Versions Compared

Old Version 44

changes.mady.by.user Chenfei Gao

Saved on

compared with

New Version 45

changes.mady.by.user Chenfei Gao

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languageyml
titleExample TOSCA Policy for Native XACML rules
linenumberstrue
collapsetrue
tosca_definitions_version: tosca_simple_yaml_1_0_0
topology_template:
    policies:
        -
            usecase_foo_xacml_policy:
                policy: "%3CPolicy+xmlns%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Acore%3Aschema%3Awd-17%22+PolicyId%3D%22Test.policy%22+Version%3D%221%22+RuleCombiningAlgId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Arule-combining-algorithm%3Afirst-applicable%22%3E%0D%0A++++%3CTarget%2F%3E%0D%0A++++%3CRule+RuleId%3D%22Test.policy%3Arule%22+Effect%3D%22Permit%22%3E%0D%0A++++++++%3CDescription%3EDefault+is+to+PERMIT+if+the+policy+matches.%3C%2FDescription%3E%0D%0A++++++++%3CTarget%3E%0D%0A++++++++++++%3CAnyOf%3E%0D%0A++++++++++++++++%3CAllOf%3E%0D%0A++++++++++++++++++++%3CMatch+MatchId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Astring-equal%22%3E%0D%0A++++++++++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22%3EI+should+be+matched%3C%2FAttributeValue%3E%0D%0A++++++++++++++++++++++++%3CAttributeDesignator+Category%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Aattribute-category%3Aresource%22+AttributeId%3D%22urn%3Aorg%3Aonap%3Amatchable%3AmatchableString%22+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22+MustBePresent%3D%22false%22%2F%3E%0D%0A++++++++++++++++++++%3C%2FMatch%3E%0D%0A++++++++++++++++%3C%2FAllOf%3E%0D%0A++++++++++++%3C%2FAnyOf%3E%0D%0A++++++++++++%3CAnyOf%3E%0D%0A++++++++++++++++%3CAllOf%3E%0D%0A++++++++++++++++++++%3CMatch+MatchId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Ainteger-equal%22%3E%0D%0A++++++++++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23integer%22%3E1000%3C%2FAttributeValue%3E%0D%0A++++++++++++++++++++++++%3CAttributeDesignator+Category%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Aattribute-category%3Aresource%22+AttributeId%3D%22urn%3Aorg%3Aonap%3Amatchable%3AmatachableInteger%22+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23integer%22+MustBePresent%3D%22false%22%2F%3E%0D%0A++++++++++++++++++++%3C%2FMatch%3E%0D%0A++++++++++++++++%3C%2FAllOf%3E%0D%0A++++++++++++%3C%2FAnyOf%3E%0D%0A++++++++++++%3CAnyOf%3E%0D%0A++++++++++++++++%3CAllOf%3E%0D%0A++++++++++++++++++++%3CMatch+MatchId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Adouble-equal%22%3E%0D%0A++++++++++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23double%22%3E1.1%3C%2FAttributeValue%3E%0D%0A++++++++++++++++++++++++%3CAttributeDesignator+Category%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Aattribute-category%3Aresource%22+AttributeId%3D%22urn%3Aorg%3Aonap%3Amatchable%3AmatchableDouble%22+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23double%22+MustBePresent%3D%22false%22%2F%3E%0D%0A++++++++++++++++++++%3C%2FMatch%3E%0D%0A++++++++++++++++%3C%2FAllOf%3E%0D%0A++++++++++++%3C%2FAnyOf%3E%0D%0A++++++++++++%3CAnyOf%3E%0D%0A++++++++++++++++%3CAllOf%3E%0D%0A++++++++++++++++++++%3CMatch+MatchId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Aboolean-equal%22%3E%0D%0A++++++++++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23boolean%22%3Etrue%3C%2FAttributeValue%3E%0D%0A++++++++++++++++++++++++%3CAttributeDesignator+Category%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Aattribute-category%3Aresource%22+AttributeId%3D%22urn%3Aorg%3Aonap%3Amatchable%3AmatachableBoolean%22+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23boolean%22+MustBePresent%3D%22false%22%2F%3E%0D%0A++++++++++++++++++++%3C%2FMatch%3E%0D%0A++++++++++++++++%3C%2FAllOf%3E%0D%0A++++++++++++%3C%2FAnyOf%3E%0D%0A++++++++++++%3CAnyOf%3E%0D%0A++++++++++++++++%3CAllOf%3E%0D%0A++++++++++++++++++++%3CMatch+MatchId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Astring-equal%22%3E%0D%0A++++++++++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22%3Ematch+A%3C%2FAttributeValue%3E%0D%0A++++++++++++++++++++++++%3CAttributeDesignator+Category%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Aattribute-category%3Aresource%22+AttributeId%3D%22urn%3Aorg%3Aonap%3Amatchable%3AmatchableListString%22+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22+MustBePresent%3D%22false%22%2F%3E%0D%0A++++++++++++++++++++%3C%2FMatch%3E%0D%0A++++++++++++++++%3C%2FAllOf%3E%0D%0A++++++++++++++++%3CAllOf%3E%0D%0A++++++++++++++++++++%3CMatch+MatchId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Astring-equal%22%3E%0D%0A++++++++++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22%3Ematch+B%3C%2FAttributeValue%3E%0D%0A++++++++++++++++++++++++%3CAttributeDesignator+Category%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Aattribute-category%3Aresource%22+AttributeId%3D%22urn%3Aorg%3Aonap%3Amatchable%3AmatchableListString%22+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22+MustBePresent%3D%22false%22%2F%3E%0D%0A++++++++++++++++++++%3C%2FMatch%3E%0D%0A++++++++++++++++%3C%2FAllOf%3E%0D%0A++++++++++++%3C%2FAnyOf%3E%0D%0A++++++++%3C%2FTarget%3E%0D%0A++++++++%3CCondition%3E%0D%0A++++++++++++%3CApply+FunctionId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Aor%22%3E%0D%0A++++++++++++++++%3CDescription%3EIF+exists+and+is+equal%3C%2FDescription%3E%0D%0A++++++++++++++++%3CApply+FunctionId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Ainteger-equal%22%3E%0D%0A++++++++++++++++++++%3CDescription%3EDoes+the+policy-type+attribute+exist%3F%3C%2FDescription%3E%0D%0A++++++++++++++++++++%3CApply+FunctionId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Astring-bag-size%22%3E%0D%0A++++++++++++++++++++++++%3CDescription%3EGet+the+size+of+policy-type+attributes%3C%2FDescription%3E%0D%0A++++++++++++++++++++++++%3CAttributeDesignator+Category%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Aattribute-category%3Aresource%22+AttributeId%3D%22urn%3Aorg%3Aonap%3Apolicy-type%22+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22+MustBePresent%3D%22false%22%2F%3E%0D%0A++++++++++++++++++++%3C%2FApply%3E%0D%0A++++++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23integer%22%3E0%3C%2FAttributeValue%3E%0D%0A++++++++++++++++%3C%2FApply%3E%0D%0A++++++++++++++++%3CApply+FunctionId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Astring-is-in%22%3E%0D%0A++++++++++++++++++++%3CDescription%3EIs+this+policy-type+in+the+list%3F%3C%2FDescription%3E%0D%0A++++++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22%3Eonap.policies.Test%3C%2FAttributeValue%3E%0D%0A++++++++++++++++++++%3CAttributeDesignator+Category%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Aattribute-category%3Aresource%22+AttributeId%3D%22urn%3Aorg%3Aonap%3Apolicy-type%22+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22+MustBePresent%3D%22false%22%2F%3E%0D%0A++++++++++++++++%3C%2FApply%3E%0D%0A++++++++++++%3C%2FApply%3E%0D%0A++++++++%3C%2FCondition%3E%0D%0A++++%3C%2FRule%3E%0D%0A++++%3CRule+RuleId%3D%22Test.policy%3Arule%3Apolicy-type%22+Effect%3D%22Permit%22%3E%0D%0A++++++++%3CDescription%3EMatch+on+policy-type+onap.policies.Test%3C%2FDescription%3E%0D%0A++++++++%3CTarget%3E%0D%0A++++++++++++%3CAnyOf%3E%0D%0A++++++++++++++++%3CAllOf%3E%0D%0A++++++++++++++++++++%3CMatch+MatchId%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A1.0%3Afunction%3Astring-equal%22%3E%0D%0A++++++++++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22%3Eonap.policies.Test%3C%2FAttributeValue%3E%0D%0A++++++++++++++++++++++++%3CAttributeDesignator+Category%3D%22urn%3Aoasis%3Anames%3Atc%3Axacml%3A3.0%3Aattribute-category%3Aresource%22+AttributeId%3D%22urn%3Aorg%3Aonap%3Apolicy-type%22+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22+MustBePresent%3D%22false%22%2F%3E%0D%0A++++++++++++++++++++%3C%2FMatch%3E%0D%0A++++++++++++++++%3C%2FAllOf%3E%0D%0A++++++++++++%3C%2FAnyOf%3E%0D%0A++++++++%3C%2FTarget%3E%0D%0A++++%3C%2FRule%3E%0D%0A++++%3CObligationExpressions%3E%0D%0A++++++++%3CObligationExpression+ObligationId%3D%22urn%3Aorg%3Aonap%3Arest%3Abody%22+FulfillOn%3D%22Permit%22%3E%0D%0A++++++++++++%3CAttributeAssignmentExpression+AttributeId%3D%22urn%3Aorg%3Aonap%3A%3Aobligation%3Amonitoring%3Acontents%22%3E%0D%0A++++++++++++++++%3CAttributeValue+DataType%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%23string%22%3E%7B%22type%22%3A%22onap.policies.Test%22%2C%22type_version%22%3A%221.0.0%22%2C%22properties%22%3A%7B%22nonmatachableString%22%3A%22I+am+NON+matchable%22%2C%22matchableString%22%3A%22I+should+be+matched%22%2C%22nonmatachableInteger%22%3A0%2C%22matachableInteger%22%3A1000%2C%22nonmatachableDouble%22%3A0%2C%22matchableDouble%22%3A1.1%2C%22nonmatachableBoolean%22%3Afalse%2C%22matachableBoolean%22%3Atrue%2C%22matchableListString%22%3A%5B%22match+A%22%2C%22match+B%22%5D%7D%2C%22name%22%3A%22Test.policy%22%2C%22version%22%3A%221.0.0%22%2C%22metadata%22%3A%7B%22policy-id%22%3A%22Test.policy%22%2C%22policy-version%22%3A%221%22%7D%7D%3C%2FAttributeValue%3E%0D%0A++++++++++++%3C%2FAttributeAssignmentExpression%3E%0D%0A++++++++%3C%2FObligationExpression%3E%0D%0A++++%3C%2FObligationExpressions%3E%0D%0A%3C%2FPolicy%3E%0D%0A"

The native XACML rules for above TOSCA policy is:

...