aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/etc/policies
diff options
context:
space:
mode:
authorRHE <rebirthmonkey@gmail.com>2017-11-24 13:54:26 +0100
committerRHE <rebirthmonkey@gmail.com>2017-11-24 13:54:26 +0100
commit920a49cfa055733d575282973e23558c33087a4a (patch)
treed371dab34efa5028600dad2e7ca58063626e7ba4 /keystone-moon/etc/policies
parentef3eefca70d8abb4a00dafb9419ad32738e934b2 (diff)
remove keystone-moon
Change-Id: I80d7c9b669f19d5f6607e162de8e0e55c2f80fdd Signed-off-by: RHE <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/etc/policies')
-rw-r--r--keystone-moon/etc/policies/policy_authz/assignment.json55
-rw-r--r--keystone-moon/etc/policies/policy_authz/metadata.json23
-rw-r--r--keystone-moon/etc/policies/policy_authz/metarule.json24
-rw-r--r--keystone-moon/etc/policies/policy_authz/perimeter.json21
-rw-r--r--keystone-moon/etc/policies/policy_authz/rule.json25
-rw-r--r--keystone-moon/etc/policies/policy_authz/scope.json49
-rw-r--r--keystone-moon/etc/policies/policy_empty_admin/assignment.json7
-rw-r--r--keystone-moon/etc/policies/policy_empty_admin/metadata.json12
-rw-r--r--keystone-moon/etc/policies/policy_empty_admin/metarule.json12
-rw-r--r--keystone-moon/etc/policies/policy_empty_admin/perimeter.json39
-rw-r--r--keystone-moon/etc/policies/policy_empty_admin/rule.json3
-rw-r--r--keystone-moon/etc/policies/policy_empty_admin/scope.json7
-rw-r--r--keystone-moon/etc/policies/policy_empty_authz/assignment.json7
-rw-r--r--keystone-moon/etc/policies/policy_empty_authz/metadata.json12
-rw-r--r--keystone-moon/etc/policies/policy_empty_authz/metarule.json12
-rw-r--r--keystone-moon/etc/policies/policy_empty_authz/perimeter.json5
-rw-r--r--keystone-moon/etc/policies/policy_empty_authz/rule.json3
-rw-r--r--keystone-moon/etc/policies/policy_empty_authz/scope.json7
-rw-r--r--keystone-moon/etc/policies/policy_mls_authz/assignment.json29
-rw-r--r--keystone-moon/etc/policies/policy_mls_authz/metadata.json18
-rw-r--r--keystone-moon/etc/policies/policy_mls_authz/metarule.json12
-rw-r--r--keystone-moon/etc/policies/policy_mls_authz/perimeter.json21
-rw-r--r--keystone-moon/etc/policies/policy_mls_authz/rule.json16
-rw-r--r--keystone-moon/etc/policies/policy_mls_authz/scope.json26
-rw-r--r--keystone-moon/etc/policies/policy_rbac_admin/assignment.json48
-rw-r--r--keystone-moon/etc/policies/policy_rbac_admin/metadata.json18
-rw-r--r--keystone-moon/etc/policies/policy_rbac_admin/metarule.json12
-rw-r--r--keystone-moon/etc/policies/policy_rbac_admin/perimeter.json42
-rw-r--r--keystone-moon/etc/policies/policy_rbac_admin/rule.json94
-rw-r--r--keystone-moon/etc/policies/policy_rbac_admin/scope.json48
-rw-r--r--keystone-moon/etc/policies/policy_root/assignment.json39
-rw-r--r--keystone-moon/etc/policies/policy_root/metadata.json18
-rw-r--r--keystone-moon/etc/policies/policy_root/metarule.json12
-rw-r--r--keystone-moon/etc/policies/policy_root/perimeter.json31
-rw-r--r--keystone-moon/etc/policies/policy_root/rule.json44
-rw-r--r--keystone-moon/etc/policies/policy_root/scope.json39
36 files changed, 0 insertions, 890 deletions
diff --git a/keystone-moon/etc/policies/policy_authz/assignment.json b/keystone-moon/etc/policies/policy_authz/assignment.json
deleted file mode 100644
index 7a6c722e..00000000
--- a/keystone-moon/etc/policies/policy_authz/assignment.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
- "subject_assignments": {
- "subject_security_level":{
- "admin": ["high"],
- "demo": ["medium"]
- },
- "domain":{
- "admin": ["ft"],
- "demo": ["xx"]
- },
- "role": {
- "admin": ["admin"],
- "demo": ["dev"]
- }
- },
-
- "action_assignments": {
- "resource_action":{
- "pause": ["vm_admin"],
- "unpause": ["vm_admin"],
- "start": ["vm_admin"],
- "stop": ["vm_admin"],
- "list": ["vm_access", "vm_admin"],
- "create": ["vm_admin"],
- "storage_list": ["storage_access"],
- "download": ["storage_access"],
- "post": ["storage_admin"],
- "upload": ["storage_admin"]
- },
- "access": {
- "pause": ["write"],
- "unpause": ["write"],
- "start": ["write"],
- "stop": ["write"],
- "list": ["read"],
- "create": ["write"],
- "storage_list": ["read"],
- "download": ["read"],
- "post": ["write"],
- "upload": ["write"]
- }
- },
-
- "object_assignments": {
- "object_security_level": {
- "servers": ["low"]
- },
- "type": {
- "servers": ["computing"]
- },
- "object_id": {
- "servers": ["servers"]
- }
- }
-}
diff --git a/keystone-moon/etc/policies/policy_authz/metadata.json b/keystone-moon/etc/policies/policy_authz/metadata.json
deleted file mode 100644
index d0db90db..00000000
--- a/keystone-moon/etc/policies/policy_authz/metadata.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Multiple_Policy",
- "model": "Multiple",
- "genre": "authz",
- "description": "Multiple Security Policies",
-
- "subject_categories": [
- "subject_security_level",
- "domain",
- "role"
- ],
-
- "action_categories": [
- "resource_action",
- "access"
- ],
-
- "object_categories": [
- "object_security_level",
- "type",
- "object_id"
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_authz/metarule.json b/keystone-moon/etc/policies/policy_authz/metarule.json
deleted file mode 100644
index c9afd6c2..00000000
--- a/keystone-moon/etc/policies/policy_authz/metarule.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- "sub_meta_rules": {
- "mls_rule": {
- "subject_categories": ["subject_security_level"],
- "action_categories": ["resource_action"],
- "object_categories": ["object_security_level"],
- "algorithm": "inclusion"
- },
- "dte_rule": {
- "subject_categories": ["domain"],
- "action_categories": ["access"],
- "object_categories": ["type"],
- "algorithm": "inclusion"
- },
- "rbac_rule": {
- "subject_categories": ["role", "domain"],
- "action_categories": ["access"],
- "object_categories": ["object_id"],
- "algorithm": "inclusion"
- }
- },
- "aggregation": "all_true"
-}
-
diff --git a/keystone-moon/etc/policies/policy_authz/perimeter.json b/keystone-moon/etc/policies/policy_authz/perimeter.json
deleted file mode 100644
index 47a8ee45..00000000
--- a/keystone-moon/etc/policies/policy_authz/perimeter.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "subjects": [
- "admin",
- "demo"
- ],
- "actions": [
- "pause",
- "unpause",
- "start",
- "stop",
- "create",
- "list",
- "upload",
- "download",
- "post",
- "storage_list"
- ],
- "objects": [
- "servers"
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_authz/rule.json b/keystone-moon/etc/policies/policy_authz/rule.json
deleted file mode 100644
index 25f9d93a..00000000
--- a/keystone-moon/etc/policies/policy_authz/rule.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
- "mls_rule":[
- ["high", "vm_admin", "medium"],
- ["high", "vm_admin", "low"],
- ["medium", "vm_admin", "low"],
- ["high", "vm_access", "high"],
- ["high", "vm_access", "medium"],
- ["high", "vm_access", "low"],
- ["medium", "vm_access", "medium"],
- ["medium", "vm_access", "low"],
- ["low", "vm_access", "low"]
- ],
- "dte_rule":[
- ["ft", "read", "computing"],
- ["ft", "write", "computing"],
- ["ft", "read", "storage"],
- ["ft", "write", "storage"],
- ["xx", "read", "storage"]
- ],
- "rbac_rule":[
- ["dev", "xx", "read", "servers"],
- ["admin", "xx", "read", "servers"],
- ["admin", "ft", "read", "servers"]
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_authz/scope.json b/keystone-moon/etc/policies/policy_authz/scope.json
deleted file mode 100644
index 9b313daf..00000000
--- a/keystone-moon/etc/policies/policy_authz/scope.json
+++ /dev/null
@@ -1,49 +0,0 @@
-{
- "subject_scopes": {
- "role": [
- "admin",
- "dev"
- ],
- "subject_security_level": [
- "high",
- "medium",
- "low"
- ],
- "domain": [
- "ft",
- "xx"
- ]
- },
-
- "action_scopes": {
- "resource_action": [
- "vm_admin",
- "vm_access",
- "storage_admin",
- "storage_access"
- ],
- "access": [
- "write",
- "read"
- ]
- },
-
- "object_scopes": {
- "object_security_level": [
- "high",
- "medium",
- "low"
- ],
- "type": [
- "computing",
- "storage"
- ],
- "object_id": [
- "servers",
- "vm1",
- "vm2",
- "file1",
- "file2"
- ]
- }
-}
diff --git a/keystone-moon/etc/policies/policy_empty_admin/assignment.json b/keystone-moon/etc/policies/policy_empty_admin/assignment.json
deleted file mode 100644
index 24018a09..00000000
--- a/keystone-moon/etc/policies/policy_empty_admin/assignment.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "subject_assignments": {},
-
- "action_assignments": {},
-
- "object_assignments": {}
-}
diff --git a/keystone-moon/etc/policies/policy_empty_admin/metadata.json b/keystone-moon/etc/policies/policy_empty_admin/metadata.json
deleted file mode 100644
index 3c9be2e5..00000000
--- a/keystone-moon/etc/policies/policy_empty_admin/metadata.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "name": "Empty_Policy",
- "model": "",
- "genre": "admin",
- "description": "Empty Policy",
-
- "subject_categories": [],
-
- "action_categories": [],
-
- "object_categories": []
-}
diff --git a/keystone-moon/etc/policies/policy_empty_admin/metarule.json b/keystone-moon/etc/policies/policy_empty_admin/metarule.json
deleted file mode 100644
index 7acd8848..00000000
--- a/keystone-moon/etc/policies/policy_empty_admin/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "mls_rule": {
- "subject_categories": [],
- "action_categories": [],
- "object_categories": [],
- "algorithm": ""
- }
- },
- "aggregation": ""
-}
-
diff --git a/keystone-moon/etc/policies/policy_empty_admin/perimeter.json b/keystone-moon/etc/policies/policy_empty_admin/perimeter.json
deleted file mode 100644
index 54dbfc31..00000000
--- a/keystone-moon/etc/policies/policy_empty_admin/perimeter.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
- "subjects": [],
- "actions": [
- "read",
- "write"
- ],
- "objects": [
- "authz.subjects",
- "authz.objects",
- "authz.actions",
- "authz.subject_categories",
- "authz.object_categories",
- "authz.action_categories",
- "authz.subject_scopes",
- "authz.object_scopes",
- "authz.action_scopes",
- "authz.subject_assignments",
- "authz.object_assignments",
- "authz.action_assignments",
- "authz.aggregation_algorithm",
- "authz.sub_meta_rules",
- "authz.rules",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_scopes",
- "admin.object_scopes",
- "admin.action_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_empty_admin/rule.json b/keystone-moon/etc/policies/policy_empty_admin/rule.json
deleted file mode 100644
index fe4fae5a..00000000
--- a/keystone-moon/etc/policies/policy_empty_admin/rule.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "mls_rule":[]
-}
diff --git a/keystone-moon/etc/policies/policy_empty_admin/scope.json b/keystone-moon/etc/policies/policy_empty_admin/scope.json
deleted file mode 100644
index 1efebe6f..00000000
--- a/keystone-moon/etc/policies/policy_empty_admin/scope.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "subject_scopes": {},
-
- "action_scopes": {},
-
- "object_scopes": {}
-}
diff --git a/keystone-moon/etc/policies/policy_empty_authz/assignment.json b/keystone-moon/etc/policies/policy_empty_authz/assignment.json
deleted file mode 100644
index 24018a09..00000000
--- a/keystone-moon/etc/policies/policy_empty_authz/assignment.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "subject_assignments": {},
-
- "action_assignments": {},
-
- "object_assignments": {}
-}
diff --git a/keystone-moon/etc/policies/policy_empty_authz/metadata.json b/keystone-moon/etc/policies/policy_empty_authz/metadata.json
deleted file mode 100644
index 4f300d78..00000000
--- a/keystone-moon/etc/policies/policy_empty_authz/metadata.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "name": "MLS_Policy",
- "model": "MLS",
- "genre": "authz",
- "description": "Multi Level Security Policy",
-
- "subject_categories": [],
-
- "action_categories": [],
-
- "object_categories": []
-}
diff --git a/keystone-moon/etc/policies/policy_empty_authz/metarule.json b/keystone-moon/etc/policies/policy_empty_authz/metarule.json
deleted file mode 100644
index 7acd8848..00000000
--- a/keystone-moon/etc/policies/policy_empty_authz/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "mls_rule": {
- "subject_categories": [],
- "action_categories": [],
- "object_categories": [],
- "algorithm": ""
- }
- },
- "aggregation": ""
-}
-
diff --git a/keystone-moon/etc/policies/policy_empty_authz/perimeter.json b/keystone-moon/etc/policies/policy_empty_authz/perimeter.json
deleted file mode 100644
index 9da8a8c0..00000000
--- a/keystone-moon/etc/policies/policy_empty_authz/perimeter.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "subjects": [],
- "actions": [],
- "objects": []
-}
diff --git a/keystone-moon/etc/policies/policy_empty_authz/rule.json b/keystone-moon/etc/policies/policy_empty_authz/rule.json
deleted file mode 100644
index fe4fae5a..00000000
--- a/keystone-moon/etc/policies/policy_empty_authz/rule.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "mls_rule":[]
-}
diff --git a/keystone-moon/etc/policies/policy_empty_authz/scope.json b/keystone-moon/etc/policies/policy_empty_authz/scope.json
deleted file mode 100644
index 1efebe6f..00000000
--- a/keystone-moon/etc/policies/policy_empty_authz/scope.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "subject_scopes": {},
-
- "action_scopes": {},
-
- "object_scopes": {}
-}
diff --git a/keystone-moon/etc/policies/policy_mls_authz/assignment.json b/keystone-moon/etc/policies/policy_mls_authz/assignment.json
deleted file mode 100644
index 0712dfbc..00000000
--- a/keystone-moon/etc/policies/policy_mls_authz/assignment.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- "subject_assignments": {
- "subject_security_level":{
- "admin": ["high"],
- "demo": ["medium"]
- }
- },
-
- "action_assignments": {
- "resource_action":{
- "pause": ["vm_admin"],
- "unpause": ["vm_admin"],
- "start": ["vm_admin"],
- "stop": ["vm_admin"],
- "list": ["vm_access", "vm_admin"],
- "create": ["vm_admin"],
- "storage_list": ["storage_access"],
- "download": ["storage_access"],
- "post": ["storage_admin"],
- "upload": ["storage_admin"]
- }
- },
-
- "object_assignments": {
- "object_security_level": {
- "servers": ["low"]
- }
- }
-}
diff --git a/keystone-moon/etc/policies/policy_mls_authz/metadata.json b/keystone-moon/etc/policies/policy_mls_authz/metadata.json
deleted file mode 100644
index c419c815..00000000
--- a/keystone-moon/etc/policies/policy_mls_authz/metadata.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- "name": "MLS_Policy",
- "model": "MLS",
- "genre": "authz",
- "description": "Multi Level Security Policy",
-
- "subject_categories": [
- "subject_security_level"
- ],
-
- "action_categories": [
- "resource_action"
- ],
-
- "object_categories": [
- "object_security_level"
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_mls_authz/metarule.json b/keystone-moon/etc/policies/policy_mls_authz/metarule.json
deleted file mode 100644
index e068927c..00000000
--- a/keystone-moon/etc/policies/policy_mls_authz/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "mls_rule": {
- "subject_categories": ["subject_security_level"],
- "action_categories": ["resource_action"],
- "object_categories": ["object_security_level"],
- "algorithm": "inclusion"
- }
- },
- "aggregation": "all_true"
-}
-
diff --git a/keystone-moon/etc/policies/policy_mls_authz/perimeter.json b/keystone-moon/etc/policies/policy_mls_authz/perimeter.json
deleted file mode 100644
index 47a8ee45..00000000
--- a/keystone-moon/etc/policies/policy_mls_authz/perimeter.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "subjects": [
- "admin",
- "demo"
- ],
- "actions": [
- "pause",
- "unpause",
- "start",
- "stop",
- "create",
- "list",
- "upload",
- "download",
- "post",
- "storage_list"
- ],
- "objects": [
- "servers"
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_mls_authz/rule.json b/keystone-moon/etc/policies/policy_mls_authz/rule.json
deleted file mode 100644
index b17dc822..00000000
--- a/keystone-moon/etc/policies/policy_mls_authz/rule.json
+++ /dev/null
@@ -1,16 +0,0 @@
-{
- "mls_rule":[
- ["high", "vm_admin", "medium"],
- ["high", "vm_admin", "low"],
- ["medium", "vm_admin", "low"],
- ["high", "vm_access", "medium"],
- ["high", "vm_access", "low"],
- ["medium", "vm_access", "low"],
- ["high", "storage_admin", "medium"],
- ["high", "storage_admin", "low"],
- ["medium", "storage_admin", "low"],
- ["high", "storage_access", "medium"],
- ["high", "storage_access", "low"],
- ["medium", "storage_access", "low"]
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_mls_authz/scope.json b/keystone-moon/etc/policies/policy_mls_authz/scope.json
deleted file mode 100644
index 6cc1c28e..00000000
--- a/keystone-moon/etc/policies/policy_mls_authz/scope.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
- "subject_scopes": {
- "subject_security_level": [
- "high",
- "medium",
- "low"
- ]
- },
-
- "action_scopes": {
- "resource_action": [
- "vm_admin",
- "vm_access",
- "storage_admin",
- "storage_access"
- ]
- },
-
- "object_scopes": {
- "object_security_level": [
- "high",
- "medium",
- "low"
- ]
- }
-}
diff --git a/keystone-moon/etc/policies/policy_rbac_admin/assignment.json b/keystone-moon/etc/policies/policy_rbac_admin/assignment.json
deleted file mode 100644
index f2378333..00000000
--- a/keystone-moon/etc/policies/policy_rbac_admin/assignment.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- "subject_assignments": {
- "role": {
- "admin": ["root_role"],
- "demo": ["dev_role"]
- }
- },
- "action_assignments": {
- "action_id": {
- "read": ["read"],
- "write": ["write"]
- }
- },
- "object_assignments": {
- "object_id": {
- "authz.subjects": ["authz.subjects"],
- "authz.objects": ["authz.objects"],
- "authz.actions": ["authz.actions"],
- "authz.subject_categories": ["authz.subject_categories"],
- "authz.object_categories": ["authz.object_categories"],
- "authz.action_categories": ["authz.action_categories"],
- "authz.subject_scopes": ["authz.subject_scopes"],
- "authz.object_scopes": ["authz.object_scopes"],
- "authz.action_scopes": ["authz.action_scopes"],
- "authz.subject_assignments": ["authz.subject_assignments"],
- "authz.object_assignments": ["authz.object_assignments"],
- "authz.action_assignments": ["authz.action_assignments"],
- "authz.aggregation_algorithm": ["authz.aggregation_algorithm"],
- "authz.sub_meta_rules": ["authz.sub_meta_rules"],
- "authz.rules": ["authz.rules"],
- "admin.subjects": ["admin.subjects"],
- "admin.objects": ["admin.objects"],
- "admin.actions": ["admin.actions"],
- "admin.subject_categories": ["admin.subject_categories"],
- "admin.object_categories": ["admin.object_categories"],
- "admin.action_categories": ["admin.action_categories"],
- "admin.subject_scopes": ["admin.subject_scopes"],
- "admin.object_scopes": ["admin.object_scopes"],
- "admin.action_scopes": ["admin.action_scopes"],
- "admin.subject_assignments": ["admin.subject_assignments"],
- "admin.object_assignments": ["admin.object_assignments"],
- "admin.action_assignments": ["admin.action_assignments"],
- "admin.aggregation_algorithm": ["admin.aggregation_algorithm"],
- "admin.sub_meta_rules": ["admin.sub_meta_rules"],
- "admin.rules": ["admin.rules"]
- }
- }
-}
diff --git a/keystone-moon/etc/policies/policy_rbac_admin/metadata.json b/keystone-moon/etc/policies/policy_rbac_admin/metadata.json
deleted file mode 100644
index 9ee8a11d..00000000
--- a/keystone-moon/etc/policies/policy_rbac_admin/metadata.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- "name": "RBAC Admin Policy",
- "model": "RBAC",
- "genre": "admin",
- "description": "",
-
- "subject_categories": [
- "role"
- ],
-
- "action_categories": [
- "action_id"
- ],
-
- "object_categories": [
- "object_id"
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_rbac_admin/metarule.json b/keystone-moon/etc/policies/policy_rbac_admin/metarule.json
deleted file mode 100644
index 86dbfad2..00000000
--- a/keystone-moon/etc/policies/policy_rbac_admin/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "rbac_rule": {
- "subject_categories": ["role"],
- "action_categories": ["action_id"],
- "object_categories": ["object_id"],
- "algorithm": "inclusion"
- }
- },
- "aggregation": "all_true"
-}
-
diff --git a/keystone-moon/etc/policies/policy_rbac_admin/perimeter.json b/keystone-moon/etc/policies/policy_rbac_admin/perimeter.json
deleted file mode 100644
index 1155533e..00000000
--- a/keystone-moon/etc/policies/policy_rbac_admin/perimeter.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
- "subjects": [
- "admin",
- "demo"
- ],
- "actions": [
- "read",
- "write"
- ],
- "objects": [
- "authz.subjects",
- "authz.objects",
- "authz.actions",
- "authz.subject_categories",
- "authz.object_categories",
- "authz.action_categories",
- "authz.subject_scopes",
- "authz.object_scopes",
- "authz.action_scopes",
- "authz.subject_assignments",
- "authz.object_assignments",
- "authz.action_assignments",
- "authz.aggregation_algorithm",
- "authz.sub_meta_rules",
- "authz.rules",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_scopes",
- "admin.object_scopes",
- "admin.action_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_rbac_admin/rule.json b/keystone-moon/etc/policies/policy_rbac_admin/rule.json
deleted file mode 100644
index c89ceff3..00000000
--- a/keystone-moon/etc/policies/policy_rbac_admin/rule.json
+++ /dev/null
@@ -1,94 +0,0 @@
-{
- "rbac_rule":[
- ["root_role" , "read", "authz.subjects"],
- ["root_role" , "read", "authz.objects"],
- ["root_role" , "read", "authz.actions"],
- ["root_role" , "read", "authz.subject_categories"],
- ["root_role" , "read", "authz.object_categories"],
- ["root_role" , "read", "authz.action_categories"],
- ["root_role" , "read", "authz.subject_scopes"],
- ["root_role" , "read", "authz.object_scopes"],
- ["root_role" , "read", "authz.action_scopes"],
- ["root_role" , "read", "authz.subject_assignments"],
- ["root_role" , "read", "authz.object_assignments"],
- ["root_role" , "read", "authz.action_assignments"],
- ["root_role" , "read", "authz.aggregation_algorithm"],
- ["root_role" , "read", "authz.sub_meta_rules"],
- ["root_role" , "read", "authz.rules"],
- ["root_role" , "write", "authz.subjects"],
- ["root_role" , "write", "authz.objects"],
- ["root_role" , "write", "authz.actions"],
- ["root_role" , "write", "authz.subject_categories"],
- ["root_role" , "write", "authz.object_categories"],
- ["root_role" , "write", "authz.action_categories"],
- ["root_role" , "write", "authz.subject_scopes"],
- ["root_role" , "write", "authz.object_scopes"],
- ["root_role" , "write", "authz.action_scopes"],
- ["root_role" , "write", "authz.subject_assignments"],
- ["root_role" , "write", "authz.object_assignments"],
- ["root_role" , "write", "authz.action_assignments"],
- ["root_role" , "write", "authz.aggregation_algorithm"],
- ["root_role" , "write", "authz.sub_meta_rules"],
- ["root_role" , "write", "authz.rules"],
- ["root_role" , "read", "admin.subjects"],
- ["root_role" , "read", "admin.objects"],
- ["root_role" , "read", "admin.actions"],
- ["root_role" , "read", "admin.subject_categories"],
- ["root_role" , "read", "admin.object_categories"],
- ["root_role" , "read", "admin.action_categories"],
- ["root_role" , "read", "admin.subject_scopes"],
- ["root_role" , "read", "admin.object_scopes"],
- ["root_role" , "read", "admin.action_scopes"],
- ["root_role" , "read", "admin.subject_assignments"],
- ["root_role" , "read", "admin.object_assignments"],
- ["root_role" , "read", "admin.action_assignments"],
- ["root_role" , "read", "admin.aggregation_algorithm"],
- ["root_role" , "read", "admin.sub_meta_rules"],
- ["root_role" , "read", "admin.rules"],
- ["root_role" , "write", "admin.subjects"],
- ["root_role" , "write", "admin.objects"],
- ["root_role" , "write", "admin.actions"],
- ["root_role" , "write", "admin.subject_categories"],
- ["root_role" , "write", "admin.object_categories"],
- ["root_role" , "write", "admin.action_categories"],
- ["root_role" , "write", "admin.subject_scopes"],
- ["root_role" , "write", "admin.object_scopes"],
- ["root_role" , "write", "admin.action_scopes"],
- ["root_role" , "write", "admin.subject_assignments"],
- ["root_role" , "write", "admin.object_assignments"],
- ["root_role" , "write", "admin.action_assignments"],
- ["root_role" , "write", "admin.aggregation_algorithm"],
- ["root_role" , "write", "admin.sub_meta_rules"],
- ["root_role" , "write", "admin.rules"],
- ["dev_role" , "read", "authz.subjects"],
- ["dev_role" , "read", "authz.objects"],
- ["dev_role" , "read", "authz.actions"],
- ["dev_role" , "read", "authz.subject_categories"],
- ["dev_role" , "read", "authz.object_categories"],
- ["dev_role" , "read", "authz.action_categories"],
- ["dev_role" , "read", "authz.subject_scopes"],
- ["dev_role" , "read", "authz.object_scopes"],
- ["dev_role" , "read", "authz.action_scopes"],
- ["dev_role" , "read", "authz.subject_assignments"],
- ["dev_role" , "read", "authz.object_assignments"],
- ["dev_role" , "read", "authz.action_assignments"],
- ["dev_role" , "read", "authz.aggregation_algorithm"],
- ["dev_role" , "read", "authz.sub_meta_rules"],
- ["dev_role" , "read", "authz.rules"],
- ["dev_role" , "read", "admin.subjects"],
- ["dev_role" , "read", "admin.objects"],
- ["dev_role" , "read", "admin.actions"],
- ["dev_role" , "read", "admin.subject_categories"],
- ["dev_role" , "read", "admin.object_categories"],
- ["dev_role" , "read", "admin.action_categories"],
- ["dev_role" , "read", "admin.subject_scopes"],
- ["dev_role" , "read", "admin.object_scopes"],
- ["dev_role" , "read", "admin.action_scopes"],
- ["dev_role" , "read", "admin.subject_assignments"],
- ["dev_role" , "read", "admin.object_assignments"],
- ["dev_role" , "read", "admin.action_assignments"],
- ["dev_role" , "read", "admin.aggregation_algorithm"],
- ["dev_role" , "read", "admin.sub_meta_rules"],
- ["dev_role" , "read", "admin.rules"]
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_rbac_admin/scope.json b/keystone-moon/etc/policies/policy_rbac_admin/scope.json
deleted file mode 100644
index 149056a6..00000000
--- a/keystone-moon/etc/policies/policy_rbac_admin/scope.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- "subject_scopes": {
- "role": [
- "root_role",
- "dev_role"
- ]
- },
- "action_scopes": {
- "action_id": [
- "read",
- "write"
- ]
- },
- "object_scopes": {
- "object_id": [
- "authz.subjects",
- "authz.objects",
- "authz.actions",
- "authz.subject_categories",
- "authz.object_categories",
- "authz.action_categories",
- "authz.subject_scopes",
- "authz.object_scopes",
- "authz.action_scopes",
- "authz.subject_assignments",
- "authz.object_assignments",
- "authz.action_assignments",
- "authz.aggregation_algorithm",
- "authz.sub_meta_rules",
- "authz.rules",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_scopes",
- "admin.object_scopes",
- "admin.action_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
- }
-}
diff --git a/keystone-moon/etc/policies/policy_root/assignment.json b/keystone-moon/etc/policies/policy_root/assignment.json
deleted file mode 100644
index e849ae13..00000000
--- a/keystone-moon/etc/policies/policy_root/assignment.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
- "subject_assignments": {
- "role": {
- "admin": ["root_role"]
- }
- },
-
- "action_assignments": {
- "action_id": {
- "read": ["read"],
- "write": ["write"]
- }
- },
-
- "object_assignments": {
- "object_id": {
- "templates": ["templates"],
- "sub_meta_rule_algorithms": ["sub_meta_rule_algorithms"],
- "aggregation_algorithms": ["aggregation_algorithms"],
- "tenants": ["tenants"],
- "intra_extensions": ["intra_extensions"],
- "admin.subjects": ["admin.subjects"],
- "admin.objects": ["admin.objects"],
- "admin.actions": ["admin.actions"],
- "admin.subject_categories": ["admin.subject_categories"],
- "admin.object_categories": ["admin.object_categories"],
- "admin.action_categories": ["admin.action_categories"],
- "admin.subject_category_scopes": ["admin.subject_category_scopes"],
- "admin.object_category_scopes": ["admin.object_category_scopes"],
- "admin.action_category_scopes": ["admin.action_category_scopes"],
- "admin.subject_assignments": ["admin.subject_assignments"],
- "admin.object_assignments": ["admin.object_assignments"],
- "admin.action_assignments": ["admin.action_assignments"],
- "admin.aggregation_algorithm": ["admin.aggregation_algorithm"],
- "admin.sub_meta_rules": ["admin.sub_meta_rules"],
- "admin.rules": ["admin.rules"]
- }
- }
-}
diff --git a/keystone-moon/etc/policies/policy_root/metadata.json b/keystone-moon/etc/policies/policy_root/metadata.json
deleted file mode 100644
index 3e4b0f28..00000000
--- a/keystone-moon/etc/policies/policy_root/metadata.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- "name": "Root Policy",
- "model": "RBAC",
- "genre": "admin",
- "description": "root extension",
-
- "subject_categories": [
- "role"
- ],
-
- "action_categories": [
- "action_id"
- ],
-
- "object_categories": [
- "object_id"
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_root/metarule.json b/keystone-moon/etc/policies/policy_root/metarule.json
deleted file mode 100644
index 86dbfad2..00000000
--- a/keystone-moon/etc/policies/policy_root/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "rbac_rule": {
- "subject_categories": ["role"],
- "action_categories": ["action_id"],
- "object_categories": ["object_id"],
- "algorithm": "inclusion"
- }
- },
- "aggregation": "all_true"
-}
-
diff --git a/keystone-moon/etc/policies/policy_root/perimeter.json b/keystone-moon/etc/policies/policy_root/perimeter.json
deleted file mode 100644
index 788a27f2..00000000
--- a/keystone-moon/etc/policies/policy_root/perimeter.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
- "subjects": [
- "admin"
- ],
- "actions": [
- "read",
- "write"
- ],
- "objects": [
- "templates",
- "aggregation_algorithms",
- "sub_meta_rule_algorithms",
- "tenants",
- "intra_extensions",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_category_scopes",
- "admin.object_category_scopes",
- "admin.action_category_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_root/rule.json b/keystone-moon/etc/policies/policy_root/rule.json
deleted file mode 100644
index 9bbd5e4c..00000000
--- a/keystone-moon/etc/policies/policy_root/rule.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
- "rbac_rule":[
- ["root_role" , "read", "templates"],
- ["root_role" , "read", "aggregation_algorithms"],
- ["root_role" , "read", "sub_meta_rule_algorithms"],
- ["root_role" , "read", "tenants"],
- ["root_role" , "read", "intra_extensions"],
- ["root_role" , "write", "templates"],
- ["root_role" , "write", "aggregation_algorithms"],
- ["root_role" , "write", "sub_meta_rule_algorithms"],
- ["root_role" , "write", "tenants"],
- ["root_role" , "write", "intra_extensions"],
- ["root_role" , "read", "admin.subjects"],
- ["root_role" , "read", "admin.objects"],
- ["root_role" , "read", "admin.actions"],
- ["root_role" , "read", "admin.subject_categories"],
- ["root_role" , "read", "admin.object_categories"],
- ["root_role" , "read", "admin.action_categories"],
- ["root_role" , "read", "admin.subject_category_scopes"],
- ["root_role" , "read", "admin.object_category_scopes"],
- ["root_role" , "read", "admin.action_category_scopes"],
- ["root_role" , "read", "admin.subject_assignments"],
- ["root_role" , "read", "admin.object_assignments"],
- ["root_role" , "read", "admin.action_assignments"],
- ["root_role" , "read", "admin.aggregation_algorithm"],
- ["root_role" , "read", "admin.sub_meta_rules"],
- ["root_role" , "read", "admin.rules"],
- ["root_role" , "write", "admin.subjects"],
- ["root_role" , "write", "admin.objects"],
- ["root_role" , "write", "admin.actions"],
- ["root_role" , "write", "admin.subject_categories"],
- ["root_role" , "write", "admin.object_categories"],
- ["root_role" , "write", "admin.action_categories"],
- ["root_role" , "write", "admin.subject_category_scopes"],
- ["root_role" , "write", "admin.object_category_scopes"],
- ["root_role" , "write", "admin.action_category_scopes"],
- ["root_role" , "write", "admin.subject_assignments"],
- ["root_role" , "write", "admin.object_assignments"],
- ["root_role" , "write", "admin.action_assignments"],
- ["root_role" , "write", "admin.aggregation_algorithm"],
- ["root_role" , "write", "admin.sub_meta_rules"],
- ["root_role" , "write", "admin.rules"]
- ]
-}
diff --git a/keystone-moon/etc/policies/policy_root/scope.json b/keystone-moon/etc/policies/policy_root/scope.json
deleted file mode 100644
index 43f9ced8..00000000
--- a/keystone-moon/etc/policies/policy_root/scope.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
- "subject_scopes": {
- "role": [
- "root_role"
- ]
- },
-
- "action_scopes": {
- "action_id": [
- "read",
- "write"
- ]
- },
-
- "object_scopes": {
- "object_id": [
- "templates",
- "aggregation_algorithms",
- "sub_meta_rule_algorithms",
- "tenants",
- "intra_extensions",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_category_scopes",
- "admin.object_category_scopes",
- "admin.action_category_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
- }
-}