...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<Policy
xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="Test.policy" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
<Target/>
<Rule RuleId="Test.policy:rule" Effect="Permit">
<Description>Default is to PERMIT if the policy matches.</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">I should be matched</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:org:onap:matchable:matchableString" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">1000</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:org:onap:matchable:matachableInteger" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:double-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#double">1.1</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:org:onap:matchable:matchableDouble" DataType="http://www.w3.org/2001/XMLSchema#double" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:org:onap:matchable:matachableBoolean" DataType="http://www.w3.org/2001/XMLSchema#boolean" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">match A</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:org:onap:matchable:matchableListString" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">match B</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:org:onap:matchable:matchableListString" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
<Description>IF exists and is equal</Description>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
<Description>Does the policy-type attribute exist?</Description>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
<Description>Get the size of policy-type attributes</Description>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:org:onap:policy-type" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">0</AttributeValue>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
<Description>Is this policy-type in the list?</Description>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.policies.Test</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:org:onap:policy-type" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Apply>
</Apply>
</Condition>
</Rule>
<Rule RuleId="Test.policy:rule:policy-type" Effect="Permit">
<Description>Match on policy-type onap.policies.Test</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.policies.Test</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:org:onap:policy-type" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
</Target>
</Rule>
<ObligationExpressions>
<ObligationExpression ObligationId="urn:org:onap:rest:body" FulfillOn="Permit">
<AttributeAssignmentExpression AttributeId="urn:org:onap::obligation:monitoring:contents">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">{"type":"onap.policies.Test","type_version":"1.0.0","properties":{"nonmatachableString":"I am NON matchable","matchableString":"I should be matched","nonmatachableInteger":0,"matachableInteger":1000,"nonmatachableDouble":0,"matchableDouble":1.1,"nonmatachableBoolean":false,"matachableBoolean":true,"matchableListString":["match A","match B"]},"name":"Test.policy","version":"1.0.0","metadata":{"policy-id":"Test.policy","policy-version":"1"}}</AttributeValue>
</AttributeAssignmentExpression>
</ObligationExpression>
</ObligationExpressions>
</Policy> |
3. PAP Enhancements
PDP Engines must now register with PAP the new policy types for native policies they support in order for policies to be deployed by PAP to the PDP's. This will require an additional entry to be added into supported policy types list to indicate which native policy type each specific PDP engine can support.
...