diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2017-02-14 19:41:00 -0500 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2017-02-14 19:41:32 -0500 |
commit | 91d04c64771832a0b8815ffbe1f0f9920320d94d (patch) | |
tree | fb02d5e1c84a3d91def9a7ee95bc87f9c046cc96 /packages/base/src/files/install/servers/console | |
parent | b9d4caa40ef8e3566ac475968bce17b9b64b6939 (diff) |
Initial OpenECOMP policy/engine commit
Change-Id: I7dbff37733b661643dd4d1caefa3d7dccc361b6e
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'packages/base/src/files/install/servers/console')
12 files changed, 1552 insertions, 0 deletions
diff --git a/packages/base/src/files/install/servers/console/bin/JSONConfig.json b/packages/base/src/files/install/servers/console/bin/JSONConfig.json new file mode 100644 index 000000000..4b90f4ebf --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/JSONConfig.json @@ -0,0 +1,132 @@ +[ + { + "serviceTypePolicyName": "Registration Failure(Trinity)", + "verticaMetrics": "DATETIMEUTC\n VNFC_NAME\n BW_SIP_STATS_REGISTER_RESPONSE_CODE_VALUE \nBW_SIP_STATS_REGISTER_RESPONSE_INS \n BW_SIP_STATS_REGISTER_RESPONSE_OUTS", + "attributes": { + "Onset&abatement anomaly detection": { + "PtileLimit": "Percentile value used by anomaly detection model", + "Threshold": "initial value for the quantile at percentile(PtileLimit) used by the anomaly detection model", + "Window": "Number of weeks anomaly detection model keeps in memory to estimate Threshold", + "Training": "Number of historical weeks anomaly detection model needs for training ", + "FractionSamplePerDay": "This corresponds to the minimum number of samples per day to be used in the daily percentile computation when updating the distribution tail crossing model. When there are less samples than that threshold, the model is not updated with these samples. " + }, + "Onset signature trigger": { + "ConsecutiveInterval": "Number of consecutive intervals normalized metric must trigger the anomaly detection model before resulting in an action", + "RetryTimer": "Minimum interval between policy triggers" + }, + "Abatement signature trigger": { + "Consecutiveinterval": "Number of consecutive intervals normalized metric does not trigger the anomaly detection model after onset signature was triggered" + }, + "Onset & abatement UEB notification": { + "OnsetMessage": "Value of field OnSetMessage sent by Analytics Engine published on UEB", + "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB", + "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB" + } + }, + "policyDescription": "Policy to detect instances where SIP registration rate exceeds a normal level over a number of consecutive sampling periods. \n Notes \n (1) Vertica metrics normalized and combined in a SIP registration failure probability per Site and per VM. \n (2) Anomaly detection model operates on SIP registration failure probability. \n (3) Anomaly detection consists of an estimated distribution percentile threshold crossing. \n (4) Actions: Send email and/or UEB notification" + }, + { + "serviceTypePolicyName": "International Fraud(Trinity)", + "verticaMetrics": "INTERVAL_START_TS\n CUSTOMER\n A_SITE\n A_SBG\n BW\n Z_COUNTRY\n CALL_COUNT\n MINUTES_OF_USE", + "attributes": { + "Onset&abatement anomaly detection": { + "PtileLimit": "Percentile value used by anomaly detection model", + "Threshold": "initial value for the quantile at percentile(PtileLimit) used by the anomaly detection model", + "Window": "Number of weeks anomaly detection model keeps in memory to estimate Threshold", + "Training": "Number of historical weeks anomaly detection model needs for training ", + "FractionSamplePerDay": "This corresponds to the minimum number of samples per day to be used in the daily percentile computation when updating the distribution tail crossing model. When there are less samples than that threshold, the model is not updated with these samples. " + }, + "Onset signature trigger": { + "ConsecutiveInterval": "Number of consecutive intervals normalized metric must trigger the anomaly detection model before resulting in an action", + "RetryTimer": "Minimum interval between policy triggers" + }, + "Abatement signature trigger": { + "Consecutiveinterval": "Number of consecutive intervals normalized metric does not trigger the anomaly detection model after onset signature was triggered" + }, + "Onset & abatement UEB notification ": { + "OnsetMessage": "Value of field OnSetMessage sent by Analytics Engine published on UEB", + "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB", + "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB" + } + }, + "policyDescription": "Policy to detect instances where count of calls towards an international destination exceeds a normal level over a number of consecutive sampling periods. \n Notes \n (1) Vertica metrics normalized and combined in a SIP registration failure probability per Customer, per Site and per VM. \n (2) Anomaly detection model operates on counts towards an international destination. \n (3) Anomaly detection consists of an estimated distribution percentile threshold crossing. \n (4) Actions: Send email and/or UEB notification" + }, + { + "serviceTypePolicyName": "No dial tone(Trinity)", + "verticaMetrics": "INTERVAL_START_TS\n SUM(CALLS_ATTEMPTED)\n SUM(NO_ANSWER_OR_VOICE_MAIL)\n A_SITE or A_SBG or BW or CUSTOMER", + "attributes": { + "Onset&abatement anomaly detection": { + "PtileLimit": "Percentile value used by anomaly detection model", + "Threshold": "initial value for the quantile at percentile(PtileLimit) used by the anomaly detection model", + "Window": "Number of weeks anomaly detection model keeps in memory to estimate Threshold", + "Training": "Number of historical weeks anomaly detection model needs for training ", + "FractionSamplePerDay": "This corresponds to the minimum number of samples per day to be used in the daily percentile computation when updating the distribution tail crossing model. When there are less samples than that threshold, the model is not updated with these samples. " + }, + "Onset signature trigger": { + "ConsecutiveInterval": "Number of consecutive intervals normalized metric must trigger the anomaly detection model before resulting in an action", + "RetryTimer": "Minimum interval between policy triggers" + }, + "Abatement signature trigger": { + "Consecutiveinterval": "Number of consecutive intervals normalized metric does not trigger the anomaly detection model after onset signature was triggered" + }, + "Onset & abatement UEB notification ": { + "OnsetMessage": "Value of field OnSetMessage sent by Analytics Engine published on UEB", + "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB", + "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB" + } + }, + "policyDescription": "Policy to detect ? \n Notes:\n (1) Actions: Send email and/or UEB notification" + }, + { + "serviceTypePolicyName": "Call storm(Trinity)", + "verticaMetrics": "", + "attributes": { + "Onset&abatement anomaly detection": { + "SeasonLength": "Metric seasonality (5min sampling period with 7 days seasonality: 7*288) used by Holt-Winters model", + "TrainLength": "Training length (5min sampling period with 7 days seasonality and 5 cycles training: 7*288*5) used by Holt-Winters", + "Alpha": "Smoothing parameter (range 0-1, default 0.2)", + "Beta": "Trend parameter (range 0-1, default 0) ", + "Gamma": "Seasonality (range 0-1, default 0.05)", + "Deviation Threshold": "Approximately a limit on the factor by how much current value has deviated compared to expected variance" + }, + "Onset signature trigger": { + "RetryTimer": "Minimum interval between policy triggers" + }, + "Abatement signature trigger": { + "Hw-Timeout": "Maximum time for an HealthCheck response (measured from the time a positive App-C response was received)", + "OnSetMessage": "Value of field Message sent by Analytics Engine published on UEB " + }, + "Onset & abatement UEB notification ": { + "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB", + "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB" + } + }, + "policyDescription": "Policy to detect instances where count of Formatted table ? exceeds a predicted level. \n Notes \n (1) Vertica metrics normalized and combined in ? per Customer, per Site and per VM. \n (2) Anomaly detection model operates on ? \n (3) Anomaly detection consists of detecting deviations from Holt-Winters predictions. \n (4) Actions: Send email and/or UEB notification" + }, + { + "serviceTypePolicyName": "Registration storm(Trinity)", + "verticaMetrics": "", + "attributes": { + "Onset&abatement anomaly detection": { + "SeasonLength": "Metric seasonality (5min sampling period with 7 days seasonality: 7*288) used by Holt-Winters model", + "TrainLength": "Training length (5min sampling period with 7 days seasonality and 5 cycles training: 7*288*5) used by Holt-Winters", + "Alpha": "Smoothing parameter (range 0-1, default 0.2)", + "Beta": "Trend parameter (range 0-1, default 0) ", + "Gamma": "Seasonality (range 0-1, default 0.05)", + "Deviation Threshold": "Approximately a limit on the factor by how much current value has deviated compared to expected variance" + }, + "Onset signature trigger": { + "RetryTimer": "Minimum interval between policy triggers" + }, + "Abatement signature trigger": { + "Hw-Timeout": "Maximum time for an HealthCheck response (measured from the time a positive App-C response was received)", + "OnSetMessage": "Value of field Message sent by Analytics Engine published on UEB " + }, + "Onset & abatement UEB notification ": { + "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB", + "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB" + } + }, + "policyDescription": "Policy to detect instances where count of Formatted table ? exceeds a predicted level. \n Notes \n (1) Vertica metrics normalized and combined in ? per Customer, per Site and per VM. \n (2) Anomaly detection model operates on ? \n (3) Anomaly detection consists of detecting deviations from Holt-Winters predictions. \n (4) Actions: Send email and/or UEB notification" + } +]
\ No newline at end of file diff --git a/packages/base/src/files/install/servers/console/bin/Policy-Admin.xml b/packages/base/src/files/install/servers/console/bin/Policy-Admin.xml new file mode 100644 index 000000000..b2d70de9b --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/Policy-Admin.xml @@ -0,0 +1,565 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ============LICENSE_START======================================================= + ECOMP Policy Engine + ================================================================================ + Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> + +<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="urn:com:att:xacml:policy:id:3db6785b-9343-4d1f-aa87-1470f7c64e42" Version="2" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable"> + <Description>Extremely simple policy for accessing the admin console. If you are "admin" you can do anything. If you are "editor", you can edit policies and the dictionaries. If you are "guest", you can only read or view information.</Description> + <Target/> + <Policy PolicyId="urn:com:att:xacml:policy:id:70a20f17-e538-4d07-8a2a-89bbdb6ca9e3" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Admin policy</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3114" Effect="Permit"> + <Description>PERMIT - application access.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:e84e5501-0f73-445c-b5de-04f2947e0637" Effect="Permit"> + <Description>PERMIT - any action on the admin</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d91" Effect="Permit"> + <Description>PERMIT - any action on the roles</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">workspace</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d41" Effect="Permit"> + <Description>PERMIT - any action on the dictionaries</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">dictionaries</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b69-a23e-f475c41f2d51" Effect="Permit"> + <Description>PERMIT - any action on the pdp</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b69-a23e-f475c41f2d81" Effect="Permit"> + <Description>PERMIT - any action on the pip</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pip_admin</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc669" Effect="Permit"> + <Description>PERMIT - admin can read</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:80422fdf-5094-4609-925e-289ad226e2aa" Effect="Deny"> + <Description>DENY - default</Description> + <Target/> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d10" Effect="Deny"> + <Description>DENY- any action on manage scopes</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">manage_scopes</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + </Policy> + <Policy PolicyId="urn:com:att:xacml:policy:id:70a20f17-e538-4d07-8a2a-89bbdb6ca9e4" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Super Admin policy</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">super-admin</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:13067c96-14f7-4ab0-bea3-65d8cb0970b2" Effect="Permit"> + <Description>PERMIT - superadmin can do everything in the admin console.</Description> + <Target/> + </Rule> + </Policy> + <Policy PolicyId="urn:com:att:xacml:policy:id:6edb392a-0d8f-4cbo-a965-229292fd1122" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Editor Policy</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">editor</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3144" Effect="Permit"> + <Description>PERMIT - application access.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:9c9ce992-196a-4da4-bbf6-4f4a88436635" Effect="Permit"> + <Description>PERMIT - R/W workspace</Description> + <Target/> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <Description>The action is read or write AND the resource is the workspace.</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> + <Description>Action is Read OR Write</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <Description>Is action = read?</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <Description>Un-bag</Description> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <Description>Is action = write?</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <Description>Un-bag</Description> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue> + </Apply> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <Description>resource is workspace</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <Description>Un-bag</Description> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">workspace</AttributeValue> + </Apply> + </Apply> + </Condition> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:e84e5501-0f73-445c-b5de-04f2947e0677" Effect="Permit"> + <Description>PERMIT - any action on the editor</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">editor</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d11" Effect="Deny"> + <Description>PERMIT - any action on the dictionaries</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">dictionaries</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b69-a23e-f475c41f2d11" Effect="Permit"> + <Description>PERMIT - any action on the dictionaries</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc629" Effect="Permit"> + <Description>PERMIT - editor can read</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:80422fdf-5094-4609-925e-289ad226e2aa" Effect="Deny"> + <Description>DENY - default</Description> + <Target/> + </Rule> + </Policy> + <Policy PolicyId="urn:com:att:xacml:policy:id:6edb392a-0d8f-4cbo-a965-229292fd1122" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Super Editor Policy</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">super-editor</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3144" Effect="Permit"> + <Description>PERMIT - application access.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:9c9ce992-196a-4da4-bbf6-4f4a88436635" Effect="Permit"> + <Description>PERMIT - R/W workspace</Description> + <Target/> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <Description>The action is read or write AND the resource is the workspace.</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> + <Description>Action is Read OR Write</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <Description>Is action = read?</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <Description>Un-bag</Description> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <Description>Is action = write?</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <Description>Un-bag</Description> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue> + </Apply> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <Description>resource is workspace</Description> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <Description>Un-bag</Description> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">workspace</AttributeValue> + </Apply> + </Apply> + </Condition> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:e84e5501-0f73-445c-b5de-04f2947e0677" Effect="Permit"> + <Description>PERMIT - any action on the super editor</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">super-editor</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d11" Effect="Deny"> + <Description>PERMIT - any action on the dictionaries</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">dictionaries</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b69-a23e-f475c41f2d11" Effect="Permit"> + <Description>PERMIT - any action on the dictionaries</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc629" Effect="Permit"> + <Description>PERMIT - super editor can read</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:80422fdf-5094-4609-925e-289ad226e2aa" Effect="Deny"> + <Description>DENY - default</Description> + <Target/> + </Rule> + </Policy> + <Policy PolicyId="urn:com:att:xacml:policy:id:980c728d-fb53-4f2f-ba5f-823e594302eb" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Guest policy</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">guest</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3144" Effect="Permit"> + <Description>PERMIT - application access.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc629" Effect="Permit"> + <Description>PERMIT - guest can access</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b67-a23e-f475c41f2d12s" Effect="Permit"> + <Description>PERMIT - guest to access pdp</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b68-a23e-f475c41f2d11" Effect="Permit"> + <Description>PERMIT - any action on the policymanagement</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:80004328-a1fc-4238-b2a8-906f6b8ae572" Effect="Deny"> + <Description>DENY - default</Description> + <Target/> + </Rule> + </Policy> + <Policy PolicyId="urn:com:att:xacml:policy:id:980c728d-fb53-4f2f-ba5f-823e594302eb" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>super guest policy</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">super-guest</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3144" Effect="Permit"> + <Description>PERMIT - application access.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc629" Effect="Permit"> + <Description>PERMIT - super guest can access</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b67-a23e-f475c41f2d12s" Effect="Permit"> + <Description>PERMIT - super guest to access pdp</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b68-a23e-f475c41f2d11" Effect="Permit"> + <Description>PERMIT - any action on the dictionaries</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:80004328-a1fc-4238-b2a8-906f6b8ae572" Effect="Deny"> + <Description>DENY - default</Description> + <Target/> + </Rule> + </Policy> + <Policy PolicyId="urn:com:att:xacml:policy:id:54702055-e0ce-456b-854b-ffab1ff0c7e9" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>Unknown user id</Description> + <Target/> + <Rule RuleId="urn:com:att:xacml:rule:id:5b6029cf-5c33-4948-8dc9-fd758f85db29" Effect="Deny"> + <Description>DENY</Description> + <Target/> + </Rule> + </Policy> +</PolicySet> diff --git a/packages/base/src/files/install/servers/console/bin/config/policyLogger.properties b/packages/base/src/files/install/servers/console/bin/config/policyLogger.properties new file mode 100644 index 000000000..0deb1b3d6 --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/config/policyLogger.properties @@ -0,0 +1,44 @@ +### +# ============LICENSE_START======================================================= +# ECOMP Policy Engine +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +################################### Set concurrentHashMap and timer info ####################### +#Timer initial delay and the delay between in milliseconds before task is to be execute. +timer.delay.time=1000 +#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions. +check.interval= 30000 +#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds. +event.expired.time=86400 +#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed +#to remove all expired records from this concurrentHashMap. +concurrentHashMap.limit=5000 +#Size of the concurrentHashMap - when its size drops to this point, stop the Timer +stop.check.point=2500 +################################### Set logging format ############################################# +# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println +logger.type=EELF +#################################### Set level for EELF or SYSTEMOUT logging ################################## +# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all +debugLogger.level=INFO +# Set level for metrics file. Set OFF to disable; set ON to enable +metricsLogger.level=ON +# Set level for error file. Set OFF to disable; set ON to enable +error.level=ON +# Set level for audit file. Set OFF to disable; set ON to enable +audit.level=ON diff --git a/packages/base/src/files/install/servers/console/bin/model.properties b/packages/base/src/files/install/servers/console/bin/model.properties new file mode 100644 index 000000000..ce448b9ed --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/model.properties @@ -0,0 +1,22 @@ +### +# ============LICENSE_START======================================================= +# ECOMP Policy Engine +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +ControllerServiceCollectorSdnlService=ControllerServiceCollectorSdnlServiceConfiguration,VirtualMachineServiceInstance +VirtualMachineTEST=VirtualMachineServiceTest
\ No newline at end of file diff --git a/packages/base/src/files/install/servers/console/bin/sql/log.h2.db b/packages/base/src/files/install/servers/console/bin/sql/log.h2.db Binary files differnew file mode 100644 index 000000000..d203aec9d --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/sql/log.h2.db diff --git a/packages/base/src/files/install/servers/console/bin/sql/xacml.h2.db b/packages/base/src/files/install/servers/console/bin/sql/xacml.h2.db Binary files differnew file mode 100644 index 000000000..f3d08adad --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/sql/xacml.h2.db diff --git a/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml new file mode 100644 index 000000000..d4bc19eaa --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:708de148-2cfb-4211-930a-44b446c2d781" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides"> + <Description>vFW Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DROOLS</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">BRMS_PARAM_RULE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ConfigName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskType" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskLevel" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="guard" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="TTLDate" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:817128cd-2880-4e85-997b-1abff0eae822" Effect="Permit"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <AdviceExpressions> + <AdviceExpression AdviceId="BRMSPARAMID" AppliesTo="Permit"> + <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="URLID" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">$URL/Config/com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.txt</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="PolicyName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="VersionNumber" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:ECOMPName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DROOLS</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:ConfigName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">BRMS_PARAM_RULE</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="key:controller" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vFW</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="RiskType" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="RiskLevel" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="guard" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="TTLDate" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> +</Policy> diff --git a/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml new file mode 100644 index 000000000..f3bb31456 --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:95afb43f-13f2-475c-9501-7e022d15b8a7" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides"> + <Description>vLB Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DROOLS</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">BRMS_PARAM_RULE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ConfigName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskType" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskLevel" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="guard" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="TTLDate" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:69f687f8-1f6e-485f-a4e8-5cb9beb28ba4" Effect="Permit"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <AdviceExpressions> + <AdviceExpression AdviceId="BRMSPARAMID" AppliesTo="Permit"> + <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="URLID" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">$URL/Config/com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.txt</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="PolicyName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="VersionNumber" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:ECOMPName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DROOLS</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:ConfigName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">BRMS_PARAM_RULE</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="key:controller" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vDNS</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="RiskType" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="RiskLevel" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="guard" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="TTLDate" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> +</Policy> diff --git a/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vFirewall.1.xml b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vFirewall.1.xml new file mode 100644 index 000000000..7081ebc67 --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vFirewall.1.xml @@ -0,0 +1,114 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:a1c91d9b-b5d2-4b04-b3a9-afcac74a8161" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides"> + <Description>Micro Service vFirewall Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_MS_vFirewall.1.xml</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DCAE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleConfigName</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ConfigName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TcaMetrics-v1.0.0.5</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="service" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vFirewall</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="uuid" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleServiceLocation</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="location" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskType" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskLevel" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="guard" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="TTLDate" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:2af7b2a1-6427-4765-ac5f-0d5e3c7d059f" Effect="Permit"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <AdviceExpressions> + <AdviceExpression AdviceId="MSID" AppliesTo="Permit"> + <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="URLID" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">$URL/Config/com.Config_MS_vFirewall.1.json</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="PolicyName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_MS_vFirewall.1.xml</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="VersionNumber" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:ECOMPName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DCAE</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:ConfigName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleConfigName</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:service" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TcaMetrics-v1.0.0.5</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:uuid" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vFirewall</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:Location" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleServiceLocation</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="Priority" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="RiskType" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="RiskLevel" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="guard" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="TTLDate" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> +</Policy> diff --git a/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vLoadBalancer.1.xml b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vLoadBalancer.1.xml new file mode 100644 index 000000000..8128ffbbd --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vLoadBalancer.1.xml @@ -0,0 +1,114 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:4fd0d4bd-729b-42dd-9c39-d63fea7c9655" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides"> + <Description>Micro Service vLoadBalancer Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_MS_vLoadBalancer.1.xml</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DCAE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleConfigName</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ConfigName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TcaMetrics-v1.0.0.5</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="service" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vLoadBalancer</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="uuid" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleServiceLocation</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="location" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskType" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskLevel" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="guard" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="TTLDate" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:69d31737-09d4-429f-9e1d-6bcf39da90a1" Effect="Permit"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <AdviceExpressions> + <AdviceExpression AdviceId="MSID" AppliesTo="Permit"> + <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="URLID" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">$URL/Config/com.Config_MS_vLoadBalancer.1.json</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="PolicyName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_MS_vLoadBalancer.1.xml</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="VersionNumber" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:ECOMPName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DCAE</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:ConfigName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleConfigName</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:service" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TcaMetrics-v1.0.0.5</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:uuid" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vLoadBalancer</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="matching:Location" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleServiceLocation</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="Priority" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="RiskType" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="RiskLevel" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="guard" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue> + </AttributeAssignmentExpression> + <AttributeAssignmentExpression AttributeId="TTLDate" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer=""> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> +</Policy> diff --git a/packages/base/src/files/install/servers/console/bin/xacml.admin.properties b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties new file mode 100644 index 000000000..8a214a8ab --- /dev/null +++ b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties @@ -0,0 +1,203 @@ +### +# ============LICENSE_START======================================================= +# ECOMP Policy Engine +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +# +# This file is set to the defaults one can use to run the XACML-PAP-ADMIN for testing and development. +# +# It is not recommended to modify this file directly, but rather copy it to another location and make any modifications +# necessary to run the application in a development or a production environment. You can set the Java VM System +# property to change where the application can find the file. For example: +# +#-Dxacml.properties=/opt/app/xacml/etc/xacml.admin.properties +# +# +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=org.openecomp.policy.xacml.custom.EcompFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# +# This is an extremely simple policy to demonstrate authorization +# within the Admin Console. +# +xacml.rootPolicies=${{ROOT_POLICIES}} +admin.file=${{ADMIN_FILE}} + +# +# PAP Servlet properties +# +xacml.PAP.papEngineFactory=org.openecomp.policy.xacml.std.pap.StdEngineFactory + +# +# Admin Console properties +# +xacml.AC.papEngineFactory=org.openecomp.policy.xacml.admin.util.RESTfulPAPFactory + +# Set your domain here: + +xacml.rest.admin.domain=${{REST_ADMIN_DOMAIN}} +# +# Location where the GIT repository is located +# +xacml.rest.admin.repository=${{REST_ADMIN_REPOSITORY}} +# +# Location where all the user workspaces are located. +# +xacml.rest.admin.workspace=${{REST_ADMIN_WORKSPACE}} + + +xacml.rest.admin.closedLoopJSON =JSONConfig.json +xacml.rest.admin.microServiceModel=model.properties +xacm.restful.interface.file=RESTful.interface.properties +# +# +# Property to declare the max time frame for logs. +# +xacml.log.timeframe=${{LOG_TIMEFRAME}} + +#Log DB information +xacml.log.db.driver=${{JDBC_DRIVER}} +xacml.log.db.url=${{JDBC_LOG_URL}} +xacml.log.db.user=${{JDBC_USER}} +xacml.log.db.password=${{JDBC_PASSWORD}} + +# Dashboard refresh rate in miliseconds +xacml.refresh.rate=${{REFRESH_RATE}} + +# Number of visable rows for users in MicroService Policy +xacml.user.column.count=${{COLUMN_COUNT}} + +#the page length for the sqlcontainer used on Dashbaord +xacml.sqlcontainer.page.length=75 + +#Patter to identify if a attribute is ready. Currently just a place holder +xacm.xcor.required.pattern=1,1 + +#The time to hold the cache of values for the attributes retrieved from Remote dictionary +xacm.cache.live.time=2 + +#The largest value that priority can be set in on the UI +xacml.max.priority.count=10 +#The max Model Leve Displayed on the UI +xacml.model.level=4 +# +# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE +# container and setup authentication as you please. Setting HttpSession attribute values will override these +# values set in the properties files. +# +# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer"); +# +# The default policy: Policy-Admin.xml is extremely simple. +# +# You can test authorization within the Admin Console by changing the user id. +# There are 3 supported user ids: +# guest - Read only access +# editor - Read/Write access +# admin - Read/Write/Admin access +# +# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all. +# +# This is for development/demonstration purposes only. A production environment should provide authentication which is +# outside the scope of this application. This application can be used to develop a XACML policy for user authorization +# within this application. +# + +xacml.rest.admin.user.name=${{REST_ADMIN_USER_NAME}} +xacml.rest.admin.user.id=${{REST_ADMIN_USER_ID}} +xacml.rest.admin.user.email= + +# +# URL location for the PAP servlet. +# + +xacml.rest.pap.url=${{REST_PAP_URL}} + +xacml.rest.config.home=${{REST_CONFIG_HOME}} +xacml.rest.action.home=${{REST_ACTION_HOME}} +xacml.rest.config.url=${{REST_CONFIG_URL}} +xacml.rest.config.webapps=${{REST_CONFIG_WEBAPPS}} + +# PAP account information +xacml.rest.pap.userid=${{CONSOLE_PAP_HTTP_USER_ID}} +xacml.rest.pap.password=${{CONSOLE_PAP_HTTP_PASSWORD}} + +# pdps file - Needs to have the location of the PDPs File of the PAP-REST +xacml.rest.pdp.idfile=${{POLICY_HOME}}/servers/pap/bin/test.properties + +#Template Versions +xacml.rest.closedLoopFault=OpenSource.version.1 +xacml.rest.closedLoopPM=OpenSource.version.1 +xacml.rest.microServices=OpenSource.version.1 +xacml.rest.gocPolicy=OpenSource.version.1 +xacml.rest.firewallPolicy=OpenSource.version.1 + +#***Properties for IntegrityMonitor integration defined in XACMLRestProperties.java*** +#The name of the Admin. Must be unique across the system +xacml.rest.admin.resource.name=${{resource_name}} + +#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java*** +site_name=${{site_name}} +node_type=${{node_type}} +fp_monitor_interval=${{fp_monitor_interval}} +failed_counter_threshold=${{failed_counter_threshold}} +test_trans_interval=${{test_trans_interval}} +write_fpc_interval=${{write_fpc_interval}} +max_fpc_update_interval=${{max_fpc_update_interval}} +test_via_jmx=${{test_via_jmx}} + +# The (optional) period of time in seconds between executions of the integrity audit. +# Value < 0 : Audit does not run (default value if property is not present = -1) +# Value = 0 : Audit runs continuously +# Value > 0 : The period of time in seconds between execution of the audit on a particular node +integrity_audit_period_seconds=${{integrity_audit_period_seconds}} + +#Automatic Policy Distribution +xacml.att.automatic.push = ${{automatic_push}} + + +#Dashboard Tab Limit +xacml.ecomp.dashboard.logTableLimit = 5000 +xacml.ecomp.dashboard.systemAlertTableLimit = 2000 + +#Diff of policies for Firewall feature +FW_GETURL=${{FW_GETURL}} +FW_AUTHOURL=${{FW_AUTHOURL}} +FW_PROXY=${{FW_PROXY}} +FW_PORT=${{FW_PORT}} + +#SMTP Server Details for Java Mail +ecomp.smtp.host = ${{ecomp_smtp_host}} +ecomp.smtp.port = ${{ecomp_smtp_port}} +ecomp.smtp.userName = ${{ecomp_smtp_userName}} +ecomp.smtp.password = ${{ecomp_smtp_password}} +ecomp.smtp.emailExtension=${{ecomp_smtp_emailExtension}} +ecomp.application.name = ${{ecomp_application_name}} + +#Dialect for Database +ecomp.dialect = org.hibernate.dialect.MySQLDialect diff --git a/packages/base/src/files/install/servers/console/conf/server.xml b/packages/base/src/files/install/servers/console/conf/server.xml new file mode 100644 index 000000000..f45c5646c --- /dev/null +++ b/packages/base/src/files/install/servers/console/conf/server.xml @@ -0,0 +1,172 @@ +<?xml version='1.0' encoding='utf-8'?> +<!-- + ============LICENSE_START======================================================= + ECOMP Policy Engine + ================================================================================ + Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html + --> +<Server port="${{TOMCAT_SHUTDOWN_PORT}}" shutdown="SHUTDOWN"> + <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> + <!-- Security listener. Documentation at /docs/config/listeners.html + <Listener className="org.apache.catalina.security.SecurityListener" /> + --> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource name="UserDatabase" auth="Container" + type="org.apache.catalina.UserDatabase" + description="User database that can be updated and saved" + factory="org.apache.catalina.users.MemoryUserDatabaseFactory" + pathname="conf/tomcat-users.xml" /> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 + --> + <!-- + <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="${{SSL_HTTP_CONNECTOR_REDIRECT_PORT}}" /> + --> + + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 + This connector uses the NIO implementation that requires the JSSE + style configuration. When using the APR/native implementation, the + OpenSSL style configuration is required as described in the APR/native + documentation + --> + + <!-- ECOMP portal currently using http instead of https + <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" + keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"/> + --> + <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" /> + + + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" /> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine name="Catalina" defaultHost="localhost"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- Use the LockOutRealm to prevent attempts to guess user passwords + via a brute-force attack --> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + resourceName="UserDatabase"/> + </Realm> + + <Host name="localhost" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" + prefix="localhost_access_log" suffix=".txt" + pattern="%h %l %u %t "%r" %s %b" /> + + </Host> + </Engine> + </Service> +</Server> |