create_schema:
"$schema": http://json-schema.org/draft-07/schema#
type: object
+ additionalProperties: false
properties:
+ class:
+ type: integer
+ minimum: 1
+ maximum: 256
+ description: integer id representing class to which we are applying policy
enforce:
type: boolean
- default: true
+ description: Whether to enable or disable enforcement of policy on this class
window_length:
type: integer
- default: 1
+ minimum: 15
+ maximum: 300
+ description: Sliding window length in seconds
+ trigger_threshold:
+ type: integer
minimum: 1
- maximum: 60
- description: Sliding window length (in minutes)
blocking_rate:
type: number
- default: 10
- minimum: 1
+ minimum: 0
maximum: 100
- description: "% Connections to block"
- trigger_threshold:
- type: integer
- default: 10
- minimum: 1
- description: Minimum number of events in window to trigger blocking
required:
+ - class
- enforce
- - blocking_rate
- - trigger_threshold
- window_length
- additionalProperties: false
+ - trigger_threshold
+ - blocking_rate
response:
status_code: 201
url: http://localhost:10000/a1-p/policytypes/6660666/policies/admission_control_policy
method: PUT
json:
+ class: 12
enforce: true
- window_length: 10
+ window_length: 20
blocking_rate: 20
trigger_threshold: 10
headers:
response:
status_code: 200
body:
+ class: 12
enforce: true
- window_length: 10
+ window_length: 20
blocking_rate: 20
trigger_threshold: 10
+
- name: test the admission control policy status get
delay_before: 3 # give it a few seconds for rmr
request:
---
+test_name: test query
+
+stages:
+ - name: type not there yet
+ request:
+ url: http://localhost:10000/a1-p/policytypes/1006001
+ method: GET
+ response:
+ status_code: 404
+
+ - name: put the type
+ request:
+ url: http://localhost:10000/a1-p/policytypes/1006001
+ method: PUT
+ json:
+ name: query test
+ description: test
+ policy_type_id: 1006001
+ create_schema:
+ "$schema": http://json-schema.org/draft-07/schema#
+ type: object
+ additionalProperties: false
+ properties:
+ foo:
+ type: string
+ required:
+ - foo
+ response:
+ status_code: 201
+
+ - name: type there now
+ request:
+ url: http://localhost:10000/a1-p/policytypes/1006001
+ method: GET
+ response:
+ status_code: 200
+
+ - name: instance list 200 but empty
+ request:
+ url: http://localhost:10000/a1-p/policytypes/1006001/policies
+ method: GET
+ response:
+ status_code: 200
+ body: []
+
+ - name: instance 1
+ request:
+ url: http://localhost:10000/a1-p/policytypes/1006001/policies/qt1
+ method: PUT
+ json:
+ foo: "bar1"
+ headers:
+ content-type: application/json
+ response:
+ status_code: 202
+
+ - name: instance 2
+ request:
+ url: http://localhost:10000/a1-p/policytypes/1006001/policies/qt2
+ method: PUT
+ json:
+ foo: "bar2"
+ headers:
+ content-type: application/json
+ response:
+ status_code: 202
+
+ - name: instance list
+ request:
+ url: http://localhost:10000/a1-p/policytypes/1006001/policies
+ method: GET
+ response:
+ status_code: 200
+ body: [qt1, qt2]
+
+ # after the query, a1 should send, query receiver should send back, and the policy should be in effect
+ # sometimes in kubernetes, this test takes a long time to work because of an k8s issue
+ # empirically we find that the si95 rmr finally "detects" failure after about 75 seconds, retries, and then works.
+ - name: test the query status get
+ max_retries: 100
+ delay_before: 1
+ request:
+ url: http://localhost:10000/a1-p/policytypes/1006001/policies/qt1/status
+ method: GET
+ response:
+ status_code: 200
+ body:
+ instance_status: "IN EFFECT"
+ has_been_deleted: False
+
+ - name: test the query status get 2
+ max_retries: 100
+ delay_before: 1
+ request:
+ url: http://localhost:10000/a1-p/policytypes/1006001/policies/qt2/status
+ method: GET
+ response:
+ status_code: 200
+ body:
+ instance_status: "IN EFFECT"
+ has_been_deleted: False
+
+---
+
test_name: test bad routing file endpoint
stages:
type: object
response:
status_code: 400
-
-
Code Review / ric-plt / a1.git / blobdiff