diff --git a/policies/alfa/FabricOrchestratorProjectTags/orchestrator-project-tags.alfa b/policies/alfa/FabricOrchestratorProjectTags/orchestrator-project-tags.alfa
index 40907cc..bf0329f 100644
--- a/policies/alfa/FabricOrchestratorProjectTags/orchestrator-project-tags.alfa
+++ b/policies/alfa/FabricOrchestratorProjectTags/orchestrator-project-tags.alfa
@@ -18,27 +18,6 @@ namespace fabricTags {
clause Attributes.actionId == "create"
apply permitUnlessDeny
- // Each of the following policies must explicitly say 'permit' or else the policy fails
- policyset createSwitch = "urn:fabric:authz:xacml:orchestrator:tags:create:switch" {
- target clause Attributes.resourceType == "sliver"
- apply denyUnlessPermit
-
- policy createSwitchPolicy = "urn:fabric:authz:xacml:orchestrator:tags:create:switch:requireP4" {
- target clause Attributes.resourceType == "sliver"
- apply permitUnlessDeny
-
- rule requireSwitchP4Tag {
- deny
- condition not(Attributes.projectTag == "Switch.P4")
- on deny {
- advice reasonToDeny {
- Attributes.message = "Policy Violation: Your project is lacking Switch.P4 tag to provision a P4 switch."
- }
- }
- }
- }
- }
-
// Each of the following policies must explicitly say 'permit' or else the policy fails
policyset createVM = "urn:fabric:authz:xacml:orchestrator:tags:create:vm" {
target clause Attributes.resourceType == "sliver"
@@ -157,6 +136,27 @@ namespace fabricTags {
}
}
+ // Each of the following policies must explicitly say 'permit' or else the policy fails
+ policyset createSwitch = "urn:fabric:authz:xacml:orchestrator:tags:create:switch" {
+ target clause Attributes.resourceType == "switch-p4"
+ apply denyUnlessPermit
+
+ policy createSwitchPolicy = "urn:fabric:authz:xacml:orchestrator:tags:create:switch:requireP4" {
+ target clause Attributes.resourceType == "switch-p4"
+ apply permitUnlessDeny
+
+ rule requireSwitchP4Tag {
+ deny
+ condition not(Attributes.projectTag == "Switch.P4")
+ on deny {
+ advice reasonToDeny {
+ Attributes.message = "Policy Violation: Your project is lacking Switch.P4 tag to provision a P4 switch."
+ }
+ }
+ }
+ }
+ }
+
// this is for network
policyset net = "urn:fabric:authz:xacml:orchestrator:tags:create:net" {
target clause Attributes.resourceType == "sliver"
@@ -189,7 +189,7 @@ namespace fabricTags {
rule withMirroring {
deny
- condition stringBagSize(Attributes.resourceMirrorSite) > 0 && not(Attributes.projectTag == "Net.PortMirroring")
+ condition stringBagSize(Attributes.resourceMirrorSite) > 0 && not(Attributes.projectTag == "Net.InfrastructurePortMirroring")
on deny {
advice reasonToDeny {
Attributes.message = "Policy Violation: Your project is lacking Net.PortMirroring tag to request a slice that uses port mirroring."
diff --git a/src-gen/fabricTags.OrchestratorTags.xml b/src-gen/fabricTags.OrchestratorTags.xml
index 12b2f09..4dc7558 100644
--- a/src-gen/fabricTags.OrchestratorTags.xml
+++ b/src-gen/fabricTags.OrchestratorTags.xml
@@ -1 +1 @@
-http://www.w3.org/TR/1999/REC-xpath-19991116http://www.w3.org/TR/1999/REC-xpath-19991116createhttp://www.w3.org/TR/1999/REC-xpath-19991116sliverhttp://www.w3.org/TR/1999/REC-xpath-19991116sliverSwitch.P4Policy Violation: Your project is lacking Switch.P4 tag to provision a P4 switch.Policy Violation: Policy returned deny for an unknown reason. This is an internal error.http://www.w3.org/TR/1999/REC-xpath-19991116sliverhttp://www.w3.org/TR/1999/REC-xpath-19991116sliver2VM.NoLimitCPUPolicy Violation: Your project is lacking VM.NoLimitCPU or VM.NoLimit tag to provision VM with more than 2 cores.10VM.NoLimitDiskPolicy Violation: Your project is lacking VM.NoLimitDisk or VM.NoLimit tag to provision VM with disk over 10GB.10VM.NoLimitRAMPolicy Violation: Your project is lacking VM.NoLimitRAM or VM.NoLimit tag to provision VM with more than 10GB of RAM.http://www.w3.org/TR/1999/REC-xpath-19991116sliver21010VM.NoLimithttp://www.w3.org/TR/1999/REC-xpath-19991116sliverhttp://www.w3.org/TR/1999/REC-xpath-19991116sliverGPUComponent.GPUPolicy Violation: Your project is lacking Component.GPU tag to provision a VM with GPU.SmartNICComponent.SmartNICPolicy Violation: Your project is lacking Component.SmartNIC tag to provision a VM with SmartNIC.StorageComponent.StoragePolicy Violation: Your project is lacking Component.Storage tag to provision a VM with attached storage.FPGAComponent.FPGAPolicy Violation: Your project is lacking Component.FPGA tag to provision a VM with FPGA.NVMEComponent.NVMEPolicy Violation: Your project is lacking Component.NVME tag to provision a VM with NVME.http://www.w3.org/TR/1999/REC-xpath-19991116sliverhttp://www.w3.org/TR/1999/REC-xpath-19991116sliver0Net.FABNetv4ExtPolicy Violation: Your project is lacking Net.FABNetv4Ext tag to request a slice with external IPv4 connectivity.0Net.FABNetv6ExtPolicy Violation: Your project is lacking Net.FABNetv6Ext tag to request a slice with external IPv6 connectivity.0Net.PortMirroringPolicy Violation: Your project is lacking Net.PortMirroring tag to request a slice that uses port mirroring.1Slice.MultisitePolicy Violation: Your project is lacking Slice.Multisite tag to request a slice spanning multiple sites.EDUKYSlice.OnlyEDUKYPolicy Violation: Your project is tagged as OnlyEDUKY and cannot use resources on sites other than EDUKY.10Net.NoLimitBWPolicy Violation: Your project is lacking Net.NoLimitBW tag to request links with bandwidth over 10Gbps.0Net.FacilityPort.Policy Violation: Your project is lacking Net.FacilityPort.<facility-port-name> tag to request a connection to one or more of the facilities.http://www.w3.org/TR/1999/REC-xpath-19991116sliverhttp://www.w3.org/TR/1999/REC-xpath-19991116slivertrueSlice.MeasurementsPolicy Violation: Your project is lacking Slice.Measurements tag to request measurement resources.P14DT5MSlice.NoLimitLifetimePolicy Violation: Your project is lacking Slice.NoLimitLifetime tag so you cannot request resource lifetime longer than two weeks.http://www.w3.org/TR/1999/REC-xpath-19991116modifyhttp://www.w3.org/TR/1999/REC-xpath-19991116sliverPolicy Violation: You are not the creator of this resource and not the member of the same project so you cannot modify it.http://www.w3.org/TR/1999/REC-xpath-19991116deletehttp://www.w3.org/TR/1999/REC-xpath-19991116sliverPolicy Violation: You are not the creator of this resource and cannot delete it.http://www.w3.org/TR/1999/REC-xpath-19991116renewhttp://www.w3.org/TR/1999/REC-xpath-19991116sliverPolicy Violation: You are not the creator of this resource and not the member of the same project so you cannot renew it.http://www.w3.org/TR/1999/REC-xpath-19991116sliverP14DT5MSlice.NoLimitLifetimePolicy Violation: Your project is lacking Slice.NoLimitLifetime tag so you cannot renew resource lifetime by longer than two weeks.http://www.w3.org/TR/1999/REC-xpath-19991116querystatusredeemPOAdemandupdatecloseclaimreclaimticketextendrelinquishhttp://www.w3.org/TR/1999/REC-xpath-19991116querystatusredeemPOAdemandupdatecloseclaimreclaimticketextendrelinquish
\ No newline at end of file
+http://www.w3.org/TR/1999/REC-xpath-19991116http://www.w3.org/TR/1999/REC-xpath-19991116createhttp://www.w3.org/TR/1999/REC-xpath-19991116sliverhttp://www.w3.org/TR/1999/REC-xpath-19991116sliver2VM.NoLimitCPUPolicy Violation: Your project is lacking VM.NoLimitCPU or VM.NoLimit tag to provision VM with more than 2 cores.Policy Violation: Policy returned deny for an unknown reason. This is an internal error.10VM.NoLimitDiskPolicy Violation: Your project is lacking VM.NoLimitDisk or VM.NoLimit tag to provision VM with disk over 10GB.10VM.NoLimitRAMPolicy Violation: Your project is lacking VM.NoLimitRAM or VM.NoLimit tag to provision VM with more than 10GB of RAM.http://www.w3.org/TR/1999/REC-xpath-19991116sliver21010VM.NoLimithttp://www.w3.org/TR/1999/REC-xpath-19991116sliverhttp://www.w3.org/TR/1999/REC-xpath-19991116sliverGPUComponent.GPUPolicy Violation: Your project is lacking Component.GPU tag to provision a VM with GPU.SmartNICComponent.SmartNICPolicy Violation: Your project is lacking Component.SmartNIC tag to provision a VM with SmartNIC.StorageComponent.StoragePolicy Violation: Your project is lacking Component.Storage tag to provision a VM with attached storage.FPGAComponent.FPGAPolicy Violation: Your project is lacking Component.FPGA tag to provision a VM with FPGA.NVMEComponent.NVMEPolicy Violation: Your project is lacking Component.NVME tag to provision a VM with NVME.http://www.w3.org/TR/1999/REC-xpath-19991116switch-p4http://www.w3.org/TR/1999/REC-xpath-19991116switch-p4Switch.P4Policy Violation: Your project is lacking Switch.P4 tag to provision a P4 switch.http://www.w3.org/TR/1999/REC-xpath-19991116sliverhttp://www.w3.org/TR/1999/REC-xpath-19991116sliver0Net.FABNetv4ExtPolicy Violation: Your project is lacking Net.FABNetv4Ext tag to request a slice with external IPv4 connectivity.0Net.FABNetv6ExtPolicy Violation: Your project is lacking Net.FABNetv6Ext tag to request a slice with external IPv6 connectivity.0Net.InfrastructurePortMirroringPolicy Violation: Your project is lacking Net.PortMirroring tag to request a slice that uses port mirroring.1Slice.MultisitePolicy Violation: Your project is lacking Slice.Multisite tag to request a slice spanning multiple sites.EDUKYSlice.OnlyEDUKYPolicy Violation: Your project is tagged as OnlyEDUKY and cannot use resources on sites other than EDUKY.10Net.NoLimitBWPolicy Violation: Your project is lacking Net.NoLimitBW tag to request links with bandwidth over 10Gbps.0Net.FacilityPort.Policy Violation: Your project is lacking Net.FacilityPort.<facility-port-name> tag to request a connection to one or more of the facilities.http://www.w3.org/TR/1999/REC-xpath-19991116sliverhttp://www.w3.org/TR/1999/REC-xpath-19991116slivertrueSlice.MeasurementsPolicy Violation: Your project is lacking Slice.Measurements tag to request measurement resources.P14DT5MSlice.NoLimitLifetimePolicy Violation: Your project is lacking Slice.NoLimitLifetime tag so you cannot request resource lifetime longer than two weeks.http://www.w3.org/TR/1999/REC-xpath-19991116modifyhttp://www.w3.org/TR/1999/REC-xpath-19991116sliverPolicy Violation: You are not the creator of this resource and not the member of the same project so you cannot modify it.http://www.w3.org/TR/1999/REC-xpath-19991116deletehttp://www.w3.org/TR/1999/REC-xpath-19991116sliverPolicy Violation: You are not the creator of this resource and cannot delete it.http://www.w3.org/TR/1999/REC-xpath-19991116renewhttp://www.w3.org/TR/1999/REC-xpath-19991116sliverPolicy Violation: You are not the creator of this resource and not the member of the same project so you cannot renew it.http://www.w3.org/TR/1999/REC-xpath-19991116sliverP14DT5MSlice.NoLimitLifetimePolicy Violation: Your project is lacking Slice.NoLimitLifetime tag so you cannot renew resource lifetime by longer than two weeks.http://www.w3.org/TR/1999/REC-xpath-19991116querystatusredeemPOAdemandupdatecloseclaimreclaimticketextendrelinquishhttp://www.w3.org/TR/1999/REC-xpath-19991116querystatusredeemPOAdemandupdatecloseclaimreclaimticketextendrelinquish
\ No newline at end of file