From 1204baeac84b299450cfdf208c82cecbcf7927a8 Mon Sep 17 00:00:00 2001
From: Carl Waldbieser <cwaldbieser@gmail.com>
Date: Fri, 28 Sep 2018 18:53:25 -0400
Subject: [PATCH] Create allow/deny policies for vpn policy.

---
 .../ex401.1.3/container_files/seed-data/bootstrap.gsh  | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ex401/ex401.1.3/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.3/container_files/seed-data/bootstrap.gsh
index 8324428..f6cd64b 100644
--- a/ex401/ex401.1.3/container_files/seed-data/bootstrap.gsh
+++ b/ex401/ex401.1.3/container_files/seed-data/bootstrap.gsh
@@ -5,7 +5,11 @@ addStem("app:vpn", "ref", "ref");
 
 addGroup("app:vpn:ref", "vpn_adhoc", "vpn_adhoc");
 addGroup("app:vpn", "vpn_authorized", "vpn_authorized");
+addGroup("app:vpn", "vpn_allow", "vpn_allow");
+addGroup("app:vpn", "vpn_deny", "vpn_deny");
 
-addMember("app:vpn:vpn_authorized", "ref:faculty");
-addMember("app:vpn:vpn_authorized", "ref:staff");
-addMember("app:vpn:vpn_authorized", "app:vpn:ref:vpn_adhoc");
+addMember("app:vpn:vpn_allow", "ref:faculty");
+addMember("app:vpn:vpn_allow", "ref:staff");
+addMember("app:vpn:vpn_allow", "app:vpn:ref:vpn_adhoc");
+
+addComposite("app:vpn:vpn_authorized", CompositeType.COMPLEMENT, "app:vpn:vpn_allow", "app:vpn:vpn_deny");