be connected via a service to something else
sfac = t.add_network_service(name='s-fac', nstype=fu.ServiceType.L2STS,
interfaces=[fac1.interface_list[0],
c4.interface_list[1]])
fac2 = t.add_facility(name='RENCI-DTN', site='RENC', capacities=fu.Capacities(bw=10),
labels=fu.Labels(vlan='100'))
# facility needs to be connected via a service to something else
sfac = t.add_network_service(name='s-fac1', nstype=fu.ServiceType.L2STS,
interfaces=[fac2.interface_list[0],
c1.interface_list[1]])
# this sets site property on fabnet, which is a must
t.validate()

authz = ResourceAuthZAttributes()

now = datetime.datetime.now(datetime.timezone.utc)
delta = datetime.timedelta(days=13, hours=11, minutes=7, seconds=4, milliseconds=10)
future = now + delta

authz.collect_resource_attributes(source=t)
authz.set_action('create')
authz.set_lifetime(future)
authz.set_subject_attributes(subject_id='[email protected]', project='MyProject', project_tag=[
'VM.NoLimit',
'Component.SmartNIC', 'Component.NVME', 'Net.FABNetv6Ext',
'Slice.Multisite', 'Net.FacilityPort.RENCI-DTN', 'Net.FacilityPort.UKY-DTN'
])
authz.set_resource_subject_and_project(subject_id='[email protected]', project='MyProject')

print(f"FacilityOK: {authz.transform_to_pdp_request()}")
self.runOnStringRequest(authz.transform_to_pdp_request(), TAGPDP)

def testFacilityFail(self) -> None:

"""
Test that adding Facility with proper tag fails
"""
t = fu.ExperimentTopology()
n1 = t.add_node(name='n1', site='RENC', capacities=fu.Capacities(core=1, ram=10, disk=25))
c1 = n1.add_component(name='c1', model_type=fu.ComponentModelType.SmartNIC_ConnectX_6)
c2 = n1.add_component(name='c2', model_type=fu.ComponentModelType.SharedNIC_ConnectX_6)
n1.add_component(name='c3', model_type=fu.ComponentModelType.NVME_P4510)
n2 = t.add_node(name='n2', site='UKY', capacities=fu.Capacities(core=10, ram=10, disk=35))
c4 = n2.add_component(name='c4', model_type=fu.ComponentModelType.SmartNIC_ConnectX_5)
s1 = t.add_network_service(name='s1', nstype=fu.ServiceType.FABNetv6Ext,
interfaces=[c1.interface_list[0]])
s2 = t.add_network_service(name='s2', nstype=fu.ServiceType.FABNetv6Ext,
interfaces=[c4.interface_list[0]])

fac1 = t.add_facility(name='RENCI-DTN', site='RENC', capacities=fu.Capacities(bw=10),
labels=fu.Labels(vlan='100'))
# facility needs to be connected via a service to something else
sfac = t.add_network_service(name='s-fac', nstype=fu.ServiceType.L2STS,
interfaces=[fac1.interface_list[0],
c1.interface_list[1]])
# this sets site property on fabnet, which is a must
t.validate()

authz = ResourceAuthZAttributes()

now = datetime.datetime.now(datetime.timezone.utc)
delta = datetime.timedelta(days=13, hours=11, minutes=7, seconds=4, milliseconds=10)
future = now + delta

authz.collect_resource_attributes(source=t)
authz.set_action('create')
authz.set_lifetime(future)
authz.set_subject_attributes(subject_id='[email protected]', project='MyProject', project_tag=[
'VM.NoLimit',
'Component.SmartNIC', 'Component.NVME', 'Net.FABNetv6Ext',
'Slice.Multisite'
])
authz.set_resource_subject_and_project(subject_id='[email protected]', project='MyProject')

print(f"FacilityFail: {authz.transform_to_pdp_request()}")
self.runOnStringRequest(authz.transform_to_pdp_request(), TAGPDP, 'Deny')

0 comments on commit e8e5dc1

Please sign in to comment.