diff options
Diffstat (limited to 'controlloop/templates/template.demo/src/test/resources')
15 files changed, 1058 insertions, 0 deletions
diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_1.xml b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_1.xml new file mode 100644 index 000000000..1a70d0468 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_1.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Policy for frequency limiter.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">APPC</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Restart</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Permit"> + <Description>PERMIT - only if number of operations performed in the past is less than the limit.</Description> + <Target/> + <Condition> + <VariableReference VariableId="isHistoryLessOrEqual"/> + </Condition> + </Rule> + <VariableDefinition VariableId="isHistoryLessOrEqual"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:research:xacml:test:sql:resource:operations:count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="com:att:research:xacml:test:sql" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">1</AttributeValue> + </Apply> + </VariableDefinition> + <Rule RuleId="urn:com:att:xacml:rule:id:c9a3fb7d-d0b9-48bb-bdca-87eb4957120c" Effect="Deny"> + <Description>DENY - default.</Description> + <Target/> + </Rule> +</Policy> diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_2.xml b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_2.xml new file mode 100644 index 000000000..e7e34feeb --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_2.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Policy for frequency limiter.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">APPC</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Restart</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Permit"> + <Description>PERMIT - only if number of operations performed in the past is less than the limit.</Description> + + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal"> + + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-bag-size"> + + <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:map"> + + <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:dateTime-less-than-or-equal"/> + + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:dateTime-subtract-dayTimeDuration"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-dateTime" DataType="http://www.w3.org/2001/XMLSchema#dateTime" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#dayTimeDuration">PT10M</AttributeValue> + </Apply> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:research:xacml:test:sql:resource:operations:starttimebag" DataType="http://www.w3.org/2001/XMLSchema#dateTime" Issuer="com:att:research:xacml:test:sql" MustBePresent="false"/> + </Apply> + </Apply> + + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">22</AttributeValue> + + </Apply> + </Condition> + </Rule> + + + <Rule RuleId="urn:com:att:xacml:rule:id:c9a3fb7d-d0b9-48bb-bdca-87eb4957120c" Effect="Deny"> + <Description>DENY - default.</Description> + <Target/> + </Rule> + +</Policy> diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_3.xml b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_3.xml new file mode 100644 index 000000000..c171968d2 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_3.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Policy for frequency limiter.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">APPC</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Restart</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Permit"> + <Description>PERMIT - only if number of operations performed in the past is less than the limit.</Description> + <Target/> + <Condition> + <VariableReference VariableId="isHistoryLessOrEqual"/> + </Condition> + </Rule> + <VariableDefinition VariableId="isHistoryLessOrEqual"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:research:xacml:test:sql:resource:operations:count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="com:att:research:xacml:test:sql:tw10min" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">1</AttributeValue> + </Apply> + </VariableDefinition> + <Rule RuleId="urn:com:att:xacml:rule:id:c9a3fb7d-d0b9-48bb-bdca-87eb4957120c" Effect="Deny"> + <Description>DENY - default.</Description> + <Target/> + </Rule> +</Policy> diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_4.xml b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_4.xml new file mode 100644 index 000000000..53e83d9cd --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_4.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Policy for frequency limiter.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">APPC</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Restart</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Permit"> + <Description>PERMIT - only if number of operations performed in the past is less than the limit.</Description> + <Target/> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> + <VariableReference VariableId="isGuardNotActive"/> + <VariableReference VariableId="isHistoryLessOrEqual"/> + </Apply> + </Condition> + </Rule> + <VariableDefinition VariableId="isGuardNotActive"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">05:00:00-05:00</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">23:59:59-05:00</AttributeValue> + </Apply> + </Apply> + </VariableDefinition> + <VariableDefinition VariableId="isHistoryLessOrEqual"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:research:xacml:test:sql:resource:operations:count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="com:att:research:xacml:test:sql:tw10min" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">1</AttributeValue> + </Apply> + </VariableDefinition> + <Rule RuleId="urn:com:att:xacml:rule:id:c9a3fb7d-d0b9-48bb-bdca-87eb4957120c" Effect="Deny"> + <Description>DENY - default.</Description> + <Target/> + </Rule> +</Policy> diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml.properties b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml.properties new file mode 100644 index 000000000..e51f038e9 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml.properties @@ -0,0 +1,119 @@ +# +# +# This is test set that tests configurable SQL PIP engine. It uses sample data from MySQL world database +# +# http://dev.mysql.com/doc/world-setup/en/index.html +# +# The Policy was created using the PAP Admin Tool. +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# Policies to load +# +xacml.rootPolicies=sql +sql.file=src/test/resources/xacml/frequency_limiter_1.xml + +# PIP Engine Definition +# +xacml.pip.engines=sql1 + +sql1.classname=com.att.research.xacml.std.pip.engines.jdbc.JDBCEngine +sql1.name=World +sql1.description=World Database from MySQL website. Copyright Statistics Finland, http://www.stat.fi/worldinfigures. +# This will be the default issuer for the resolvers. NOTE: Issuer only used for attributes provided by the engine. +sql1.issuer=com:att:research:xacml:test:sql +# +# This is the configuration for JDBC. You will have to setup the database and run the data\world*.sql script to +# create the tables and load the data. +# +sql1.type=jdbc + +# Postgres DB +#sql1.jdbc.driver=org.postgresql.Driver +#sql1.jdbc.url=jdbc:postgresql://localhost:7778/postgres +#sql1.jdbc.conn.user=postgres +#sql1.jdbc.conn.password= + +# MariaDB +sql1.jdbc.driver=org.mariadb.jdbc.Driver +sql1.jdbc.url=jdbc:mariadb://localhost:7779/policy +sql1.jdbc.conn.user=root +sql1.jdbc.conn.password=lmpg + +# +# This is the configuration for JNDI datasource. +# +#sql1.type=jndi +#sql1.datasource=jdbc/xacml + +sql1.resolvers=langer + +sql1.resolver.langer.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.langer.name=Language +sql1.resolver.langer.description=This returns the number of previous operations within the given time window + +# Query for Postgres DB +#sql1.resolver.langer.select=select count(*) from operationshistory where actor=? and operation=? and target=? and endtime between now()::timestamp with time zone - (interval '1000000000s') and now()::timestamp with time zone + +# Query for MariaDB +#sql1.resolver.langer.select=select count(*) as count from operationshistory where actor=? and operation=? and target=? and convert_tz(endtime,@@session.time_zone,'-05:00') between date_sub(convert_tz(now(),@@session.time_zone,'-05:00'),interval 100 hour) and convert_tz(now(),@@session.time_zone,'-05:00') +sql1.resolver.langer.select=select count(*) as count from operationshistory9 where actor=? and operation=? and target=? and endtime between date_sub(now(),interval 100 hour) and now() + +sql1.resolver.langer.fields=count +sql1.resolver.langer.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.langer.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.langer.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +#You can override the default issuer that is set in the JDBCEngine definition if you want. +#sql1.resolver.langer.field.language.issuer=com:att:research:xacml:test:sql +sql1.resolver.langer.parameters=actor,operation,target + +sql1.resolver.langer.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.langer.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject + +sql1.resolver.langer.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.langer.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action + +sql1.resolver.langer.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.langer.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +# +# These properties are for an attribute generator to build into requests. +# +xacml.attribute.generator=generate_subjectid + +xacml.attribute.generator.generate_subjectid.file=generate.data +xacml.attribute.generator.generate_subjectid.attributes=city + +xacml.attribute.generator.generate_subjectid.attributes.city.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +xacml.attribute.generator.generate_subjectid.attributes.city.datatype=http://www.w3.org/2001/XMLSchema#string +xacml.attribute.generator.generate_subjectid.attributes.city.id=urn:oasis:names:tc:xacml:1.0:resource:resource-id +xacml.attribute.generator.generate_subjectid.attributes.city.field=0 + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml2.properties b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml2.properties new file mode 100644 index 000000000..2d1276b51 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml2.properties @@ -0,0 +1,120 @@ +# +# +# This is test set that tests configurable SQL PIP engine. It uses sample data from MySQL world database +# +# http://dev.mysql.com/doc/world-setup/en/index.html +# +# The Policy was created using the PAP Admin Tool. +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# Policies to load +# +xacml.rootPolicies=sql +sql.file=src/test/resources/xacml/frequency_limiter_2.xml + +# PIP Engine Definition +# +xacml.pip.engines=sql1 + +sql1.classname=com.att.research.xacml.std.pip.engines.jdbc.JDBCEngine +sql1.name=World +sql1.description=World Database from MySQL website. Copyright Statistics Finland, http://www.stat.fi/worldinfigures. +# This will be the default issuer for the resolvers. NOTE: Issuer only used for attributes provided by the engine. +sql1.issuer=com:att:research:xacml:test:sql +# +# This is the configuration for JDBC. You will have to setup the database and run the data\world*.sql script to +# create the tables and load the data. +# +sql1.type=jdbc + +# Postgres DB +#sql1.jdbc.driver=org.postgresql.Driver +#sql1.jdbc.url=jdbc:postgresql://localhost:7778/postgres +#sql1.jdbc.conn.user=postgres +#sql1.jdbc.conn.password= + +# MariaDB +sql1.jdbc.driver=org.mariadb.jdbc.Driver +sql1.jdbc.url=jdbc:mariadb://localhost:7779/policy +sql1.jdbc.conn.user=root +sql1.jdbc.conn.password=lmpg + +# +# This is the configuration for JNDI datasource. +# +#sql1.type=jndi +#sql1.datasource=jdbc/xacml + +sql1.resolvers=langer + +sql1.resolver.langer.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.langer.name=Language +sql1.resolver.langer.description=This returns the number of previous operations within the given time window + +# Query for Postgres DB +#sql1.resolver.langer.select=select count(*) from operationshistory where actor=? and operation=? and target=? and endtime between now()::timestamp with time zone - (interval '1000000000s') and now()::timestamp with time zone + +# Query for MariaDB +#sql1.resolver.langer.select=select count(*) as count from operationshistory where actor=? and operation=? and target=? and convert_tz(endtime,@@session.time_zone,'-05:00') between date_sub(convert_tz(now(),@@session.time_zone,'-05:00'),interval 100 hour) and convert_tz(now(),@@session.time_zone,'-05:00') +sql1.resolver.langer.select=select starttime as starttimebag from operationshistory9 where actor=? and operation=? and target=? and endtime between date_sub(now(),interval 100 hour) and now() + +#sql1.resolver.langer.fields=count +sql1.resolver.langer.fields=starttimebag +sql1.resolver.langer.field.starttimebag.id=com:att:research:xacml:test:sql:resource:operations:starttimebag +sql1.resolver.langer.field.starttimebag.datatype=http://www.w3.org/2001/XMLSchema#dateTime +sql1.resolver.langer.field.starttimebag.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +#You can override the default issuer that is set in the JDBCEngine definition if you want. +#sql1.resolver.langer.field.language.issuer=com:att:research:xacml:test:sql +sql1.resolver.langer.parameters=actor,operation,target + +sql1.resolver.langer.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.langer.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject + +sql1.resolver.langer.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.langer.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action + +sql1.resolver.langer.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.langer.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +# +# These properties are for an attribute generator to build into requests. +# +xacml.attribute.generator=generate_subjectid + +xacml.attribute.generator.generate_subjectid.file=generate.data +xacml.attribute.generator.generate_subjectid.attributes=city + +xacml.attribute.generator.generate_subjectid.attributes.city.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +xacml.attribute.generator.generate_subjectid.attributes.city.datatype=http://www.w3.org/2001/XMLSchema#string +xacml.attribute.generator.generate_subjectid.attributes.city.id=urn:oasis:names:tc:xacml:1.0:resource:resource-id +xacml.attribute.generator.generate_subjectid.attributes.city.field=0 + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml3.properties b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml3.properties new file mode 100644 index 000000000..a3e6f2f44 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml3.properties @@ -0,0 +1,123 @@ +# +# +# This is test set that tests configurable SQL PIP engine. It uses sample data from MySQL world database +# +# http://dev.mysql.com/doc/world-setup/en/index.html +# +# The Policy was created using the PAP Admin Tool. +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# Policies to load +# +xacml.rootPolicies=sql +sql.file=src/test/resources/xacml/frequency_limiter_3.xml + +# PIP Engine Definition +# +xacml.pip.engines=sql1 + +sql1.classname=com.att.research.xacml.std.pip.engines.jdbc.JDBCEngine +sql1.name=OperationsHistory +sql1.description=Database of operations performed via closed loop. +sql1.issuer=com:att:research:xacml:test:sql123 +sql1.type=jdbc +sql1.jdbc.driver=org.mariadb.jdbc.Driver +sql1.jdbc.url=jdbc:mariadb://localhost:7779/policy +sql1.jdbc.conn.user=root +sql1.jdbc.conn.password=lmpg + +#Each of the following resolvers corresponds to a specific time window. The only difference between them is the "interval" in the "select" SQL query and the "issuer". +sql1.resolvers=tw10min,tw1h,tw100h + +############################################## +sql1.resolver.tw10min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 10 minute) and now() +sql1.resolver.tw10min.field.count.issuer=com:att:research:xacml:test:sql:tw10min + +sql1.resolver.tw10min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw10min.name=OperationsCount +sql1.resolver.tw10min.description=This returns the number of previous operations within the given time window +sql1.resolver.tw10min.fields=count +sql1.resolver.tw10min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw10min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw10min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw10min.parameters=actor,operation,target +sql1.resolver.tw10min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw10min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw10min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw10min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw10min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw10min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################################## +sql1.resolver.tw1h.select=select count(*) as count from operationshistory10 where actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 hour) and now() +sql1.resolver.tw1h.field.count.issuer=com:att:research:xacml:test:sql:tw1h + +sql1.resolver.tw1h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1h.name=OperationsCount +sql1.resolver.tw1h.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1h.fields=count +sql1.resolver.tw1h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1h.parameters=actor,operation,target +sql1.resolver.tw1h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################# +sql1.resolver.tw100h.select=select count(*) as count from operationshistory10 where actor=? and operation=? and target=? and endtime between date_sub(now(),interval 100 hour) and now() +sql1.resolver.tw100h.field.count.issuer=com:att:research:xacml:test:sql:tw100h + +sql1.resolver.tw100h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw100h.name=OperationsCount +sql1.resolver.tw100h.description=This returns the number of previous operations within the given time window +sql1.resolver.tw100h.fields=count +sql1.resolver.tw100h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw100h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw100h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw100h.parameters=actor,operation,target +sql1.resolver.tw100h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw100h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw100h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw100h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw100h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw100h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw100h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw100h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw100h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard.properties b/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard.properties new file mode 100644 index 000000000..070258642 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard.properties @@ -0,0 +1,52 @@ +# +# +# This files defines PIPs that will be used by XACML Guard Policies. One PIP per time window (5 min, 10min,...,1 month). +# +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# In case we have multiple applicable Guard policies, we will deny if any of them denies. +#xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny + + +# Policies to load +# +xacml.rootPolicies=p1,p2,p3,p4,p5 +p1.file=src/test/resources/xacml/autogenerated_frequency_limiter_restart.xml +p2.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild.xml +p3.file=src/test/resources/xacml/autogenerated_frequency_limiter_migrate.xml +p4.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild_1.xml +p5.file=src/test/resources/xacml/autogenerated_blacklist.xml + + +# PIP Engine Definition +# +xacml.pip.engines=historydb +historydb.classname=org.onap.policy.guard.PIPEngineGetHistory +historydb.issuer=com:att:research:xacml:guard:historydb + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard_old.properties b/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard_old.properties new file mode 100644 index 000000000..0f858da8d --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard_old.properties @@ -0,0 +1,277 @@ +# +# +# This files defines PIPs that will be used by XACML Guard Policies. One PIP per time window (5 min, 10min,...,1 month). +# +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# In case we have multiple applicable Guard policies, we will deny if any of them denies. +#xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny + + +# Policies to load +# +xacml.rootPolicies=p1,p2,p3,p4 +p1.file=src/test/resources/xacml/autogenerated_frequency_limiter_restart.xml +p2.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild.xml +p3.file=src/test/resources/xacml/autogenerated_frequency_limiter_migrate.xml +p4.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild_1.xml +#p5.file=src/test/resources/xacml/autogenerated_blacklist.xml +#p6.file=src/test/resources/xacml/new_restart1.xml +#p7.file=src/test/resources/xacml/new_restart2.xml +#p8.file=src/test/resources/xacml/new_rebuild1.xml +#p9.file=src/test/resources/xacml/new_rebuild2.xml +#p10.file=src/test/resources/xacml/new_migrate1.xml +#p11.file=src/test/resources/xacml/new_migrate2.xml + +# PIP Engine Definition +# +xacml.pip.engines=sql1,test1 +test1.classname=com.att.ecomp.policy.guard.PIPEngineGetHistory +test1.issuer=com:att:research:xacml:guard:historydb + + +sql1.classname=com.att.research.xacml.std.pip.engines.jdbc.JDBCEngine +sql1.name=OperationsHistory +sql1.description=Database of operations performed via closed loop. +sql1.issuer=com:att:research:xacml:test:sql123 +sql1.type=jdbc +sql1.jdbc.driver=org.mariadb.jdbc.Driver +#sql1.jdbc.url=jdbc:mariadb://localhost:7779/policy +sql1.jdbc.url=jdbc:mariadb://135.207.129.112:3306/policy +sql1.jdbc.conn.user=root +sql1.jdbc.conn.password=lmpg + +#Each of the following resolvers corresponds to a specific time window. The only difference between them is the "interval" in the "select" SQL query and the "issuer". +sql1.resolvers=tw5min,tw10min,tw30min,tw1h,tw12h,tw1d,tw5d,tw1w,tw1mon + + + +############################################## +sql1.resolver.tw5min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 5 minute) and now() +sql1.resolver.tw5min.field.count.issuer=com:att:research:xacml:test:sql:tw5min + +sql1.resolver.tw5min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw5min.name=OperationsCount +sql1.resolver.tw5min.description=This returns the number of previous operations within the given time window +sql1.resolver.tw5min.fields=count +sql1.resolver.tw5min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw5min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw5min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw5min.parameters=actor,operation,target +sql1.resolver.tw5min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw5min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw5min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw5min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw5min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw5min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################################## +sql1.resolver.tw10min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 10 minute) and now() +sql1.resolver.tw10min.field.count.issuer=com:att:research:xacml:test:sql:tw10min + +sql1.resolver.tw10min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw10min.name=OperationsCount +sql1.resolver.tw10min.description=This returns the number of previous operations within the given time window +sql1.resolver.tw10min.fields=count +sql1.resolver.tw10min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw10min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw10min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw10min.parameters=actor,operation,target +sql1.resolver.tw10min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw10min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw10min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw10min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw10min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw10min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################################## +sql1.resolver.tw30min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 30 minute) and now() +sql1.resolver.tw30min.field.count.issuer=com:att:research:xacml:test:sql:tw30min + +sql1.resolver.tw30min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw30min.name=OperationsCount +sql1.resolver.tw30min.description=This returns the number of previous operations within the given time window +sql1.resolver.tw30min.fields=count +sql1.resolver.tw30min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw30min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw30min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw30min.parameters=actor,operation,target +sql1.resolver.tw30min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw30min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw30min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw30min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw30min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw30min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw30min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw30min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw30min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################################## +sql1.resolver.tw1h.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 hour) and now() +sql1.resolver.tw1h.field.count.issuer=com:att:research:xacml:test:sql:tw1h + +sql1.resolver.tw1h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1h.name=OperationsCount +sql1.resolver.tw1h.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1h.fields=count +sql1.resolver.tw1h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1h.parameters=actor,operation,target +sql1.resolver.tw1h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################################## +sql1.resolver.tw12h.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 12 hour) and now() +sql1.resolver.tw12h.field.count.issuer=com:att:research:xacml:test:sql:tw12h + +sql1.resolver.tw12h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw12h.name=OperationsCount +sql1.resolver.tw12h.description=This returns the number of previous operations within the given time window +sql1.resolver.tw12h.fields=count +sql1.resolver.tw12h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw12h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw12h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw12h.parameters=actor,operation,target +sql1.resolver.tw12h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw12h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw12h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw12h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw12h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw12h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw12h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw12h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw12h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################# +sql1.resolver.tw1d.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 day) and now() +sql1.resolver.tw1d.field.count.issuer=com:att:research:xacml:test:sql:tw1d + +sql1.resolver.tw1d.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1d.name=OperationsCount +sql1.resolver.tw1d.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1d.fields=count +sql1.resolver.tw1d.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1d.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1d.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1d.parameters=actor,operation,target +sql1.resolver.tw1d.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1d.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1d.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1d.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1d.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1d.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1d.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1d.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1d.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################# +sql1.resolver.tw5d.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 5 day) and now() +sql1.resolver.tw5d.field.count.issuer=com:att:research:xacml:test:sql:tw5d + +sql1.resolver.tw5d.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw5d.name=OperationsCount +sql1.resolver.tw5d.description=This returns the number of previous operations within the given time window +sql1.resolver.tw5d.fields=count +sql1.resolver.tw5d.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw5d.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw5d.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw5d.parameters=actor,operation,target +sql1.resolver.tw5d.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw5d.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5d.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw5d.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw5d.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5d.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw5d.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw5d.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5d.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################# +sql1.resolver.tw1w.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 week) and now() +sql1.resolver.tw1w.field.count.issuer=com:att:research:xacml:test:sql:tw1w + +sql1.resolver.tw1w.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1w.name=OperationsCount +sql1.resolver.tw1w.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1w.fields=count +sql1.resolver.tw1w.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1w.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1w.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1w.parameters=actor,operation,target +sql1.resolver.tw1w.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1w.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1w.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1w.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1w.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1w.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1w.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1w.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1w.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################# +sql1.resolver.tw1mon.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 month) and now() +sql1.resolver.tw1mon.field.count.issuer=com:att:research:xacml:test:sql:tw1mon + +sql1.resolver.tw1mon.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1mon.name=OperationsCount +sql1.resolver.tw1mon.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1mon.fields=count +sql1.resolver.tw1mon.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1mon.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1mon.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1mon.parameters=actor,operation,target +sql1.resolver.tw1mon.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1mon.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1mon.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1mon.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1mon.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1mon.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1mon.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1mon.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1mon.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_ControlLoop_vUSP_1707.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_ControlLoop_vUSP_1707.yaml new file mode 100644 index 000000000..62bf986bd --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_ControlLoop_vUSP_1707.yaml @@ -0,0 +1,68 @@ +controlLoop: + version: 1.0.0 + controlLoopName: ControlLoop-vUSP-vCTS-cbed919f-2212-4ef7-8051-fe6308da1bda + services: + - serviceName: vUSP + resources: + - resourceName: vCTS + resourceType: VF + - resourceName: vCOM + resourceType: VF + - resourceName: vRAR + resourceType: VF + - resourceName: vLCS + resourceType: VF + - resourceName: v3CB + resourceType: VF + trigger_policy: unique-policy-id-1-restart + timeout: 60 + abatement: true + +policies: + - id: unique-policy-id-1-restart + name: Restart Policy + description: + actor: APPC + recipe: Restart + target: + type: VM + retry: 3 + timeout: 20 + success: final_success + failure: unique-policy-id-2-rebuild + failure_timeout: unique-policy-id-2-rebuild + failure_retries: unique-policy-id-2-rebuild + failure_guard: unique-policy-id-2-rebuild + failure_exception: final_failure_exception + + - id: unique-policy-id-2-rebuild + name: Rebuild Policy + description: + actor: APPC + recipe: Rebuild + target: + type: VM + retry: 0 + timeout: 10 + success: final_success + failure: unique-policy-id-3-migrate + failure_timeout: unique-policy-id-3-migrate + failure_retries: unique-policy-id-3-migrate + failure_guard: unique-policy-id-3-migrate + failure_exception: final_failure_exception + + - id: unique-policy-id-3-migrate + name: Migrate Policy + description: + actor: APPC + recipe: Migrate + target: + type: VM + retry: 0 + timeout: 30 + success: final_success + failure: final_failure + failure_timeout: final_failure_timeout + failure_retries: final_failure_retries + failure_guard: final_failure_guard + failure_exception: final_failure_exception diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_migrate.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_migrate.yaml new file mode 100644 index 000000000..333895b2e --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_migrate.yaml @@ -0,0 +1,24 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1 + name: APPC 5 Migrate + description: | + We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am) + actor: APPC + recipe: Migrate + limit_constraints: + - num: 1 + duration: + value: 10 + units: minute + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + +
\ No newline at end of file diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild.yaml new file mode 100644 index 000000000..865915f82 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild.yaml @@ -0,0 +1,24 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1 + name: APPC 5 Rebuild + description: | + We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am) + actor: APPC + recipe: Rebuild + limit_constraints: + - num: 2 + duration: + value: 10 + units: minute + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + +
\ No newline at end of file diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild_1.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild_1.yaml new file mode 100644 index 000000000..6905d733f --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild_1.yaml @@ -0,0 +1,24 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1 + name: APPC 5 Rebuild + description: | + We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am) + actor: APPC + recipe: Rebuild + limit_constraints: + - num: 25 + duration: + value: 1 + units: week + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + +
\ No newline at end of file diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart.yaml new file mode 100644 index 000000000..b44ff00df --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart.yaml @@ -0,0 +1,24 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1 + name: APPC 5 Restart + description: | + We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am) + actor: APPC + recipe: Restart + limit_constraints: + - num: 2 + duration: + value: 10 + units: minute + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + +
\ No newline at end of file diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart_blacklist.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart_blacklist.yaml new file mode 100644 index 000000000..50af17af6 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart_blacklist.yaml @@ -0,0 +1,26 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1_Blacklist + name: APPC Restart Blacklist + description: | + We deny restart of the blacklisted targets (avoid midnight to 5am) + actor: APPC + recipe: Restart + limit_constraints: + - blacklist: + - server123 + - server2234 + - vserver.vserver-name22 + - aaabbbccc + - foobartriggersource35 + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + +
\ No newline at end of file |