Testing Network Communication Within a Zero Trust Security Model

What is claimed is: 1 . A method of testing a communication system implementing a zero trust architecture, comprising: sending a first request by a test equipment platform to access a first microsegment to a first policy enforcement point (PEP); sending a first authorization request by the first PEP to a policy decision point (PDP); in response to the first authorization request, requesting attributes associated with the test equipment platform by the PDP; based on attributes associated with the test equipment platform received by the PDP, authorizing a first access level of the test equipment platform to the first microsegment by the PDP; sending authorization of the first access level of the test equipment platform to the first microsegment by the PDP to the first PEP; in response to the authorization of the first access level of the test equipment platform to the first microsegment, establishing a first secure tunnel by the first PEP between the test equipment platform and the first microsegment; sending a second request by the test equipment platform to access a second microsegment to a second PEP; sending a second authorization request by the second PEP to the PDP; based on attributes associated with the test equipment platform received by the PDP, authorizing a second access level of the test equipment platform to the second microsegment by the PDP; sending authorization of the second access level of the test equipment platform to the second microsegment by the PDP to the second PEP; in response to the authorization of the second access level of the test equipment platform to the second microsegment, establishing a second secure tunnel by the second PEP between the test equipment platform and the second microsegment; sending a first command by the test equipment platform to perform a first testing activity via the first secure tunnel to a first probe located in the first microsegment; enforcing that the first command is consistent with the first access level by the first PEP; sending the first command by the first PEP to the first probe; sending a second command by the test platform to perform a second testing activity via the second secure tunnel to a second probe located in the second microsegment; enforcing that the second command is consistent with the second access level by the second PEP; sending the second command by the second PEP to the second probe; sending first test data associated with the first testing activity by the first probe via the first secure tunnel to the test equipment platform; sending second test data associated with the second testing activity by the second probe via the second secure tunnel to the test equipment platform; analyzing the first test data and the second test data by the test equipment platform; and producing a test result by the test equipment platform based on the analyzing. 2 . The method of claim 1 , wherein the first access level provides read access which permits the first probe to read data in the first microsegment and the first test data comprises the data read by the first probe. 3 . The method of claim 1 , wherein the second access level provides write access which permits the second probe to write data in the second microsegment and the second test data comprises responses of the second microsegment to the data written by the second probe. 4 . The method of claim 3 , wherein the data written by the second probe to the second microsegment and the responses of the second microsegment to the data written by the second probe comprises information about communication protocols implemented by an application executing in the second microsegment. 5 . The method of claim 4 , wherein the communication protocols comprise one of an HTTP protocol, an IP protocol, a TCP protocol, or a UDP protocol. 6 . The method of claim 4 , wherein the application executing in the second microsegment comprises a telecommunications network function. 7 . The method of claim 6 , wherein the telecommunications network function comprises a user plane function (UPF) application, an authentication server function (AUSF) application, an access and mobility management function (AMF) application, a session management function (SMF) application, a network exposure function (NEF) application, a network repository function (NRF) application, a policy control function (PCF) application, a unified data management (UDM) application, a network slice selection function (NSSF) application, or a network interworking function (NIF) application. 8 . The method of claim 4 , wherein the application comprises a human resources management application, a financial accounting application, an on-line retail electronic commerce web site application, an inventory management application, or a database management system (DBMS) application. 9 . A communication system implementing a zero trust architecture, comprising: a policy decision point (PDP); a plurality of microsegments of the communication system, each microsegment comprising at least one execution platform and at least one test probe, wherein the at least one test probe is authorized to conduct unencrypted communication with the at least one execution platform; a plurality of policy enforcement points (PEPs), each PEP associated with one of the plurality of microsegments, wherein each PEP is configured to enforce authorization determinations received from the PDP on communication entering and exiting its associated microsegment and to enforce that authorized communication entering and exiting its associated microsegment takes place via a secure tunnel; a test equipment platform comprising a processor, a non-transitory memory, and a testing application stored in the non-transitory memory that, when executed by the processor, establishes a secure tunnel with one of the plurality of PEPs, communicates via the secure tunnel with the at least one test probe within the microsegment associated with the one PEP to obtain information about the execution platform in the microsegment, analyzes the information obtained about the execution, and produces a test result based on analyzing the information. 10 . The communication system of claim 9 , wherein the PDP obtains attributes associated with the test equipment platform from elements of the communication system outside of the zero trust architecture and makes authorization determinations for access by the test equipment platform to microsegments based at least in part on comparing the attributes associated with the test equipment platform to microsegment access rules. 11 . The communication system of claim 10 , wherein the PDP is an application that executes on a computer system. 12 . The communication system of claim 9 , wherein the PEP associated with each of the plurality of microsegments is an application that executes on a computer system in the microsegment. 13 . The communication system of claim 9 , wherein the information obtained by the testing application comprises information about communication protocol compliance of the execution platform. 14 . The communication system of claim 9 , wherein the testing application communicates with the at least one test probe within the one of the plurality of microsegments by commanding the test probe to send communication traffic to the execution platform in the microsegment. 15 . A method of testing a communication system implementing a zero trust architecture, comprising: sending a first request by a test equipment platform to access a first microsegment to a first policy enforcement point (PEP); sending a first aut