[Policy-17] Removed the sql scripts from sdk app

[policy/engine.git] / ECOMP-PAP-REST / src / main / resources / Decision_GuardBLPolicyTemplate.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:d56af069-6cf1-430c-ba07-e26602e06a52" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> 
    <Description>${description}</Description>
    <Target>
        <AnyOf>
            <AllOf>
                <Match MatchId="org.openecomp.function.regex-match">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${PolicyName}</AttributeValue>
                    <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </Match>
            </AllOf>
            <AllOf>
                <Match MatchId="org.openecomp.function.regex-match">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${ECOMPName}</AttributeValue>
                    <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </Match>
                <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue>
                    <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="actor" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </Match>
                <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue>
                    <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="recipe" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </Match>
            </AllOf>
        </AnyOf>
    </Target>
    <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Permit">
        <Target>
            <AnyOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue>
                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                    </Match>
                </AllOf>
            </AnyOf>
        </Target>
        <Condition>
                        <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
                                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
                    <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
                        <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
                            <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/>
                        </Apply>
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue>
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue>
                    </Apply>
                                        <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
                                                <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
                                                        <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
                                                                <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="target" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                                                        </Apply>
                                                        <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
                                                                <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>-->
                                                                ${blackListElement}
                                                        </Apply>
                                        </Apply>
                </Apply>
            </Apply>
        </Condition>
    </Rule>
    <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Deny">
        <Target>
            <AnyOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue>
                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                    </Match>
                </AllOf>
            </AnyOf>
        </Target>
        <Condition>
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
                                        <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
                                                <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
                                                        <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
                                                                <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/>
                                                        </Apply>
                                                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue>
                                                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue>
                                                </Apply>
                                                <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
                                                        <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
                                                                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
                                                                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="target" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                                                                </Apply>
                                                                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
                                                                        <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>-->
                                                                        ${blackListElement}
                                                                </Apply>
                                                </Apply>
                                        </Apply>
                                </Apply>
            </Apply>
        </Condition>
        <AdviceExpressions>
            <AdviceExpression AdviceId="GUARD_BL_YAML" AppliesTo="Deny">
                <AttributeAssignmentExpression AttributeId="guard.response" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Denied!</AttributeValue>
                </AttributeAssignmentExpression>
            </AdviceExpression>
        </AdviceExpressions>
    </Rule>
</Policy>