diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2018-08-29 07:58:53 -0400 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2018-08-29 12:34:55 -0400 |
commit | 8279af376b435e1d7dd118a1955c5681edf3b847 (patch) | |
tree | f0e9f24028b8e96908184192f9e2813a2981938a /controlloop/templates/template.demo/src/main/resources/blacklist_template.xml | |
parent | 17435998307f9f86ec5ebe55d6d36eceee1f1943 (diff) |
Fix remaining checkstyle
Lots of formatting, missing javadoc, distance from use,
imports must be explicit, ordering of methods.
Fixed some abbreviation problems in classes and renamed
JUnit tests to fix this.
Issue-ID: POLICY-883
Change-Id: I8494f63d88d63c0232aca97f7bcc848816228fb1
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'controlloop/templates/template.demo/src/main/resources/blacklist_template.xml')
-rw-r--r-- | controlloop/templates/template.demo/src/main/resources/blacklist_template.xml | 145 |
1 files changed, 94 insertions, 51 deletions
diff --git a/controlloop/templates/template.demo/src/main/resources/blacklist_template.xml b/controlloop/templates/template.demo/src/main/resources/blacklist_template.xml index c27ced3ac..590b19d25 100644 --- a/controlloop/templates/template.demo/src/main/resources/blacklist_template.xml +++ b/controlloop/templates/template.demo/src/main/resources/blacklist_template.xml @@ -18,57 +18,100 @@ limitations under the License. ============LICENSE_END========================================================= --> -<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> - <Description>Policy for frequency limiter.</Description> - <Target> - <AnyOf> - <AllOf> - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" + Version="1" + RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> + <Description>Policy for frequency limiter.</Description> + <Target> + <AnyOf> + <AllOf> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>--> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> - <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> - <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Match> - </AllOf> - </AnyOf> - </Target> - <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Deny"> - <Description>DENY - only if target is in black list and guard is active.</Description> - <Condition> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> - <VariableReference VariableId="isGuardActive"/> - <VariableReference VariableId="isInBlackList"/> - </Apply> - </Condition> - </Rule> - <VariableDefinition VariableId="isInBlackList"> - <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> - <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> - </Apply> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> - ${blackListElement} - <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>--> - </Apply> - </Apply> - </VariableDefinition> - <VariableDefinition VariableId="isGuardActive"> - <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> - <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> - </Apply> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> - </Apply> - </VariableDefinition> + <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" + AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule + RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" + Effect="Deny"> + <Description>DENY - only if target is in black list and guard is + active.</Description> + <Condition> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <VariableReference + VariableId="isGuardActive" /> + <VariableReference + VariableId="isInBlackList" /> + </Apply> + </Condition> + </Rule> + <VariableDefinition VariableId="isInBlackList"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> + <Function + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal" /> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" + AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Apply> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> + ${blackListElement} + <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>--> + </Apply> + </Apply> + </VariableDefinition> + <VariableDefinition VariableId="isGuardActive"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator + AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" + DataType="http://www.w3.org/2001/XMLSchema#time" + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" + MustBePresent="false" /> + </Apply> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + </VariableDefinition> </Policy> |