diff options
author | Jorge Hernandez <jh1730@att.com> | 2017-05-03 21:31:58 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2017-05-03 21:31:58 +0000 |
commit | a330af579866dacbe595e2e4ad1dd29cd3c96945 (patch) | |
tree | b9455591600034dfd4f33a9c1f733336280f2208 /ECOMP-XACML/src/test/resources | |
parent | 5444e748b8651d8346dcb78c5ab8b0637dea197b (diff) | |
parent | e0addf5b588a1244f9679becd90999dfcb4c3a94 (diff) |
Merge "Policy 1707 commit to LF"
Diffstat (limited to 'ECOMP-XACML/src/test/resources')
-rw-r--r-- | ECOMP-XACML/src/test/resources/CSVPolicy.xml | 205 | ||||
-rw-r--r-- | ECOMP-XACML/src/test/resources/logback.xml | 5 |
2 files changed, 208 insertions, 2 deletions
diff --git a/ECOMP-XACML/src/test/resources/CSVPolicy.xml b/ECOMP-XACML/src/test/resources/CSVPolicy.xml new file mode 100644 index 000000000..02a79b104 --- /dev/null +++ b/ECOMP-XACML/src/test/resources/CSVPolicy.xml @@ -0,0 +1,205 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ============LICENSE_START======================================================= + ECOMP-XACML + ================================================================================ + Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> + +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:fb9e6bed-b5dd-430c-acd4-1baed0c1f1cf" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit"> + <Description>This Policy handles the Take action and Advice action operations. </Description> + <Target /> + <!--<Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">VM</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> --> + <VariableDefinition VariableId="doesItRequireNewVM"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> + <Description>Check the CPU Utilization or Network Load</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than"> + <Description>Load</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:load" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">95</AttributeValue> + <!--<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="com:att:research:xacml:test:pip:csv:category:server" AttributeId="com:att:research:xacml:test:pip:csv:server:loadval" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="com:att:research:xacml:test:pip:csv" MustBePresent="false"/> + </Apply> --> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than"> + <Description>CPU</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:cpu" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">95</AttributeValue> + <!-- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="com:att:research:xacml:test:pip:csv:category:server" AttributeId="com:att:research:xacml:test:pip:csv:server:cpuval" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="com:att:research:xacml:test:pip:csv" MustBePresent="false"/> + </Apply> --> + </Apply> + </Apply> + </VariableDefinition> + <Rule RuleId="urn:com:xacml:rule:id:9f8e2241-8205-4656-b6f6-143637cc0c66" Effect="Permit"> + <Description>Permit to create a new VM with Obligation</Description> + <Target /> + <!--<Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">create_Action</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> --> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal"> + <Description>If the Requirement has met create the VM</Description> + <VariableReference VariableId="doesItRequireNewVM"/> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue> + </Apply> + </Condition> + <ObligationExpressions> + <ObligationExpression ObligationId="com.att.research.nvp.test.obligation" FulfillOn="Permit"> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.test.obligation.key" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Action_Info</AttributeValue> + </AttributeAssignmentExpression> + </ObligationExpression> + <ObligationExpression ObligationId="com.att.research.nvp.test.multiobligation" FulfillOn="Permit"> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.obligation.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Create_NEW_VM</AttributeValue> + </AttributeAssignmentExpression> + </ObligationExpression> + </ObligationExpressions> + </Rule> + <Rule RuleId="urn:com:xacml:rule:id:6dd4c4b2-8864-4bae-b497-7472b464ffe7" Effect="Permit"> + <Description>Permit to create a new VM with Advice</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">create_adviceAction</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal"> + <Description>If the Requirement has met create the VM</Description> + <VariableReference VariableId="doesItRequireNewVM"/> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue> + </Apply> + </Condition> + <AdviceExpressions> + <AdviceExpression AdviceId="com.att.research.nvp.test.advice.multi" AppliesTo="Permit"> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.test.advice.key"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Action_Info</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + <AdviceExpression AdviceId="com.att.research.nvp.test.advice.multiadvice" AppliesTo="Permit"> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.test.advice.multival"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Created New VM</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.test.advice.val" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:8080/pdp/?type=hb</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> + <VariableDefinition VariableId="removeVM"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:research:xacml:test:pip:csv:resource:cpu" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="com:att:research:xacml:test:pip:csv:category:server" AttributeId="com:att:research:xacml:test:pip:csv:server:minval" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="com:att:research:xacml:test:pip:csv" MustBePresent="false"/> + </Apply> + </Apply> + </VariableDefinition> + <Rule RuleId="urn:com:xacml:rule:id:262fc3fd-f3f3-4aaa-8b9c-504f89be5ba2" Effect="Permit"> + <Description>Permit to remove a VM with Obligation</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">remove_Action</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal"> + <Description>If the resource usage is low then remove the VM</Description> + <VariableReference VariableId="removeVM"/> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue> + </Apply> + </Condition> + <ObligationExpressions> + <ObligationExpression ObligationId="com.att.research.nvp.test.obligation" FulfillOn="Permit"> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.test.obligation.key" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Action_Info</AttributeValue> + </AttributeAssignmentExpression> + </ObligationExpression> + <ObligationExpression ObligationId="com.att.research.nvp.test.multiobligation" FulfillOn="Permit"> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.obligation.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Remove_VM</AttributeValue> + </AttributeAssignmentExpression> + </ObligationExpression> + </ObligationExpressions> + </Rule> + <Rule RuleId="urn:com:xacml:rule:id:6b17c532-6b43-4577-b499-30c862bc7df3" Effect="Permit"> + <Description>Permit to remove a VM with Advice</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">remove_adviceAction</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal"> + <Description>If the resource usage is low then remove the VM</Description> + <VariableReference VariableId="removeVM"/> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue> + </Apply> + </Condition> + <AdviceExpressions> + <AdviceExpression AdviceId="com.att.research.nvp.test.advice.multi" AppliesTo="Permit"> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.test.advice.key"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Action_Info</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + <AdviceExpression AdviceId="com.att.research.nvp.test.advice.multiadvice" AppliesTo="Permit"> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.test.advice.multival"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Removed VM</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="com.att.research.nvp.test.advice.val" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:8080/pdp/?type=hb</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> +</Policy> diff --git a/ECOMP-XACML/src/test/resources/logback.xml b/ECOMP-XACML/src/test/resources/logback.xml index f2b70a01b..2f92f709b 100644 --- a/ECOMP-XACML/src/test/resources/logback.xml +++ b/ECOMP-XACML/src/test/resources/logback.xml @@ -44,14 +44,15 @@ <property name="defaultAuditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{ServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}||%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" /> <property name="defaultAuditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{requestId}|%X{serviceInstanceId}|%t|%X{serverName}|%X{serviceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{instanceUuid}|%p|%X{severity}|%X{serverIpAddress}|%X{ElapsedTime}|%X{server}|%X{clientIpAddress}|%c||%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" /> --> - <property name="defaultAuditPattern" value="%X{TransactionBeginTimestamp}|%X{TransactionEndTimestamp}|%X{requestId}|%X{serviceInstanceId}|%t|%X{serverName}|%X{serviceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{instanceUuid}|%p|%X{severity}|%X{serverIpAddress}|%X{TransactionElapsedTime}|%X{server}|%X{clientIpAddress}|%c||%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" /> + <property name="defaultAuditPattern" value="%X{TransactionBeginTimestamp}|%X{TransactionEndTimestamp}|%X{requestId}|%X{serviceInstanceId}|%t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{instanceUuid}|%p|%X{severity}|%X{serverIpAddress}|%X{TransactionElapsedTime}|%X{server}|%X{clientIpAddress}|%c||%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" /> <!-- M E T R I C <property name="defaultMetricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{ServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}||%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" /> --> - <property name="defaultMetricPattern" value="%X{MetricBeginTimestamp}|%X{MetricEndTimestamp}|%X{requestId}|%X{serviceInstanceId}|%t|%X{serverName}|%X{serviceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%p|%X{severity}|%X{serverIpAddress}|%X{MetricElapsedTime}|%X{server}|%X{clientIpAddress}|%c||%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" /> + <property name="defaultMetricPattern" value="%X{MetricBeginTimestamp}|%X{MetricEndTimestamp}|%X{requestId}|%X{serviceInstanceId}|%t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%X{statusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%p|%X{severity}|%X{serverIpAddress}|%X{MetricElapsedTime}|%X{server}|%X{clientIpAddress}|%c||%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" /> + |