AETHER-2234 move and update aether-roc-umbrella
Change-Id: I7ca845b92dff1fce5fd87d42053a43d80cc55f34
diff --git a/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego b/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego
new file mode 100644
index 0000000..9c2ec1b
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego
@@ -0,0 +1,133 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+package aether_2_1_0
+
+echo[config] {
+ config := input
+}
+
+allowed[config] {
+ access_profile := access_profiles # refer to rule below
+ subscriber := subscribers
+ apn_profile := apn_profiles
+ connectivity_service := connectivityservices
+ enterprise := enterprises
+ qos_profile := qos_profiles
+ security_profile := security_profiles
+ service_profile := service_profiles
+ service_group := service_groups
+ service_policy := service_policies
+ service_rule := service_rules
+ up_profile := up_profiles
+ config := {
+ "access_profile": {
+ "access_profile": [
+ access_profile
+ ]
+ },
+ "subscriber": {
+ "ue": [
+ subscriber
+ ]
+ },
+ "apn_profile": {
+ "apn_profile": [
+ apn_profile
+ ]
+ },
+ "connectivity-service": {
+ "connectivity-service": [
+ connectivity_service
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ enterprise
+ ]
+ },
+ "qos_profile": {
+ "qos_profile": [
+ qos_profile
+ ]
+ },
+ "security_profile": {
+ "security_profile": [
+ security_profile
+ ]
+ },
+ "service_profile": {
+ "service_profile": [
+ service_profile
+ ]
+ },
+ "service_group": {
+ "service_group": [
+ service_group
+ ]
+ },
+ "service_policy": {
+ "service_policy": [
+ service_policy
+ ]
+ },
+ "service_rule": {
+ "service_rule": [
+ service_rule
+ ]
+ },
+ "up_profile": {
+ "up_profile": [
+ up_profile
+ ]
+ },
+ }
+}
+
+access_profiles[access_profile] {
+ access_profile := input.access_profile.access_profile[_]
+}
+
+subscribers[subscriber] {
+ subscriber := input.subscriber.ue[_]
+}
+
+apn_profiles[apn_profile] {
+ apn_profile := input.apn_profile.apn_profile[_]
+}
+
+connectivityservices[connectivity_service] {
+ enterprise := input.enterprise.enterprise[_]
+ enterprise_cs := enterprise.connectivity_service[_]
+ connectivity_service := input.connectivity_service.connectivity_service[_]
+ ["AetherROCAdmin", enterprise.id][_] == input.groups[i]
+ enterprise_cs.connectivity_service == connectivity_service.id
+}
+
+enterprises[enterprise] {
+ enterprise := input.enterprise.enterprise[_]
+ ["AetherROCAdmin", enterprise.id][_] == input.groups[_]
+}
+
+qos_profiles[qos_profile] {
+ qos_profile := input.qos_profile.qos_profile[_]
+}
+security_profiles[security_profile] {
+ security_profile := input.security_profile.security_profile[_]
+}
+service_profiles[service_profile] {
+ service_profile := input.service_profile.service_profile[_]
+}
+service_groups[service_group] {
+ service_group := input.service_group.service_group[_]
+}
+service_policies[service_policy] {
+ service_policy := input.service_policy.service_policy[_]
+}
+service_rules[service_rule] {
+ service_rule := input.service_rule.service_rule[_]
+}
+up_profiles[up_profile] {
+ up_profile := input.up_profile.up_profile[_]
+}
\ No newline at end of file
diff --git a/aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego b/aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego
new file mode 100644
index 0000000..29df86e
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego
@@ -0,0 +1,149 @@
+# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+package aether_3_0_0
+
+echo[config] {
+ config := input
+}
+
+allowed[config] {
+ ap_list := ap_lists # refer to rule below
+ application := applications
+ connectivity_service := connectivityservices
+ device_group := devicegroups
+ enterprise := enterprises
+ ip_domain := ip_domains
+ network := networks
+ site := sites
+ template := templates
+ traffic_class := trafficclasses
+ upf := upfs
+ vcs := vcss
+ config := {
+ "ap-list": {
+ "ap-list": [
+ ap_list
+ ]
+ },
+ "application": {
+ "application": [
+ application
+ ]
+ },
+ "connectivity-service": {
+ "connectivity-service": [
+ connectivity_service
+ ]
+ },
+ "device-group": {
+ "device-group": [
+ device_group
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ enterprise
+ ]
+ },
+ "ip-domain": {
+ "ip-domain": [
+ ip_domain
+ ]
+ },
+ "network": {
+ "network": [
+ network
+ ]
+ },
+ "site": {
+ "site": [
+ site
+ ]
+ },
+ "template": {
+ "template": [
+ template
+ ]
+ },
+ "traffic_class": {
+ "traffic_class": {
+ traffic_class
+ }
+ },
+ "upf": {
+ "upf": [
+ upf
+ ]
+ },
+ "vcs": {
+ "vcs": [
+ vcs
+ ]
+ }
+ }
+}
+
+ap_lists[ap_list] {
+ ap_list := input.ap_list.ap_list[_]
+ ["AetherROCAdmin", ap_list.enterprise][_] == input.groups[i]
+}
+
+applications[application] {
+ application := input.application.application[_]
+ ["AetherROCAdmin", application.enterprise][_] == input.groups[i]
+}
+
+connectivityservices[connectivity_service] {
+ connectivity_service := input.connectivity_service.connectivity_service[_]
+}
+
+devicegroups[device_group] {
+ device_group := input.device_group.device_group[_]
+ site := sites
+ device_group.site == site[_].id # allow only the device_groups of a known site
+}
+
+enterprises[enterprise] {
+ enterprise := input.enterprise.enterprise[_]
+ ["AetherROCAdmin", enterprise.id][_] == input.groups[i]
+}
+
+ip_domains[ip_domain] {
+ ip_domain := input.ip_domain.ip_domain[_]
+ ["AetherROCAdmin", ip_domain.enterprise][_] == input.groups[i]
+}
+
+networks[network] {
+ network := input.network.network[_]
+ ["AetherROCAdmin", network.enterprise][_] == input.groups[i]
+}
+
+sites[site] {
+ site := input.site.site[_]
+ ["AetherROCAdmin", site.enterprise][_] == input.groups[i]
+}
+
+templates[template] {
+ template := input.template.template[_]
+}
+
+trafficclasses[traffic_class] {
+ traffic_class := input.traffic_class.traffic_class[_]
+}
+
+upfs[upf] {
+ upf := input.upf.upf[_]
+ ["AetherROCAdmin", upf.enterprise][_] == input.groups[i]
+}
+
+vcss[vcs] {
+ vcs := input.vcs.vcs[_]
+ ["AetherROCAdmin", vcs.enterprise][_] == input.groups[i]
+}
+
+can_update_enterprise = true {
+ update_enterprise := input.updates.enterprise.enterprise[_]
+ ["AetherROCAdmin", update_enterprise.id][_] == input.groups[i]
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-2.1.0-example-get.json b/aether-roc-umbrella/files/opa-rbac/test/aether-2.1.0-example-get.json
new file mode 100644
index 0000000..385eb95
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-2.1.0-example-get.json
@@ -0,0 +1,906 @@
+{
+ "groups": [
+ "mixedGroup",
+ "AetherROCAdmin",
+ "EnterpriseAdmin"
+ ],
+ "access_profile": {
+ "access_profile": [
+ {
+ "description": "access profile that allows all access",
+ "display_name": "Access All",
+ "filter": "null",
+ "id": "access_all",
+ "type": "allow_all"
+ },
+ {
+ "description": "access profile that only allows access to the apps network",
+ "display_name": "Only Apps Network",
+ "filter": "only^apps^network",
+ "id": "apps_only",
+ "type": "specific_network"
+ },
+ {
+ "description": "exclude an app from contacting a specific destination",
+ "display_name": "Exclude App By Name",
+ "filter": "exclude_app_name",
+ "id": "excluding_app",
+ "type": "excluding_this_app"
+ },
+ {
+ "description": "access profile that allows Internet access only",
+ "display_name": "Internet Access Only",
+ "filter": "No^private^network",
+ "id": "internet_only",
+ "type": "internet_only"
+ },
+ {
+ "description": "access profile that allows intranet access only",
+ "display_name": "Private Network Only",
+ "filter": "only^private^network",
+ "id": "intranet_only",
+ "type": "intranet_only"
+ },
+ {
+ "description": "access profile that allows internet only",
+ "display_name": "Access Profile 1",
+ "filter": "null",
+ "id": "profile_access_demo_1",
+ "type": "allow_all"
+ },
+ {
+ "description": "allow an app to contact a specific destination",
+ "display_name": "Allow App By Name",
+ "filter": "allow_app_name",
+ "id": "specific_app",
+ "type": "specific_destination_only"
+ }
+ ]
+ },
+ "apn_profile": {
+ "apn_profile": [
+ {
+ "apn_name": "internet",
+ "description": "Ciena Internet APN config",
+ "display_name": "Ciena Internet",
+ "dns_primary": "10.24.7.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_ciena",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Cornell1 Internet APN config",
+ "display_name": "Cornell1 Internet",
+ "dns_primary": "10.68.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_cornell1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Default Internet APN config",
+ "display_name": "Default Internet",
+ "dns_primary": "1.1.1.1",
+ "dns_secondary": "8.8.8.8",
+ "gx_enabled": true,
+ "id": "apn_internet_default",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Intel Internet APN config",
+ "display_name": "Intel Internet",
+ "dns_primary": "10.212.74.139",
+ "dns_secondary": "10.212.87.15",
+ "gx_enabled": true,
+ "id": "apn_internet_intel",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "ONF Menlo Internet APN config",
+ "display_name": "ONF Menlo Internet",
+ "dns_primary": "10.53.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_menlo",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Princeton1 Internet APN config",
+ "display_name": "Princeton1 Internet",
+ "dns_primary": "10.70.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_princeton1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Stanford1 Internet APN config",
+ "display_name": "Stanford1 Internet",
+ "dns_primary": "10.65.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_stanford1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Stanford2 Internet APN config",
+ "display_name": "Stanford2 Internet",
+ "dns_primary": "10.67.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_stanford2",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "Telefonica Internet APN config",
+ "display_name": "Telefonica Internet",
+ "dns_primary": "10.82.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_tef",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "ONF Tucson Internet APN config",
+ "display_name": "ONF Tucson Internet",
+ "dns_primary": "10.59.128.11",
+ "dns_secondary": "1.1.1.1",
+ "gx_enabled": true,
+ "id": "apn_internet_tucson",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "the default APN profile",
+ "display_name": "APN Profile 1",
+ "dns_primary": "8.8.8.4",
+ "dns_secondary": "8.8.8.8",
+ "gx_enabled": true,
+ "id": "apn_profile1",
+ "mtu": 1460,
+ "service_group": "internet"
+ },
+ {
+ "apn_name": "internet",
+ "description": "the default APN profile",
+ "display_name": "APN Profile 1",
+ "dns_primary": "8.8.4.4",
+ "dns_secondary": "8.8.8.8",
+ "gx_enabled": true,
+ "id": "profile_apn_demo_1",
+ "mtu": 1460,
+ "service_group": "internet"
+ }
+ ]
+ },
+ "connectivity_service": {
+ "connectivity_service": [
+ {
+ "description": "Connectivity service endpoints",
+ "display_name": "Connectivity Service 1",
+ "hss_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/imsis",
+ "id": "connectivity_service_demo_1",
+ "pcrf_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/policies",
+ "spgwc_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config"
+ },
+ {
+ "description": "Connectivity service endpoints",
+ "display_name": "Connectivity Service v1",
+ "hss_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config",
+ "id": "connectivity_service_v1",
+ "spgwc_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config"
+ }
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Ciena",
+ "display_name": "Aether _ Ciena",
+ "id": "aether_ciena"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Intel",
+ "display_name": "Aether _ Intel",
+ "id": "aether_intel"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ NTT",
+ "display_name": "Aether _ NTT",
+ "id": "aether_ntt"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Open Networking Foundation",
+ "display_name": "Aether _ ONF",
+ "id": "aether_onf"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Aether _ Telefonica",
+ "display_name": "Aether _ Telefonica",
+ "id": "aether_tef"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_demo_1",
+ "enabled": true
+ }
+ ],
+ "description": "Enterprise configuration",
+ "display_name": "Enterprise 1",
+ "id": "enterprise_demo_1"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Pronto _ Cornell",
+ "display_name": "Pronto _ Cornell",
+ "id": "pronto_cornell"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Pronto _ Princeton",
+ "display_name": "Pronto _ Princeton",
+ "id": "pronto_princeton"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "connectivity_service_v1",
+ "enabled": true
+ }
+ ],
+ "description": "Pronto _ Stanford",
+ "display_name": "Pronto _ Stanford",
+ "id": "pronto_stanford"
+ }
+ ]
+ },
+ "qos_profile": {
+ "qos_profile": [
+ {
+ "apn_ambr": {
+ "downlink": 12345678,
+ "uplink": 12345678
+ },
+ "description": "qos profile for demo",
+ "display_name": "QOS Profile 1",
+ "id": "profile_qos_demo_1"
+ },
+ {
+ "apn_ambr": {
+ "downlink": 12345678,
+ "uplink": 12345678
+ },
+ "description": "low bitrate internet service",
+ "display_name": "QOS Profile 1",
+ "id": "qos_profile1"
+ }
+ ]
+ },
+ "security_profile": {
+ "security_profile": [
+ {
+ "description": "default security profile",
+ "display_name": "Default Security Profile",
+ "id": "profile_security_default_1",
+ "key": "000102030405060708090a0b0c0d0e0f",
+ "opc": "69d5c2eb2e2e624750541d3bbc692ba5",
+ "sqn": 135
+ },
+ {
+ "description": "security profile for demo",
+ "display_name": "Security Profile 1",
+ "id": "profile_security_demo_1",
+ "key": "465b5ce8b199b49faa5f0a2ee238a6bc",
+ "opc": "d4416644f6154936193433dd20a0ace0",
+ "sqn": 96
+ },
+ {
+ "description": "NTT security profile",
+ "display_name": "NTT Security Profile",
+ "id": "profile_security_ntt_1",
+ "key": "ACB9E480B30DC12C6BDD26BE882D2940",
+ "opc": "F5929B14A34AD906BC44D205242CD182",
+ "sqn": 135
+ },
+ {
+ "description": "Telefonica security profile",
+ "display_name": "Telefonica Security Profile",
+ "id": "profile_security_tef_1",
+ "key": "83BBE53DFA050D9648C1D14937FC1AC3",
+ "opc": "346EF56C902AF38E5E4C4E3A0B0C2497",
+ "sqn": 135
+ }
+ ]
+ },
+ "service_group": {
+ "service_group": [
+ {
+ "description": "Internet service",
+ "id": "internet",
+ "service_policies": [
+ {
+ "kind": "default",
+ "service_policy": "be_internet_access"
+ }
+ ]
+ },
+ {
+ "description": "Menlo high definition camera service",
+ "id": "iot_hd_camera_menlo",
+ "service_policies": [
+ {
+ "kind": "default",
+ "service_policy": "video_non_gbr_1"
+ }
+ ]
+ }
+ ]
+ },
+ "service_policy": {
+ "service_policy": [
+ {
+ "ambr": {
+ "downlink": 20000000,
+ "uplink": 100000
+ },
+ "arp": 1,
+ "id": "be_internet_access",
+ "qci": 9,
+ "rules": [
+ {
+ "enabled": true,
+ "rule": "best_effort_internet_access"
+ }
+ ]
+ },
+ {
+ "ambr": {
+ "downlink": 20000000,
+ "uplink": 100000
+ },
+ "arp": 1,
+ "id": "video_non_gbr_1",
+ "qci": 7,
+ "rules": [
+ {
+ "enabled": true,
+ "rule": "video_non_gbr_1"
+ }
+ ]
+ }
+ ]
+ },
+ "service_rule": {
+ "service_rule": [
+ {
+ "charging_rule_name": "best_effort_internet_access",
+ "description": "rule for enabling best effort internet",
+ "flow": {
+ "specification": "permit out ip 0.0.0.0/0 to assigned"
+ },
+ "id": "best_effort_internet_access",
+ "qos": {
+ "aggregate_maximum_bitrate": {
+ "downlink": 10240000,
+ "uplink": 1024000
+ },
+ "arp": {
+ "preemption_capability": true,
+ "preemption_vulnerability": true,
+ "priority": 1
+ },
+ "guaranteed_bitrate": {
+ "downlink": 1,
+ "uplink": 1
+ },
+ "maximum_requested_bandwidth": {
+ "downlink": 5120000,
+ "uplink": 512000
+ },
+ "qci": 9
+ }
+ },
+ {
+ "charging_rule_name": "video_non_gbr_1",
+ "description": "rule for non_gbr video",
+ "flow": {
+ "specification": "permit out ip 0.0.0.0/0 to assigned"
+ },
+ "id": "video_non_gbr_1",
+ "qos": {
+ "aggregate_maximum_bitrate": {
+ "downlink": 5555,
+ "uplink": 4444
+ },
+ "arp": {
+ "preemption_capability": true,
+ "preemption_vulnerability": true,
+ "priority": 1
+ },
+ "guaranteed_bitrate": {
+ "downlink": 2222,
+ "uplink": 1111
+ },
+ "maximum_requested_bandwidth": {
+ "downlink": 3456,
+ "uplink": 2345
+ },
+ "qci": 9
+ }
+ }
+ ]
+ },
+ "subscriber": {
+ "ue": [
+ {
+ "display_name": "Telefonica subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_tef",
+ "id": "0debf047_8416_4539_9abf_02a0d7e7f9a3",
+ "imsi_range_from": "722070000002441",
+ "imsi_range_to": "722070000002450",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_tef",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_tef_1",
+ "up_profile": "tef"
+ },
+ "serving_plmn": {
+ "mcc": 722,
+ "mnc": 7,
+ "tac": 110
+ }
+ },
+ {
+ "display_name": "Stanford2 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_stanford",
+ "id": "1c6852e6_5b12_413a_9fa5_c631c644136c",
+ "imsi_range_from": "315010202000001",
+ "imsi_range_to": "315010202000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_stanford2",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "stanford2"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 603
+ }
+ },
+ {
+ "display_name": "Princeton1 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_princeton",
+ "id": "30f77900_18b1_480c_a419_031956d83a9c",
+ "imsi_range_from": "315010204000001",
+ "imsi_range_to": "315010204000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_princeton1",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "princeton1"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 605
+ }
+ },
+ {
+ "display_name": "Stanford1 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_stanford",
+ "id": "415d0496_6926_4a49_b0f1_69ef1742fd5d",
+ "imsi_range_from": "315010201000001",
+ "imsi_range_to": "315010201000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_stanford1",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "stanford1"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 601
+ }
+ },
+ {
+ "display_name": "Ciena subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_ciena",
+ "id": "4c814a64_c592_468e_9435_b60f225f97ff",
+ "imsi_range_from": "315010101000001",
+ "imsi_range_to": "315010101000010",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_ciena",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "ciena"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 5
+ }
+ },
+ {
+ "display_name": "Cornell1 subscriber match rule",
+ "enabled": true,
+ "enterprise": "pronto_cornell",
+ "id": "554b4c5b_de49_4868_ba7e_f428aefc0984",
+ "imsi_range_from": "315010203000001",
+ "imsi_range_to": "315010203000020",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_cornell1",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "cornell1"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 607
+ }
+ },
+ {
+ "display_name": "Subscriber Match Rule 1",
+ "enabled": true,
+ "enterprise": "enterprise_demo_1",
+ "id": "5fc0bfc8_4ecc_11eb_b8e7_6f6e6f732d63",
+ "imsi_range_from": "208014567891200",
+ "imsi_range_to": "208014567891300",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "profile_access_demo_1",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "profile_apn_demo_1",
+ "qos_profile": "profile_qos_demo_1",
+ "security_profile": "profile_security_demo_1",
+ "up_profile": "profile_up_demo_1"
+ },
+ "serving_plmn": {
+ "mcc": 208,
+ "mnc": 10,
+ "tac": 1
+ }
+ },
+ {
+ "id": "8d92f0cf_d83d_482c_866d_f53ee1426622",
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": false
+ }
+ ],
+ "apn_profile": "apn_internet_intel",
+ "qos_profile": "profile_qos_demo_1",
+ "security_profile": "profile_security_ntt_1",
+ "up_profile": "cornell1"
+ }
+ },
+ {
+ "display_name": "Intel subscriber match rule 1",
+ "enabled": true,
+ "enterprise": "aether_intel",
+ "id": "c6711eb4_5210_4d94_b83c_0f890dc21c31",
+ "imsi_range_from": "315010888812341",
+ "imsi_range_to": "315010888812346",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_intel",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "intel"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 101
+ }
+ },
+ {
+ "display_name": "ONF Tucson subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_onf",
+ "id": "cbdb20c1_c3d7_47e3_a1a1_7465c8ad6ff1",
+ "imsi_range_from": "315010999912301",
+ "imsi_range_to": "315010999912303",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_tucson",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "tucson"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 222
+ }
+ },
+ {
+ "display_name": "NTT subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_ntt",
+ "id": "e8b4f8ea_cd9c_4ae7_a1df_15ee82cc4dc6",
+ "imsi_range_from": "999002999970951",
+ "imsi_range_to": "999002999971950",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_default",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_ntt_1",
+ "up_profile": "ntt"
+ },
+ "serving_plmn": {
+ "mcc": 999,
+ "mnc": 2,
+ "tac": 1
+ }
+ },
+ {
+ "display_name": "ONF Menlo subscriber match rule",
+ "enabled": true,
+ "enterprise": "aether_onf",
+ "id": "f2ba8cc0_e593_403b_a130_f18a99018f6e",
+ "imsi_range_from": "315010999912341",
+ "imsi_range_to": "315010999912356",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_menlo",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "menlo"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 203
+ }
+ },
+ {
+ "display_name": "Intel subscriber match rule 2",
+ "enabled": true,
+ "enterprise": "aether_intel",
+ "id": "f5a0929f_b4a4_4f34_8bd5_52c57eeb4a50",
+ "imsi_range_from": "315010102000001",
+ "imsi_range_to": "315010102000002",
+ "priority": 5,
+ "profiles": {
+ "access_profile": [
+ {
+ "access_profile": "access_all",
+ "allowed": true
+ }
+ ],
+ "apn_profile": "apn_internet_intel",
+ "qos_profile": "qos_profile1",
+ "security_profile": "profile_security_default_1",
+ "up_profile": "intel"
+ },
+ "serving_plmn": {
+ "mcc": 315,
+ "mnc": 10,
+ "tac": 101
+ }
+ }
+ ]
+ },
+ "up_profile": {
+ "up_profile": [
+ {
+ "access_control": "none",
+ "description": "User plane profile for Ciena",
+ "display_name": "Ciena",
+ "id": "ciena",
+ "user_plane": "pfcp_agent.omec.svc.prd.ciena.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Cornell1",
+ "display_name": "Cornell1",
+ "id": "cornell1",
+ "user_plane": "pfcp_agent.omec.svc.prd.cornell1.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Intel",
+ "display_name": "Intel",
+ "id": "intel",
+ "user_plane": "upf.omec.svc.prd.intel.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for ONF Menlo",
+ "display_name": "ONF Menlo",
+ "id": "menlo",
+ "user_plane": "pfcp_agent.omec.svc.prd.menlo.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for NTT",
+ "display_name": "NTT",
+ "id": "ntt",
+ "user_plane": "upf.omec.svc.prd.ntt.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Princeton1",
+ "display_name": "Princeton1",
+ "id": "princeton1",
+ "user_plane": "pfcp_agent.omec.svc.prd.princeton1.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "user_plane profile for spgwu1",
+ "display_name": "UP Profile 1",
+ "id": "profile_up_demo_1",
+ "user_plane": "upf_headless"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Stanford1",
+ "display_name": "Stanford1",
+ "id": "stanford1",
+ "user_plane": "pfcp_agent.omec.svc.prd.stanford1.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Stanford2",
+ "display_name": "Stanford2",
+ "id": "stanford2",
+ "user_plane": "pfcp_agent.omec.svc.prd.stanford2.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for Telefonica",
+ "display_name": "Telefonica",
+ "id": "tef",
+ "user_plane": "upf.omec.svc.prd.tef.aetherproject.net"
+ },
+ {
+ "access_control": "none",
+ "description": "User plane profile for ONF Tucson",
+ "display_name": "ONF Tucson",
+ "id": "tucson",
+ "user_plane": "upf.omec.svc.prd.tucson.aetherproject.net"
+ }
+ ]
+ }
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-basic.json b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-basic.json
new file mode 100644
index 0000000..7acd0cf
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-basic.json
@@ -0,0 +1,28 @@
+{
+ "groups": [
+ "mixedGroup",
+ "AetherROCAdmin"
+ ],
+ "template": {
+ "template": [
+ {
+ "description": "do",
+ "display-name": "laborum fugiat",
+ "downlink": 322694552,
+ "id": "aliquip",
+ "sd": 14628949,
+ "sst": 1,
+ "uplink": 1607714163
+ },
+ {
+ "description": "do",
+ "display-name": "quattro fugiat",
+ "downlink": 322694552,
+ "id": "quattro",
+ "sd": 14628949,
+ "sst": 1,
+ "uplink": 1607714163
+ }
+ ]
+ }
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-get.json b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-get.json
new file mode 100644
index 0000000..5341f75
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-get.json
@@ -0,0 +1,494 @@
+{
+ "groups": [
+ "mixedGroup",
+ "acme"
+ ],
+ "ap_list": {
+ "ap_list": [
+ {
+ "access_points": [
+ {
+ "address": "ap1^seattle^starbucks^com",
+ "enable": true,
+ "tac": 654
+ },
+ {
+ "address": "ap2^seattle^starbucks^com",
+ "enable": true,
+ "tac": 87475
+ }
+ ],
+ "description": "Seattle APs",
+ "display_name": "Seattle",
+ "enterprise": "starbucks",
+ "id": "starbucks_seattle_aps"
+ },
+ {
+ "access_points": [
+ {
+ "address": "ap2^newyork^starbucks^com",
+ "enable": true,
+ "tac": 8002
+ }
+ ],
+ "description": "New York APs",
+ "display_name": "New York",
+ "enterprise": "starbucks",
+ "id": "starbucks_newyork_aps"
+ },
+ {
+ "access_points": [
+ {
+ "address": "ap2^chicago^acme^com",
+ "enable": true,
+ "tac": 8002
+ }
+ ],
+ "description": "Chicago APs",
+ "display_name": "Chicago",
+ "enterprise": "acme",
+ "id": "acme_chicago_aps"
+ }
+ ]
+ },
+ "application": {
+ "application": [
+ {
+ "description": "Network Video Recorder",
+ "display_name": "NVR",
+ "enterprise": "starbucks",
+ "endpoint": [
+ {
+ "address": "nvr.starbucks.com",
+ "name": "rtsp",
+ "port_end": 3316,
+ "port_start": 3330,
+ "protocol": "UDP"
+ }
+ ],
+ "id": "starbucks_nvr"
+ },
+ {
+ "description": "Fidelio POS",
+ "display_name": "Fidelio",
+ "enterprise": "starbucks",
+ "endpoint": [
+ {
+ "address": "fidelio.starbucks.com",
+ "name": "fidelio",
+ "port_end": 7585,
+ "port_start": 7588,
+ "protocol": "TCP"
+ }
+ ],
+ "id": "starbucks_fidelio"
+ },
+ {
+ "description": "Data Acquisition",
+ "display_name": "DA",
+ "enterprise": "acme",
+ "endpoint": [
+ {
+ "address": "da.acme.com",
+ "name": "da",
+ "port_end": 7585,
+ "port_start": 7588,
+ "protocol": "TCP"
+ }
+ ],
+ "id": "acme_dataacquisition"
+ }
+ ]
+ },
+ "connectivity_service": {
+ "connectivity_service": [
+ {
+ "core_5g_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/5g",
+ "description": "5G Test",
+ "display_name": "ROC 5G Test Connectivity Service",
+ "id": "cs5gtest"
+ },
+ {
+ "description": "ROC 4G Test Connectivity Service",
+ "display_name": "4G Test",
+ "hss_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/imsis",
+ "id": "cs4gtest",
+ "pcrf_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config/policies",
+ "spgwc_endpoint": "http://aether_roc_umbrella_sdcore_test_dummy/v1/config"
+ }
+ ]
+ },
+ "device_group": {
+ "device_group": [
+ {
+ "display_name": "Seattle Cameras",
+ "id": "starbucks_seattle_cameras",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275000,
+ "imsi_range_to": 170029313275003,
+ "name": "counters"
+ },
+ {
+ "imsi_range_from": 170029313275010,
+ "imsi_range_to": 170029313275014,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_seattle",
+ "site": "starbucks_seattle"
+ },
+ {
+ "display_name": "Seattle POS",
+ "id": "starbucks_seattle_pos",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275020,
+ "imsi_range_to": 170029313275022,
+ "name": "tills"
+ },
+ {
+ "imsi_range_from": 170029313275030,
+ "imsi_range_to": 170029313275034,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_seattle",
+ "site": "starbucks_seattle"
+ },
+ {
+ "display_name": "New York Cameras",
+ "id": "starbucks_newyork_cameras",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275040,
+ "imsi_range_to": 170029313275041,
+ "name": "front"
+ },
+ {
+ "imsi_range_from": 170029313275050,
+ "imsi_range_to": 170029313275055,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_newyork",
+ "site": "starbucks_newyork"
+ },
+ {
+ "display_name": "New York POS",
+ "id": "starbucks_newyork_pos",
+ "imsis": [
+ {
+ "imsi_range_from": 170029313275060,
+ "imsi_range_to": 170029313275061,
+ "name": "tills"
+ },
+ {
+ "imsi_range_from": 170029313275070,
+ "imsi_range_to": 170029313275073,
+ "name": "store"
+ }
+ ],
+ "ip_domain": "starbucks_newyork",
+ "site": "starbucks_newyork"
+ },
+ {
+ "display_name": "ACME Robots",
+ "id": "acme_chicago_robots",
+ "imsis": [
+ {
+ "imsi_range_from": 13698808332993000,
+ "imsi_range_to": 13698808332993003,
+ "name": "production"
+ },
+ {
+ "imsi_range_from": 13698808332993010,
+ "imsi_range_to": 13698808332993012,
+ "name": "warehouse"
+ }
+ ],
+ "ip_domain": "acme_chicago",
+ "site": "acme_chicago"
+ }
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "cs5gtest",
+ "enabled": true
+ }
+ ],
+ "description": "ACME Corporation",
+ "display_name": "ACME Corp",
+ "id": "acme"
+ },
+ {
+ "connectivity_service": [
+ {
+ "connectivity_service": "cs5gtest",
+ "enabled": true
+ },
+ {
+ "connectivity_service": "cs4gtest",
+ "enabled": false
+ }
+ ],
+ "description": "Starbucks Corporation",
+ "display_name": "Starbucks Inc.",
+ "id": "starbucks"
+ }
+ ]
+ },
+ "ip_domain": {
+ "ip_domain": [
+ {
+ "admin_status": "ENABLE",
+ "description": "New York IP Domain",
+ "display_name": "New York",
+ "dns_primary": "8.8.8.1",
+ "dns_secondary": "8.8.8.2",
+ "id": "starbucks_newyork",
+ "mtu": 57600,
+ "subnet": "254.186.117.251/31"
+ },
+ {
+ "admin_status": "ENABLE",
+ "description": "Seattle IP Domain",
+ "display_name": "Seattle",
+ "dns_primary": "8.8.8.3",
+ "dns_secondary": "8.8.8.3",
+ "id": "starbucks_seattle",
+ "mtu": 12690,
+ "subnet": "196.5.91.0/31"
+ },
+ {
+ "admin_status": "DISABLE",
+ "description": "Chicago IP Domain",
+ "display_name": "Chicago",
+ "dns_primary": "8.8.8.4",
+ "dns_secondary": "8.8.8.4",
+ "id": "acme_chicago",
+ "mtu": 12690,
+ "subnet": "163.25.44.0/31"
+ }
+ ]
+ },
+ "network": {
+ "network": [
+ {
+ "description": "New York 21_32",
+ "display_name": "New York",
+ "id": "starbucks_newyork",
+ "enterprise": "starbucks",
+ "mcc": 21,
+ "mnc": 32
+ },
+ {
+ "description": "Seattle 265_122",
+ "display_name": "Seattle",
+ "id": "starbucks_seattle",
+ "enterprise": "starbucks",
+ "mcc": 265,
+ "mnc": 122
+ },
+ {
+ "description": "Chicago 123_456",
+ "display_name": "Chicago",
+ "id": "acme_chicago",
+ "enterprise": "acme",
+ "mcc": 123,
+ "mnc": 456
+ }
+ ]
+ },
+ "site": {
+ "site": [
+ {
+ "description": "ACME HQ",
+ "display_name": "Chicago",
+ "enterprise": "acme",
+ "id": "acme_chicago",
+ "network": "acme_chicago"
+ },
+ {
+ "description": "Starbucks Corp HQ",
+ "display_name": "Seattle",
+ "enterprise": "starbucks",
+ "id": "starbucks_seattle",
+ "network": "starbucks_seattle"
+ },
+ {
+ "description": "Starbucks New York",
+ "display_name": "New York",
+ "enterprise": "starbucks",
+ "id": "starbucks_newyork",
+ "network": "starbucks_newyork"
+ }
+ ]
+ },
+ "template": {
+ "template": [
+ {
+ "description": "VCS Template 1",
+ "display_name": "Template 1",
+ "downlink": 24669539,
+ "id": "template_1",
+ "sd": 10886763,
+ "sst": 158,
+ "traffic_class": "class_1",
+ "uplink": 23770218
+ },
+ {
+ "description": "VCS Template 2",
+ "display_name": "Template 2",
+ "downlink": 2791589,
+ "id": "template_2",
+ "sd": 16619900,
+ "sst": 157,
+ "traffic_class": "class_2",
+ "uplink": 24721051
+ }
+ ]
+ },
+ "traffic_class": {
+ "traffic_class": [
+ {
+ "description": "High Priority TC",
+ "display_name": "Class 1",
+ "id": "class_1",
+ "pdb": 577,
+ "pelr": 3,
+ "qci": 10
+ },
+ {
+ "description": "Medium Priority TC",
+ "display_name": "Class 2",
+ "id": "class_2",
+ "pdb": 831,
+ "pelr": 4,
+ "qci": 20
+ },
+ {
+ "description": "Low Priority TC",
+ "display_name": "Class 3",
+ "id": "class_3",
+ "pdb": 833,
+ "pelr": 4,
+ "qci": 30
+ }
+ ]
+ },
+ "upf": {
+ "upf": [
+ {
+ "address": "seattle.cameras_upf.starbucks.com",
+ "description": "Seattle Cameras UPF",
+ "display_name": "Seattle Cameras",
+ "id": "starbucks_seattle_cameras",
+ "enterprise": "starbucks",
+ "port": 9229
+ },
+ {
+ "address": "newyork.cameras_upf.starbucks.com",
+ "description": "New York Cameras UPF",
+ "display_name": "New York Cameras",
+ "id": "starbucks_newyork_cameras",
+ "enterprise": "starbucks",
+ "port": 6161
+ },
+ {
+ "address": "chicago.robots_upf.acme.com",
+ "description": "Chicago Robots UPF",
+ "display_name": "Chicago Robots",
+ "id": "acme_chicago_robots",
+ "enterprise": "acme",
+ "port": 6161
+ }
+ ]
+ },
+ "vcs": {
+ "vcs": [
+ {
+ "ap": "starbucks_newyork_aps",
+ "application": [
+ {
+ "allow": true,
+ "application": "starbucks_nvr"
+ }
+ ],
+ "description": "New York Cameras",
+ "device_group": [
+ {
+ "enable": true,
+ "device_group": "starbucks_newyork_cameras"
+ }
+ ],
+ "display_name": "NY Cams",
+ "downlink": 948091966,
+ "enterprise": "starbucks",
+ "id": "starbucks_newyork_cameras",
+ "sd": 8284729,
+ "sst": 127,
+ "template": "template_1",
+ "traffic_class": "class_1",
+ "upf": "starbucks_newyork_cameras",
+ "uplink": 38997335
+ },
+ {
+ "ap": "starbucks_seattle_aps",
+ "application": [
+ {
+ "allow": false,
+ "application": "starbucks_nvr"
+ }
+ ],
+ "description": "Seattle Cameras",
+ "device_group": [
+ {
+ "enable": true,
+ "device_group": "starbucks_seattle_cameras"
+ }
+ ],
+ "display_name": "Seattle Cams",
+ "downlink": 28492626,
+ "enterprise": "starbucks",
+ "id": "starbucks_seattle_cameras",
+ "sd": 2973238,
+ "sst": 79,
+ "template": "template_2",
+ "traffic_class": "class_2",
+ "upf": "starbucks_seattle_cameras",
+ "uplink": 13227287
+ },
+ {
+ "ap": "acme_chicago_aps",
+ "application": [
+ {
+ "allow": false,
+ "application": "acme_dataacquisition"
+ }
+ ],
+ "description": "Chicago Robots",
+ "device_group": [
+ {
+ "enable": true,
+ "device_group": "acme_chicago_robots"
+ }
+ ],
+ "display_name": "Chicago Robots VCS",
+ "downlink": 28492626,
+ "enterprise": "acme",
+ "id": "acme_chicago_robots",
+ "sd": 2973238,
+ "sst": 79,
+ "template": "template_2",
+ "traffic_class": "class_2",
+ "upf": "acme_chicago_robots",
+ "uplink": 13227287
+ }
+ ]
+ }
+}
diff --git a/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-set.json b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-set.json
new file mode 100644
index 0000000..07f5914
--- /dev/null
+++ b/aether-roc-umbrella/files/opa-rbac/test/aether-3.0.0-example-set.json
@@ -0,0 +1,362 @@
+{
+ "groups": [
+ "admin",
+ "dolor"
+ ],
+ "updates": {
+ "site": {
+ "site": [
+ {
+ "description": "pariatur culpa",
+ "display-name": "occaecat nostrud",
+ "enterprise": "dolor",
+ "id": "newsite",
+ "network": "irur"
+ }
+ ]
+ }
+ },
+ "deletes": {
+ "site": {
+ "site": [
+ {
+ "id": "officia"
+ }
+ ]
+ }
+ },
+ "ap-list": {
+ "ap-list": [
+ {
+ "access-points": [
+ {
+ "address": "laborum.commodo.incididunt",
+ "enable": false,
+ "tac": 69373985
+ },
+ {
+ "address": "id.ipsum",
+ "enable": false,
+ "tac": 87809475
+ }
+ ],
+ "description": "incididunt aliqua ex nulla",
+ "display-name": "cupidatat aliquip",
+ "id": "deserunt"
+ },
+ {
+ "access-points": [
+ {
+ "address": "labore.aliqua.dolor.consequat",
+ "enable": false,
+ "tac": 80083302
+ },
+ {
+ "address": "qui.sed",
+ "enable": false,
+ "tac": 13929603
+ }
+ ],
+ "description": "cupidatat tempor magna",
+ "display-name": "occaecat et deserunt consequat",
+ "id": "tempor"
+ }
+ ]
+ },
+ "application": {
+ "application": [
+ {
+ "description": "Ut velit est",
+ "display-name": "do",
+ "endpoint": [
+ {
+ "address": "mollit.ipsum",
+ "name": "esse",
+ "port-end": 33167231,
+ "port-start": 27761544,
+ "protocol": "UDP"
+ },
+ {
+ "address": "cupidatat.reprehend",
+ "name": "ullamco",
+ "port-end": 19527413,
+ "port-start": 28793871,
+ "protocol": "UDP"
+ }
+ ],
+ "id": "occaecat"
+ },
+ {
+ "description": "amet ad quis",
+ "display-name": "sit ex Ut aliqua",
+ "endpoint": [
+ {
+ "address": "ut.veniam.id.non",
+ "name": "consectetur",
+ "port-end": 31037585,
+ "port-start": 8018682,
+ "protocol": "TCP"
+ },
+ {
+ "address": "nulla.consectet",
+ "name": "sint",
+ "port-end": 25299216,
+ "port-start": 6645928,
+ "protocol": "TCP"
+ }
+ ],
+ "id": "incididunt"
+ }
+ ]
+ },
+ "connectivity-service": {
+ "connectivity-service": [
+ {
+ "core-5g-endpoint": "ut culpa velit",
+ "description": "magna in",
+ "display-name": "cillum occaecat amet ad adipisicing",
+ "hss-endpoint": "eu sed est nisi",
+ "id": "repre",
+ "pcrf-endpoint": "nostrud eiusmod Ut Lorem",
+ "spgwc-endpoint": "eiusmod aute quis"
+ },
+ {
+ "core-5g-endpoint": "voluptate consectetur ut",
+ "description": "Ut incididunt ex id labore",
+ "display-name": "qui Lorem elit",
+ "hss-endpoint": "adipisicing incididunt consequat mollit",
+ "id": "irure",
+ "pcrf-endpoint": "sit incididunt sunt Duis",
+ "spgwc-endpoint": "nisi magna do reprehenderit"
+ }
+ ]
+ },
+ "device_group": {
+ "device_group": [
+ {
+ "display-name": "tempor ut",
+ "id": "amet",
+ "imsis": [
+ {
+ "imsi-range-from": 170029313275000,
+ "imsi-range-to": 69764015096000,
+ "name": "enim"
+ },
+ {
+ "imsi-range-from": 116299798497000,
+ "imsi-range-to": 22297092854800,
+ "name": "ad"
+ }
+ ],
+ "ip-domain": "qui",
+ "site": "inc"
+ },
+ {
+ "display-name": "nisi mollit dolore dolor",
+ "id": "Lorem",
+ "imsis": [
+ {
+ "imsi-range-from": 13698808332993000,
+ "imsi-range-to": 7746018722749000,
+ "name": "magna"
+ },
+ {
+ "imsi-range-from": 4087876837971489000,
+ "imsi-range-to": 10492416481328000,
+ "name": "reprehenderit"
+ }
+ ],
+ "ip-domain": "labore",
+ "site": "officia"
+ }
+ ]
+ },
+ "enterprise": {
+ "enterprise": [
+ {
+ "connectivity-service": [
+ {
+ "connectivity-service": "repre",
+ "enabled": true
+ },
+ {
+ "connectivity-service": "irure",
+ "enabled": true
+ }
+ ],
+ "description": "minim et",
+ "display-name": "laborum in",
+ "id": "dolor"
+ },
+ {
+ "connectivity-service": [
+ {
+ "connectivity-service": "irure",
+ "enabled": false
+ },
+ {
+ "connectivity-service": "repre",
+ "enabled": false
+ }
+ ],
+ "description": "consequat minim magna",
+ "display-name": "laboris incididunt dolore",
+ "id": "labore"
+ }
+ ]
+ },
+ "ip-domain": {
+ "ip-domain": [
+ {
+ "admin-status": "DISABLE",
+ "description": "culpa enim exercitation sit consequat",
+ "display-name": "dolo",
+ "dns-primary": "8.8.8.1",
+ "dns-secondary": "8.8.8.2",
+ "id": "qui",
+ "mtu": 57600,
+ "subnet": "254.186.117.251/31"
+ },
+ {
+ "admin-status": "DISABLE",
+ "description": "nulla ut",
+ "display-name": "adipisicing",
+ "dns-primary": "8.8.8.3",
+ "dns-secondary": "8.8.8.3",
+ "id": "labore",
+ "mtu": 12690,
+ "subnet": "196.5.91.0/31"
+ }
+ ]
+ },
+ "network": {
+ "network": [
+ {
+ "description": "aliquip Lorem dolor",
+ "display-name": "minim labore ex",
+ "id": "elit",
+ "mcc": 21,
+ "mnc": 32
+ },
+ {
+ "description": "laborum occaecat ut",
+ "display-name": "consequat ea",
+ "id": "irur",
+ "mcc": 265,
+ "mnc": 122
+ }
+ ]
+ },
+ "site": {
+ "site": [
+ {
+ "description": "pariatur culpa",
+ "display-name": "occaecat nostrud",
+ "enterprise": "dolor",
+ "id": "inc",
+ "network": "irur"
+ },
+ {
+ "description": "in dolor",
+ "display-name": "consequat est",
+ "enterprise": "labore",
+ "id": "officia",
+ "network": "elit"
+ }
+ ]
+ },
+ "template": {
+ "template": [
+ {
+ "description": "enim ",
+ "display-name": "do labore laborum elit",
+ "downlink": 24669539,
+ "id": "magn",
+ "sd": 10886763,
+ "sst": 158,
+ "traffic-class": "consectetur in cillum",
+ "uplink": 23770218
+ },
+ {
+ "description": "aute dolore dolo",
+ "display-name": "quis pariatur dolore magna commodo",
+ "downlink": 2791589,
+ "id": "aliqua",
+ "sd": 16619900,
+ "sst": 157,
+ "traffic-class": "dolor in in et",
+ "uplink": 24721051
+ }
+ ]
+ },
+ "upf": {
+ "upf": [
+ {
+ "address": "sed.officia.magna.ut",
+ "description": "commodo ea ullamco Excepteur cillum",
+ "display-name": "in aliqua deserunt Ut",
+ "id": "dol",
+ "port": 77359229
+ },
+ {
+ "address": "incididunt",
+ "description": "veniam",
+ "display-name": "in laborum ut",
+ "id": "magna",
+ "port": 14326161
+ }
+ ]
+ },
+ "vcs": {
+ "vcs": [
+ {
+ "ap": "deserunt",
+ "application": [
+ {
+ "allow": true,
+ "application": "occaecat"
+ },
+ {
+ "allow": true,
+ "application": "incididunt"
+ }
+ ],
+ "description": "deserunt in magna Lorem",
+ "device_group": "amet",
+ "display-name": "quis e",
+ "downlink": 948091966,
+ "id": "quad",
+ "sd": 8284729,
+ "sst": 127,
+ "template": "magn",
+ "traffic-class": "non ut",
+ "upf": "magna",
+ "uplink": 38997335
+ },
+ {
+ "ap": "tempor",
+ "application": [
+ {
+ "allow": false,
+ "application": "occaecat"
+ },
+ {
+ "allow": false,
+ "application": "incididunt"
+ }
+ ],
+ "description": "elit Ut",
+ "device-group": "Lorem",
+ "display-name": "veniam exercitation ea",
+ "downlink": 28492626,
+ "id": "mollit",
+ "sd": 2973238,
+ "sst": 79,
+ "template": "aliqua",
+ "traffic-class": "eiusmod Ut ullamco laboris ea",
+ "upf": "dol",
+ "uplink": 13227287
+ }
+ ]
+ }
+}
\ No newline at end of file