diff options
| author |   WuKong <rebirthmonkey@gmail.com> | 2015-07-21 14:00:00 +0200 |
|---|---|---|
| committer | WuKong <rebirthmonkey@gmail.com> | 2015-07-21 14:00:00 +0200 |
| commit | 678249d36047c90120c82ec2ff7eda5b591a742b (patch) | |
| tree | 021bff548c86de51a8a38b605180072321e46509 /keystone-moon/examples | |
| parent | 0f361dba2ac720b60d9f1434b4c3f3e2b145d011 (diff) | |
add super_extension
Change-Id: I7b234759a4aed653228f02d39df16021286242ed
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/examples')
6 files changed, 103 insertions, 0 deletions
diff --git a/keystone-moon/examples/moon/policies/policy_super/assignment.json b/keystone-moon/examples/moon/policies/policy_super/assignment.json new file mode 100644 index 00000000..3e10a055 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_super/assignment.json @@ -0,0 +1,23 @@ +{ + "subject_assignments": { + "role": { + "super_admin": ["admin"] + } + }, + + "action_assignments": { + "action_id": { + "read": ["read"], + "write": ["write"] + } + }, + + "object_assignments": { + "object_id": { + "templates": ["templates"], + "sub_meta_rule_algorithm": ["sub_meta_rule_relations"], + "aggregation_algorithms": ["aggregation_algorithms"], + "tenants": ["tenants"] + } + } +} diff --git a/keystone-moon/examples/moon/policies/policy_super/metadata.json b/keystone-moon/examples/moon/policies/policy_super/metadata.json new file mode 100644 index 00000000..b6eb92f3 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_super/metadata.json @@ -0,0 +1,18 @@ +{ + "name": "MLS_metadata", + "model": "RBAC", + "genre": "admin", + "description": "", + + "subject_categories": [ + "role" + ], + + "action_categories": [ + "action_id" + ], + + "object_categories": [ + "object_id" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_super/metarule.json b/keystone-moon/examples/moon/policies/policy_super/metarule.json new file mode 100644 index 00000000..86dbfad2 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_super/metarule.json @@ -0,0 +1,12 @@ +{ + "sub_meta_rules": { + "rbac_rule": { + "subject_categories": ["role"], + "action_categories": ["action_id"], + "object_categories": ["object_id"], + "algorithm": "inclusion" + } + }, + "aggregation": "all_true" +} + diff --git a/keystone-moon/examples/moon/policies/policy_super/perimeter.json b/keystone-moon/examples/moon/policies/policy_super/perimeter.json new file mode 100644 index 00000000..e0be02fa --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_super/perimeter.json @@ -0,0 +1,15 @@ +{ + "subjects": [ + "super_admin" + ], + "actions": [ + "read", + "write" + ], + "objects": [ + "templates", + "aggregation_algorithms", + "sub_meta_rule_algorithms", + "tenants" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_super/rule.json b/keystone-moon/examples/moon/policies/policy_super/rule.json new file mode 100644 index 00000000..234158bc --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_super/rule.json @@ -0,0 +1,12 @@ +{ + "rbac_rule":[ + ["admin" , "read", "templates"], + ["admin" , "read", "aggregation_algorithms"], + ["admin" , "read", "sub_meta_rule_algorithms"], + ["admin" , "read", "tenants"], + ["admin" , "write", "templates"], + ["admin" , "write", "aggregation_algorithms"], + ["admin" , "write", "sub_meta_rule_algorithms"], + ["admin" , "write", "tenants"] + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_super/scope.json b/keystone-moon/examples/moon/policies/policy_super/scope.json new file mode 100644 index 00000000..bac0b47a --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_super/scope.json @@ -0,0 +1,23 @@ +{ + "subject_scopes": { + "role": [ + "admin" + ] + }, + + "action_scopes": { + "action_id": [ + "read", + "write" + ] + }, + + "object_scopes": { + "object_id": [ + "templates", + "aggregation_algorithms", + "sub_meta_rule_algorithms", + "tenants" + ] + } +} |