diff options
| author |   Thomas Duval <thomas.duval@orange.com> | 2020-06-03 10:06:52 +0200 |
|---|---|---|
| committer | Thomas Duval <thomas.duval@orange.com> | 2020-06-03 10:06:52 +0200 |
| commit | 7bb53c64da2dcf88894bfd31503accdd81498f3d (patch) | |
| tree | 4310e12366818af27947b5e2c80cb162da93a4b5 /moon_engine/conf/policy_rbac_mls.json | |
| parent | cbea4e360e9bfaa9698cf7c61c83c96a1ba89b8c (diff) | |
Update to new version 5.4HEADstable/jermamaster
Signed-off-by: Thomas Duval <thomas.duval@orange.com>
Change-Id: Idcd868133d75928a1ffd74d749ce98503e0555ea
Diffstat (limited to 'moon_engine/conf/policy_rbac_mls.json')
| -rw-r--r-- | moon_engine/conf/policy_rbac_mls.json | 525 |
1 files changed, 525 insertions, 0 deletions
diff --git a/moon_engine/conf/policy_rbac_mls.json b/moon_engine/conf/policy_rbac_mls.json new file mode 100644 index 00000000..beb4e3ec --- /dev/null +++ b/moon_engine/conf/policy_rbac_mls.json @@ -0,0 +1,525 @@ +{ + "policies": [ + { + "name": "RBAC+MLS Policy", + "genre": "authz", + "description": "RBAC+MLS policy", + "model": { + "name": "RBACMLS" + }, + "mandatory": true, + "override": true + } + ], + "models": [ + { + "name": "RBACMLS", + "description": "", + "meta_rules": [ + { + "name": "rbac_mls" + } + ], + "override": true + } + ], + "subjects": [ + { + "name": "admin", + "description": "", + "extra": {}, + "policies": [ + { + "name": "RBAC+MLS Policy" + } + ] + }, + { + "name": "demo", + "description": "", + "extra": {}, + "policies": [ + { + "name": "RBAC+MLS Policy" + } + ] + } + ], + "subject_categories": [ + { + "name": "role", + "description": "role of a user" + }, + { + "name": "level", + "description": "subject level" + } + ], + "subject_data": [ + { + "name": "high", + "description": "", + "policies": [], + "category": { + "name": "level" + } + }, + { + "name": "admin", + "description": "", + "policies": [], + "category": { + "name": "role" + } + }, + { + "name": "member", + "description": "", + "policies": [], + "category": { + "name": "role" + } + }, + { + "name": "medium", + "description": "", + "policies": [], + "category": { + "name": "level" + } + }, + { + "name": "low", + "description": "", + "policies": [], + "category": { + "name": "level" + } + } + ], + "subject_assignments": [ + { + "subject": {"name": "admin"}, + "category": {"name": "role"}, + "assignments": [{"name": "admin"}] + }, + { + "subject": {"name": "demo"}, + "category": {"name": "role"}, + "assignments": [{"name": "member"}] + }, + { + "subject": {"name": "admin"}, + "category": {"name": "level"}, + "assignments": [{"name": "high"}] + }, + { + "subject": {"name": "demo"}, + "category": {"name": "level"}, + "assignments": [{"name": "low"}] + } + ], + "objects": [ + { + "name": "vm1", + "description": "", + "extra": {}, + "policies": [ + { + "name": "RBAC+MLS Policy" + } + ] + }, + { + "name": "vm2", + "description": "", + "extra": {}, + "policies": [ + { + "name": "RBAC+MLS Policy" + } + ] + }, + { + "name": "vm3", + "description": "", + "extra": {}, + "policies": [ + { + "name": "RBAC+MLS Policy" + } + ] + } + ], + "object_categories": [ + { + "name": "level", + "description": "object level" + } + ], + "object_data": [ + { + "name": "high", + "description": "", + "policies": [], + "category": { + "name": "level" + } + }, + { + "name": "medium", + "description": "", + "policies": [], + "category": { + "name": "level" + } + }, + { + "name": "low", + "description": "", + "policies": [], + "category": { + "name": "level" + } + } + ], + "object_assignments": [ + { + "object": {"name": "vm1"}, + "category": {"name": "level"}, + "assignments": [{"name": "high"}] + }, + { + "object": {"name": "vm2"}, + "category": {"name": "level"}, + "assignments": [{"name": "medium"}] + }, + { + "object": {"name": "vm3"}, + "category": {"name": "level"}, + "assignments": [{"name": "low"}] + } + ], + "actions": [ + { + "name": "use_image", + "description": "use_image action for glance", + "extra": { + "component": "glance" + }, + "policies": [] + }, + { + "name": "get_images", + "description": "get_images action for glance", + "extra": { + "component": "glance" + }, + "policies": [] + }, + { + "name": "update_image", + "description": "update_image action for glance", + "extra": { + "component": "glance" + }, + "policies": [] + }, + { + "name": "set_image", + "description": "set_image action for glance", + "extra": { + "component": "glance" + }, + "policies": [] + } + ], + "action_categories": [ + { + "name": "type", + "description": "" + } + ], + "action_data": [ + { + "name": "read", + "description": "read action", + "policies": [], + "category": { + "name": "type" + } + }, + { + "name": "write", + "description": "write action", + "policies": [], + "category": { + "name": "type" + } + }, + { + "name": "execute", + "description": "execute action", + "policies": [], + "category": { + "name": "type" + } + } + ], + "action_assignments": [ + { + "action": {"name": "use_image"}, + "category": {"name": "type"}, + "assignments": [{"name": "read"}, {"name": "execute"}] + }, + { + "action": {"name": "update_image"}, + "category": {"name": "type"}, + "assignments": [{"name": "read"}, {"name": "write"}] + }, + { + "action": {"name": "set_image"}, + "category": {"name": "type"}, + "assignments": [{"name": "write"}] + }, + { + "action": {"name": "get_images"}, + "category": {"name": "type"}, + "assignments": [{"name": "read"}] + } + ], + "meta_rules": [ + { + "name": "rbac_mls", + "description": "", + "subject_categories": [{"name": "role"}, {"name": "level"}], + "object_categories": [{"name": "level"}], + "action_categories": [{"name": "type"}] + } + ], + "rules": [ + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "high"}], + "object_data": [{"name": "high"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "high"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "high"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "medium"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "medium"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "low"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "high"}], + "object_data": [{"name": "high"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "high"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "high"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "medium"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "medium"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "low"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "high"}], + "object_data": [{"name": "high"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "high"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "high"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "medium"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "medium"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "rbac_mls"}, + "rule": { + "subject_data": [{"name": "admin"}, {"name": "low"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "RBAC+MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + } + ], + "checks": { + "granted": [ + ["admin", "vm1", "get_images"], + ["admin", "vm1", "set_image"], + ["admin", "vm1", "use_image"], + ["admin", "vm2", "get_images"], + ["admin", "vm2", "set_image"], + ["admin", "vm3", "get_images"], + ["demo", "vm1", "get_images"], + ["demo", "vm1", "set_image"], + ["demo", "vm2", "get_images"], + ["demo", "vm1", "get_images"] + ], + "denied": [ + ["admin", "vm2", "update_image"], + ["admin", "vm3", "set_image"], + ["admin", "vm3", "update_image"], + ["demo", "vm1", "update_image"], + ["demo", "vm2", "set_image"], + ["demo", "vm2", "update_image"], + ["demo", "vm3", "get_images"], + ["demo", "vm3", "set_image"], + ["demo", "vm3", "update_image"] + ] + } +}
\ No newline at end of file |