controlloop/templates/template.demo/src/main/resources/blacklist_template.xml

   1 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
   2 <!--
   3   ============LICENSE_START=======================================================
   4   drools-applications
   5   ================================================================================
   6   Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
   7   ================================================================================
   8   Licensed under the Apache License, Version 2.0 (the "License");
   9   you may not use this file except in compliance with the License.
  10   You may obtain a copy of the License at
  11
  12        http://www.apache.org/licenses/LICENSE-2.0
  13
  14   Unless required by applicable law or agreed to in writing, software
  15   distributed under the License is distributed on an "AS IS" BASIS,
  16   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17   See the License for the specific language governing permissions and
  18   limitations under the License.
  19   ============LICENSE_END=========================================================
  20   -->
  21 <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
  22     PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069"
  23     Version="1"
  24     RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny">
  25     <Description>Policy for frequency limiter.</Description>
  26     <Target>
  27         <AnyOf>
  28             <AllOf>
  29                 <Match
  30                     MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
  31                         <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>-->
  32                     <AttributeValue
  33                         DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue>
  34                     <AttributeDesignator
  35                         Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
  36                         AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id"
  37                         DataType="http://www.w3.org/2001/XMLSchema#string"
  38                         MustBePresent="false" />
  39                 </Match>
  40
  41                 <!--  <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">-->
  42                 <Match
  43                     MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
  44                     <AttributeValue
  45                         DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue>
  46                     <AttributeDesignator
  47                         Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
  48                         AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id"
  49                         DataType="http://www.w3.org/2001/XMLSchema#string"
  50                         MustBePresent="false" />
  51                 </Match>
  52                 <Match
  53                     MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
  54                     <AttributeValue
  55                         DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue>
  56                     <AttributeDesignator
  57                         Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
  58                         AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id"
  59                         DataType="http://www.w3.org/2001/XMLSchema#string"
  60                         MustBePresent="false" />
  61                 </Match>
  62             </AllOf>
  63         </AnyOf>
  64     </Target>
  65     <Rule
  66         RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21"
  67         Effect="Deny">
  68         <Description>DENY - only if target is in black list and guard is
  69             active.</Description>
  70         <Condition>
  71             <Apply
  72                 FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
  73                 <VariableReference
  74                     VariableId="isGuardActive" />
  75                 <VariableReference
  76                     VariableId="isInBlackList" />
  77             </Apply>
  78         </Condition>
  79     </Rule>
  80     <VariableDefinition VariableId="isInBlackList">
  81         <Apply
  82             FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
  83             <Function
  84                 FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal" />
  85             <Apply
  86                 FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
  87                 <AttributeDesignator
  88                     Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
  89                     AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id"
  90                     DataType="http://www.w3.org/2001/XMLSchema#string"
  91                     MustBePresent="false" />
  92             </Apply>
  93             <Apply
  94                 FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
  95                 ${blackListElement}
  96                 <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>-->
  97             </Apply>
  98         </Apply>
  99     </VariableDefinition>
 100     <VariableDefinition VariableId="isGuardActive">
 101         <Apply
 102             FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
 103             <Apply
 104                 FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
 105                 <AttributeDesignator
 106                     AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"
 107                     DataType="http://www.w3.org/2001/XMLSchema#time"
 108                     Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"
 109                     MustBePresent="false" />
 110             </Apply>
 111             <AttributeValue
 112                 DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue>
 113             <AttributeValue
 114                 DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue>
 115         </Apply>
 116     </VariableDefinition>
 117 </Policy>