Merge pull request #307 from telefonicaid/fix/sth_policies

add orion frn to sth policies
telefonicaid · Apr 13, 2021 · 7204769 · 7204769
2 parents 6e3f4a9 + 1d48cb6
commit 7204769
Show file tree

Hide file tree

Showing 9 changed files with 98 additions and 0 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,6 +1,8 @@
 CHANGES
 =======
 
+Upgrade STH xacml policies with orion frns
+
 3.8.0
 
 FIX: create geo-index in Orion DB upon service provision (#301)

diff --git a/src/orchestrator/core/policies/policy-sth-admin.xml b/src/orchestrator/core/policies/policy-sth-admin.xml
@@ -19,6 +19,18 @@
               Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
         </Match>
       </AllOf>
+      <AllOf>
+        <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+          <AttributeValue
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              >fiware:orion:.*</AttributeValue>
+          <AttributeDesignator
+              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              MustBePresent="true"
+              Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
+        </Match>
+      </AllOf>
     </AnyOf>
   </Target>
 

diff --git a/src/orchestrator/core/policies/policy-sth-admin2.xml b/src/orchestrator/core/policies/policy-sth-admin2.xml
@@ -19,6 +19,18 @@
               Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
         </Match>
       </AllOf>
+      <AllOf>
+        <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+          <AttributeValue
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              >fiware:orion:.*</AttributeValue>
+          <AttributeDesignator
+              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              MustBePresent="true"
+              Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
+        </Match>
+      </AllOf>
     </AnyOf>
   </Target>
 

diff --git a/src/orchestrator/core/policies/policy-sth-customer.xml b/src/orchestrator/core/policies/policy-sth-customer.xml
@@ -19,6 +19,18 @@
               Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
         </Match>
       </AllOf>
+      <AllOf>
+        <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+          <AttributeValue
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              >fiware:orion:.*</AttributeValue>
+          <AttributeDesignator
+              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              MustBePresent="true"
+              Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
+        </Match>
+      </AllOf>
     </AnyOf>
   </Target>
 

diff --git a/src/orchestrator/core/policies/policy-sth-customer2.xml b/src/orchestrator/core/policies/policy-sth-customer2.xml
@@ -19,6 +19,18 @@
               Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
         </Match>
       </AllOf>
+      <AllOf>
+        <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+          <AttributeValue
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              >fiware:orion:.*</AttributeValue>
+          <AttributeDesignator
+              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              MustBePresent="true"
+              Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
+        </Match>
+      </AllOf>
     </AnyOf>
   </Target>
 

diff --git a/src/orchestrator/core/policies/policy-sth-serviceadmin.xml b/src/orchestrator/core/policies/policy-sth-serviceadmin.xml
@@ -19,6 +19,18 @@
               Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
         </Match>
       </AllOf>
+      <AllOf>
+        <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+          <AttributeValue
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              >fiware:orion:.*</AttributeValue>
+          <AttributeDesignator
+              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              MustBePresent="true"
+              Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
+        </Match>
+      </AllOf>
     </AnyOf>
   </Target>
 

diff --git a/src/orchestrator/core/policies/policy-sth-servicecustomer.xml b/src/orchestrator/core/policies/policy-sth-servicecustomer.xml
@@ -19,6 +19,18 @@
               Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
         </Match>
       </AllOf>
+      <AllOf>
+        <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+          <AttributeValue
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              >fiware:orion:.*</AttributeValue>
+          <AttributeDesignator
+              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              MustBePresent="true"
+              Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
+        </Match>
+      </AllOf>
     </AnyOf>
   </Target>
 

diff --git a/src/orchestrator/core/policies/policy-sth-subserviceadmin.xml b/src/orchestrator/core/policies/policy-sth-subserviceadmin.xml
@@ -19,6 +19,18 @@
               Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
         </Match>
       </AllOf>
+      <AllOf>
+        <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+          <AttributeValue
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              >fiware:orion:.*</AttributeValue>
+          <AttributeDesignator
+              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              MustBePresent="true"
+              Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
+        </Match>
+      </AllOf>
     </AnyOf>
   </Target>
 

diff --git a/src/orchestrator/core/policies/policy-sth-subservicecustomer.xml b/src/orchestrator/core/policies/policy-sth-subservicecustomer.xml
@@ -19,6 +19,18 @@
               Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
         </Match>
       </AllOf>
+      <AllOf>
+        <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+          <AttributeValue
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              >fiware:orion:.*</AttributeValue>
+          <AttributeDesignator
+              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+              DataType="http://www.w3.org/2001/XMLSchema#string"
+              MustBePresent="true"
+              Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" />
+        </Match>
+      </AllOf>
     </AnyOf>
   </Target>