diff options
| author |   Pamela Dragosh <pdragosh@research.att.com> | 2018-08-29 07:58:53 -0400 |
|---|---|---|
| committer | Pamela Dragosh <pdragosh@research.att.com> | 2018-08-29 12:34:55 -0400 |
| commit | 8279af376b435e1d7dd118a1955c5681edf3b847 (patch) | |
| tree | f0e9f24028b8e96908184192f9e2813a2981938a /controlloop/common/guard | |
| parent | 17435998307f9f86ec5ebe55d6d36eceee1f1943 (diff) | |
Fix remaining checkstyle
Lots of formatting, missing javadoc, distance from use,
imports must be explicit, ordering of methods.
Fixed some abbreviation problems in classes and renamed
JUnit tests to fix this.
Issue-ID: POLICY-883
Change-Id: I8494f63d88d63c0232aca97f7bcc848816228fb1
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'controlloop/common/guard')
| -rw-r--r-- | controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java | 26 | ||||
| -rw-r--r-- | controlloop/common/guard/src/main/java/org/onap/policy/guard/impl/PNFTargetLock.java | 6 | ||||
| -rw-r--r-- | controlloop/common/guard/src/test/java/org/onap/policy/guard/PipEngineGetHistoryTest.java (renamed from controlloop/common/guard/src/test/java/org/onap/policy/guard/PIPEngineGetHistoryTest.java) | 2 | ||||
| -rw-r--r-- | controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardTest.java | 2 | ||||
| -rw-r--r-- | controlloop/common/guard/src/test/resources/META-INF/persistence.xml | 37 | ||||
| -rw-r--r-- | controlloop/common/guard/src/test/resources/blacklist_template.xml | 145 | ||||
| -rw-r--r-- | controlloop/common/guard/src/test/resources/frequency_limiter_template.xml | 158 |
7 files changed, 238 insertions, 138 deletions
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java index 5e69d6435..ab1d04efa 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * guard * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,20 +31,20 @@ public class PolicyGuardXacmlRequestAttributes { /** * Construct an instance. * - * @param clnameID the control loop Id - * @param actorID the actor Id - * @param operationID the operation Id - * @param targetID the target Id - * @param requestID the request Id + * @param clnameId the control loop Id + * @param actorId the actor Id + * @param operationId the operation Id + * @param targetId the target Id + * @param requestId the request Id */ - public PolicyGuardXacmlRequestAttributes(String clnameID, String actorID, String operationID, String targetID, - String requestID) { + public PolicyGuardXacmlRequestAttributes(String clnameId, String actorId, String operationId, String targetId, + String requestId) { super(); - this.clnameID = clnameID; - this.actorID = actorID; - this.operationID = operationID; - this.targetID = targetID; - this.requestID = requestID; + this.clnameID = clnameId; + this.actorID = actorId; + this.operationID = operationId; + this.targetID = targetId; + this.requestID = requestId; } @Override diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/impl/PNFTargetLock.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/impl/PNFTargetLock.java index 06bd9fb89..904448591 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/impl/PNFTargetLock.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/impl/PNFTargetLock.java @@ -42,14 +42,14 @@ public class PNFTargetLock implements TargetLock, Serializable { * * @param type the target type * @param target the target - * @param requestID the request Id + * @param requestId the request Id * @param callback the callback */ - public PNFTargetLock(TargetType type, String target, UUID requestID, LockCallback callback) { + public PNFTargetLock(TargetType type, String target, UUID requestId, LockCallback callback) { this.lockId = UUID.randomUUID(); this.targetType = type; this.target = target; - this.requestId = requestID; + this.requestId = requestId; this.callback = callback; } diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PIPEngineGetHistoryTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PipEngineGetHistoryTest.java index 8c7392e71..5780cecd6 100644 --- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PIPEngineGetHistoryTest.java +++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PipEngineGetHistoryTest.java @@ -66,7 +66,7 @@ import org.junit.BeforeClass; import org.junit.Test; import org.onap.policy.drools.system.PolicyEngine; -public class PIPEngineGetHistoryTest { +public class PipEngineGetHistoryTest { static PIPEngineGetHistory pegh; private static final String ISSUER = "issuerIntw:mid:end"; diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardTest.java index 9cee0af27..273d8fb01 100644 --- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardTest.java +++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardTest.java @@ -279,7 +279,7 @@ public class PolicyGuardTest { } @Test - public void testLockTargetTargetTypeStringUUIDLockCallbackInt() throws Exception { + public void testLockTargetTargetTypeStringUuidLockCallbackInt() throws Exception { TargetType type = TargetType.VM; LockResult<GuardResult, TargetLock> result; diff --git a/controlloop/common/guard/src/test/resources/META-INF/persistence.xml b/controlloop/common/guard/src/test/resources/META-INF/persistence.xml index e4f597f63..73b9e1809 100644 --- a/controlloop/common/guard/src/test/resources/META-INF/persistence.xml +++ b/controlloop/common/guard/src/test/resources/META-INF/persistence.xml @@ -19,22 +19,29 @@ ============LICENSE_END========================================================= --> <persistence version="2.1" - xmlns="http://xmlns.jcp.org/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence http://xmlns.jcp.org/xml/ns/persistence/persistence_2_1.xsd"> + xmlns="http://xmlns.jcp.org/xml/ns/persistence" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence http://xmlns.jcp.org/xml/ns/persistence/persistence_2_1.xsd"> - <!-- In-mem DB for junit --> - <persistence-unit name="TestOperationsHistoryPU" - transaction-type="RESOURCE_LOCAL"> - <provider>org.eclipse.persistence.jpa.PersistenceProvider</provider> - <properties> - <property name="eclipselink.ddl-generation" value="create-or-extend-tables" /> - <property name="javax.persistence.jdbc.driver" value="org.h2.Driver" /> - <property name="javax.persistence.jdbc.url" value="jdbc:h2:mem:test" /> - <property name="javax.persistence.jdbc.user" value="sa" /> - <property name="javax.persistence.jdbc.password" value="" /> - <property name="eclipselink.logging.level" value="CONFIG" /> - </properties> - </persistence-unit> + <!-- In-mem DB for junit --> + <persistence-unit name="TestOperationsHistoryPU" + transaction-type="RESOURCE_LOCAL"> + <provider>org.eclipse.persistence.jpa.PersistenceProvider</provider> + <properties> + <property name="eclipselink.ddl-generation" + value="create-or-extend-tables" /> + <property name="javax.persistence.jdbc.driver" + value="org.h2.Driver" /> + <property name="javax.persistence.jdbc.url" + value="jdbc:h2:mem:test" /> + <property name="javax.persistence.jdbc.user" + value="sa" /> + <property name="javax.persistence.jdbc.password" + value="" /> + <property name="eclipselink.logging.level" + value="CONFIG" /> + </properties> + </persistence-unit> </persistence> diff --git a/controlloop/common/guard/src/test/resources/blacklist_template.xml b/controlloop/common/guard/src/test/resources/blacklist_template.xml index c27ced3ac..590b19d25 100644 --- a/controlloop/common/guard/src/test/resources/blacklist_template.xml +++ b/controlloop/common/guard/src/test/resources/blacklist_template.xml @@ -18,57 +18,100 @@ limitations under the License. ============LICENSE_END========================================================= --> -<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> - <Description>Policy for frequency limiter.</Description> - <Target> - <AnyOf> - <AllOf> - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" + Version="1" + RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> + <Description>Policy for frequency limiter.</Description> + <Target> + <AnyOf> + <AllOf> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>--> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> - <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> - </AllOf> - </AnyOf> - </Target> - <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Deny"> - <Description>DENY - only if target is in black list and guard is active.</Description> - <Condition> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> - <VariableReference VariableId="isGuardActive"/> - <VariableReference VariableId="isInBlackList"/> - </Apply> - </Condition> - </Rule> - <VariableDefinition VariableId="isInBlackList"> - <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> - <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Apply> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> - ${blackListElement} - <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>--> - </Apply> - </Apply> - </VariableDefinition> - <VariableDefinition VariableId="isGuardActive"> - <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> - <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> - </Apply> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> - </Apply> - </VariableDefinition> + <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" + AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule + RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" + Effect="Deny"> + <Description>DENY - only if target is in black list and guard is + active.</Description> + <Condition> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <VariableReference + VariableId="isGuardActive" /> + <VariableReference + VariableId="isInBlackList" /> + </Apply> + </Condition> + </Rule> + <VariableDefinition VariableId="isInBlackList"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> + <Function + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal" /> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" + AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Apply> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> + ${blackListElement} + <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>--> + </Apply> + </Apply> + </VariableDefinition> + <VariableDefinition VariableId="isGuardActive"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator + AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" + DataType="http://www.w3.org/2001/XMLSchema#time" + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" + MustBePresent="false" /> + </Apply> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + </VariableDefinition> </Policy> diff --git a/controlloop/common/guard/src/test/resources/frequency_limiter_template.xml b/controlloop/common/guard/src/test/resources/frequency_limiter_template.xml index 9e44ae846..34aa1af69 100644 --- a/controlloop/common/guard/src/test/resources/frequency_limiter_template.xml +++ b/controlloop/common/guard/src/test/resources/frequency_limiter_template.xml @@ -18,60 +18,110 @@ limitations under the License. ============LICENSE_END========================================================= --> -<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> - <Description>Policy for frequency limiter.</Description> - <Target> - <AnyOf> - <AllOf> - - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" + Version="1" + RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> + <Description>Policy for frequency limiter.</Description> + <Target> + <AnyOf> + <AllOf> + + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>--> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> - <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> - - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${targets}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> - - </AllOf> - </AnyOf> - </Target> - <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Deny"> - <Description>DENY - only if number of operations performed in the past is larger than the limit and the Guard is active.</Description> - <Condition> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> - <VariableReference VariableId="isGuardActive"/> - <VariableReference VariableId="isHistoryGreaterThanLimit"/> - </Apply> - </Condition> - </Rule> - <VariableDefinition VariableId="isGuardActive"> - <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> - <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> - </Apply> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> - </Apply> - </VariableDefinition> - <VariableDefinition VariableId="isHistoryGreaterThanLimit"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:research:xacml:test:sql:resource:operations:count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="com:att:research:xacml:guard:historydb:tw:${twValue}:${twUnits}" MustBePresent="false"/> - </Apply> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> - </Apply> - </VariableDefinition> + <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" + AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${targets}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" + AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + + </AllOf> + </AnyOf> + </Target> + <Rule + RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" + Effect="Deny"> + <Description>DENY - only if number of operations performed in + the past is larger than the limit and the Guard is active.</Description> + <Condition> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <VariableReference + VariableId="isGuardActive" /> + <VariableReference + VariableId="isHistoryGreaterThanLimit" /> + </Apply> + </Condition> + </Rule> + <VariableDefinition VariableId="isGuardActive"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator + AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" + DataType="http://www.w3.org/2001/XMLSchema#time" + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" + MustBePresent="false" /> + </Apply> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + </VariableDefinition> + <VariableDefinition + VariableId="isHistoryGreaterThanLimit"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" + AttributeId="com:att:research:xacml:test:sql:resource:operations:count" + DataType="http://www.w3.org/2001/XMLSchema#integer" + Issuer="com:att:research:xacml:guard:historydb:tw:${twValue}:${twUnits}" + MustBePresent="false" /> + </Apply> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + </Apply> + </VariableDefinition> </Policy> |