AETHER-2234 move and update aether-roc-umbrella
Change-Id: I7ca845b92dff1fce5fd87d42053a43d80cc55f34
diff --git a/aether-roc-umbrella/files/dashboards/ue/ue-connectivity.json b/aether-roc-umbrella/files/dashboards/ue/ue-connectivity.json
new file mode 100644
index 0000000..8bb0a7d
--- /dev/null
+++ b/aether-roc-umbrella/files/dashboards/ue/ue-connectivity.json
@@ -0,0 +1,230 @@
+{
+ "dashboard": {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "links": [],
+ "panels": [
+ {
+ "datasource": "datasource-$ORG",
+ "description": "UE Connectivity",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "id": 1,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "ue_throughput{id=\"$IMSI\"}",
+ "interval": "",
+ "legendFormat": "Throughput {{slice}} {{direction}} kb/s",
+ "queryType": "randomWalk",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "ue_latency{id=\"$IMSI\"} * 1000",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Latency {{slice}} {{direction}} µs",
+ "refId": "B"
+ }
+ ],
+ "title": "UE $IMSI Throughput and Latency",
+ "type": "timeseries"
+ },
+ {
+ "datasource": "datasource-$ORG",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "hidden",
+ "barAlignment": 0,
+ "drawStyle": "bars",
+ "fillOpacity": 57,
+ "gradientMode": "hue",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 8
+ },
+ "id": 2,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "smf_pdu_session_profile{id=\"$IMSI\",state=\"active\"}*2",
+ "interval": "",
+ "legendFormat": "Active",
+ "queryType": "randomWalk",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "smf_pdu_session_profile{id=\"$IMSI\",state=\"idle\"}*1",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Idle",
+ "refId": "B"
+ },
+ {
+ "exemplar": true,
+ "expr": "smf_pdu_session_profile{id=\"$IMSI\",state=\"inactive\"}*-1",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Inactive",
+ "refId": "C"
+ }
+ ],
+ "title": "UE $IMSI Connectivity",
+ "type": "timeseries"
+ }
+ ],
+ "refresh": "",
+ "schemaVersion": 30,
+ "style": "light",
+ "tags": [],
+ "templating": {
+ "list": []
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {},
+ "timezone": "",
+ "title": "UE $IMSI Connectivity and Throughput",
+ "uid": "ue-$IMSI",
+ "version": 1
+ },
+ "folderUid": "$ORG",
+ "message": "Made changes to $ORG"
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/dashboards/vcs/vcs-performance-all.json b/aether-roc-umbrella/files/dashboards/vcs/vcs-performance-all.json
new file mode 100644
index 0000000..7d0b484
--- /dev/null
+++ b/aether-roc-umbrella/files/dashboards/vcs/vcs-performance-all.json
@@ -0,0 +1,140 @@
+{
+ "dashboard": {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "links": [],
+ "panels": [
+ {
+ "datasource": "datasource-$ORG",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "id": 1,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "sum(vcs_jitter{vcs_id=~\"$ORG.*\"})/count(vcs_jitter{vcs_id=~\"$ORG.*\"})*1000",
+ "format": "time_series",
+ "interval": "",
+ "legendFormat": "Jitter (µs)",
+ "queryType": "randomWalk",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "sum(vcs_latency{vcs_id=~\"$ORG.*\"})/count(vcs_latency{vcs_id=~\"$ORG.*\"})*1000",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Latency (µs)",
+ "refId": "B"
+ },
+ {
+ "exemplar": true,
+ "expr": "sum(vcs_throughput{vcs_id=~\"$ORG.*\"})/count(vcs_throughput{vcs_id=~\"$ORG.*\"})",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Throughput (kb/s)",
+ "refId": "C"
+ }
+ ],
+ "title": "VCS $ORG All",
+ "type": "timeseries"
+ }
+ ],
+ "schemaVersion": 30,
+ "style": "dark",
+ "tags": [],
+ "templating": {
+ "list": []
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {
+ },
+ "timezone": "",
+ "title": "VCS $ORG All",
+ "uid": "vcs-$ORG-all",
+ "version": 2
+ },
+ "folderUid": "$ORG",
+ "message": "Made changes to $ORG"
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/dashboards/vcs/vcs-performance.json b/aether-roc-umbrella/files/dashboards/vcs/vcs-performance.json
new file mode 100644
index 0000000..8a84890
--- /dev/null
+++ b/aether-roc-umbrella/files/dashboards/vcs/vcs-performance.json
@@ -0,0 +1,141 @@
+{
+ "dashboard": {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "description": "",
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "links": [],
+ "panels": [
+ {
+ "datasource": "datasource-$ORG",
+ "description": "",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "id": 1,
+ "links": [],
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "vcs_jitter{vcs_id=\"$VCS\"}*1000",
+ "interval": "",
+ "legendFormat": "Jitter (µs)",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "vcs_latency{vcs_id=\"$VCS\"}*1000",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Latency (µs)",
+ "refId": "B"
+ },
+ {
+ "exemplar": true,
+ "expr": "vcs_throughput{vcs_id=\"$VCS\"}",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Throughput (kb/s)",
+ "refId": "C"
+ }
+ ],
+ "title": "VCS $VCS Performance",
+ "type": "timeseries"
+ }
+ ],
+ "refresh": "",
+ "schemaVersion": 30,
+ "style": "light",
+ "tags": [],
+ "templating": {
+ "list": []
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {},
+ "timezone": "",
+ "title": "VCS $VCS Performance",
+ "uid": "vcs-$VCS",
+ "version": 1
+ },
+ "folderUid": "$ORG",
+ "message": "Made changes to $ORG"
+}
diff --git a/aether-roc-umbrella/files/dashboards/vcs/vcs-ue-connectivity.json b/aether-roc-umbrella/files/dashboards/vcs/vcs-ue-connectivity.json
new file mode 100644
index 0000000..7185d4a
--- /dev/null
+++ b/aether-roc-umbrella/files/dashboards/vcs/vcs-ue-connectivity.json
@@ -0,0 +1,139 @@
+{
+ "dashboard": {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "links": [],
+ "panels": [
+ {
+ "datasource": "datasource-$ORG",
+ "description": "Stacked time-series of UE's connected to slice by active, inactive and idle",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "bars",
+ "fillOpacity": 56,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "normal"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "id": 1,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom"
+ },
+ "tooltip": {
+ "mode": "single"
+ }
+ },
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "sum(smf_pdu_session_profile{slice=\"$VCS\",state=\"active\"})",
+ "interval": "",
+ "legendFormat": "Active",
+ "queryType": "randomWalk",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "sum(smf_pdu_session_profile{slice=\"$VCS\",state=\"inactive\"})",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Inactive",
+ "refId": "B"
+ },
+ {
+ "exemplar": true,
+ "expr": "sum(smf_pdu_session_profile{slice=\"$VCS\",state=\"idle\"})",
+ "hide": false,
+ "interval": "",
+ "legendFormat": "Idle",
+ "refId": "C"
+ }
+ ],
+ "title": "VCS $VCS UE Connectivity Stacked",
+ "type": "timeseries"
+ }
+ ],
+ "schemaVersion": 30,
+ "style": "light",
+ "tags": [],
+ "templating": {
+ "list": []
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {},
+ "timezone": "",
+ "title": "VCS $VCS UE Connectivity",
+ "uid": "$VCS-ue-conn",
+ "version": 1
+ },
+ "folderUid": "$ORG",
+ "message": "Made changes to $ORG"
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego b/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego
new file mode 100644
index 0000000..9c2ec1b
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego
@@ -0,0 +1,133 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+package aether_2_1_0
+
+echo[config] {
+ config := input
+}
+
+allowed[config] {
+ access_profile := access_profiles # refer to rule below
+ subscriber := subscribers
+ apn_profile := apn_profiles
+ connectivity_service := connectivityservices
+ enterprise := enterprises
+ qos_profile := qos_profiles
+ security_profile := security_profiles
+ service_profile := service_profiles
+ service_group := service_groups
+ service_policy := service_policies
+ service_rule := service_rules
+ up_profile := up_profiles
+ config := {
+ "access_profile": {
+ "access_profile": [
+ access_profile
+ ]
+ },
+ "subscriber": {
+ "ue": [
+ subscriber
+ ]
+ },
+ "apn_profile": {
+ "apn_profile": [
+ apn_profile
+ ]
+ },
+ "connectivity-service": {
+ "connectivity-service": [
+ connectivity_service
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ enterprise
+ ]
+ },
+ "qos_profile": {
+ "qos_profile": [
+ qos_profile
+ ]
+ },
+ "security_profile": {
+ "security_profile": [
+ security_profile
+ ]
+ },
+ "service_profile": {
+ "service_profile": [
+ service_profile
+ ]
+ },
+ "service_group": {
+ "service_group": [
+ service_group
+ ]
+ },
+ "service_policy": {
+ "service_policy": [
+ service_policy
+ ]
+ },
+ "service_rule": {
+ "service_rule": [
+ service_rule
+ ]
+ },
+ "up_profile": {
+ "up_profile": [
+ up_profile
+ ]
+ },
+ }
+}
+
+access_profiles[access_profile] {
+ access_profile := input.access_profile.access_profile[_]
+}
+
+subscribers[subscriber] {
+ subscriber := input.subscriber.ue[_]
+}
+
+apn_profiles[apn_profile] {
+ apn_profile := input.apn_profile.apn_profile[_]
+}
+
+connectivityservices[connectivity_service] {
+ enterprise := input.enterprise.enterprise[_]
+ enterprise_cs := enterprise.connectivity_service[_]
+ connectivity_service := input.connectivity_service.connectivity_service[_]
+ ["AetherROCAdmin", enterprise.id][_] == input.groups[i]
+ enterprise_cs.connectivity_service == connectivity_service.id
+}
+
+enterprises[enterprise] {
+ enterprise := input.enterprise.enterprise[_]
+ ["AetherROCAdmin", enterprise.id][_] == input.groups[_]
+}
+
+qos_profiles[qos_profile] {
+ qos_profile := input.qos_profile.qos_profile[_]
+}
+security_profiles[security_profile] {
+ security_profile := input.security_profile.security_profile[_]
+}
+service_profiles[service_profile] {
+ service_profile := input.service_profile.service_profile[_]
+}
+service_groups[service_group] {
+ service_group := input.service_group.service_group[_]
+}
+service_policies[service_policy] {
+ service_policy := input.service_policy.service_policy[_]
+}
+service_rules[service_rule] {
+ service_rule := input.service_rule.service_rule[_]
+}
+up_profiles[up_profile] {
+ up_profile := input.up_profile.up_profile[_]
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego b/aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego
new file mode 100644
index 0000000..29df86e
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego
@@ -0,0 +1,149 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+package aether_3_0_0
+
+echo[config] {
+ config := input
+}
+
+allowed[config] {
+ ap_list := ap_lists # refer to rule below
+ application := applications
+ connectivity_service := connectivityservices
+ device_group := devicegroups
+ enterprise := enterprises
+ ip_domain := ip_domains
+ network := networks
+ site := sites
+ template := templates
+ traffic_class := trafficclasses
+ upf := upfs
+ vcs := vcss
+ config := {
+ "ap-list": {
+ "ap-list": [
+ ap_list
+ ]
+ },
+ "application": {
+ "application": [
+ application
+ ]
+ },
+ "connectivity-service": {
+ "connectivity-service": [
+ connectivity_service
+ ]
+ },
+ "device-group": {
+ "device-group": [
+ device_group
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ enterprise
+ ]
+ },
+ "ip-domain": {
+ "ip-domain": [
+ ip_domain
+ ]
+ },
+ "network": {
+ "network": [
+ network
+ ]
+ },
+ "site": {
+ "site": [
+ site
+ ]
+ },
+ "template": {
+ "template": [
+ template
+ ]
+ },
+ "traffic_class": {
+ "traffic_class": {
+ traffic_class
+ }
+ },
+ "upf": {
+ "upf": [
+ upf
+ ]
+ },
+ "vcs": {
+ "vcs": [
+ vcs
+ ]
+ }
+ }
+}
+
+ap_lists[ap_list] {
+ ap_list := input.ap_list.ap_list[_]
+ ["AetherROCAdmin", ap_list.enterprise][_] == input.groups[i]
+}
+
+applications[application] {
+ application := input.application.application[_]
+ ["AetherROCAdmin", application.enterprise][_] == input.groups[i]
+}
+
+connectivityservices[connectivity_service] {
+ connectivity_service := input.connectivity_service.connectivity_service[_]
+}
+
+devicegroups[device_group] {
+ device_group := input.device_group.device_group[_]
+ site := sites
+ device_group.site == site[_].id # allow only the device_groups of a known site
+}
+
+enterprises[enterprise] {
+ enterprise := input.enterprise.enterprise[_]
+ ["AetherROCAdmin", enterprise.id][_] == input.groups[i]
+}
+
+ip_domains[ip_domain] {
+ ip_domain := input.ip_domain.ip_domain[_]
+ ["AetherROCAdmin", ip_domain.enterprise][_] == input.groups[i]
+}
+
+networks[network] {
+ network := input.network.network[_]
+ ["AetherROCAdmin", network.enterprise][_] == input.groups[i]
+}
+
+sites[site] {
+ site := input.site.site[_]
+ ["AetherROCAdmin", site.enterprise][_] == input.groups[i]
+}
+
+templates[template] {
+ template := input.template.template[_]
+}
+
+trafficclasses[traffic_class] {
+ traffic_class := input.traffic_class.traffic_class[_]
+}
+
+upfs[upf] {
+ upf := input.upf.upf[_]
+ ["AetherROCAdmin", upf.enterprise][_] == input.groups[i]
+}
+
+vcss[vcs] {
+ vcs := input.vcs.vcs[_]
+ ["AetherROCAdmin", vcs.enterprise][_] == input.groups[i]
+}
+
+can_update_enterprise = true {
+ update_enterprise := input.updates.enterprise.enterprise[_]
+ ["AetherROCAdmin", update_enterprise.id][_] == input.groups[i]
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-2.1.0-example-get.json b/aether-roc-umbrella/files/opa-rbac/test/aether-2.1.0-example-get.json
new file mode 100644
index 0000000..385eb95
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-2.1.0-example-get.json
@@ -0,0 +1,906 @@
+{
+ "groups": [
+ "mixedGroup",
+ "AetherROCAdmin",
+ "EnterpriseAdmin"
+ ],
+ "access_profile": {
+ "access_profile": [
+ {
+ "description": "access profile that allows all access",
+ "display_name": "Access All",
+ "filter": "null",
+ "id": "access_all",
+ "type": "allow_all"
+ },
+ {
+ "description": "access profile that only allows access to the apps network",
+ "display_name": "Only Apps Network",
+ "filter": "only^apps^network",
+ "id": "apps_only",
+ "type": "specific_network"
+ },
+ {
+ "description": "exclude an app from contacting a specific destination",
+ "display_name": "Exclude App By Name",
+ "filter": "exclude_app_name",
+ "id": "excluding_app",
+ "type": "excluding_this_app"
+ },
+ {
+ "description": "access profile that allows Internet access only",
+ "display_name": "Internet Access Only",
+ "filter": "No^private^network",
+ "id": "internet_only",
+ "type": "internet_only"
+ },
+ {
+ "description": "access profile that allows intranet access only",
+ "display_name": "Private Network Only",
+ "filter": "only^private^network",
+ "id": "intranet_only",
+ "type": "intranet_only"
+ },
+ {
+ "description": "access profile that allows internet only",
+ "display_name": "Access Profile 1",
+ "filter": "null",
+ "id": "profile_access_demo_1",
+ "type": "allow_all"
+ },
+ {
+ "description": "allow an app to contact a specific destination",
+ "display_name": "Allow App By Name",
+ "filter": "allow_app_name",
+ "id": "specific_app",
+ "type": "specific_destination_only"
+ }
+ ]
+ },
+ "apn_profile": {
+ "apn_profile": [
+ {
+ "apn_name": "internet",
+ "description": "Ciena Internet APN config",
+ "display_name": "Ciena Internet",
+ "dns_primary": "10.24.7.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_ciena",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Cornell1 Internet APN config",
+ "display_name": "Cornell1 Internet",
+ "dns_primary": "10.68.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_cornell1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Default Internet APN config",
+ "display_name": "Default Internet",
+ "dns_primary": "1.1.1.1",
+ "dns_secondary": "8.8.8.8",
+ "gx_enabled": true,
+ "id": "apn_internet_default",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Intel Internet APN config",
+ "display_name": "Intel Internet",
+ "dns_primary": "10.212.74.139",
+ "dns_secondary": "10.212.87.15",
+ "gx_enabled": true,
+ "id": "apn_internet_intel",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "ONF Menlo Internet APN config",
+ "display_name": "ONF Menlo Internet",
+ "dns_primary": "10.53.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_menlo",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Princeton1 Internet APN config",
+ "display_name": "Princeton1 Internet",
+ "dns_primary": "10.70.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_princeton1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Stanford1 Internet APN config",
+ "display_name": "Stanford1 Internet",
+ "dns_primary": "10.65.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_stanford1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Stanford2 Internet APN config",
+ "display_name": "Stanford2 Internet",
+ "dns_primary": "10.67.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_stanford2",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Telefonica Internet APN config",
+ "display_name": "Telefonica Internet",
+ "dns_primary": "10.82.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_tef",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "ONF Tucson Internet APN config",
+ "display_name": "ONF Tucson Internet",
+ "dns_primary": "10.59.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_tucson",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "the default APN profile",
+ "display_name": "APN Profile 1",
+ "dns_primary": "8.8.8.4",
+ "dns_secondary": "8.8.8.8",
+ "gx_enabled": true,
+ "id": "apn_profile1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "the default APN profile",
+ "display_name": "APN Profile 1",
+ "dns_primary": "8.8.4.4",
+ "dns_secondary": "8.8.8.8",
+ "gx_enabled": true,
+ "id": "profile_apn_demo_1",
+ "mtu": 1460,
+ "service_group": "internet"
+ }
+ ]
+ },
+ "connectivity_service": {
+ "connectivity_service": [
+ {
+ "description": "Connectivity service endpoints",
+ "display_name": "Connectivity Service 1",
+ "hss_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/imsis",
+ "id": "connectivity_service_demo_1",
+ "pcrf_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/policies",
+ "spgwc_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config"
+ },
+ {
+ "description": "Connectivity service endpoints",
+ "display_name": "Connectivity Service v1",
+ "hss_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config",
+ "id": "connectivity_service_v1",
+ "spgwc_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config"
+ }
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Ciena",
+ "display_name": "Aether _ Ciena",
+ "id": "aether_ciena"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Intel",
+ "display_name": "Aether _ Intel",
+ "id": "aether_intel"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ NTT",
+ "display_name": "Aether _ NTT",
+ "id": "aether_ntt"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Open Networking Foundation",
+ "display_name": "Aether _ ONF",
+ "id": "aether_onf"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Telefonica",
+ "display_name": "Aether _ Telefonica",
+ "id": "aether_tef"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_demo_1",
+ "enabled": true
+ }
+ ],
+ "description": "Enterprise configuration",
+ "display_name": "Enterprise 1",
+ "id": "enterprise_demo_1"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Pronto _ Cornell",
+ "display_name": "Pronto _ Cornell",
+ "id": "pronto_cornell"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Pronto _ Princeton",
+ "display_name": "Pronto _ Princeton",
+ "id": "pronto_princeton"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Pronto _ Stanford",
+ "display_name": "Pronto _ Stanford",
+ "id": "pronto_stanford"
+ }
+ ]
+ },
+ "qos_profile": {
+ "qos_profile": [
+ {
+ "apn_ambr": {
+ "downlink": 12345678,
+ "uplink": 12345678
+ },
+ "description": "qos profile for demo",
+ "display_name": "QOS Profile 1",
+ "id": "profile_qos_demo_1"
+ },
+ {
+ "apn_ambr": {
+ "downlink": 12345678,
+ "uplink": 12345678
+ },
+ "description": "low bitrate internet service",
+ "display_name": "QOS Profile 1",
+ "id": "qos_profile1"
+ }
+ ]
+ },
+ "security_profile": {
+ "security_profile": [
+ {
+ "description": "default security profile",
+ "display_name": "Default Security Profile",
+ "id": "profile_security_default_1",
+ "key": "000102030405060708090a0b0c0d0e0f",
+ "opc": "69d5c2eb2e2e624750541d3bbc692ba5",
+ "sqn": 135
+ },
+ {
+ "description": "security profile for demo",
+ "display_name": "Security Profile 1",
+ "id": "profile_security_demo_1",
+ "key": "465b5ce8b199b49faa5f0a2ee238a6bc",
+ "opc": "d4416644f6154936193433dd20a0ace0",
+ "sqn": 96
+ },
+ {
+ "description": "NTT security profile",
+ "display_name": "NTT Security Profile",
+ "id": "profile_security_ntt_1",
+ "key": "ACB9E480B30DC12C6BDD26BE882D2940",
+ "opc": "F5929B14A34AD906BC44D205242CD182",
+ "sqn": 135
+ },
+ {
+ "description": "Telefonica security profile",
+ "display_name": "Telefonica Security Profile",
+ "id": "profile_security_tef_1",
+ "key": "83BBE53DFA050D9648C1D14937FC1AC3",
+ "opc": "346EF56C902AF38E5E4C4E3A0B0C2497",
+ "sqn": 135
+ }
+ ]
+ },
+ "service_group": {
+ "service_group": [
+ {
+ "description": "Internet service",
+ "id": "internet",
+ "service_policies": [
+ {
+ "kind": "default",
+ "service_policy": "be_internet_access"
+ }
+ ]
+ },
+ {
+ "description": "Menlo high definition camera service",
+ "id": "iot_hd_camera_menlo",
+ "service_policies": [
+ {
+ "kind": "default",
+ "service_policy": "video_non_gbr_1"
+ }
+ ]
+ }
+ ]
+ },
+ "service_policy": {
+ "service_policy": [
+ {
+ "ambr": {
+ "downlink": 20000000,
+ "uplink": 100000
+ },
+ "arp": 1,
+ "id": "be_internet_access",
+ "qci": 9,
+ "rules": [
+ {
+ "enabled": true,
+ "rule": "best_effort_internet_access"
+ }
+ ]
+ },
+ {
+ "ambr": {
+ "downlink": 20000000,
+ "uplink": 100000
+ },
+ "arp": 1,
+ "id": "video_non_gbr_1",
+ "qci": 7,
+ "rules": [
+ {
+ "enabled": true,
+ "rule": "video_non_gbr_1"
+ }
+ ]
+ }
+ ]
+ },
+ "service_rule": {
+ "service_rule": [
+ {
+ "charging_rule_name": "best_effort_internet_access",
+ "description": "rule for enabling best effort internet",
+ "flow": {
+ "specification": "permit out ip 0.0.0.0/0 to assigned"
+ },
+ "id": "best_effort_internet_access",
+ "qos": {
+ "aggregate_maximum_bitrate": {
+ "downlink": 10240000,
+ "uplink": 1024000
+ },
+ "arp": {
+ "preemption_capability": true,
+ "preemption_vulnerability": true,
+ "priority": 1
+ },
+ "guaranteed_bitrate": {
+ "downlink": 1,
+ "uplink": 1
+ },
+ "maximum_requested_bandwidth": {
+ "downlink": 5120000,
+ "uplink": 512000
+ },
+ "qci": 9
+ }
+ },
+ {
+ "charging_rule_name": "video_non_gbr_1",
+ "description": "rule for non_gbr video",
+ "flow": {
+ "specification": "permit out ip 0.0.0.0/0 to assigned"
+ },
+ "id": "video_non_gbr_1",
+ "qos": {
+ "aggregate_maximum_bitrate": {
+ "downlink": 5555,
+ "uplink": 4444
+ },
+ "arp": {
+ "preemption_capability": true,
+ "preemption_vulnerability": true,
+ "priority": 1
+ },
+ "guaranteed_bitrate": {
+ "downlink": 2222,
+ "uplink": 1111
+ },
+ "maximum_requested_bandwidth": {
+ "downlink": 3456,
+ "uplink": 2345
+ },
+ "qci": 9
+ }
+ }
+ ]
+ },
+ "subscriber": {
+ "ue": [
+ {
+ "display_name": "Telefonica subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_tef",
+ "id": "0debf047_8416_4539_9abf_02a0d7e7f9a3",
+ "imsi_range_from": "722070000002441",
+ "imsi_range_to": "722070000002450",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_tef",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_tef_1",
+ "up_profile": "tef"
+ },
+ "serving_plmn": {
+ "mcc": 722,
+ "mnc": 7,
+ "tac": 110
+ }
+ },
+ {
+ "display_name": "Stanford2 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_stanford",
+ "id": "1c6852e6_5b12_413a_9fa5_c631c644136c",
+ "imsi_range_from": "315010202000001",
+ "imsi_range_to": "315010202000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_stanford2",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "stanford2"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 603
+ }
+ },
+ {
+ "display_name": "Princeton1 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_princeton",
+ "id": "30f77900_18b1_480c_a419_031956d83a9c",
+ "imsi_range_from": "315010204000001",
+ "imsi_range_to": "315010204000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_princeton1",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "princeton1"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 605
+ }
+ },
+ {
+ "display_name": "Stanford1 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_stanford",
+ "id": "415d0496_6926_4a49_b0f1_69ef1742fd5d",
+ "imsi_range_from": "315010201000001",
+ "imsi_range_to": "315010201000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_stanford1",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "stanford1"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 601
+ }
+ },
+ {
+ "display_name": "Ciena subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_ciena",
+ "id": "4c814a64_c592_468e_9435_b60f225f97ff",
+ "imsi_range_from": "315010101000001",
+ "imsi_range_to": "315010101000010",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_ciena",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "ciena"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 5
+ }
+ },
+ {
+ "display_name": "Cornell1 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_cornell",
+ "id": "554b4c5b_de49_4868_ba7e_f428aefc0984",
+ "imsi_range_from": "315010203000001",
+ "imsi_range_to": "315010203000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_cornell1",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "cornell1"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 607
+ }
+ },
+ {
+ "display_name": "Subscriber Match Rule 1",
+ "enabled": true,
+ "enterprise": "enterprise_demo_1",
+ "id": "5fc0bfc8_4ecc_11eb_b8e7_6f6e6f732d63",
+ "imsi_range_from": "208014567891200",
+ "imsi_range_to": "208014567891300",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "profile_access_demo_1",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "profile_apn_demo_1",
+ "qos_profile": "profile_qos_demo_1",
+ "security_profile": "profile_security_demo_1",
+ "up_profile": "profile_up_demo_1"
+ },
+ "serving_plmn": {
+ "mcc": 208,
+ "mnc": 10,
+ "tac": 1
+ }
+ },
+ {
+ "id": "8d92f0cf_d83d_482c_866d_f53ee1426622",
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": false
+ }
+ ],
+ "apn_profile": "apn_internet_intel",
+ "qos_profile": "profile_qos_demo_1",
+ "security_profile": "profile_security_ntt_1",
+ "up_profile": "cornell1"
+ }
+ },
+ {
+ "display_name": "Intel subscriber match rule 1",
+ "enabled": true,
+ "enterprise": "aether_intel",
+ "id": "c6711eb4_5210_4d94_b83c_0f890dc21c31",
+ "imsi_range_from": "315010888812341",
+ "imsi_range_to": "315010888812346",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_intel",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "intel"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 101
+ }
+ },
+ {
+ "display_name": "ONF Tucson subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_onf",
+ "id": "cbdb20c1_c3d7_47e3_a1a1_7465c8ad6ff1",
+ "imsi_range_from": "315010999912301",
+ "imsi_range_to": "315010999912303",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_tucson",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "tucson"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 222
+ }
+ },
+ {
+ "display_name": "NTT subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_ntt",
+ "id": "e8b4f8ea_cd9c_4ae7_a1df_15ee82cc4dc6",
+ "imsi_range_from": "999002999970951",
+ "imsi_range_to": "999002999971950",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_default",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_ntt_1",
+ "up_profile": "ntt"
+ },
+ "serving_plmn": {
+ "mcc": 999,
+ "mnc": 2,
+ "tac": 1
+ }
+ },
+ {
+ "display_name": "ONF Menlo subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_onf",
+ "id": "f2ba8cc0_e593_403b_a130_f18a99018f6e",
+ "imsi_range_from": "315010999912341",
+ "imsi_range_to": "315010999912356",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_menlo",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "menlo"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 203
+ }
+ },
+ {
+ "display_name": "Intel subscriber match rule 2",
+ "enabled": true,
+ "enterprise": "aether_intel",
+ "id": "f5a0929f_b4a4_4f34_8bd5_52c57eeb4a50",
+ "imsi_range_from": "315010102000001",
+ "imsi_range_to": "315010102000002",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_intel",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "intel"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 101
+ }
+ }
+ ]
+ },
+ "up_profile": {
+ "up_profile": [
+ {
+ "access_control": "none",
+ "description": "User plane profile for Ciena",
+ "display_name": "Ciena",
+ "id": "ciena",
+ "user_plane": "pfcp_agent.omec.svc.prd.ciena.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Cornell1",
+ "display_name": "Cornell1",
+ "id": "cornell1",
+ "user_plane": "pfcp_agent.omec.svc.prd.cornell1.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Intel",
+ "display_name": "Intel",
+ "id": "intel",
+ "user_plane": "upf.omec.svc.prd.intel.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for ONF Menlo",
+ "display_name": "ONF Menlo",
+ "id": "menlo",
+ "user_plane": "pfcp_agent.omec.svc.prd.menlo.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for NTT",
+ "display_name": "NTT",
+ "id": "ntt",
+ "user_plane": "upf.omec.svc.prd.ntt.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Princeton1",
+ "display_name": "Princeton1",
+ "id": "princeton1",
+ "user_plane": "pfcp_agent.omec.svc.prd.princeton1.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "user_plane profile for spgwu1",
+ "display_name": "UP Profile 1",
+ "id": "profile_up_demo_1",
+ "user_plane": "upf_headless"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Stanford1",
+ "display_name": "Stanford1",
+ "id": "stanford1",
+ "user_plane": "pfcp_agent.omec.svc.prd.stanford1.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Stanford2",
+ "display_name": "Stanford2",
+ "id": "stanford2",
+ "user_plane": "pfcp_agent.omec.svc.prd.stanford2.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Telefonica",
+ "display_name": "Telefonica",
+ "id": "tef",
+ "user_plane": "upf.omec.svc.prd.tef.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for ONF Tucson",
+ "display_name": "ONF Tucson",
+ "id": "tucson",
+ "user_plane": "upf.omec.svc.prd.tucson.aetherproject.net"
+ }
+ ]
+ }
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-basic.json b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-basic.json
new file mode 100644
index 0000000..7acd0cf
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-basic.json
@@ -0,0 +1,28 @@
+{
+ "groups": [
+ "mixedGroup",
+ "AetherROCAdmin"
+ ],
+ "template": {
+ "template": [
+ {
+ "description": "do",
+ "display-name": "laborum fugiat",
+ "downlink": 322694552,
+ "id": "aliquip",
+ "sd": 14628949,
+ "sst": 1,
+ "uplink": 1607714163
+ },
+ {
+ "description": "do",
+ "display-name": "quattro fugiat",
+ "downlink": 322694552,
+ "id": "quattro",
+ "sd": 14628949,
+ "sst": 1,
+ "uplink": 1607714163
+ }
+ ]
+ }
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-get.json b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-get.json
new file mode 100644
index 0000000..5341f75
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-get.json
@@ -0,0 +1,494 @@
+{
+ "groups": [
+ "mixedGroup",
+ "acme"
+ ],
+ "ap_list": {
+ "ap_list": [
+ {
+ "access_points": [
+ {
+ "address": "ap1^seattle^starbucks^com",
+ "enable": true,
+ "tac": 654
+ },
+ {
+ "address": "ap2^seattle^starbucks^com",
+ "enable": true,
+ "tac": 87475
+ }
+ ],
+ "description": "Seattle APs",
+ "display_name": "Seattle",
+ "enterprise": "starbucks",
+ "id": "starbucks_seattle_aps"
+ },
+ {
+ "access_points": [
+ {
+ "address": "ap2^newyork^starbucks^com",
+ "enable": true,
+ "tac": 8002
+ }
+ ],
+ "description": "New York APs",
+ "display_name": "New York",
+ "enterprise": "starbucks",
+ "id": "starbucks_newyork_aps"
+ },
+ {
+ "access_points": [
+ {
+ "address": "ap2^chicago^acme^com",
+ "enable": true,
+ "tac": 8002
+ }
+ ],
+ "description": "Chicago APs",
+ "display_name": "Chicago",
+ "enterprise": "acme",
+ "id": "acme_chicago_aps"
+ }
+ ]
+ },
+ "application": {
+ "application": [
+ {
+ "description": "Network Video Recorder",
+ "display_name": "NVR",
+ "enterprise": "starbucks",
+ "endpoint": [
+ {
+ "address": "nvr.starbucks.com",
+ "name": "rtsp",
+ "port_end": 3316,
+ "port_start": 3330,
+ "protocol": "UDP"
+ }
+ ],
+ "id": "starbucks_nvr"
+ },
+ {
+ "description": "Fidelio POS",
+ "display_name": "Fidelio",
+ "enterprise": "starbucks",
+ "endpoint": [
+ {
+ "address": "fidelio.starbucks.com",
+ "name": "fidelio",
+ "port_end": 7585,
+ "port_start": 7588,
+ "protocol": "TCP"
+ }
+ ],
+ "id": "starbucks_fidelio"
+ },
+ {
+ "description": "Data Acquisition",
+ "display_name": "DA",
+ "enterprise": "acme",
+ "endpoint": [
+ {
+ "address": "da.acme.com",
+ "name": "da",
+ "port_end": 7585,
+ "port_start": 7588,
+ "protocol": "TCP"
+ }
+ ],
+ "id": "acme_dataacquisition"
+ }
+ ]
+ },
+ "connectivity_service": {
+ "connectivity_service": [
+ {
+ "core_5g_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/5g",
+ "description": "5G Test",
+ "display_name": "ROC 5G Test Connectivity Service",
+ "id": "cs5gtest"
+ },
+ {
+ "description": "ROC 4G Test Connectivity Service",
+ "display_name": "4G Test",
+ "hss_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/imsis",
+ "id": "cs4gtest",
+ "pcrf_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/policies",
+ "spgwc_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config"
+ }
+ ]
+ },
+ "device_group": {
+ "device_group": [
+ {
+ "display_name": "Seattle Cameras",
+ "id": "starbucks_seattle_cameras",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275000,
+ "imsi_range_to": 170029313275003,
+ "name": "counters"
+ },
+ {
+ "imsi_range_from": 170029313275010,
+ "imsi_range_to": 170029313275014,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_seattle",
+ "site": "starbucks_seattle"
+ },
+ {
+ "display_name": "Seattle POS",
+ "id": "starbucks_seattle_pos",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275020,
+ "imsi_range_to": 170029313275022,
+ "name": "tills"
+ },
+ {
+ "imsi_range_from": 170029313275030,
+ "imsi_range_to": 170029313275034,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_seattle",
+ "site": "starbucks_seattle"
+ },
+ {
+ "display_name": "New York Cameras",
+ "id": "starbucks_newyork_cameras",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275040,
+ "imsi_range_to": 170029313275041,
+ "name": "front"
+ },
+ {
+ "imsi_range_from": 170029313275050,
+ "imsi_range_to": 170029313275055,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_newyork",
+ "site": "starbucks_newyork"
+ },
+ {
+ "display_name": "New York POS",
+ "id": "starbucks_newyork_pos",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275060,
+ "imsi_range_to": 170029313275061,
+ "name": "tills"
+ },
+ {
+ "imsi_range_from": 170029313275070,
+ "imsi_range_to": 170029313275073,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_newyork",
+ "site": "starbucks_newyork"
+ },
+ {
+ "display_name": "ACME Robots",
+ "id": "acme_chicago_robots",
+ "imsis": [
+ {
+ "imsi_range_from": 13698808332993000,
+ "imsi_range_to": 13698808332993003,
+ "name": "production"
+ },
+ {
+ "imsi_range_from": 13698808332993010,
+ "imsi_range_to": 13698808332993012,
+ "name": "warehouse"
+ }
+ ],
+ "ip_domain": "acme_chicago",
+ "site": "acme_chicago"
+ }
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "cs5gtest",
+ "enabled": true
+ }
+ ],
+ "description": "ACME Corporation",
+ "display_name": "ACME Corp",
+ "id": "acme"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "cs5gtest",
+ "enabled": true
+ },
+ {
+ "connectivity_service": "cs4gtest",
+ "enabled": false
+ }
+ ],
+ "description": "Starbucks Corporation",
+ "display_name": "Starbucks Inc.",
+ "id": "starbucks"
+ }
+ ]
+ },
+ "ip_domain": {
+ "ip_domain": [
+ {
+ "admin_status": "ENABLE",
+ "description": "New York IP Domain",
+ "display_name": "New York",
+ "dns_primary": "8.8.8.1",
+ "dns_secondary": "8.8.8.2",
+ "id": "starbucks_newyork",
+ "mtu": 57600,
+ "subnet": "254.186.117.251/31"
+ },
+ {
+ "admin_status": "ENABLE",
+ "description": "Seattle IP Domain",
+ "display_name": "Seattle",
+ "dns_primary": "8.8.8.3",
+ "dns_secondary": "8.8.8.3",
+ "id": "starbucks_seattle",
+ "mtu": 12690,
+ "subnet": "196.5.91.0/31"
+ },
+ {
+ "admin_status": "DISABLE",
+ "description": "Chicago IP Domain",
+ "display_name": "Chicago",
+ "dns_primary": "8.8.8.4",
+ "dns_secondary": "8.8.8.4",
+ "id": "acme_chicago",
+ "mtu": 12690,
+ "subnet": "163.25.44.0/31"
+ }
+ ]
+ },
+ "network": {
+ "network": [
+ {
+ "description": "New York 21_32",
+ "display_name": "New York",
+ "id": "starbucks_newyork",
+ "enterprise": "starbucks",
+ "mcc": 21,
+ "mnc": 32
+ },
+ {
+ "description": "Seattle 265_122",
+ "display_name": "Seattle",
+ "id": "starbucks_seattle",
+ "enterprise": "starbucks",
+ "mcc": 265,
+ "mnc": 122
+ },
+ {
+ "description": "Chicago 123_456",
+ "display_name": "Chicago",
+ "id": "acme_chicago",
+ "enterprise": "acme",
+ "mcc": 123,
+ "mnc": 456
+ }
+ ]
+ },
+ "site": {
+ "site": [
+ {
+ "description": "ACME HQ",
+ "display_name": "Chicago",
+ "enterprise": "acme",
+ "id": "acme_chicago",
+ "network": "acme_chicago"
+ },
+ {
+ "description": "Starbucks Corp HQ",
+ "display_name": "Seattle",
+ "enterprise": "starbucks",
+ "id": "starbucks_seattle",
+ "network": "starbucks_seattle"
+ },
+ {
+ "description": "Starbucks New York",
+ "display_name": "New York",
+ "enterprise": "starbucks",
+ "id": "starbucks_newyork",
+ "network": "starbucks_newyork"
+ }
+ ]
+ },
+ "template": {
+ "template": [
+ {
+ "description": "VCS Template 1",
+ "display_name": "Template 1",
+ "downlink": 24669539,
+ "id": "template_1",
+ "sd": 10886763,
+ "sst": 158,
+ "traffic_class": "class_1",
+ "uplink": 23770218
+ },
+ {
+ "description": "VCS Template 2",
+ "display_name": "Template 2",
+ "downlink": 2791589,
+ "id": "template_2",
+ "sd": 16619900,
+ "sst": 157,
+ "traffic_class": "class_2",
+ "uplink": 24721051
+ }
+ ]
+ },
+ "traffic_class": {
+ "traffic_class": [
+ {
+ "description": "High Priority TC",
+ "display_name": "Class 1",
+ "id": "class_1",
+ "pdb": 577,
+ "pelr": 3,
+ "qci": 10
+ },
+ {
+ "description": "Medium Priority TC",
+ "display_name": "Class 2",
+ "id": "class_2",
+ "pdb": 831,
+ "pelr": 4,
+ "qci": 20
+ },
+ {
+ "description": "Low Priority TC",
+ "display_name": "Class 3",
+ "id": "class_3",
+ "pdb": 833,
+ "pelr": 4,
+ "qci": 30
+ }
+ ]
+ },
+ "upf": {
+ "upf": [
+ {
+ "address": "seattle.cameras_upf.starbucks.com",
+ "description": "Seattle Cameras UPF",
+ "display_name": "Seattle Cameras",
+ "id": "starbucks_seattle_cameras",
+ "enterprise": "starbucks",
+ "port": 9229
+ },
+ {
+ "address": "newyork.cameras_upf.starbucks.com",
+ "description": "New York Cameras UPF",
+ "display_name": "New York Cameras",
+ "id": "starbucks_newyork_cameras",
+ "enterprise": "starbucks",
+ "port": 6161
+ },
+ {
+ "address": "chicago.robots_upf.acme.com",
+ "description": "Chicago Robots UPF",
+ "display_name": "Chicago Robots",
+ "id": "acme_chicago_robots",
+ "enterprise": "acme",
+ "port": 6161
+ }
+ ]
+ },
+ "vcs": {
+ "vcs": [
+ {
+ "ap": "starbucks_newyork_aps",
+ "application": [
+ {
+ "allow": true,
+ "application": "starbucks_nvr"
+ }
+ ],
+ "description": "New York Cameras",
+ "device_group": [
+ {
+ "enable": true,
+ "device_group": "starbucks_newyork_cameras"
+ }
+ ],
+ "display_name": "NY Cams",
+ "downlink": 948091966,
+ "enterprise": "starbucks",
+ "id": "starbucks_newyork_cameras",
+ "sd": 8284729,
+ "sst": 127,
+ "template": "template_1",
+ "traffic_class": "class_1",
+ "upf": "starbucks_newyork_cameras",
+ "uplink": 38997335
+ },
+ {
+ "ap": "starbucks_seattle_aps",
+ "application": [
+ {
+ "allow": false,
+ "application": "starbucks_nvr"
+ }
+ ],
+ "description": "Seattle Cameras",
+ "device_group": [
+ {
+ "enable": true,
+ "device_group": "starbucks_seattle_cameras"
+ }
+ ],
+ "display_name": "Seattle Cams",
+ "downlink": 28492626,
+ "enterprise": "starbucks",
+ "id": "starbucks_seattle_cameras",
+ "sd": 2973238,
+ "sst": 79,
+ "template": "template_2",
+ "traffic_class": "class_2",
+ "upf": "starbucks_seattle_cameras",
+ "uplink": 13227287
+ },
+ {
+ "ap": "acme_chicago_aps",
+ "application": [
+ {
+ "allow": false,
+ "application": "acme_dataacquisition"
+ }
+ ],
+ "description": "Chicago Robots",
+ "device_group": [
+ {
+ "enable": true,
+ "device_group": "acme_chicago_robots"
+ }
+ ],
+ "display_name": "Chicago Robots VCS",
+ "downlink": 28492626,
+ "enterprise": "acme",
+ "id": "acme_chicago_robots",
+ "sd": 2973238,
+ "sst": 79,
+ "template": "template_2",
+ "traffic_class": "class_2",
+ "upf": "acme_chicago_robots",
+ "uplink": 13227287
+ }
+ ]
+ }
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-set.json b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-set.json
new file mode 100644
index 0000000..07f5914
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-set.json
@@ -0,0 +1,362 @@
+{
+ "groups": [
+ "admin",
+ "dolor"
+ ],
+ "updates": {
+ "site": {
+ "site": [
+ {
+ "description": "pariatur culpa",
+ "display-name": "occaecat nostrud",
+ "enterprise": "dolor",
+ "id": "newsite",
+ "network": "irur"
+ }
+ ]
+ }
+ },
+ "deletes": {
+ "site": {
+ "site": [
+ {
+ "id": "officia"
+ }
+ ]
+ }
+ },
+ "ap-list": {
+ "ap-list": [
+ {
+ "access-points": [
+ {
+ "address": "laborum.commodo.incididunt",
+ "enable": false,
+ "tac": 69373985
+ },
+ {
+ "address": "id.ipsum",
+ "enable": false,
+ "tac": 87809475
+ }
+ ],
+ "description": "incididunt aliqua ex nulla",
+ "display-name": "cupidatat aliquip",
+ "id": "deserunt"
+ },
+ {
+ "access-points": [
+ {
+ "address": "labore.aliqua.dolor.consequat",
+ "enable": false,
+ "tac": 80083302
+ },
+ {
+ "address": "qui.sed",
+ "enable": false,
+ "tac": 13929603
+ }
+ ],
+ "description": "cupidatat tempor magna",
+ "display-name": "occaecat et deserunt consequat",
+ "id": "tempor"
+ }
+ ]
+ },
+ "application": {
+ "application": [
+ {
+ "description": "Ut velit est",
+ "display-name": "do",
+ "endpoint": [
+ {
+ "address": "mollit.ipsum",
+ "name": "esse",
+ "port-end": 33167231,
+ "port-start": 27761544,
+ "protocol": "UDP"
+ },
+ {
+ "address": "cupidatat.reprehend",
+ "name": "ullamco",
+ "port-end": 19527413,
+ "port-start": 28793871,
+ "protocol": "UDP"
+ }
+ ],
+ "id": "occaecat"
+ },
+ {
+ "description": "amet ad quis",
+ "display-name": "sit ex Ut aliqua",
+ "endpoint": [
+ {
+ "address": "ut.veniam.id.non",
+ "name": "consectetur",
+ "port-end": 31037585,
+ "port-start": 8018682,
+ "protocol": "TCP"
+ },
+ {
+ "address": "nulla.consectet",
+ "name": "sint",
+ "port-end": 25299216,
+ "port-start": 6645928,
+ "protocol": "TCP"
+ }
+ ],
+ "id": "incididunt"
+ }
+ ]
+ },
+ "connectivity-service": {
+ "connectivity-service": [
+ {
+ "core-5g-endpoint": "ut culpa velit",
+ "description": "magna in",
+ "display-name": "cillum occaecat amet ad adipisicing",
+ "hss-endpoint": "eu sed est nisi",
+ "id": "repre",
+ "pcrf-endpoint": "nostrud eiusmod Ut Lorem",
+ "spgwc-endpoint": "eiusmod aute quis"
+ },
+ {
+ "core-5g-endpoint": "voluptate consectetur ut",
+ "description": "Ut incididunt ex id labore",
+ "display-name": "qui Lorem elit",
+ "hss-endpoint": "adipisicing incididunt consequat mollit",
+ "id": "irure",
+ "pcrf-endpoint": "sit incididunt sunt Duis",
+ "spgwc-endpoint": "nisi magna do reprehenderit"
+ }
+ ]
+ },
+ "device_group": {
+ "device_group": [
+ {
+ "display-name": "tempor ut",
+ "id": "amet",
+ "imsis": [
+ {
+ "imsi-range-from": 170029313275000,
+ "imsi-range-to": 69764015096000,
+ "name": "enim"
+ },
+ {
+ "imsi-range-from": 116299798497000,
+ "imsi-range-to": 22297092854800,
+ "name": "ad"
+ }
+ ],
+ "ip-domain": "qui",
+ "site": "inc"
+ },
+ {
+ "display-name": "nisi mollit dolore dolor",
+ "id": "Lorem",
+ "imsis": [
+ {
+ "imsi-range-from": 13698808332993000,
+ "imsi-range-to": 7746018722749000,
+ "name": "magna"
+ },
+ {
+ "imsi-range-from": 4087876837971489000,
+ "imsi-range-to": 10492416481328000,
+ "name": "reprehenderit"
+ }
+ ],
+ "ip-domain": "labore",
+ "site": "officia"
+ }
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ {
+ "connectivity-service": [
+ {
+ "connectivity-service": "repre",
+ "enabled": true
+ },
+ {
+ "connectivity-service": "irure",
+ "enabled": true
+ }
+ ],
+ "description": "minim et",
+ "display-name": "laborum in",
+ "id": "dolor"
+ },
+ {
+ "connectivity-service": [
+ {
+ "connectivity-service": "irure",
+ "enabled": false
+ },
+ {
+ "connectivity-service": "repre",
+ "enabled": false
+ }
+ ],
+ "description": "consequat minim magna",
+ "display-name": "laboris incididunt dolore",
+ "id": "labore"
+ }
+ ]
+ },
+ "ip-domain": {
+ "ip-domain": [
+ {
+ "admin-status": "DISABLE",
+ "description": "culpa enim exercitation sit consequat",
+ "display-name": "dolo",
+ "dns-primary": "8.8.8.1",
+ "dns-secondary": "8.8.8.2",
+ "id": "qui",
+ "mtu": 57600,
+ "subnet": "254.186.117.251/31"
+ },
+ {
+ "admin-status": "DISABLE",
+ "description": "nulla ut",
+ "display-name": "adipisicing",
+ "dns-primary": "8.8.8.3",
+ "dns-secondary": "8.8.8.3",
+ "id": "labore",
+ "mtu": 12690,
+ "subnet": "196.5.91.0/31"
+ }
+ ]
+ },
+ "network": {
+ "network": [
+ {
+ "description": "aliquip Lorem dolor",
+ "display-name": "minim labore ex",
+ "id": "elit",
+ "mcc": 21,
+ "mnc": 32
+ },
+ {
+ "description": "laborum occaecat ut",
+ "display-name": "consequat ea",
+ "id": "irur",
+ "mcc": 265,
+ "mnc": 122
+ }
+ ]
+ },
+ "site": {
+ "site": [
+ {
+ "description": "pariatur culpa",
+ "display-name": "occaecat nostrud",
+ "enterprise": "dolor",
+ "id": "inc",
+ "network": "irur"
+ },
+ {
+ "description": "in dolor",
+ "display-name": "consequat est",
+ "enterprise": "labore",
+ "id": "officia",
+ "network": "elit"
+ }
+ ]
+ },
+ "template": {
+ "template": [
+ {
+ "description": "enim ",
+ "display-name": "do labore laborum elit",
+ "downlink": 24669539,
+ "id": "magn",
+ "sd": 10886763,
+ "sst": 158,
+ "traffic-class": "consectetur in cillum",
+ "uplink": 23770218
+ },
+ {
+ "description": "aute dolore dolo",
+ "display-name": "quis pariatur dolore magna commodo",
+ "downlink": 2791589,
+ "id": "aliqua",
+ "sd": 16619900,
+ "sst": 157,
+ "traffic-class": "dolor in in et",
+ "uplink": 24721051
+ }
+ ]
+ },
+ "upf": {
+ "upf": [
+ {
+ "address": "sed.officia.magna.ut",
+ "description": "commodo ea ullamco Excepteur cillum",
+ "display-name": "in aliqua deserunt Ut",
+ "id": "dol",
+ "port": 77359229
+ },
+ {
+ "address": "incididunt",
+ "description": "veniam",
+ "display-name": "in laborum ut",
+ "id": "magna",
+ "port": 14326161
+ }
+ ]
+ },
+ "vcs": {
+ "vcs": [
+ {
+ "ap": "deserunt",
+ "application": [
+ {
+ "allow": true,
+ "application": "occaecat"
+ },
+ {
+ "allow": true,
+ "application": "incididunt"
+ }
+ ],
+ "description": "deserunt in magna Lorem",
+ "device_group": "amet",
+ "display-name": "quis e",
+ "downlink": 948091966,
+ "id": "quad",
+ "sd": 8284729,
+ "sst": 127,
+ "template": "magn",
+ "traffic-class": "non ut",
+ "upf": "magna",
+ "uplink": 38997335
+ },
+ {
+ "ap": "tempor",
+ "application": [
+ {
+ "allow": false,
+ "application": "occaecat"
+ },
+ {
+ "allow": false,
+ "application": "incididunt"
+ }
+ ],
+ "description": "elit Ut",
+ "device-group": "Lorem",
+ "display-name": "veniam exercitation ea",
+ "downlink": 28492626,
+ "id": "mollit",
+ "sd": 2973238,
+ "sst": 79,
+ "template": "aliqua",
+ "traffic-class": "eiusmod Ut ullamco laboris ea",
+ "upf": "dol",
+ "uplink": 13227287
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/scripts/README.md b/aether-roc-umbrella/files/scripts/README.md
new file mode 100644
index 0000000..a576835
--- /dev/null
+++ b/aether-roc-umbrella/files/scripts/README.md
@@ -0,0 +1,30 @@
+<!--
+SPDX-FileCopyrightText: 2020 Open Networking Foundation <info@opennetworking.org>
+
+SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+-->
+
+# Creating new Org with VCS
+To create a new Organization and VCS, call the grafana-create-orgs.sh script
+
+> If you want to add at startup, instead add them to the `values.yaml` under `grafana.orgs`.
+
+Call the script like:
+
+`grafana-create-orgs.sh <ADMINUSER> <ADMINPASS> <umbrella-chart-name> <grafana-server> <dashboard-folder> orgs...`
+
+e.g.
+```bash
+PATH=$PATH:. grafana-create-orgs.sh admin Ts8k0hvsZZD058JsqOl8w332YUNs8GAAEpYWCmJu aether-roc-umbrella localhost:8183/grafana \
+ ../dashboards/vcs "siemens[siemens-munich-cameras siemens-mannheim-cameras siemens-mannheim-labs]"
+```
+
+1) cd in to this `scripts` directory
+
+1) specify the Org and VCS's like `"org1[vcs1 vcs2]" "org2[vcs1 vcs2]"`
+
+1) To get the Grafana password use
+ 1) `kubectl get secret --namespace micro-onos aether-roc-umbrella-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo`
+
+1) Port forward `aether-roc-gui` to get grafana on `localhost:8183/grafana`
+ 1) `kubectl -n micro-onos port-forward $(kubectl -n micro-onos get pods -l type=arg -o name) 8183:80`
diff --git a/aether-roc-umbrella/files/scripts/grafana-create-device-group.sh b/aether-roc-umbrella/files/scripts/grafana-create-device-group.sh
new file mode 100755
index 0000000..7a136e6
--- /dev/null
+++ b/aether-roc-umbrella/files/scripts/grafana-create-device-group.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# script to create Grafana VCS dashboards
+# Usage:
+# grafana-create-vcs.sh <ADMINUSER> <ADMINPASS> <grafana-server> <dashboards-folder> <org> <list of vcs>...
+set -e
+#set -x
+set -o pipefail
+set -u
+
+if [ "$#" -lt 6 ]; then
+ echo "At least 6 args are needed. Got $#"
+ exit 1
+fi
+ADMINUSER=$1
+ADMINPASS=$2
+SERVICE=$3
+FOLDER=$4
+export ORG=$5
+shift
+shift
+shift
+shift
+shift
+for dg in "$@"; do
+ DG=${dg%:map\[*\]} # Remove DG details from end
+ DG=${DG#map[} # Remove "map[" from the front
+ DGASCII=${DG//[^a-zA-Z0-9]/_} # Convert to underscore
+ IMSIS=${dg#map[${DG}:map\[} # Remove DG name from start
+ IMSIS=${IMSIS%\]\]} # Remove ] from the end
+ IMSIS=${IMSIS//;/ }
+ echo "Creating Device Group $DG ($DGASCII) in $ORG"
+ for imsirange in $IMSIS; do
+ echo "Creating Imsi Range $imsirange in $DG"
+ RANGENAME=${imsirange%:*} # Remove range from end
+ RANGEVALUE=${imsirange#*:}
+ declare -i RANGESTART=${RANGEVALUE%-*} # Remove the finish
+ declare -i RANGEFINISH=${RANGEVALUE#*-} # Remove the start
+ COUNTER=$RANGESTART
+ f=$FOLDER/ue-connectivity.json
+ while [ $COUNTER -le $RANGEFINISH ]; do
+ echo "Creating Dashboard from $f for $COUNTER"
+ export IMSI=$COUNTER
+ DASHBOARD=$(envsubst < $f)
+ /usr/bin/curl -s -o /tmp/curlout -H "Content-Type: application/json" -d "$DASHBOARD" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/dashboards/db
+ SUCCESS=`echo $?`
+ echo "SUCCESS $SUCCESS"
+ cat /tmp/curlout
+ let COUNTER=COUNTER+1
+ done
+ done
+ SUCCESS=-1
+ ORGID=-1
+
+done
diff --git a/aether-roc-umbrella/files/scripts/grafana-create-orgs.sh b/aether-roc-umbrella/files/scripts/grafana-create-orgs.sh
new file mode 100755
index 0000000..a6e14e1
--- /dev/null
+++ b/aether-roc-umbrella/files/scripts/grafana-create-orgs.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# script to create Grafana Orgs
+# Usage:
+# grafana-create-orgs.sh <ADMINUSER> <ADMINPASS> <umbrella-chart-name> <grafana-server> <dashboard-folder> orgs...
+# where org is a quoted string containing org name and then in square brackets a list of vcs
+# e.g. "acme[acme-chicago-robots acme-chicago-cameras]"
+set -e
+#set -x
+set -o pipefail
+set -u
+
+if [ "$#" -lt 6 ]; then
+ echo "At least 6 args are needed. Got $#"
+ exit 1
+fi
+ADMINUSER=$1
+ADMINPASS=$2
+BASE=$3
+SOURCE=$BASE-prometheus-server
+SERVICE=$4
+DASHBOARDS=$5
+shift
+shift
+shift
+shift
+shift
+for orgWithVcs in "$@"
+do
+ ORGASCII=${orgWithVcs%%map\[*\]} # Drop the [*] off the end
+ echo "Creating $orgWithVcs as $ORGASCII"
+ VCSLIST=${orgWithVcs##${ORGASCII}map\[*\]\ vcs:\[} # Drop everything off the front until "] vcs:["
+ VCSLIST=${VCSLIST%\]\]} # Drop the ]] off the end
+ DGLIST=${orgWithVcs##${ORGASCII}map\[devicegroup:\[} # Drop everything off the front until "devicegroup:[map["
+ DGLIST=${DGLIST%\]\ vcs:*\]\]}
+ DGLIST1=${DGLIST//" map["/";map["} # Replace all occurrence of " map["
+ IFS=';' read -r -a DGARRAY <<< $DGLIST1
+ for idx in ${!DGARRAY[@]}; do
+ DGARRAY[$idx]=${DGARRAY[$idx]// /;} # Replace all instances of space with ;
+ done
+ SUCCESS=-1
+ ORGID=-1
+ # Commented out for the moment - keeping everything in the Main Org. - see aether-roc-gui/docs/grafana.md
+ # echo "Calling /usr/bin/curl -H "Content-Type: application/json" -d '{"name":"$ORGASCII"}' http://$ADMINUSER:####@$SERVICE/api/orgs"
+ # while [ $SUCCESS -ne 0 ];
+ # do
+ # DATA={\"name\":\"$ORGASCII\"}
+ # echo "Creating Org $ORGASCII"
+ # /usr/bin/curl -o /tmp/curlout -H "Content-Type: application/json" -d "$DATA" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/orgs
+ # SUCCESS=`echo $?`
+ # echo "SUCCESS $SUCCESS"
+ # if [ $SUCCESS -ne 0 ]
+ # then
+ # sleep $SLEEP
+ # echo "Waiting $SLEEP seconds for Grafana to start"
+ # else
+ # ORGID=$(grep -o "[0-9]*" /tmp/curlout)
+ # echo "Successful! Result $ORGID"
+ # fi
+ # done
+
+ # echo "Calling /api/user/using/$ORGID"
+ # /usr/bin/curl -s -X POST http://$ADMINUSER:$ADMINPASS@$SERVICE/api/user/using/$ORGID
+ # SUCCESS=`echo $?`
+ # echo "SUCCESS $SUCCESS"
+
+ echo "Creating folder in $ORGASCII"
+ FOLDER={\"uid\":\"$ORGASCII\",\"title\":\"$ORGASCII\"}
+ /usr/bin/curl -o /tmp/curlout -H "Content-Type: application/json" -d "$FOLDER" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/folders
+ SUCCESS="$?"
+ echo "SUCCESS $SUCCESS"
+ cat /tmp/curlout
+
+ echo "Creating datasource in $ORGASCII"
+ DATASOURCE={\"name\":\"datasource-$ORGASCII\",\"type\":\"prometheus\",\"url\":\"http://$SOURCE\",\"access\":\"proxy\",\"basicAuth\":false}
+ /usr/bin/curl -s -o /tmp/curlout -H "Content-Type: application/json" -d "$DATASOURCE" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/datasources
+ SUCCESS=`echo $?`
+ echo "SUCCESS $SUCCESS"
+ cat /tmp/curlout
+
+ echo "now create Dashboards with "$VCSLIST
+ grafana-create-vcs.sh $ADMINUSER $ADMINPASS $SERVICE $DASHBOARDS $ORGASCII $VCSLIST
+ grafana-create-device-group.sh $ADMINUSER $ADMINPASS $SERVICE $DASHBOARDS $ORGASCII $DGARRAY
+
+done
+
diff --git a/aether-roc-umbrella/files/scripts/grafana-create-vcs.sh b/aether-roc-umbrella/files/scripts/grafana-create-vcs.sh
new file mode 100755
index 0000000..2d09aab
--- /dev/null
+++ b/aether-roc-umbrella/files/scripts/grafana-create-vcs.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# script to create Grafana VCS dashboards
+# Usage:
+# grafana-create-vcs.sh <ADMINUSER> <ADMINPASS> <grafana-server> <dashboards-folder> <org> <list of vcs>...
+set -e
+#set -x
+set -o pipefail
+set -u
+
+if [ "$#" -lt 6 ]; then
+ echo "At least 6 args are needed. Got $#"
+ exit 1
+fi
+ADMINUSER=$1
+ADMINPASS=$2
+SERVICE=$3
+FOLDER=$4
+export ORG=$5
+shift
+shift
+shift
+shift
+shift
+for vcs in "$@"; do
+ VCSASCII=${vcs//[^a-zA-Z0-9]/_}
+ SUCCESS=-1
+ ORGID=-1
+
+ echo "Creating vcs $vcs ($VCSASCII) in $ORG"
+ for f in $FOLDER/*.json; do
+ if [ -f "$f" ]; then
+ echo "Creating Dashboard from $f"
+ export VCS=$vcs
+ DASHBOARD=$(envsubst < $f)
+ /usr/bin/curl -s -o /tmp/curlout -H "Content-Type: application/json" -d "$DASHBOARD" http://$ADMINUSER:$ADMINPASS@$SERVICE/api/dashboards/db
+ SUCCESS=`echo $?`
+ echo "SUCCESS $SUCCESS"
+ cat /tmp/curlout
+ else
+ echo "No dashboards found"
+ fi
+ done
+
+done