aboutsummaryrefslogtreecommitdiffstats
path: root/PolicyEngineAPI/Test
diff options
context:
space:
mode:
Diffstat (limited to 'PolicyEngineAPI/Test')
-rw-r--r--PolicyEngineAPI/Test/PDP_settings/test_PolicyEngine.xml595
-rw-r--r--PolicyEngineAPI/Test/PDP_settings/xacml.pip.properties23
-rw-r--r--PolicyEngineAPI/Test/PDP_settings/xacml.policy.properties24
-rw-r--r--PolicyEngineAPI/Test/config_UEB_bad_type.properties28
-rw-r--r--PolicyEngineAPI/Test/config_UEB_badservers.properties28
-rw-r--r--PolicyEngineAPI/Test/config_UEB_pass.properties28
-rw-r--r--PolicyEngineAPI/Test/config_error.property3
-rw-r--r--PolicyEngineAPI/Test/config_fail.properties23
-rw-r--r--PolicyEngineAPI/Test/config_fail_URL.properties23
-rw-r--r--PolicyEngineAPI/Test/config_pass.properties36
-rw-r--r--PolicyEngineAPI/Test/test.Config_BRMS_Raw_TestBrmsPolicy.1.txt11
-rw-r--r--PolicyEngineAPI/Test/test_PolicyEngine.xml595
12 files changed, 1417 insertions, 0 deletions
diff --git a/PolicyEngineAPI/Test/PDP_settings/test_PolicyEngine.xml b/PolicyEngineAPI/Test/PDP_settings/test_PolicyEngine.xml
new file mode 100644
index 000000000..343ec7c55
--- /dev/null
+++ b/PolicyEngineAPI/Test/PDP_settings/test_PolicyEngine.xml
@@ -0,0 +1,595 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+ ============LICENSE_START=======================================================
+ PolicyEngineAPI
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:03e0d98f-90e4-4457-bd78-3ddec62e27d5" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>Test Policies for the ProtoType PolicyEngineAPI</Description>
+ <Target/>
+ <VariableDefinition VariableId="ResetVM">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+ <Description>Check if the CPU Utilization or Memory reach the threshold values. </Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than">
+ <Description>CPU</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:cpu" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">95</AttributeValue>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than">
+ <Description>Memory</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:memory" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">95</AttributeValue>
+ </Apply>
+ </Apply>
+ </VariableDefinition>
+ <VariableDefinition VariableId="SpinOffVM">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+ <Description>Spinoff if the VM if CPU or memory value reaches the threshold</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than">
+ <Description>CPU</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:cpu" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">90</AttributeValue>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than">
+ <Description>Memory</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:memory" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">90</AttributeValue>
+ </Apply>
+ </Apply>
+ </VariableDefinition>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815211-f387-47ee-9b15-4b6a0f15b31f" Effect="Permit">
+ <Description>Json Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_json.json</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815212-f387-47ee-9b15-4b6a0f15b31f" Effect="Permit">
+ <Description>Json + Config test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSONconfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_json.json</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815211-f387-47ee-9b15-4bfa0f15f568" Effect="Permit">
+ <Description>XML test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XML</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_xml.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815212-f387-47ee-9b15-4bfa0f15f568" Effect="Permit">
+ <Description>XML + Config test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XML</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XMLConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_xml.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815211-f387-47ee-9b15-4b6a5287f3af" Effect="Permit">
+ <Description>Properties Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Properties</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_prop.properties</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815212-f387-47ee-9b15-4b6a5287f3af" Effect="Permit">
+ <Description>Properties + Config Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Properties</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PropConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_prop.properties</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815211-f387-47ee-9b15-4b7a5287f3af" Effect="Permit">
+ <Description>Other Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Other</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_other.txt</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815212-f387-47ee-9b15-4b8a5287f3af" Effect="Permit">
+ <Description>Other + Config Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Other</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">OtherConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_other.txt</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:786aded3-49c4-43da-9e16-77be6b522f04" Effect="Permit">
+ <Description> JSON + Attributes </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSONconfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestSubject</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Subject.com:test:subject:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestJSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Action.com:test:action:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Test</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Resource.com:test:resource:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_json.json</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:6311eb9c-ec15-43d5-9f16-17c14b300e6d" Effect="Permit">
+ <Description> XML + Attributes </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XML</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XMLConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestSubject</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Subject.com:test:subject:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestJSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Action.com:test:action:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Test</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Resource.com:test:resource:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_xml.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:1148b345-4836-4853-96fc-84c1d37f4dbd" Effect="Permit">
+ <Description> Prop + Attributes </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Properties</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PropConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestSubject</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Subject.com:test:subject:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestJSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Action.com:test:action:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Test</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Resource.com:test:resource:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_prop.properties</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:786aded3-49c4-43da-9e16-77b86b522f04" Effect="Permit">
+ <Description> Other + Attributes </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Other</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Otherconfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestSubject</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Subject.com:test:subject:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestJSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Action.com:test:action:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Test</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Resource.com:test:resource:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:5443/config/test_other.txt</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <!-- <Rule RuleId="urn:com:xacml:rule:id:a5b3007a-853a-47f0-a4c2-56912b47d74a" Effect="Permit">
+ <Description>test if this is working </Description>
+
+ </Rule> -->
+ <Rule RuleId="urn:com:xacml:rule:id:596bb33b-c0ab-4840-9f8f-aebb0b603f37" Effect="Permit">
+ <Description>Permit to RESET VM if the values reach the threshold settings.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Restart</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal">
+ <Description>Restart VM if this condition is met</Description>
+ <VariableReference VariableId="ResetVM"/>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue>
+ </Apply>
+ </Condition>
+ <ObligationExpressions>
+ <ObligationExpression ObligationId="com.att.labs.ecomp.obligation" FulfillOn="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.obligation.restart" Category="urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Restart</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.obligation.server" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:server:name" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:596db34b-c0ab-4841-9f9d-aedb07603f39" Effect="Permit">
+ <Description>Permit to SpinOff VM if the values reach the threshold settings.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SpinOff</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal">
+ <Description>SpinOff VM if this condition is met</Description>
+ <VariableReference VariableId="SpinOffVM"/>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue>
+ </Apply>
+ </Condition>
+ <ObligationExpressions>
+ <ObligationExpression ObligationId="com.att.labs.ecomp.obligation" FulfillOn="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.obligation.spinoff" Category="urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SpinOff</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="performer" Category="urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PDPAction</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">REST</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.obligation.server" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:server:name" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="method" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="URL" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:8635/RESTjson/PDP/VM/$com.att.labs.ecomp.obligation.spinoff/$com.att.labs.ecomp.obligation.server</AttributeValue>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:c2430bab-c2a1-4686-b885-67f8036a1e52" Effect="Deny">
+ <Description>Deny all the other requests.</Description>
+ <Target/>
+ </Rule>
+</Policy>
diff --git a/PolicyEngineAPI/Test/PDP_settings/xacml.pip.properties b/PolicyEngineAPI/Test/PDP_settings/xacml.pip.properties
new file mode 100644
index 000000000..e703811b7
--- /dev/null
+++ b/PolicyEngineAPI/Test/PDP_settings/xacml.pip.properties
@@ -0,0 +1,23 @@
+###
+# ============LICENSE_START=======================================================
+# PolicyEngineAPI
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# PIP Engine Definition
+#
+xacml.pip.engines=
diff --git a/PolicyEngineAPI/Test/PDP_settings/xacml.policy.properties b/PolicyEngineAPI/Test/PDP_settings/xacml.policy.properties
new file mode 100644
index 000000000..dd304bf90
--- /dev/null
+++ b/PolicyEngineAPI/Test/PDP_settings/xacml.policy.properties
@@ -0,0 +1,24 @@
+###
+# ============LICENSE_START=======================================================
+# PolicyEngineAPI
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Policies to load
+#
+xacml.rootPolicies=useCase
+useCase.file=config/test_PolicyEngine.xml
diff --git a/PolicyEngineAPI/Test/config_UEB_bad_type.properties b/PolicyEngineAPI/Test/config_UEB_bad_type.properties
new file mode 100644
index 000000000..146bb1bfd
--- /dev/null
+++ b/PolicyEngineAPI/Test/config_UEB_bad_type.properties
@@ -0,0 +1,28 @@
+###
+# ============LICENSE_START=======================================================
+# PolicyEngineAPI
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Policies to load
+#
+PDP_URL=http://localhost:8082/pdp/, test, test
+PAP_URL=http://localhost:8070/pap/, test, test
+NOTIFICATION = ueb
+NOTIFICATION_UEB_SERVERS=localhost.com
+CLIENT_KEY=test
+CLIENT_ID=test
diff --git a/PolicyEngineAPI/Test/config_UEB_badservers.properties b/PolicyEngineAPI/Test/config_UEB_badservers.properties
new file mode 100644
index 000000000..dca12f7c1
--- /dev/null
+++ b/PolicyEngineAPI/Test/config_UEB_badservers.properties
@@ -0,0 +1,28 @@
+###
+# ============LICENSE_START=======================================================
+# PolicyEngineAPI
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Policies to load
+#
+PDP_URL=http://localhost:8082/pdp/, test, test
+PAP_URL=http://localhost:8070/pap/, test, test
+NOTIFICATION_TYPE=ueb
+NOTIFICATION_UEB=localhost.com
+CLIENT_KEY=test
+CLIENT_ID=test
diff --git a/PolicyEngineAPI/Test/config_UEB_pass.properties b/PolicyEngineAPI/Test/config_UEB_pass.properties
new file mode 100644
index 000000000..16da65f07
--- /dev/null
+++ b/PolicyEngineAPI/Test/config_UEB_pass.properties
@@ -0,0 +1,28 @@
+###
+# ============LICENSE_START=======================================================
+# PolicyEngineAPI
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Policies to load
+#
+PDP_URL=http://localhost:8092/pdp/, test, test
+PAP_URL=http://localhost:8070/pap/, test, test
+NOTIFICATION_TYPE=ueb
+NOTIFICATION_UEB_SERVERS=localhost.com
+CLIENT_KEY=test
+CLIENT_ID=test
diff --git a/PolicyEngineAPI/Test/config_error.property b/PolicyEngineAPI/Test/config_error.property
new file mode 100644
index 000000000..1081e4d33
--- /dev/null
+++ b/PolicyEngineAPI/Test/config_error.property
@@ -0,0 +1,3 @@
+# Policies to load
+#
+PDP_URL=http://localhost:8080/pdp/ \ No newline at end of file
diff --git a/PolicyEngineAPI/Test/config_fail.properties b/PolicyEngineAPI/Test/config_fail.properties
new file mode 100644
index 000000000..5b8c15fb0
--- /dev/null
+++ b/PolicyEngineAPI/Test/config_fail.properties
@@ -0,0 +1,23 @@
+###
+# ============LICENSE_START=======================================================
+# PolicyEngineAPI
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Policies to load
+#
+PDP=http://localhost:8080/pdp/
diff --git a/PolicyEngineAPI/Test/config_fail_URL.properties b/PolicyEngineAPI/Test/config_fail_URL.properties
new file mode 100644
index 000000000..7fe04f8a5
--- /dev/null
+++ b/PolicyEngineAPI/Test/config_fail_URL.properties
@@ -0,0 +1,23 @@
+###
+# ============LICENSE_START=======================================================
+# PolicyEngineAPI
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Policies to load
+#
+PDP_URL=http://localhost:8080
diff --git a/PolicyEngineAPI/Test/config_pass.properties b/PolicyEngineAPI/Test/config_pass.properties
new file mode 100644
index 000000000..0a74f5ab8
--- /dev/null
+++ b/PolicyEngineAPI/Test/config_pass.properties
@@ -0,0 +1,36 @@
+###
+# ============LICENSE_START=======================================================
+# PolicyEngineAPI
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Policies to load
+#
+PAP_URL=http://localhost:8070/pap/ , test, test
+PDP_URL=http://localhost:8092/pdp/ , test, test
+CLIENT_ID=
+CLIENT_KEY=
+JUNIT=test
+
+NOTIFICATION_TYPE=ueb
+NOTIFICATION_SERVERS=
+NOTIFICATION_TOPIC=
+NOTIFICATION_DELAY=
+
+ENVIRONMENT=TEST
+
+
diff --git a/PolicyEngineAPI/Test/test.Config_BRMS_Raw_TestBrmsPolicy.1.txt b/PolicyEngineAPI/Test/test.Config_BRMS_Raw_TestBrmsPolicy.1.txt
new file mode 100644
index 000000000..1982255bf
--- /dev/null
+++ b/PolicyEngineAPI/Test/test.Config_BRMS_Raw_TestBrmsPolicy.1.txt
@@ -0,0 +1,11 @@
+rule "B to C"
+ agenda-group "B to C"
+ auto-focus true
+ when
+ State(name == "B", state == State.FINISHED )
+ c : State(name == "C", state == State.NOTRUN )
+ then
+ System.out.println(c.getName() + " finished" );
+ c.setState( State.FINISHED );
+ kcontext.getKnowledgeRuntime().getAgenda().getAgendaGroup( "B to D" ).setFocus();
+end
diff --git a/PolicyEngineAPI/Test/test_PolicyEngine.xml b/PolicyEngineAPI/Test/test_PolicyEngine.xml
new file mode 100644
index 000000000..d83c12a4c
--- /dev/null
+++ b/PolicyEngineAPI/Test/test_PolicyEngine.xml
@@ -0,0 +1,595 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+ ============LICENSE_START=======================================================
+ PolicyEngineAPI
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:03e0d98f-90e4-4457-bd78-3ddec62e27d5" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>Test Policies for the ProtoType PolicyEngineAPI</Description>
+ <Target/>
+ <VariableDefinition VariableId="ResetVM">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+ <Description>Check if the CPU Utilization or Memory reach the threshold values. </Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than">
+ <Description>CPU</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:cpu" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">95</AttributeValue>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than">
+ <Description>Memory</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:memory" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">95</AttributeValue>
+ </Apply>
+ </Apply>
+ </VariableDefinition>
+ <VariableDefinition VariableId="SpinOffVM">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+ <Description>Spinoff if the VM if CPU or memory value reaches the threshold</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than">
+ <Description>CPU</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:cpu" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">90</AttributeValue>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than">
+ <Description>Memory</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:vm:memory" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="true"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">90</AttributeValue>
+ </Apply>
+ </Apply>
+ </VariableDefinition>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815211-f387-47ee-9b15-4b6a0f15b31f" Effect="Permit">
+ <Description>Json Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_json.json</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815212-f387-47ee-9b15-4b6a0f15b31f" Effect="Permit">
+ <Description>Json + Config test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSONconfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_json.json</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815211-f387-47ee-9b15-4bfa0f15f568" Effect="Permit">
+ <Description>XML test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XML</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_xml.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815212-f387-47ee-9b15-4bfa0f15f568" Effect="Permit">
+ <Description>XML + Config test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XML</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XMLConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_xml.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815211-f387-47ee-9b15-4b6a5287f3af" Effect="Permit">
+ <Description>Properties Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Properties</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_prop.properties</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815212-f387-47ee-9b15-4b6a5287f3af" Effect="Permit">
+ <Description>Properties + Config Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Properties</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PropConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_prop.properties</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815211-f387-47ee-9b15-4b7a5287f3af" Effect="Permit">
+ <Description>Other Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Other</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_other.txt</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:2a815212-f387-47ee-9b15-4b8a5287f3af" Effect="Permit">
+ <Description>Other + Config Test</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Other</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">OtherConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_other.txt</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:786aded3-49c4-43da-9e16-77be6b522f04" Effect="Permit">
+ <Description> JSON + Attributes </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">JSONconfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestSubject</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Subject.com:test:subject:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestJSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Action.com:test:action:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Test</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Resource.com:test:resource:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_json.json</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:6311eb9c-ec15-43d5-9f16-17c14b300e6d" Effect="Permit">
+ <Description> XML + Attributes </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XML</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">XMLConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestSubject</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Subject.com:test:subject:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestJSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Action.com:test:action:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Test</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Resource.com:test:resource:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_xml.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:1148b345-4836-4853-96fc-84c1d37f4dbd" Effect="Permit">
+ <Description> Prop + Attributes </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Properties</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PropConfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestSubject</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Subject.com:test:subject:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestJSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Action.com:test:action:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Test</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Resource.com:test:resource:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_prop.properties</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:786aded3-49c4-43da-9e16-77b86b522f04" Effect="Permit">
+ <Description> Other + Attributes </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Other</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Otherconfig</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestSubject</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Subject.com:test:subject:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TestJSON</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Action.com:test:action:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Test</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="Resource.com:test:resource:json" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="com.att.labs.ecomp.advice.config" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.key" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.advice.value" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://10.01.10.01:5443/config/test_other.txt</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+ <!-- <Rule RuleId="urn:com:xacml:rule:id:a5b3007a-853a-47f0-a4c2-56912b47d74a" Effect="Permit">
+ <Description>test if this is working </Description>
+
+ </Rule> -->
+ <Rule RuleId="urn:com:xacml:rule:id:596bb33b-c0ab-4840-9f8f-aebb0b603f37" Effect="Permit">
+ <Description>Permit to RESET VM if the values reach the threshold settings.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Restart</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal">
+ <Description>Restart VM if this condition is met</Description>
+ <VariableReference VariableId="ResetVM"/>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue>
+ </Apply>
+ </Condition>
+ <ObligationExpressions>
+ <ObligationExpression ObligationId="com.att.labs.ecomp.obligation" FulfillOn="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.obligation.restart" Category="urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Restart</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.obligation.server" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:server:name" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:596db34b-c0ab-4841-9f9d-aedb07603f39" Effect="Permit">
+ <Description>Permit to SpinOff VM if the values reach the threshold settings.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SpinOff</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal">
+ <Description>SpinOff VM if this condition is met</Description>
+ <VariableReference VariableId="SpinOffVM"/>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue>
+ </Apply>
+ </Condition>
+ <ObligationExpressions>
+ <ObligationExpression ObligationId="com.att.labs.ecomp.obligation" FulfillOn="Permit">
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.obligation.spinoff" Category="urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SpinOff</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="performer" Category="urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PDPAction</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">REST</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="com.att.labs.ecomp.obligation.server" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="com:att:labs:ecomp:resource:server:name" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="method" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="URL" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:8635/RESTjson/PDP/VM/$org.ecomp.obligation.spinoff/$org.ecomp.obligation.server</AttributeValue>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:c2430bab-c2a1-4686-b885-67f8036a1e52" Effect="Deny">
+ <Description>Deny all the other requests.</Description>
+ <Target/>
+ </Rule>
+</Policy>