AETHER-2234 move and update aether-roc-umbrella
Change-Id: I7ca845b92dff1fce5fd87d42053a43d80cc55f34
diff --git a/aether-roc-umbrella/Chart.yaml b/aether-roc-umbrella/Chart.yaml
new file mode 100644
index 0000000..00d1281
--- /dev/null
+++ b/aether-roc-umbrella/Chart.yaml
@@ -0,0 +1,76 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: v2
+name: aether-roc-umbrella
+description: Aether ROC Umbrella chart to deploy all Aether ROC
+kubeVersion: ">=1.18.0"
+type: application
+version: 1.3.8
+appVersion: v0.0.0
+keywords:
+ - aether
+ - sdn
+home: https://www.opennetworking.org/aether/
+maintainers:
+ - name: Aether Ops team
+ email: support@opennetworking.org
+dependencies:
+ - name: onos-topo
+ condition: import.onos-topo.enabled
+ repository: https://charts.onosproject.org
+ version: 1.1.102
+ - name: config-model-aether
+ condition: onos-config.models.aether.v2_1.enabled
+ repository: "@aether"
+ version: 2.1.3
+ alias: config-model-aether-2-1-0
+ - name: config-model-aether
+ condition: onos-config.models.aether.v3.enabled
+ repository: "@aether"
+ version: 3.0.13
+ alias: config-model-aether-3-0-0
+ - name: onos-config
+ condition: import.onos-config.enabled
+ repository: https://charts.onosproject.org
+ version: 1.3.4
+ - name: onos-gui
+ condition: import.onos-gui.enabled
+ repository: https://charts.onosproject.org
+ version: 1.0.8
+ - name: onos-cli
+ condition: import.onos-cli.enabled
+ repository: https://charts.onosproject.org
+ version: 1.1.5
+ - name: aether-roc-api
+ condition: import.aether-roc-api.enabled
+ repository: "@aether"
+ version: 1.1.14
+ - name: aether-roc-gui
+ condition: import.aether-roc-gui.v3.enabled
+ repository: "@aether"
+ version: 3.0.23
+ alias: aether-roc-gui-v3
+ - name: sdcore-adapter
+ condition: import.sdcore-adapter.v3.enabled
+ repository: "@aether"
+ version: 3.0.15
+ alias: sdcore-adapter-v3
+ - name: subscriber-proxy
+ condition: import.subscriber-proxy.enabled
+ repository: "@aether"
+ version: 0.0.3
+ - name: nginx
+ alias: sdcore-test-dummy
+ condition: import.sdcore-test-dummy.enabled
+ repository: https://charts.bitnami.com/bitnami
+ version: 8.9.0
+ - name: grafana
+ condition: import.grafana.enabled
+ repository: https://grafana.github.io/helm-charts
+ version: 6.16.6
+ - name: prometheus
+ condition: import.prometheus.enabled
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 14.6.1
diff --git a/aether-roc-umbrella/README.md b/aether-roc-umbrella/README.md
new file mode 100644
index 0000000..8c3df88
--- /dev/null
+++ b/aether-roc-umbrella/README.md
@@ -0,0 +1,84 @@
+<!--
+SPDX-FileCopyrightText: 2020 Open Networking Foundation <info@opennetworking.org>
+
+SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+-->
+
+## Aether ROC Umbrella chart
+
+First add repos to your Helm client
+```
+stable https://charts.helm.sh/stable
+cord https://charts.opencord.org
+atomix https://charts.atomix.io
+onosproject https://charts.onosproject.org
+sdran https://sdrancharts.onosproject.org
+aether https://charts.aetherproject.org
+cetic https://cetic.github.io/helm-charts
+bitnami https://charts.bitnami.com/bitnami
+```
+
+Provides a [Helm] chart for deploying
+
+* aether-roc-gui (2 versions)
+* aether-roc-api
+* onos-topo
+* onos-config
+* sdcore-adapter (2 versions)
+* sdcore-test-dummy
+* grafana
+* prometheus
+
+to [Kubernetes].
+> See the [documentation] for more info.
+
+## Config models
+The Aether ROC Umbrella chart controls the Config Model Plugins that are enabled in `onos-config`
+Currently 2 versions of the `Aether` model are loaded:
+
+* aether-2.1.0
+* aether-3.0.0
+
+## Deploy with Authentication enabled
+
+1) install the helm Repo https://cetic.github.io/helm-charts
+2) deploy the [dex-ldap-umbrella](https://github.com/onosproject/onos-helm-charts/tree/master/dex-ldap-umbrella)
+
+Then run:
+```bash
+helm -n micro-onos install aether-roc-umbrella sdran/aether-roc-umbrella \
+--set onos-config.openidc.issuer=http://dex-ldap-umbrella:5556 \
+--set aether-roc-gui.openidc.issuer=http://dex-ldap-umbrella:5556
+```
+
+## Sample Data - MEGA Patch
+Some sample data that works with the `aether-3.0.0` models is available at
+https://github.com/onosproject/aether-roc-api/blob/master/examples/MEGA_Patch.curl
+
+This creates 2 sample enterprises `acme` and `starbucks` with corresponding `sites`,
+`applications`, `device-groups` and `vcs` etc.
+
+## sdcore-test-dummy
+The chart includes the `sdcore-test-dummy` container for testing the `sdcore-adapter`
+
+> this may be disabled in the chart with `--set import.sdcore-test-dummy.enabled=false`
+
+This runs in the cluster at http://aether-roc-umbrella-sdcore-test-dummy (port 80)
+
+This is a simple nginx server that has been configured to accept POST requests and
+log their contents. Use `kubectl -n <namespace> logs --follow <pod identifier>` to
+see the POST request contents.
+
+In a configuration of a `connectivity-service` for the 4G/5G model (aether-3.0.0)
+the following values should be set:
+* "core-5g-endpoint": "http://aether-roc-umbrella-sdcore-test-dummy/v1/config/5g",
+
+In a configuration of a `connectivity-service` for the 4G only model (aether-2.1.0)
+the following values should be set:
+* hss-endpoint http://aether-roc-umbrella-sdcore-test-dummy/v1/config/imsis
+* spgwc-endpoint http://aether-roc-umbrella-sdcore-test-dummy/v1/config
+* pcrf-endpoint http://aether-roc-umbrella-sdcore-test-dummy/v1/config policies
+
+[Kubernetes]: https://kubernetes.io/
+[Helm]: https://helm.sh/
+[documentation]: https://docs.onosproject.org/developers/deploy_with_helm/
diff --git a/aether-roc-umbrella/files/dashboards/ue/ue-connectivity.json b/aether-roc-umbrella/files/dashboards/ue/ue-connectivity.json
new file mode 100644
index 0000000..8bb0a7d
--- /dev/null
+++ b/aether-roc-umbrella/files/dashboards/ue/ue-connectivity.json
@@ -0,0 +1,230 @@
+{
+ "dashboard": {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "links": [],
+ "panels": [
+ {
+ "datasource": "datasource-$ORG",
+ "description": "UE Connectivity",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "id": 1,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "ue_throughput{id=\"$IMSI\"}",
+ "interval": "",
+ "legendFormat": "Throughput {{slice}} {{direction}} kb/s",
+ "queryType": "randomWalk",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "ue_latency{id=\"$IMSI\"} * 1000",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Latency {{slice}} {{direction}} µs",
+ "refId": "B"
+ }
+ ],
+ "title": "UE $IMSI Throughput and Latency",
+ "type": "timeseries"
+ },
+ {
+ "datasource": "datasource-$ORG",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "hidden",
+ "barAlignment": 0,
+ "drawStyle": "bars",
+ "fillOpacity": 57,
+ "gradientMode": "hue",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 8
+ },
+ "id": 2,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "smf_pdu_session_profile{id=\"$IMSI\",state=\"active\"}*2",
+ "interval": "",
+ "legendFormat": "Active",
+ "queryType": "randomWalk",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "smf_pdu_session_profile{id=\"$IMSI\",state=\"idle\"}*1",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Idle",
+ "refId": "B"
+ },
+ {
+ "exemplar": true,
+ "expr": "smf_pdu_session_profile{id=\"$IMSI\",state=\"inactive\"}*-1",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Inactive",
+ "refId": "C"
+ }
+ ],
+ "title": "UE $IMSI Connectivity",
+ "type": "timeseries"
+ }
+ ],
+ "refresh": "",
+ "schemaVersion": 30,
+ "style": "light",
+ "tags": [],
+ "templating": {
+ "list": []
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {},
+ "timezone": "",
+ "title": "UE $IMSI Connectivity and Throughput",
+ "uid": "ue-$IMSI",
+ "version": 1
+ },
+ "folderUid": "$ORG",
+ "message": "Made changes to $ORG"
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/dashboards/vcs/vcs-performance-all.json b/aether-roc-umbrella/files/dashboards/vcs/vcs-performance-all.json
new file mode 100644
index 0000000..7d0b484
--- /dev/null
+++ b/aether-roc-umbrella/files/dashboards/vcs/vcs-performance-all.json
@@ -0,0 +1,140 @@
+{
+ "dashboard": {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "links": [],
+ "panels": [
+ {
+ "datasource": "datasource-$ORG",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "id": 1,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "sum(vcs_jitter{vcs_id=~\"$ORG.*\"})/count(vcs_jitter{vcs_id=~\"$ORG.*\"})*1000",
+ "format": "time_series",
+ "interval": "",
+ "legendFormat": "Jitter (µs)",
+ "queryType": "randomWalk",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "sum(vcs_latency{vcs_id=~\"$ORG.*\"})/count(vcs_latency{vcs_id=~\"$ORG.*\"})*1000",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Latency (µs)",
+ "refId": "B"
+ },
+ {
+ "exemplar": true,
+ "expr": "sum(vcs_throughput{vcs_id=~\"$ORG.*\"})/count(vcs_throughput{vcs_id=~\"$ORG.*\"})",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Throughput (kb/s)",
+ "refId": "C"
+ }
+ ],
+ "title": "VCS $ORG All",
+ "type": "timeseries"
+ }
+ ],
+ "schemaVersion": 30,
+ "style": "dark",
+ "tags": [],
+ "templating": {
+ "list": []
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {
+ },
+ "timezone": "",
+ "title": "VCS $ORG All",
+ "uid": "vcs-$ORG-all",
+ "version": 2
+ },
+ "folderUid": "$ORG",
+ "message": "Made changes to $ORG"
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/dashboards/vcs/vcs-performance.json b/aether-roc-umbrella/files/dashboards/vcs/vcs-performance.json
new file mode 100644
index 0000000..8a84890
--- /dev/null
+++ b/aether-roc-umbrella/files/dashboards/vcs/vcs-performance.json
@@ -0,0 +1,141 @@
+{
+ "dashboard": {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "description": "",
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "links": [],
+ "panels": [
+ {
+ "datasource": "datasource-$ORG",
+ "description": "",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "id": 1,
+ "links": [],
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "vcs_jitter{vcs_id=\"$VCS\"}*1000",
+ "interval": "",
+ "legendFormat": "Jitter (µs)",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "vcs_latency{vcs_id=\"$VCS\"}*1000",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Latency (µs)",
+ "refId": "B"
+ },
+ {
+ "exemplar": true,
+ "expr": "vcs_throughput{vcs_id=\"$VCS\"}",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Throughput (kb/s)",
+ "refId": "C"
+ }
+ ],
+ "title": "VCS $VCS Performance",
+ "type": "timeseries"
+ }
+ ],
+ "refresh": "",
+ "schemaVersion": 30,
+ "style": "light",
+ "tags": [],
+ "templating": {
+ "list": []
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {},
+ "timezone": "",
+ "title": "VCS $VCS Performance",
+ "uid": "vcs-$VCS",
+ "version": 1
+ },
+ "folderUid": "$ORG",
+ "message": "Made changes to $ORG"
+}
diff --git a/aether-roc-umbrella/files/dashboards/vcs/vcs-ue-connectivity.json b/aether-roc-umbrella/files/dashboards/vcs/vcs-ue-connectivity.json
new file mode 100644
index 0000000..7185d4a
--- /dev/null
+++ b/aether-roc-umbrella/files/dashboards/vcs/vcs-ue-connectivity.json
@@ -0,0 +1,139 @@
+{
+ "dashboard": {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "links": [],
+ "panels": [
+ {
+ "datasource": "datasource-$ORG",
+ "description": "Stacked time-series of UE's connected to slice by active, inactive and idle",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "bars",
+ "fillOpacity": 56,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "normal"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "id": 1,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "sum(smf_pdu_session_profile{slice=\"$VCS\",state=\"active\"})",
+ "interval": "",
+ "legendFormat": "Active",
+ "queryType": "randomWalk",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "sum(smf_pdu_session_profile{slice=\"$VCS\",state=\"inactive\"})",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Inactive",
+ "refId": "B"
+ },
+ {
+ "exemplar": true,
+ "expr": "sum(smf_pdu_session_profile{slice=\"$VCS\",state=\"idle\"})",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Idle",
+ "refId": "C"
+ }
+ ],
+ "title": "VCS $VCS UE Connectivity Stacked",
+ "type": "timeseries"
+ }
+ ],
+ "schemaVersion": 30,
+ "style": "light",
+ "tags": [],
+ "templating": {
+ "list": []
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {},
+ "timezone": "",
+ "title": "VCS $VCS UE Connectivity",
+ "uid": "$VCS-ue-conn",
+ "version": 1
+ },
+ "folderUid": "$ORG",
+ "message": "Made changes to $ORG"
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego b/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego
new file mode 100644
index 0000000..9c2ec1b
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego
@@ -0,0 +1,133 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+package aether_2_1_0
+
+echo[config] {
+ config := input
+}
+
+allowed[config] {
+ access_profile := access_profiles # refer to rule below
+ subscriber := subscribers
+ apn_profile := apn_profiles
+ connectivity_service := connectivityservices
+ enterprise := enterprises
+ qos_profile := qos_profiles
+ security_profile := security_profiles
+ service_profile := service_profiles
+ service_group := service_groups
+ service_policy := service_policies
+ service_rule := service_rules
+ up_profile := up_profiles
+ config := {
+ "access_profile": {
+ "access_profile": [
+ access_profile
+ ]
+ },
+ "subscriber": {
+ "ue": [
+ subscriber
+ ]
+ },
+ "apn_profile": {
+ "apn_profile": [
+ apn_profile
+ ]
+ },
+ "connectivity-service": {
+ "connectivity-service": [
+ connectivity_service
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ enterprise
+ ]
+ },
+ "qos_profile": {
+ "qos_profile": [
+ qos_profile
+ ]
+ },
+ "security_profile": {
+ "security_profile": [
+ security_profile
+ ]
+ },
+ "service_profile": {
+ "service_profile": [
+ service_profile
+ ]
+ },
+ "service_group": {
+ "service_group": [
+ service_group
+ ]
+ },
+ "service_policy": {
+ "service_policy": [
+ service_policy
+ ]
+ },
+ "service_rule": {
+ "service_rule": [
+ service_rule
+ ]
+ },
+ "up_profile": {
+ "up_profile": [
+ up_profile
+ ]
+ },
+ }
+}
+
+access_profiles[access_profile] {
+ access_profile := input.access_profile.access_profile[_]
+}
+
+subscribers[subscriber] {
+ subscriber := input.subscriber.ue[_]
+}
+
+apn_profiles[apn_profile] {
+ apn_profile := input.apn_profile.apn_profile[_]
+}
+
+connectivityservices[connectivity_service] {
+ enterprise := input.enterprise.enterprise[_]
+ enterprise_cs := enterprise.connectivity_service[_]
+ connectivity_service := input.connectivity_service.connectivity_service[_]
+ ["AetherROCAdmin", enterprise.id][_] == input.groups[i]
+ enterprise_cs.connectivity_service == connectivity_service.id
+}
+
+enterprises[enterprise] {
+ enterprise := input.enterprise.enterprise[_]
+ ["AetherROCAdmin", enterprise.id][_] == input.groups[_]
+}
+
+qos_profiles[qos_profile] {
+ qos_profile := input.qos_profile.qos_profile[_]
+}
+security_profiles[security_profile] {
+ security_profile := input.security_profile.security_profile[_]
+}
+service_profiles[service_profile] {
+ service_profile := input.service_profile.service_profile[_]
+}
+service_groups[service_group] {
+ service_group := input.service_group.service_group[_]
+}
+service_policies[service_policy] {
+ service_policy := input.service_policy.service_policy[_]
+}
+service_rules[service_rule] {
+ service_rule := input.service_rule.service_rule[_]
+}
+up_profiles[up_profile] {
+ up_profile := input.up_profile.up_profile[_]
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego b/aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego
new file mode 100644
index 0000000..29df86e
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego
@@ -0,0 +1,149 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+package aether_3_0_0
+
+echo[config] {
+ config := input
+}
+
+allowed[config] {
+ ap_list := ap_lists # refer to rule below
+ application := applications
+ connectivity_service := connectivityservices
+ device_group := devicegroups
+ enterprise := enterprises
+ ip_domain := ip_domains
+ network := networks
+ site := sites
+ template := templates
+ traffic_class := trafficclasses
+ upf := upfs
+ vcs := vcss
+ config := {
+ "ap-list": {
+ "ap-list": [
+ ap_list
+ ]
+ },
+ "application": {
+ "application": [
+ application
+ ]
+ },
+ "connectivity-service": {
+ "connectivity-service": [
+ connectivity_service
+ ]
+ },
+ "device-group": {
+ "device-group": [
+ device_group
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ enterprise
+ ]
+ },
+ "ip-domain": {
+ "ip-domain": [
+ ip_domain
+ ]
+ },
+ "network": {
+ "network": [
+ network
+ ]
+ },
+ "site": {
+ "site": [
+ site
+ ]
+ },
+ "template": {
+ "template": [
+ template
+ ]
+ },
+ "traffic_class": {
+ "traffic_class": {
+ traffic_class
+ }
+ },
+ "upf": {
+ "upf": [
+ upf
+ ]
+ },
+ "vcs": {
+ "vcs": [
+ vcs
+ ]
+ }
+ }
+}
+
+ap_lists[ap_list] {
+ ap_list := input.ap_list.ap_list[_]
+ ["AetherROCAdmin", ap_list.enterprise][_] == input.groups[i]
+}
+
+applications[application] {
+ application := input.application.application[_]
+ ["AetherROCAdmin", application.enterprise][_] == input.groups[i]
+}
+
+connectivityservices[connectivity_service] {
+ connectivity_service := input.connectivity_service.connectivity_service[_]
+}
+
+devicegroups[device_group] {
+ device_group := input.device_group.device_group[_]
+ site := sites
+ device_group.site == site[_].id # allow only the device_groups of a known site
+}
+
+enterprises[enterprise] {
+ enterprise := input.enterprise.enterprise[_]
+ ["AetherROCAdmin", enterprise.id][_] == input.groups[i]
+}
+
+ip_domains[ip_domain] {
+ ip_domain := input.ip_domain.ip_domain[_]
+ ["AetherROCAdmin", ip_domain.enterprise][_] == input.groups[i]
+}
+
+networks[network] {
+ network := input.network.network[_]
+ ["AetherROCAdmin", network.enterprise][_] == input.groups[i]
+}
+
+sites[site] {
+ site := input.site.site[_]
+ ["AetherROCAdmin", site.enterprise][_] == input.groups[i]
+}
+
+templates[template] {
+ template := input.template.template[_]
+}
+
+trafficclasses[traffic_class] {
+ traffic_class := input.traffic_class.traffic_class[_]
+}
+
+upfs[upf] {
+ upf := input.upf.upf[_]
+ ["AetherROCAdmin", upf.enterprise][_] == input.groups[i]
+}
+
+vcss[vcs] {
+ vcs := input.vcs.vcs[_]
+ ["AetherROCAdmin", vcs.enterprise][_] == input.groups[i]
+}
+
+can_update_enterprise = true {
+ update_enterprise := input.updates.enterprise.enterprise[_]
+ ["AetherROCAdmin", update_enterprise.id][_] == input.groups[i]
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-2.1.0-example-get.json b/aether-roc-umbrella/files/opa-rbac/test/aether-2.1.0-example-get.json
new file mode 100644
index 0000000..385eb95
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-2.1.0-example-get.json
@@ -0,0 +1,906 @@
+{
+ "groups": [
+ "mixedGroup",
+ "AetherROCAdmin",
+ "EnterpriseAdmin"
+ ],
+ "access_profile": {
+ "access_profile": [
+ {
+ "description": "access profile that allows all access",
+ "display_name": "Access All",
+ "filter": "null",
+ "id": "access_all",
+ "type": "allow_all"
+ },
+ {
+ "description": "access profile that only allows access to the apps network",
+ "display_name": "Only Apps Network",
+ "filter": "only^apps^network",
+ "id": "apps_only",
+ "type": "specific_network"
+ },
+ {
+ "description": "exclude an app from contacting a specific destination",
+ "display_name": "Exclude App By Name",
+ "filter": "exclude_app_name",
+ "id": "excluding_app",
+ "type": "excluding_this_app"
+ },
+ {
+ "description": "access profile that allows Internet access only",
+ "display_name": "Internet Access Only",
+ "filter": "No^private^network",
+ "id": "internet_only",
+ "type": "internet_only"
+ },
+ {
+ "description": "access profile that allows intranet access only",
+ "display_name": "Private Network Only",
+ "filter": "only^private^network",
+ "id": "intranet_only",
+ "type": "intranet_only"
+ },
+ {
+ "description": "access profile that allows internet only",
+ "display_name": "Access Profile 1",
+ "filter": "null",
+ "id": "profile_access_demo_1",
+ "type": "allow_all"
+ },
+ {
+ "description": "allow an app to contact a specific destination",
+ "display_name": "Allow App By Name",
+ "filter": "allow_app_name",
+ "id": "specific_app",
+ "type": "specific_destination_only"
+ }
+ ]
+ },
+ "apn_profile": {
+ "apn_profile": [
+ {
+ "apn_name": "internet",
+ "description": "Ciena Internet APN config",
+ "display_name": "Ciena Internet",
+ "dns_primary": "10.24.7.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_ciena",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Cornell1 Internet APN config",
+ "display_name": "Cornell1 Internet",
+ "dns_primary": "10.68.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_cornell1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Default Internet APN config",
+ "display_name": "Default Internet",
+ "dns_primary": "1.1.1.1",
+ "dns_secondary": "8.8.8.8",
+ "gx_enabled": true,
+ "id": "apn_internet_default",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Intel Internet APN config",
+ "display_name": "Intel Internet",
+ "dns_primary": "10.212.74.139",
+ "dns_secondary": "10.212.87.15",
+ "gx_enabled": true,
+ "id": "apn_internet_intel",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "ONF Menlo Internet APN config",
+ "display_name": "ONF Menlo Internet",
+ "dns_primary": "10.53.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_menlo",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Princeton1 Internet APN config",
+ "display_name": "Princeton1 Internet",
+ "dns_primary": "10.70.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_princeton1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Stanford1 Internet APN config",
+ "display_name": "Stanford1 Internet",
+ "dns_primary": "10.65.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_stanford1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Stanford2 Internet APN config",
+ "display_name": "Stanford2 Internet",
+ "dns_primary": "10.67.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_stanford2",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Telefonica Internet APN config",
+ "display_name": "Telefonica Internet",
+ "dns_primary": "10.82.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_tef",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "ONF Tucson Internet APN config",
+ "display_name": "ONF Tucson Internet",
+ "dns_primary": "10.59.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_tucson",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "the default APN profile",
+ "display_name": "APN Profile 1",
+ "dns_primary": "8.8.8.4",
+ "dns_secondary": "8.8.8.8",
+ "gx_enabled": true,
+ "id": "apn_profile1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "the default APN profile",
+ "display_name": "APN Profile 1",
+ "dns_primary": "8.8.4.4",
+ "dns_secondary": "8.8.8.8",
+ "gx_enabled": true,
+ "id": "profile_apn_demo_1",
+ "mtu": 1460,
+ "service_group": "internet"
+ }
+ ]
+ },
+ "connectivity_service": {
+ "connectivity_service": [
+ {
+ "description": "Connectivity service endpoints",
+ "display_name": "Connectivity Service 1",
+ "hss_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/imsis",
+ "id": "connectivity_service_demo_1",
+ "pcrf_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/policies",
+ "spgwc_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config"
+ },
+ {
+ "description": "Connectivity service endpoints",
+ "display_name": "Connectivity Service v1",
+ "hss_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config",
+ "id": "connectivity_service_v1",
+ "spgwc_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config"
+ }
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Ciena",
+ "display_name": "Aether _ Ciena",
+ "id": "aether_ciena"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Intel",
+ "display_name": "Aether _ Intel",
+ "id": "aether_intel"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ NTT",
+ "display_name": "Aether _ NTT",
+ "id": "aether_ntt"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Open Networking Foundation",
+ "display_name": "Aether _ ONF",
+ "id": "aether_onf"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Telefonica",
+ "display_name": "Aether _ Telefonica",
+ "id": "aether_tef"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_demo_1",
+ "enabled": true
+ }
+ ],
+ "description": "Enterprise configuration",
+ "display_name": "Enterprise 1",
+ "id": "enterprise_demo_1"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Pronto _ Cornell",
+ "display_name": "Pronto _ Cornell",
+ "id": "pronto_cornell"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Pronto _ Princeton",
+ "display_name": "Pronto _ Princeton",
+ "id": "pronto_princeton"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Pronto _ Stanford",
+ "display_name": "Pronto _ Stanford",
+ "id": "pronto_stanford"
+ }
+ ]
+ },
+ "qos_profile": {
+ "qos_profile": [
+ {
+ "apn_ambr": {
+ "downlink": 12345678,
+ "uplink": 12345678
+ },
+ "description": "qos profile for demo",
+ "display_name": "QOS Profile 1",
+ "id": "profile_qos_demo_1"
+ },
+ {
+ "apn_ambr": {
+ "downlink": 12345678,
+ "uplink": 12345678
+ },
+ "description": "low bitrate internet service",
+ "display_name": "QOS Profile 1",
+ "id": "qos_profile1"
+ }
+ ]
+ },
+ "security_profile": {
+ "security_profile": [
+ {
+ "description": "default security profile",
+ "display_name": "Default Security Profile",
+ "id": "profile_security_default_1",
+ "key": "000102030405060708090a0b0c0d0e0f",
+ "opc": "69d5c2eb2e2e624750541d3bbc692ba5",
+ "sqn": 135
+ },
+ {
+ "description": "security profile for demo",
+ "display_name": "Security Profile 1",
+ "id": "profile_security_demo_1",
+ "key": "465b5ce8b199b49faa5f0a2ee238a6bc",
+ "opc": "d4416644f6154936193433dd20a0ace0",
+ "sqn": 96
+ },
+ {
+ "description": "NTT security profile",
+ "display_name": "NTT Security Profile",
+ "id": "profile_security_ntt_1",
+ "key": "ACB9E480B30DC12C6BDD26BE882D2940",
+ "opc": "F5929B14A34AD906BC44D205242CD182",
+ "sqn": 135
+ },
+ {
+ "description": "Telefonica security profile",
+ "display_name": "Telefonica Security Profile",
+ "id": "profile_security_tef_1",
+ "key": "83BBE53DFA050D9648C1D14937FC1AC3",
+ "opc": "346EF56C902AF38E5E4C4E3A0B0C2497",
+ "sqn": 135
+ }
+ ]
+ },
+ "service_group": {
+ "service_group": [
+ {
+ "description": "Internet service",
+ "id": "internet",
+ "service_policies": [
+ {
+ "kind": "default",
+ "service_policy": "be_internet_access"
+ }
+ ]
+ },
+ {
+ "description": "Menlo high definition camera service",
+ "id": "iot_hd_camera_menlo",
+ "service_policies": [
+ {
+ "kind": "default",
+ "service_policy": "video_non_gbr_1"
+ }
+ ]
+ }
+ ]
+ },
+ "service_policy": {
+ "service_policy": [
+ {
+ "ambr": {
+ "downlink": 20000000,
+ "uplink": 100000
+ },
+ "arp": 1,
+ "id": "be_internet_access",
+ "qci": 9,
+ "rules": [
+ {
+ "enabled": true,
+ "rule": "best_effort_internet_access"
+ }
+ ]
+ },
+ {
+ "ambr": {
+ "downlink": 20000000,
+ "uplink": 100000
+ },
+ "arp": 1,
+ "id": "video_non_gbr_1",
+ "qci": 7,
+ "rules": [
+ {
+ "enabled": true,
+ "rule": "video_non_gbr_1"
+ }
+ ]
+ }
+ ]
+ },
+ "service_rule": {
+ "service_rule": [
+ {
+ "charging_rule_name": "best_effort_internet_access",
+ "description": "rule for enabling best effort internet",
+ "flow": {
+ "specification": "permit out ip 0.0.0.0/0 to assigned"
+ },
+ "id": "best_effort_internet_access",
+ "qos": {
+ "aggregate_maximum_bitrate": {
+ "downlink": 10240000,
+ "uplink": 1024000
+ },
+ "arp": {
+ "preemption_capability": true,
+ "preemption_vulnerability": true,
+ "priority": 1
+ },
+ "guaranteed_bitrate": {
+ "downlink": 1,
+ "uplink": 1
+ },
+ "maximum_requested_bandwidth": {
+ "downlink": 5120000,
+ "uplink": 512000
+ },
+ "qci": 9
+ }
+ },
+ {
+ "charging_rule_name": "video_non_gbr_1",
+ "description": "rule for non_gbr video",
+ "flow": {
+ "specification": "permit out ip 0.0.0.0/0 to assigned"
+ },
+ "id": "video_non_gbr_1",
+ "qos": {
+ "aggregate_maximum_bitrate": {
+ "downlink": 5555,
+ "uplink": 4444
+ },
+ "arp": {
+ "preemption_capability": true,
+ "preemption_vulnerability": true,
+ "priority": 1
+ },
+ "guaranteed_bitrate": {
+ "downlink": 2222,
+ "uplink": 1111
+ },
+ "maximum_requested_bandwidth": {
+ "downlink": 3456,
+ "uplink": 2345
+ },
+ "qci": 9
+ }
+ }
+ ]
+ },
+ "subscriber": {
+ "ue": [
+ {
+ "display_name": "Telefonica subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_tef",
+ "id": "0debf047_8416_4539_9abf_02a0d7e7f9a3",
+ "imsi_range_from": "722070000002441",
+ "imsi_range_to": "722070000002450",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_tef",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_tef_1",
+ "up_profile": "tef"
+ },
+ "serving_plmn": {
+ "mcc": 722,
+ "mnc": 7,
+ "tac": 110
+ }
+ },
+ {
+ "display_name": "Stanford2 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_stanford",
+ "id": "1c6852e6_5b12_413a_9fa5_c631c644136c",
+ "imsi_range_from": "315010202000001",
+ "imsi_range_to": "315010202000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_stanford2",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "stanford2"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 603
+ }
+ },
+ {
+ "display_name": "Princeton1 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_princeton",
+ "id": "30f77900_18b1_480c_a419_031956d83a9c",
+ "imsi_range_from": "315010204000001",
+ "imsi_range_to": "315010204000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_princeton1",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "princeton1"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 605
+ }
+ },
+ {
+ "display_name": "Stanford1 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_stanford",
+ "id": "415d0496_6926_4a49_b0f1_69ef1742fd5d",
+ "imsi_range_from": "315010201000001",
+ "imsi_range_to": "315010201000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_stanford1",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "stanford1"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 601
+ }
+ },
+ {
+ "display_name": "Ciena subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_ciena",
+ "id": "4c814a64_c592_468e_9435_b60f225f97ff",
+ "imsi_range_from": "315010101000001",
+ "imsi_range_to": "315010101000010",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_ciena",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "ciena"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 5
+ }
+ },
+ {
+ "display_name": "Cornell1 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_cornell",
+ "id": "554b4c5b_de49_4868_ba7e_f428aefc0984",
+ "imsi_range_from": "315010203000001",
+ "imsi_range_to": "315010203000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_cornell1",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "cornell1"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 607
+ }
+ },
+ {
+ "display_name": "Subscriber Match Rule 1",
+ "enabled": true,
+ "enterprise": "enterprise_demo_1",
+ "id": "5fc0bfc8_4ecc_11eb_b8e7_6f6e6f732d63",
+ "imsi_range_from": "208014567891200",
+ "imsi_range_to": "208014567891300",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "profile_access_demo_1",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "profile_apn_demo_1",
+ "qos_profile": "profile_qos_demo_1",
+ "security_profile": "profile_security_demo_1",
+ "up_profile": "profile_up_demo_1"
+ },
+ "serving_plmn": {
+ "mcc": 208,
+ "mnc": 10,
+ "tac": 1
+ }
+ },
+ {
+ "id": "8d92f0cf_d83d_482c_866d_f53ee1426622",
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": false
+ }
+ ],
+ "apn_profile": "apn_internet_intel",
+ "qos_profile": "profile_qos_demo_1",
+ "security_profile": "profile_security_ntt_1",
+ "up_profile": "cornell1"
+ }
+ },
+ {
+ "display_name": "Intel subscriber match rule 1",
+ "enabled": true,
+ "enterprise": "aether_intel",
+ "id": "c6711eb4_5210_4d94_b83c_0f890dc21c31",
+ "imsi_range_from": "315010888812341",
+ "imsi_range_to": "315010888812346",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_intel",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "intel"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 101
+ }
+ },
+ {
+ "display_name": "ONF Tucson subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_onf",
+ "id": "cbdb20c1_c3d7_47e3_a1a1_7465c8ad6ff1",
+ "imsi_range_from": "315010999912301",
+ "imsi_range_to": "315010999912303",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_tucson",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "tucson"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 222
+ }
+ },
+ {
+ "display_name": "NTT subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_ntt",
+ "id": "e8b4f8ea_cd9c_4ae7_a1df_15ee82cc4dc6",
+ "imsi_range_from": "999002999970951",
+ "imsi_range_to": "999002999971950",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_default",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_ntt_1",
+ "up_profile": "ntt"
+ },
+ "serving_plmn": {
+ "mcc": 999,
+ "mnc": 2,
+ "tac": 1
+ }
+ },
+ {
+ "display_name": "ONF Menlo subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_onf",
+ "id": "f2ba8cc0_e593_403b_a130_f18a99018f6e",
+ "imsi_range_from": "315010999912341",
+ "imsi_range_to": "315010999912356",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_menlo",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "menlo"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 203
+ }
+ },
+ {
+ "display_name": "Intel subscriber match rule 2",
+ "enabled": true,
+ "enterprise": "aether_intel",
+ "id": "f5a0929f_b4a4_4f34_8bd5_52c57eeb4a50",
+ "imsi_range_from": "315010102000001",
+ "imsi_range_to": "315010102000002",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_intel",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "intel"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 101
+ }
+ }
+ ]
+ },
+ "up_profile": {
+ "up_profile": [
+ {
+ "access_control": "none",
+ "description": "User plane profile for Ciena",
+ "display_name": "Ciena",
+ "id": "ciena",
+ "user_plane": "pfcp_agent.omec.svc.prd.ciena.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Cornell1",
+ "display_name": "Cornell1",
+ "id": "cornell1",
+ "user_plane": "pfcp_agent.omec.svc.prd.cornell1.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Intel",
+ "display_name": "Intel",
+ "id": "intel",
+ "user_plane": "upf.omec.svc.prd.intel.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for ONF Menlo",
+ "display_name": "ONF Menlo",
+ "id": "menlo",
+ "user_plane": "pfcp_agent.omec.svc.prd.menlo.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for NTT",
+ "display_name": "NTT",
+ "id": "ntt",
+ "user_plane": "upf.omec.svc.prd.ntt.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Princeton1",
+ "display_name": "Princeton1",
+ "id": "princeton1",
+ "user_plane": "pfcp_agent.omec.svc.prd.princeton1.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "user_plane profile for spgwu1",
+ "display_name": "UP Profile 1",
+ "id": "profile_up_demo_1",
+ "user_plane": "upf_headless"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Stanford1",
+ "display_name": "Stanford1",
+ "id": "stanford1",
+ "user_plane": "pfcp_agent.omec.svc.prd.stanford1.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Stanford2",
+ "display_name": "Stanford2",
+ "id": "stanford2",
+ "user_plane": "pfcp_agent.omec.svc.prd.stanford2.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Telefonica",
+ "display_name": "Telefonica",
+ "id": "tef",
+ "user_plane": "upf.omec.svc.prd.tef.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for ONF Tucson",
+ "display_name": "ONF Tucson",
+ "id": "tucson",
+ "user_plane": "upf.omec.svc.prd.tucson.aetherproject.net"
+ }
+ ]
+ }
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-basic.json b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-basic.json
new file mode 100644
index 0000000..7acd0cf
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-basic.json
@@ -0,0 +1,28 @@
+{
+ "groups": [
+ "mixedGroup",
+ "AetherROCAdmin"
+ ],
+ "template": {
+ "template": [
+ {
+ "description": "do",
+ "display-name": "laborum fugiat",
+ "downlink": 322694552,
+ "id": "aliquip",
+ "sd": 14628949,
+ "sst": 1,
+ "uplink": 1607714163
+ },
+ {
+ "description": "do",
+ "display-name": "quattro fugiat",
+ "downlink": 322694552,
+ "id": "quattro",
+ "sd": 14628949,
+ "sst": 1,
+ "uplink": 1607714163
+ }
+ ]
+ }
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-get.json b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-get.json
new file mode 100644
index 0000000..5341f75
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-get.json
@@ -0,0 +1,494 @@
+{
+ "groups": [
+ "mixedGroup",
+ "acme"
+ ],
+ "ap_list": {
+ "ap_list": [
+ {
+ "access_points": [
+ {
+ "address": "ap1^seattle^starbucks^com",
+ "enable": true,
+ "tac": 654
+ },
+ {
+ "address": "ap2^seattle^starbucks^com",
+ "enable": true,
+ "tac": 87475
+ }
+ ],
+ "description": "Seattle APs",
+ "display_name": "Seattle",
+ "enterprise": "starbucks",
+ "id": "starbucks_seattle_aps"
+ },
+ {
+ "access_points": [
+ {
+ "address": "ap2^newyork^starbucks^com",
+ "enable": true,
+ "tac": 8002
+ }
+ ],
+ "description": "New York APs",
+ "display_name": "New York",
+ "enterprise": "starbucks",
+ "id": "starbucks_newyork_aps"
+ },
+ {
+ "access_points": [
+ {
+ "address": "ap2^chicago^acme^com",
+ "enable": true,
+ "tac": 8002
+ }
+ ],
+ "description": "Chicago APs",
+ "display_name": "Chicago",
+ "enterprise": "acme",
+ "id": "acme_chicago_aps"
+ }
+ ]
+ },
+ "application": {
+ "application": [
+ {
+ "description": "Network Video Recorder",
+ "display_name": "NVR",
+ "enterprise": "starbucks",
+ "endpoint": [
+ {
+ "address": "nvr.starbucks.com",
+ "name": "rtsp",
+ "port_end": 3316,
+ "port_start": 3330,
+ "protocol": "UDP"
+ }
+ ],
+ "id": "starbucks_nvr"
+ },
+ {
+ "description": "Fidelio POS",
+ "display_name": "Fidelio",
+ "enterprise": "starbucks",
+ "endpoint": [
+ {
+ "address": "fidelio.starbucks.com",
+ "name": "fidelio",
+ "port_end": 7585,
+ "port_start": 7588,
+ "protocol": "TCP"
+ }
+ ],
+ "id": "starbucks_fidelio"
+ },
+ {
+ "description": "Data Acquisition",
+ "display_name": "DA",
+ "enterprise": "acme",
+ "endpoint": [
+ {
+ "address": "da.acme.com",
+ "name": "da",
+ "port_end": 7585,
+ "port_start": 7588,
+ "protocol": "TCP"
+ }
+ ],
+ "id": "acme_dataacquisition"
+ }
+ ]
+ },
+ "connectivity_service": {
+ "connectivity_service": [
+ {
+ "core_5g_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/5g",
+ "description": "5G Test",
+ "display_name": "ROC 5G Test Connectivity Service",
+ "id": "cs5gtest"
+ },
+ {
+ "description": "ROC 4G Test Connectivity Service",
+ "display_name": "4G Test",
+ "hss_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/imsis",
+ "id": "cs4gtest",
+ "pcrf_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/policies",
+ "spgwc_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config"
+ }
+ ]
+ },
+ "device_group": {
+ "device_group": [
+ {
+ "display_name": "Seattle Cameras",
+ "id": "starbucks_seattle_cameras",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275000,
+ "imsi_range_to": 170029313275003,
+ "name": "counters"
+ },
+ {
+ "imsi_range_from": 170029313275010,
+ "imsi_range_to": 170029313275014,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_seattle",
+ "site": "starbucks_seattle"
+ },
+ {
+ "display_name": "Seattle POS",
+ "id": "starbucks_seattle_pos",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275020,
+ "imsi_range_to": 170029313275022,
+ "name": "tills"
+ },
+ {
+ "imsi_range_from": 170029313275030,
+ "imsi_range_to": 170029313275034,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_seattle",
+ "site": "starbucks_seattle"
+ },
+ {
+ "display_name": "New York Cameras",
+ "id": "starbucks_newyork_cameras",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275040,
+ "imsi_range_to": 170029313275041,
+ "name": "front"
+ },
+ {
+ "imsi_range_from": 170029313275050,
+ "imsi_range_to": 170029313275055,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_newyork",
+ "site": "starbucks_newyork"
+ },
+ {
+ "display_name": "New York POS",
+ "id": "starbucks_newyork_pos",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275060,
+ "imsi_range_to": 170029313275061,
+ "name": "tills"
+ },
+ {
+ "imsi_range_from": 170029313275070,
+ "imsi_range_to": 170029313275073,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_newyork",
+ "site": "starbucks_newyork"
+ },
+ {
+ "display_name": "ACME Robots",
+ "id": "acme_chicago_robots",
+ "imsis": [
+ {
+ "imsi_range_from": 13698808332993000,
+ "imsi_range_to": 13698808332993003,
+ "name": "production"
+ },
+ {
+ "imsi_range_from": 13698808332993010,
+ "imsi_range_to": 13698808332993012,
+ "name": "warehouse"
+ }
+ ],
+ "ip_domain": "acme_chicago",
+ "site": "acme_chicago"
+ }
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "cs5gtest",
+ "enabled": true
+ }
+ ],
+ "description": "ACME Corporation",
+ "display_name": "ACME Corp",
+ "id": "acme"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "cs5gtest",
+ "enabled": true
+ },
+ {
+ "connectivity_service": "cs4gtest",
+ "enabled": false
+ }
+ ],
+ "description": "Starbucks Corporation",
+ "display_name": "Starbucks Inc.",
+ "id": "starbucks"
+ }
+ ]
+ },
+ "ip_domain": {
+ "ip_domain": [
+ {
+ "admin_status": "ENABLE",
+ "description": "New York IP Domain",
+ "display_name": "New York",
+ "dns_primary": "8.8.8.1",
+ "dns_secondary": "8.8.8.2",
+ "id": "starbucks_newyork",
+ "mtu": 57600,
+ "subnet": "254.186.117.251/31"
+ },
+ {
+ "admin_status": "ENABLE",
+ "description": "Seattle IP Domain",
+ "display_name": "Seattle",
+ "dns_primary": "8.8.8.3",
+ "dns_secondary": "8.8.8.3",
+ "id": "starbucks_seattle",
+ "mtu": 12690,
+ "subnet": "196.5.91.0/31"
+ },
+ {
+ "admin_status": "DISABLE",
+ "description": "Chicago IP Domain",
+ "display_name": "Chicago",
+ "dns_primary": "8.8.8.4",
+ "dns_secondary": "8.8.8.4",
+ "id": "acme_chicago",
+ "mtu": 12690,
+ "subnet": "163.25.44.0/31"
+ }
+ ]
+ },
+ "network": {
+ "network": [
+ {
+ "description": "New York 21_32",
+ "display_name": "New York",
+ "id": "starbucks_newyork",
+ "enterprise": "starbucks",
+ "mcc": 21,
+ "mnc": 32
+ },
+ {
+ "description": "Seattle 265_122",
+ "display_name": "Seattle",
+ "id": "starbucks_seattle",
+ "enterprise": "starbucks",
+ "mcc": 265,
+ "mnc": 122
+ },
+ {
+ "description": "Chicago 123_456",
+ "display_name": "Chicago",
+ "id": "acme_chicago",
+ "enterprise": "acme",
+ "mcc": 123,
+ "mnc": 456
+ }
+ ]
+ },
+ "site": {
+ "site": [
+ {
+ "description": "ACME HQ",
+ "display_name": "Chicago",
+ "enterprise": "acme",
+ "id": "acme_chicago",
+ "network": "acme_chicago"
+ },
+ {
+ "description": "Starbucks Corp HQ",
+ "display_name": "Seattle",
+ "enterprise": "starbucks",
+ "id": "starbucks_seattle",
+ "network": "starbucks_seattle"
+ },
+ {
+ "description": "Starbucks New York",
+ "display_name": "New York",
+ "enterprise": "starbucks",
+ "id": "starbucks_newyork",
+ "network": "starbucks_newyork"
+ }
+ ]
+ },
+ "template": {
+ "template": [
+ {
+ "description": "VCS Template 1",
+ "display_name": "Template 1",
+ "downlink": 24669539,
+ "id": "template_1",
+ "sd": 10886763,
+ "sst": 158,
+ "traffic_class": "class_1",
+ "uplink": 23770218
+ },
+ {
+ "description": "VCS Template 2",
+ "display_name": "Template 2",
+ "downlink": 2791589,
+ "id": "template_2",
+ "sd": 16619900,
+ "sst": 157,
+ "traffic_class": "class_2",
+ "uplink": 24721051
+ }
+ ]
+ },
+ "traffic_class": {
+ "traffic_class": [
+ {
+ "description": "High Priority TC",
+ "display_name": "Class 1",
+ "id": "class_1",
+ "pdb": 577,
+ "pelr": 3,
+ "qci": 10
+ },
+ {
+ "description": "Medium Priority TC",
+ "display_name": "Class 2",
+ "id": "class_2",
+ "pdb": 831,
+ "pelr": 4,
+ "qci": 20
+ },
+ {
+ "description": "Low Priority TC",
+ "display_name": "Class 3",
+ "id": "class_3",
+ "pdb": 833,
+ "pelr": 4,
+ "qci": 30
+ }
+ ]
+ },
+ "upf": {
+ "upf": [
+ {
+ "address": "seattle.cameras_upf.starbucks.com",
+ "description": "Seattle Cameras UPF",
+ "display_name": "Seattle Cameras",
+ "id": "starbucks_seattle_cameras",
+ "enterprise": "starbucks",
+ "port": 9229
+ },
+ {
+ "address": "newyork.cameras_upf.starbucks.com",
+ "description": "New York Cameras UPF",
+ "display_name": "New York Cameras",
+ "id": "starbucks_newyork_cameras",
+ "enterprise": "starbucks",
+ "port": 6161
+ },
+ {
+ "address": "chicago.robots_upf.acme.com",
+ "description": "Chicago Robots UPF",
+ "display_name": "Chicago Robots",
+ "id": "acme_chicago_robots",
+ "enterprise": "acme",
+ "port": 6161
+ }
+ ]
+ },
+ "vcs": {
+ "vcs": [
+ {
+ "ap": "starbucks_newyork_aps",
+ "application": [
+ {
+ "allow": true,
+ "application": "starbucks_nvr"
+ }
+ ],
+ "description": "New York Cameras",
+ "device_group": [
+ {
+ "enable": true,
+ "device_group": "starbucks_newyork_cameras"
+ }
+ ],
+ "display_name": "NY Cams",
+ "downlink": 948091966,
+ "enterprise": "starbucks",
+ "id": "starbucks_newyork_cameras",
+ "sd": 8284729,
+ "sst": 127,
+ "template": "template_1",
+ "traffic_class": "class_1",
+ "upf": "starbucks_newyork_cameras",
+ "uplink": 38997335
+ },
+ {
+ "ap": "starbucks_seattle_aps",
+ "application": [
+ {
+ "allow": false,
+ "application": "starbucks_nvr"
+ }
+ ],
+ "description": "Seattle Cameras",
+ "device_group": [
+ {
+ "enable": true,
+ "device_group": "starbucks_seattle_cameras"
+ }
+ ],
+ "display_name": "Seattle Cams",
+ "downlink": 28492626,
+ "enterprise": "starbucks",
+ "id": "starbucks_seattle_cameras",
+ "sd": 2973238,
+ "sst": 79,
+ "template": "template_2",
+ "traffic_class": "class_2",
+ "upf": "starbucks_seattle_cameras",
+ "uplink": 13227287
+ },
+ {
+ "ap": "acme_chicago_aps",
+ "application": [
+ {
+ "allow": false,
+ "application": "acme_dataacquisition"
+ }
+ ],
+ "description": "Chicago Robots",
+ "device_group": [
+ {
+ "enable": true,
+ "device_group": "acme_chicago_robots"
+ }
+ ],
+ "display_name": "Chicago Robots VCS",
+ "downlink": 28492626,
+ "enterprise": "acme",
+ "id": "acme_chicago_robots",
+ "sd": 2973238,
+ "sst": 79,
+ "template": "template_2",
+ "traffic_class": "class_2",
+ "upf": "acme_chicago_robots",
+ "uplink": 13227287
+ }
+ ]
+ }
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-set.json b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-set.json
new file mode 100644
index 0000000..07f5914
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-set.json
@@ -0,0 +1,362 @@
+{
+ "groups": [
+ "admin",
+ "dolor"
+ ],
+ "updates": {
+ "site": {
+ "site": [
+ {
+ "description": "pariatur culpa",
+ "display-name": "occaecat nostrud",
+ "enterprise": "dolor",
+ "id": "newsite",
+ "network": "irur"
+ }
+ ]
+ }
+ },
+ "deletes": {
+ "site": {
+ "site": [
+ {
+ "id": "officia"
+ }
+ ]
+ }
+ },
+ "ap-list": {
+ "ap-list": [
+ {
+ "access-points": [
+ {
+ "address": "laborum.commodo.incididunt",
+ "enable": false,
+ "tac": 69373985
+ },
+ {
+ "address": "id.ipsum",
+ "enable": false,
+ "tac": 87809475
+ }
+ ],
+ "description": "incididunt aliqua ex nulla",
+ "display-name": "cupidatat aliquip",
+ "id": "deserunt"
+ },
+ {
+ "access-points": [
+ {
+ "address": "labore.aliqua.dolor.consequat",
+ "enable": false,
+ "tac": 80083302
+ },
+ {
+ "address": "qui.sed",
+ "enable": false,
+ "tac": 13929603
+ }
+ ],
+ "description": "cupidatat tempor magna",
+ "display-name": "occaecat et deserunt consequat",
+ "id": "tempor"
+ }
+ ]
+ },
+ "application": {
+ "application": [
+ {
+ "description": "Ut velit est",
+ "display-name": "do",
+ "endpoint": [
+ {
+ "address": "mollit.ipsum",
+ "name": "esse",
+ "port-end": 33167231,
+ "port-start": 27761544,
+ "protocol": "UDP"
+ },
+ {
+ "address": "cupidatat.reprehend",
+ "name": "ullamco",
+ "port-end": 19527413,
+ "port-start": 28793871,
+ "protocol": "UDP"
+ }
+ ],
+ "id": "occaecat"
+ },
+ {
+ "description": "amet ad quis",
+ "display-name": "sit ex Ut aliqua",
+ "endpoint": [
+ {
+ "address": "ut.veniam.id.non",
+ "name": "consectetur",
+ "port-end": 31037585,
+ "port-start": 8018682,
+ "protocol": "TCP"
+ },
+ {
+ "address": "nulla.consectet",
+ "name": "sint",
+ "port-end": 25299216,
+ "port-start": 6645928,
+ "protocol": "TCP"
+ }
+ ],
+ "id": "incididunt"
+ }
+ ]
+ },
+ "connectivity-service": {
+ "connectivity-service": [
+ {
+ "core-5g-endpoint": "ut culpa velit",
+ "description": "magna in",
+ "display-name": "cillum occaecat amet ad adipisicing",
+ "hss-endpoint": "eu sed est nisi",
+ "id": "repre",
+ "pcrf-endpoint": "nostrud eiusmod Ut Lorem",
+ "spgwc-endpoint": "eiusmod aute quis"
+ },
+ {
+ "core-5g-endpoint": "voluptate consectetur ut",
+ "description": "Ut incididunt ex id labore",
+ "display-name": "qui Lorem elit",
+ "hss-endpoint": "adipisicing incididunt consequat mollit",
+ "id": "irure",
+ "pcrf-endpoint": "sit incididunt sunt Duis",
+ "spgwc-endpoint": "nisi magna do reprehenderit"
+ }
+ ]
+ },
+ "device_group": {
+ "device_group": [
+ {
+ "display-name": "tempor ut",
+ "id": "amet",
+ "imsis": [
+ {
+ "imsi-range-from": 170029313275000,
+ "imsi-range-to": 69764015096000,
+ "name": "enim"
+ },
+ {
+ "imsi-range-from": 116299798497000,
+ "imsi-range-to": 22297092854800,
+ "name": "ad"
+ }
+ ],
+ "ip-domain": "qui",
+ "site": "inc"
+ },
+ {
+ "display-name": "nisi mollit dolore dolor",
+ "id": "Lorem",
+ "imsis": [
+ {
+ "imsi-range-from": 13698808332993000,
+ "imsi-range-to": 7746018722749000,
+ "name": "magna"
+ },
+ {
+ "imsi-range-from": 4087876837971489000,
+ "imsi-range-to": 10492416481328000,
+ "name": "reprehenderit"
+ }
+ ],
+ "ip-domain": "labore",
+ "site": "officia"
+ }
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ {
+ "connectivity-service": [
+ {
+ "connectivity-service": "repre",
+ "enabled": true
+ },
+ {
+ "connectivity-service": "irure",
+ "enabled": true
+ }
+ ],
+ "description": "minim et",
+ "display-name": "laborum in",
+ "id": "dolor"
+ },
+ {
+ "connectivity-service": [
+ {
+ "connectivity-service": "irure",
+ "enabled": false
+ },
+ {
+ "connectivity-service": "repre",
+ "enabled": false
+ }
+ ],
+ "description": "consequat minim magna",
+ "display-name": "laboris incididunt dolore",
+ "id": "labore"
+ }
+ ]
+ },
+ "ip-domain": {
+ "ip-domain": [
+ {
+ "admin-status": "DISABLE",
+ "description": "culpa enim exercitation sit consequat",
+ "display-name": "dolo",
+ "dns-primary": "8.8.8.1",
+ "dns-secondary": "8.8.8.2",
+ "id": "qui",
+ "mtu": 57600,
+ "subnet": "254.186.117.251/31"
+ },
+ {
+ "admin-status": "DISABLE",
+ "description": "nulla ut",
+ "display-name": "adipisicing",
+ "dns-primary": "8.8.8.3",
+ "dns-secondary": "8.8.8.3",
+ "id": "labore",
+ "mtu": 12690,
+ "subnet": "196.5.91.0/31"
+ }
+ ]
+ },
+ "network": {
+ "network": [
+ {
+ "description": "aliquip Lorem dolor",
+ "display-name": "minim labore ex",
+ "id": "elit",
+ "mcc": 21,
+ "mnc": 32
+ },
+ {
+ "description": "laborum occaecat ut",
+ "display-name": "consequat ea",
+ "id": "irur",
+ "mcc": 265,
+ "mnc": 122
+ }
+ ]
+ },
+ "site": {
+ "site": [
+ {
+ "description": "pariatur culpa",
+ "display-name": "occaecat nostrud",
+ "enterprise": "dolor",
+ "id": "inc",
+ "network": "irur"
+ },
+ {
+ "description": "in dolor",
+ "display-name": "consequat est",
+ "enterprise": "labore",
+ "id": "officia",
+ "network": "elit"
+ }
+ ]
+ },
+ "template": {
+ "template": [
+ {
+ "description": "enim ",
+ "display-name": "do labore laborum elit",
+ "downlink": 24669539,
+ "id": "magn",
+ "sd": 10886763,
+ "sst": 158,
+ "traffic-class": "consectetur in cillum",
+ "uplink": 23770218
+ },
+ {
+ "description": "aute dolore dolo",
+ "display-name": "quis pariatur dolore magna commodo",
+ "downlink": 2791589,
+ "id": "aliqua",
+ "sd": 16619900,
+ "sst": 157,
+ "traffic-class": "dolor in in et",
+ "uplink": 24721051
+ }
+ ]
+ },
+ "upf": {
+ "upf": [
+ {
+ "address": "sed.officia.magna.ut",
+ "description": "commodo ea ullamco Excepteur cillum",
+ "display-name": "in aliqua deserunt Ut",
+ "id": "dol",
+ "port": 77359229
+ },
+ {
+ "address": "incididunt",
+ "description": "veniam",
+ "display-name": "in laborum ut",
+ "id": "magna",
+ "port": 14326161
+ }
+ ]
+ },
+ "vcs": {
+ "vcs": [
+ {
+ "ap": "deserunt",
+ "application": [
+ {
+ "allow": true,
+ "application": "occaecat"
+ },
+ {
+ "allow": true,
+ "application": "incididunt"
+ }
+ ],
+ "description": "deserunt in magna Lorem",
+ "device_group": "amet",
+ "display-name": "quis e",
+ "downlink": 948091966,
+ "id": "quad",
+ "sd": 8284729,
+ "sst": 127,
+ "template": "magn",
+ "traffic-class": "non ut",
+ "upf": "magna",
+ "uplink": 38997335
+ },
+ {
+ "ap": "tempor",
+ "application": [
+ {
+ "allow": false,
+ "application": "occaecat"
+ },
+ {
+ "allow": false,
+ "application": "incididunt"
+ }
+ ],
+ "description": "elit Ut",
+ "device-group": "Lorem",
+ "display-name": "veniam exercitation ea",
+ "downlink": 28492626,
+ "id": "mollit",
+ "sd": 2973238,
+ "sst": 79,
+ "template": "aliqua",
+ "traffic-class": "eiusmod Ut ullamco laboris ea",
+ "upf": "dol",
+ "uplink": 13227287
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/scripts/README.md b/aether-roc-umbrella/files/scripts/README.md
new file mode 100644
index 0000000..a576835
--- /dev/null
+++ b/aether-roc-umbrella/files/scripts/README.md
@@ -0,0 +1,30 @@
+<!--
+SPDX-FileCopyrightText: 2020 Open Networking Foundation <info@opennetworking.org>
+
+SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+-->
+
+# Creating new Org with VCS
+To create a new Organization and VCS, call the grafana-create-orgs.sh script
+
+> If you want to add at startup, instead add them to the `values.yaml` under `grafana.orgs`.
+
+Call the script like:
+
+`grafana-create-orgs.sh <ADMINUSER> <ADMINPASS> <umbrella-chart-name> <grafana-server> <dashboard-folder> orgs...`
+
+e.g.
+```bash
+PATH=$PATH:. grafana-create-orgs.sh admin Ts8k0hvsZZD058JsqOl8w332YUNs8GAAEpYWCmJu aether-roc-umbrella localhost:8183/grafana \
+ ../dashboards/vcs "siemens[siemens-munich-cameras siemens-mannheim-cameras siemens-mannheim-labs]"
+```
+
+1) cd in to this `scripts` directory
+
+1) specify the Org and VCS's like `"org1[vcs1 vcs2]" "org2[vcs1 vcs2]"`
+
+1) To get the Grafana password use
+ 1) `kubectl get secret --namespace micro-onos aether-roc-umbrella-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo`
+
+1) Port forward `aether-roc-gui` to get grafana on `localhost:8183/grafana`
+ 1) `kubectl -n micro-onos port-forward $(kubectl -n micro-onos get pods -l type=arg -o name) 8183:80`
diff --git a/aether-roc-umbrella/files/scripts/grafana-create-device-group.sh b/aether-roc-umbrella/files/scripts/grafana-create-device-group.sh
new file mode 100755
index 0000000..7a136e6
--- /dev/null
+++ b/aether-roc-umbrella/files/scripts/grafana-create-device-group.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# script to create Grafana VCS dashboards
+# Usage:
+# grafana-create-vcs.sh <ADMINUSER> <ADMINPASS> <grafana-server> <dashboards-folder> <org> <list of vcs>...
+set -e
+#set -x
+set -o pipefail
+set -u
+
+if [ "$#" -lt 6 ]; then
+ echo "At least 6 args are needed. Got $#"
+ exit 1
+fi
+ADMINUSER=$1
+ADMINPASS=$2
+SERVICE=$3
+FOLDER=$4
+export ORG=$5
+shift
+shift
+shift
+shift
+shift
+for dg in "$@"; do
+ DG=${dg%:map\[*\]} # Remove DG details from end
+ DG=${DG#map[} # Remove "map[" from the front
+ DGASCII=${DG//[^a-zA-Z0-9]/_} # Convert to underscore
+ IMSIS=${dg#map[${DG}:map\[} # Remove DG name from start
+ IMSIS=${IMSIS%\]\]} # Remove ] from the end
+ IMSIS=${IMSIS//;/ }
+ echo "Creating Device Group $DG ($DGASCII) in $ORG"
+ for imsirange in $IMSIS; do
+ echo "Creating Imsi Range $imsirange in $DG"
+ RANGENAME=${imsirange%:*} # Remove range from end
+ RANGEVALUE=${imsirange#*:}
+ declare -i RANGESTART=${RANGEVALUE%-*} # Remove the finish
+ declare -i RANGEFINISH=${RANGEVALUE#*-} # Remove the start
+ COUNTER=$RANGESTART
+ f=$FOLDER/ue-connectivity.json
+ while [ $COUNTER -le $RANGEFINISH ]; do
+ echo "Creating Dashboard from $f for $COUNTER"
+ export IMSI=$COUNTER
+ DASHBOARD=$(envsubst < $f)
+ /usr/bin/curl -s -o /tmp/curlout -H "Content-Type: application/json" -d "$DASHBOARD" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/dashboards/db
+ SUCCESS=`echo $?`
+ echo "SUCCESS $SUCCESS"
+ cat /tmp/curlout
+ let COUNTER=COUNTER+1
+ done
+ done
+ SUCCESS=-1
+ ORGID=-1
+
+done
diff --git a/aether-roc-umbrella/files/scripts/grafana-create-orgs.sh b/aether-roc-umbrella/files/scripts/grafana-create-orgs.sh
new file mode 100755
index 0000000..a6e14e1
--- /dev/null
+++ b/aether-roc-umbrella/files/scripts/grafana-create-orgs.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# script to create Grafana Orgs
+# Usage:
+# grafana-create-orgs.sh <ADMINUSER> <ADMINPASS> <umbrella-chart-name> <grafana-server> <dashboard-folder> orgs...
+# where org is a quoted string containing org name and then in square brackets a list of vcs
+# e.g. "acme[acme-chicago-robots acme-chicago-cameras]"
+set -e
+#set -x
+set -o pipefail
+set -u
+
+if [ "$#" -lt 6 ]; then
+ echo "At least 6 args are needed. Got $#"
+ exit 1
+fi
+ADMINUSER=$1
+ADMINPASS=$2
+BASE=$3
+SOURCE=$BASE-prometheus-server
+SERVICE=$4
+DASHBOARDS=$5
+shift
+shift
+shift
+shift
+shift
+for orgWithVcs in "$@"
+do
+ ORGASCII=${orgWithVcs%%map\[*\]} # Drop the [*] off the end
+ echo "Creating $orgWithVcs as $ORGASCII"
+ VCSLIST=${orgWithVcs##${ORGASCII}map\[*\]\ vcs:\[} # Drop everything off the front until "] vcs:["
+ VCSLIST=${VCSLIST%\]\]} # Drop the ]] off the end
+ DGLIST=${orgWithVcs##${ORGASCII}map\[devicegroup:\[} # Drop everything off the front until "devicegroup:[map["
+ DGLIST=${DGLIST%\]\ vcs:*\]\]}
+ DGLIST1=${DGLIST//" map["/";map["} # Replace all occurrence of " map["
+ IFS=';' read -r -a DGARRAY <<< $DGLIST1
+ for idx in ${!DGARRAY[@]}; do
+ DGARRAY[$idx]=${DGARRAY[$idx]// /;} # Replace all instances of space with ;
+ done
+ SUCCESS=-1
+ ORGID=-1
+ # Commented out for the moment - keeping everything in the Main Org. - see aether-roc-gui/docs/grafana.md
+ # echo "Calling /usr/bin/curl -H "Content-Type: application/json" -d '{"name":"$ORGASCII"}' http://$ADMINUSER:####@$SERVICE/api/orgs"
+ # while [ $SUCCESS -ne 0 ];
+ # do
+ # DATA={\"name\":\"$ORGASCII\"}
+ # echo "Creating Org $ORGASCII"
+ # /usr/bin/curl -o /tmp/curlout -H "Content-Type: application/json" -d "$DATA" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/orgs
+ # SUCCESS=`echo $?`
+ # echo "SUCCESS $SUCCESS"
+ # if [ $SUCCESS -ne 0 ]
+ # then
+ # sleep $SLEEP
+ # echo "Waiting $SLEEP seconds for Grafana to start"
+ # else
+ # ORGID=$(grep -o "[0-9]*" /tmp/curlout)
+ # echo "Successful! Result $ORGID"
+ # fi
+ # done
+
+ # echo "Calling /api/user/using/$ORGID"
+ # /usr/bin/curl -s -X POST http://$ADMINUSER:$ADMINPASS@$SERVICE/api/user/using/$ORGID
+ # SUCCESS=`echo $?`
+ # echo "SUCCESS $SUCCESS"
+
+ echo "Creating folder in $ORGASCII"
+ FOLDER={\"uid\":\"$ORGASCII\",\"title\":\"$ORGASCII\"}
+ /usr/bin/curl -o /tmp/curlout -H "Content-Type: application/json" -d "$FOLDER" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/folders
+ SUCCESS="$?"
+ echo "SUCCESS $SUCCESS"
+ cat /tmp/curlout
+
+ echo "Creating datasource in $ORGASCII"
+ DATASOURCE={\"name\":\"datasource-$ORGASCII\",\"type\":\"prometheus\",\"url\":\"http://$SOURCE\",\"access\":\"proxy\",\"basicAuth\":false}
+ /usr/bin/curl -s -o /tmp/curlout -H "Content-Type: application/json" -d "$DATASOURCE" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/datasources
+ SUCCESS=`echo $?`
+ echo "SUCCESS $SUCCESS"
+ cat /tmp/curlout
+
+ echo "now create Dashboards with "$VCSLIST
+ grafana-create-vcs.sh $ADMINUSER $ADMINPASS $SERVICE $DASHBOARDS $ORGASCII $VCSLIST
+ grafana-create-device-group.sh $ADMINUSER $ADMINPASS $SERVICE $DASHBOARDS $ORGASCII $DGARRAY
+
+done
+
diff --git a/aether-roc-umbrella/files/scripts/grafana-create-vcs.sh b/aether-roc-umbrella/files/scripts/grafana-create-vcs.sh
new file mode 100755
index 0000000..2d09aab
--- /dev/null
+++ b/aether-roc-umbrella/files/scripts/grafana-create-vcs.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# script to create Grafana VCS dashboards
+# Usage:
+# grafana-create-vcs.sh <ADMINUSER> <ADMINPASS> <grafana-server> <dashboards-folder> <org> <list of vcs>...
+set -e
+#set -x
+set -o pipefail
+set -u
+
+if [ "$#" -lt 6 ]; then
+ echo "At least 6 args are needed. Got $#"
+ exit 1
+fi
+ADMINUSER=$1
+ADMINPASS=$2
+SERVICE=$3
+FOLDER=$4
+export ORG=$5
+shift
+shift
+shift
+shift
+shift
+for vcs in "$@"; do
+ VCSASCII=${vcs//[^a-zA-Z0-9]/_}
+ SUCCESS=-1
+ ORGID=-1
+
+ echo "Creating vcs $vcs ($VCSASCII) in $ORG"
+ for f in $FOLDER/*.json; do
+ if [ -f "$f" ]; then
+ echo "Creating Dashboard from $f"
+ export VCS=$vcs
+ DASHBOARD=$(envsubst < $f)
+ /usr/bin/curl -s -o /tmp/curlout -H "Content-Type: application/json" -d "$DASHBOARD" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/dashboards/db
+ SUCCESS=`echo $?`
+ echo "SUCCESS $SUCCESS"
+ cat /tmp/curlout
+ else
+ echo "No dashboards found"
+ fi
+ done
+
+done
diff --git a/aether-roc-umbrella/templates/NOTES.txt b/aether-roc-umbrella/templates/NOTES.txt
new file mode 100644
index 0000000..e7d3256
--- /dev/null
+++ b/aether-roc-umbrella/templates/NOTES.txt
@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2021 Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Thank you for installing {{ .Chart.Name }} Helm chart.
+
+Your release is named {{ .Release.Name }} in namespace {{.Release.Namespace}}.
+See https://docs.onosproject.org/developers/deploy_with_helm/
+
+To learn more about the release, try:
+ $ helm -n {{.Release.Namespace}} status {{ .Release.Name }}
+ $ helm -n {{.Release.Namespace}} get all {{ .Release.Name }}
+ $ watch kubectl -n {{.Release.Namespace}} get pods
+
+You can attach to:
+* Aether CLI pod with
+$ kubectl -n {{.Release.Namespace}} exec -it $(kubectl -n {{.Release.Namespace}} get pods -l type=cli -o name) -- /bin/sh
+* Aether Portal at http://<server_IP>:31190
+
+If you are using KinD as a Kubernetes server, you will have to use a "port-forward" to access the Aether ROC GUI e.g.
+$ kubectl -n {{.Release.Namespace}} port-forward $(kubectl -n {{.Release.Namespace}} get pods -l type=arg -o name) 8183:80
+and then access the GUI at
+* http://localhost:8183
+
+The aether-roc-api is then available at http://localhost:8183/aether-roc-api
diff --git a/aether-roc-umbrella/templates/_helpers.tpl b/aether-roc-umbrella/templates/_helpers.tpl
new file mode 100644
index 0000000..96089e8
--- /dev/null
+++ b/aether-roc-umbrella/templates/_helpers.tpl
@@ -0,0 +1,81 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Expand the name of the chart.
+*/}}
+{{- define "global.name" -}}
+{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "global.fullname" -}}
+{{- if .Values.global.fullnameOverride -}}
+{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.global.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "global.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "global.labels" -}}
+helm.sh/chart: {{ include "global.chart" . }}
+{{ include "global.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "global.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "global.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+global consensus image name
+*/}}
+{{- define "global.store.consensus.imagename" -}}
+{{- if .Values.global.store.consensus.image.tag -}}
+{{- if .Values.global.store.consensus.image.registry -}}
+{{- printf "%s/" .Values.global.store.consensus.image.registry -}}
+{{- end -}}
+{{- printf "%s:" .Values.global.store.consensus.image.repository -}}
+{{- .Values.global.store.consensus.image.tag -}}
+{{- else -}}
+""
+{{- end -}}
+{{- end -}}
+
+{{/*
+global consensus store name
+*/}}
+{{- define "global.store.consensus.name" -}}
+{{- if .Values.global.store.consensus.name -}}
+{{- printf "%s" .Values.global.store.consensus.name -}}
+{{- else -}}
+{{- printf "%s-consensus-store" ( include "global.fullname" . ) -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/aether-roc-umbrella/templates/alertmanager-configmap.yaml b/aether-roc-umbrella/templates/alertmanager-configmap.yaml
new file mode 100644
index 0000000..cbbcfe3
--- /dev/null
+++ b/aether-roc-umbrella/templates/alertmanager-configmap.yaml
@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-alertmanager
+ namespace: {{ .Release.Namespace }}
+data:
+ alertmanager.yml: |-
+ global: {}
+ # slack_api_url: ''
+
+ receivers:
+ - name: default-receiver
+ webhook_configs:
+ - url: {{ .Values.prometheus.alertmanager.webhook_url }}
+
+ route:
+ group_wait: 10s
+ group_interval: 1m
+ receiver: default-receiver
+ repeat_interval: 3h
diff --git a/aether-roc-umbrella/templates/dashboards-templated.yaml b/aether-roc-umbrella/templates/dashboards-templated.yaml
new file mode 100644
index 0000000..01cadbb
--- /dev/null
+++ b/aether-roc-umbrella/templates/dashboards-templated.yaml
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-dashboards-templated
+ namespace: {{ .Release.Namespace }}
+data:
+{{ (.Files.Glob "files/dashboards/**/*.json").AsConfig | indent 2 }}
diff --git a/aether-roc-umbrella/templates/grafana-post-install-sh.yaml b/aether-roc-umbrella/templates/grafana-post-install-sh.yaml
new file mode 100644
index 0000000..3a7b3a9
--- /dev/null
+++ b/aether-roc-umbrella/templates/grafana-post-install-sh.yaml
@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-grafana-post-install
+ labels:
+ app: {{ template "aether-roc-api.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+data:
+{{ (.Files.Glob "files/scripts/*.sh").AsConfig | indent 2 }}
diff --git a/aether-roc-umbrella/templates/opa-rbac-configmap.yaml b/aether-roc-umbrella/templates/opa-rbac-configmap.yaml
new file mode 100644
index 0000000..e123fa5
--- /dev/null
+++ b/aether-roc-umbrella/templates/opa-rbac-configmap.yaml
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+{{ if ".Values.onos-config.openpolicyagent.enabled" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-opa-rbac
+ labels:
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+data:
+{{ (.Files.Glob "files/opa-rbac/*.rego").AsConfig | indent 2 }}
+{{end}}
\ No newline at end of file
diff --git a/aether-roc-umbrella/templates/post-install-job-grafana.yaml b/aether-roc-umbrella/templates/post-install-job-grafana.yaml
new file mode 100644
index 0000000..d31e3c6
--- /dev/null
+++ b/aether-roc-umbrella/templates/post-install-job-grafana.yaml
@@ -0,0 +1,72 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+{{ if .Values.import.grafana.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: "{{ .Release.Name }}"
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ app.kubernetes.io/version: {{ .Chart.AppVersion }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ annotations:
+ # This is what defines this resource as a hook. Without this line, the
+ # job is considered part of the release.
+ "helm.sh/hook": post-install
+ "helm.sh/hook-weight": "-5"
+ {{- if .Values.grafana.tidyUpPostInstall }}
+ "helm.sh/hook-delete-policy": hook-succeeded
+ {{- end}}
+spec:
+ template:
+ metadata:
+ name: "{{ .Release.Name }}"
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: post-install-job
+ image: "onosproject/onos-cli:v0.7.32"
+ env:
+ - name: GF_SECURITY_ADMIN_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name }}-grafana
+ key: admin-user
+ - name: GF_SECURITY_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name }}-grafana
+ key: admin-password
+ command: ["/usr/local/bin/grafana-create-orgs.sh"]
+ args:
+ - "$(GF_SECURITY_ADMIN_USER)"
+ - "$(GF_SECURITY_ADMIN_PASSWORD)"
+ - "{{ .Release.Name }}"
+ - "{{ .Release.Name }}-grafana"
+ - "/usr/local/dashboards/templated"
+ {{- range $org, $vcs := .Values.grafana.orgs }}
+ - {{ printf "%s%s" $org $vcs | quote }}
+ {{- end}}
+ volumeMounts:
+ - name: post-install
+ mountPath: /usr/local/bin
+ readOnly: true
+ - name: dashboards-templated
+ mountPath: /usr/local/dashboards/templated
+ readOnly: true
+ volumes:
+ - name: post-install
+ configMap:
+ name: {{ .Release.Name }}-grafana-post-install
+ defaultMode: 0555
+ - name: dashboards-templated
+ configMap:
+ name: {{ .Release.Name }}-dashboards-templated
+
+ {{end}}
diff --git a/aether-roc-umbrella/templates/sdcore-test-dummy-config.yaml b/aether-roc-umbrella/templates/sdcore-test-dummy-config.yaml
new file mode 100644
index 0000000..5adedae
--- /dev/null
+++ b/aether-roc-umbrella/templates/sdcore-test-dummy-config.yaml
@@ -0,0 +1,44 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-sdcore-test-dummy
+ namespace: {{ .Release.Namespace }}
+data:
+ sdcore-test-dummy.conf: |-
+ log_format client '$remote_addr - $remote_user $request_time $upstream_response_time '
+ '[$time_local] "$request" $status $body_bytes_sent $request_body "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ server {
+ listen 0.0.0.0:8080;
+ default_type application/json;
+ access_log /opt/bitnami/nginx/logs/access.log client;
+
+ # You can provide a special subPath or the root
+ location = /v1/config {
+ root /;
+ proxy_pass http://127.0.0.1:8080/post_dummy;
+ }
+ location = /v1/config/policies {
+ root /;
+ proxy_pass http://127.0.0.1:8080/post_dummy;
+ }
+ location = /v1/config/imsis {
+ root /;
+ proxy_pass http://127.0.0.1:8080/post_dummy;
+ }
+ location /v1/config/5g {
+ rewrite ^/v1/config/5g/.* /v1/config/5g break;
+ proxy_pass http://127.0.0.1:8080/post_dummy;
+ }
+ location = /post_dummy {
+ # turn off logging here to avoid double logging
+ access_log off;
+ return 200;
+ }
+ error_page 405 =200 $uri;
+ }
diff --git a/aether-roc-umbrella/templates/store.yaml b/aether-roc-umbrella/templates/store.yaml
new file mode 100644
index 0000000..9de9669
--- /dev/null
+++ b/aether-roc-umbrella/templates/store.yaml
@@ -0,0 +1,42 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+{{- if .Values.global.store.consensus.enabled }}
+apiVersion: atomix.io/v2beta1
+kind: Store
+metadata:
+ name: {{ template "global.store.consensus.name" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ protocol:
+ apiVersion: storage.atomix.io/v2beta2
+ kind: MultiRaftProtocol
+ spec:
+ replicas: {{ .Values.global.store.consensus.replicas }}
+ groups: {{ .Values.global.store.consensus.partitions }}
+ {{- with .Values.global.store.consensus.raft }}
+ raft:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ image: {{ template "global.store.consensus.imagename" . }}
+ imagePullPolicy: {{ .Values.global.store.consensus.image.pullPolicy }}
+ {{- with .Values.global.store.consensus.image.pullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.global.store.consensus.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.global.store.consensus.persistence.storageClass }}
+ volumeClaimTemplate:
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: {{ .Values.global.store.consensus.persistence.storageClass | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.global.store.consensus.persistence.storageSize }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/aether-roc-umbrella/templates/topo.yaml b/aether-roc-umbrella/templates/topo.yaml
new file mode 100644
index 0000000..a32d520
--- /dev/null
+++ b/aether-roc-umbrella/templates/topo.yaml
@@ -0,0 +1,55 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# A topology kind representing an E2 node
+apiVersion: topo.onosproject.org/v1beta1
+kind: Kind
+metadata:
+ name: aether
+spec:
+ aspects: {}
+
+---
+# The 4G v2.1.0 sdcore-adapter
+apiVersion: topo.onosproject.org/v1beta1
+kind: Entity
+metadata:
+ name: connectivity-service-v2
+spec:
+ uri: connectivity-service-v2
+ kind:
+ name: aether
+ aspects:
+ onos.topo.Configurable:
+ address: sdcore-adapter-v21:5150
+ version: 2.1.0
+ type: Aether
+ onos.topo.TLSOptions:
+ insecure: true
+ onos.topo.Asset:
+ name: SPGW-1
+ onos.topo.MastershipState: {}
+---
+# The 4G/5G v3.0.0 sdcore-adapter
+apiVersion: topo.onosproject.org/v1beta1
+kind: Entity
+metadata:
+ name: connectivity-service-v3
+spec:
+ uri: connectivity-service-v3
+ kind:
+ name: aether
+ aspects:
+ onos.topo.Configurable:
+ address: sdcore-adapter-v3:5150
+ version: 3.0.0
+ type: Aether
+ onos.topo.Location:
+ lat: 52.5150
+ lng: 13.3885
+ onos.topo.TLSOptions:
+ insecure: true
+ onos.topo.Asset:
+ name: 5G Core
+ onos.topo.MastershipState: {}
diff --git a/aether-roc-umbrella/tests/aether-roc-umbrella.go b/aether-roc-umbrella/tests/aether-roc-umbrella.go
new file mode 100644
index 0000000..799d41d
--- /dev/null
+++ b/aether-roc-umbrella/tests/aether-roc-umbrella.go
@@ -0,0 +1,71 @@
+// SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+//
+// SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+package tests
+
+import (
+ "context"
+ "testing"
+ "time"
+
+ "github.com/onosproject/helmit/pkg/helm"
+ "github.com/onosproject/helmit/pkg/input"
+ "github.com/onosproject/helmit/pkg/kubernetes"
+ "github.com/onosproject/helmit/pkg/test"
+ "github.com/onosproject/onos-test/pkg/onostest"
+ "github.com/stretchr/testify/assert"
+)
+
+// AetherRocUmbrellaSuite is the aether-roc-umbrella chart test suite
+type AetherRocUmbrellaSuite struct {
+ test.Suite
+ c *input.Context
+}
+
+// SetupTestSuite sets up the aether roc umbrella test suite
+func (s *AetherRocUmbrellaSuite) SetupTestSuite(c *input.Context) error {
+ s.c = c
+ return nil
+}
+
+func getCredentials() (string, string, error) {
+ kubClient, err := kubernetes.New()
+ if err != nil {
+ return "", "", err
+ }
+ secrets, err := kubClient.CoreV1().Secrets().Get(context.Background(), onostest.SecretsName)
+ if err != nil {
+ return "", "", err
+ }
+ username := string(secrets.Object.Data["sd-ran-username"])
+ password := string(secrets.Object.Data["sd-ran-password"])
+
+ return username, password, nil
+}
+
+// TestInstall tests installing the aether-roc-umbrella chart
+func (s *AetherRocUmbrellaSuite) TestInstall(t *testing.T) {
+ username, password, err := getCredentials()
+ assert.NoError(t, err)
+ registry := s.c.GetArg("registry").String("")
+
+ onos := helm.Chart("aether-roc-umbrella", onostest.SdranChartRepo).
+ Release("aether-roc-umbrella").
+ SetUsername(username).
+ SetPassword(password).
+ WithTimeout(15*time.Minute).
+ Set("onos-ric.service.external.nodePort", 0).
+ Set("onos-ric-ho.service.external.nodePort", 0).
+ Set("onos-ric-mlb.service.external.nodePort", 0).
+ Set("import.onos-gui.enabled", false).
+ Set("import.aether-roc-gui.v2_1.enabled", false).
+ Set("import.aether-roc-gui.v3.enabled", false).
+ Set("import.onos-cli.enabled", false).
+ Set("onos-topo.image.tag", "latest").
+ Set("onos-config.image.tag", "latest").
+ Set("aether-roc-api.image.tag", "latest").
+ Set("onos-config.plugin.compiler.target", "github.com/onosproject/onos-config@master").
+ Set("global.image.registry", registry)
+ assert.NoError(t, onos.Install(true))
+}
diff --git a/aether-roc-umbrella/values.yaml b/aether-roc-umbrella/values.yaml
new file mode 100644
index 0000000..bcd17fc
--- /dev/null
+++ b/aether-roc-umbrella/values.yaml
@@ -0,0 +1,251 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# Default values for all Aether Helm charts.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ fullnameOverride: "onos"
+ nameOverride: ""
+ image:
+ registry: ""
+ tag: ""
+ store:
+ consensus:
+ enabled: true
+ name: ""
+ image:
+ registry: ""
+ repository: atomix/atomix-raft-storage-node
+ tag: ""
+ pullPolicy: IfNotPresent
+ pullSecrets: []
+ clusters: 1
+ replicas: 1
+ partitions: 1
+ raft: {}
+ persistence:
+ storageClass: ""
+ storageSize: 1Gi
+
+import:
+ onos-topo:
+ enabled: true
+ onos-config:
+ enabled: true
+ onos-gui:
+ enabled: false
+ onos-cli:
+ enabled: true
+ aether-roc-api:
+ enabled: true
+ aether-roc-gui:
+ v2_1:
+ enabled: false
+ v3:
+ enabled: true
+ sdcore-adapter:
+ v2_1:
+ enabled: true
+ v3:
+ enabled: true
+ subscriber-proxy:
+ enabled: true
+ sdcore-test-dummy:
+ enabled: true
+ grafana:
+ enabled: true #also enable the proxy below
+ prometheus:
+ enabled: true #also enable the proxy below
+
+# ONOS-TOPO
+onos-topo:
+ store:
+ consensus:
+ enabled: false
+
+# ONOS-GUI
+onos-gui: {}
+
+# ONOS-CLI
+onos-cli: {}
+
+# Aether ROC API
+aether-roc-api: {}
+
+# Aether ROC GUI
+aether-roc-gui-v3:
+ websocket:
+ proxyEnabled: true
+ grafana:
+ proxyEnabled: true
+ service: aether-roc-umbrella-grafana # the grafana hostname - use FQDN for other namespaces
+ prometheus:
+ proxyEnabled: true
+ service: aether-roc-umbrella-prometheus-server
+
+# SD-Core Adapter
+sdcore-adapter-v21:
+ nameOverride: sdcore-adapter-v21
+ fullnameOverride: sdcore-adapter-v21
+ prometheusEnabled: false
+
+# Subscriber Proxy
+subscriber-proxy:
+ nameOverride: subscriber-proxy
+ fullnameOverride: subscriber-proxy
+ prometheusEnabled: false
+
+sdcore-adapter-v3:
+ nameOverride: sdcore-adapter-v3
+ fullnameOverride: sdcore-adapter-v3
+ prometheusEnabled: false
+
+grafana:
+ orgs:
+ acme:
+ vcs:
+ - acme-chicago-robots
+ devicegroup:
+ - acme-chicago-robots:
+ production: "0-3"
+ warehouse: "10-12"
+ starbucks:
+ vcs:
+ - starbucks-newyork-cameras
+ - starbucks-seattle-cameras
+ devicegroup:
+ - starbucks-newyork-cameras:
+ front: "40-41"
+ store: "50-55"
+ - starbucks-seattle-pos:
+ tills: "20-22"
+ store: "30-34"
+ - starbucks-seattle-cameras:
+ counter: "0-3"
+ store: "10-14"
+
+ tidyUpPostInstall: true
+ grafana.ini:
+ log:
+ level: debug
+ server:
+ domain: aether-roc-gui
+ root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
+ serve_from_sub_path: true
+ auth.anonymous:
+ enabled: true
+ hide_version: true
+# Commented out for the moment - see aether-roc-gui/docs/grafana.md
+# auth.jwt:
+# enabled: true
+# header_name: X-JWT-Assertion
+# username_claim: name
+# email_claim: email
+# jwk_set_url: https://dex.aetherproject.org/dex/keys
+# cache_ttl: 60m
+# auth.generic_oauth:
+# enabled: true
+# client_id: aether-roc-gui
+## client_secret: YWV0aGVyLXJvYy1ndWkK
+# scopes: "openid profile email groups"
+# empty_scopes: false
+# auth_url: "http://dex-ldap-umbrella:5556/auth"
+# token_url: "http://dex-ldap-umbrella:5556/token"
+# api_url: "http://dex-ldap-umbrella:5556/userinfo"
+# allowed_domains: opennetworking.org
+# allow_sign_up: true
+
+prometheus:
+ pushgateway:
+ enabled: false
+ nodeExporter:
+ enabled: false
+ kubeStateMetrics:
+ enabled: false
+ alertmanager:
+ configMapOverrideName: alertmanager
+ webhook_url: "http://aether-roc-api-websocket/webhook"
+ serverFiles:
+ alerting_rules.yml:
+ groups:
+ - name: UeAlerts
+ rules:
+ - alert: UeThroughputLow
+ expr: ue_throughput < 9000
+ for: 1m
+ labels:
+ severity: info
+ annotations:
+ description: 'UE {{ $labels.id }} on VCS {{ $labels.slice }} throughput has been low for more than 1 minutes.'
+ summary: 'UE {{ $labels.id }} on VCS {{ $labels.slice }} throughput low'
+ - alert: UeLatencyHigh
+ expr: ue_latency > 8
+ for: 1m
+ labels:
+ severity: info
+ annotations:
+ description: 'UE {{ $labels.id }} on VCS {{ $labels.slice }} latency has been high for more than 1 minutes.'
+ summary: 'UE {{ $labels.id }} on VCS {{ $labels.slice }} latency high'
+ - name: VcsAlerts
+ rules:
+ - alert: VcsThroughputLow
+ expr: vcs_throughput < 9000
+ for: 1m
+ labels:
+ severity: info
+ annotations:
+ description: 'VCS {{ $labels.vcs_id }} throughput has been low for more than 1 minutes.'
+ summary: 'VCS {{ $labels.vcs_id }} throughput low'
+ - alert: VcsLatencyHigh
+ expr: vcs_latency > 30
+ for: 1m
+ labels:
+ severity: warn
+ annotations:
+ description: 'VCS {{ $labels.vcs_id }} latency has been high for more than 1 minutes.'
+ summary: 'VCS {{ $labels.vcs_id }} latency high'
+ - alert: VcsJitterHigh
+ expr: vcs_jitter > 8
+ for: 1m
+ labels:
+ severity: page
+ annotations:
+ description: 'VCS {{ $labels.vcs_id }} jitter has been high for more than 1 minutes.'
+ summary: 'VCS {{ $labels.vcs_id }} jitter high'
+ prometheus.yml:
+ scrape_configs:
+ - job_name: sdcore-exporter
+ scrape_interval: 2s
+ static_configs:
+ - targets:
+ - sdcore-adapter-v3-exporter:2112
+
+# SD-Core Test Dummy
+# proxy_pass has to be added or nginx will not log the $request_body
+sdcore-test-dummy:
+ service:
+ type: ClusterIP
+ existingServerBlockConfigmap: aether-roc-umbrella-sdcore-test-dummy
+
+# ONOS-CONFIG
+onos-config:
+ store:
+ consensus:
+ enabled: false
+ models:
+ aether:
+ v2_1:
+ enabled: true
+ v2_2:
+ enabled: false
+ v3:
+ enabled: true
+ plugin:
+ compiler:
+ target: ""
+ openpolicyagent:
+ enabled: true
+ regoConfigMap: aether-roc-umbrella-opa-rbac