diff options
author | RHE <rebirthmonkey@gmail.com> | 2017-12-28 15:19:05 +0100 |
---|---|---|
committer | RHE <rebirthmonkey@gmail.com> | 2017-12-28 15:19:05 +0100 |
commit | b7cf76d39eab9d292b8d58db4b0934557cad4509 (patch) | |
tree | 556b0e617b5921ad3779b7aed3b669bb475331c6 /moon_orchestrator/conf | |
parent | 9cf58823b4fa426816acfef81a562054d26afde8 (diff) |
moonv4.3 review
Change-Id: I0d137df21136292b58194def44ac5b32183368fc
Signed-off-by: RHE <rebirthmonkey@gmail.com>
Diffstat (limited to 'moon_orchestrator/conf')
40 files changed, 0 insertions, 1134 deletions
diff --git a/moon_orchestrator/conf/dockers/template.dockerfile b/moon_orchestrator/conf/dockers/template.dockerfile deleted file mode 100644 index 6bb8a0c6..00000000 --- a/moon_orchestrator/conf/dockers/template.dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Pull base image. -FROM ubuntu:latest - -{{ proxy }} - -RUN apt-get update && apt-get install python3.5 python3-pip -y - -ADD dist/moon_utilities-0.1.0.tar.gz /root -WORKDIR /root/moon_utilities-0.1.0 -RUN pip3 install pip --upgrade -RUN pip3 install --upgrade -r requirements.txt -RUN pip3 install --upgrade . - -ADD dist/moon_db-0.1.0.tar.gz /root -WORKDIR /root/moon_db-0.1.0 -RUN pip3 install --upgrade -r requirements.txt -RUN pip3 install --upgrade . - -{{ run }} - -{% for port in ports %} -EXPOSE {{ port }} -{% endfor %} - -CMD {{ cmd }} diff --git a/moon_orchestrator/conf/moon.conf b/moon_orchestrator/conf/moon.conf deleted file mode 100644 index 49086d48..00000000 --- a/moon_orchestrator/conf/moon.conf +++ /dev/null @@ -1,84 +0,0 @@ -database: - url: mysql+pymysql://moon:p4sswOrd1@db/moon - driver: sql - -messenger: - url: rabbit://moon:p4sswOrd1@messenger:5672/moon - -docker: - url: tcp://172.88.88.1:2376 - network: moon - -slave: - name: - master: - url: - login: - password: - -openstack: - keystone: - url: http://keystone:5000/v3 - user: admin - password: p4ssw0rd - domain: default - project: admin - check_token: false - certificate: false - -plugins: - authz: - container: wukongsun/moon_authz:v4.1 - session: - container: asteroide/session:latest - -components: - interface: - port: 8081 - hostname: interface - bind: 0.0.0.0 - container: wukongsun/moon_interface:v4.1 - router: - container: wukongsun/moon_router:v4.1 - hostname: router - manager: - container: wukongsun/moon_manager:v4.1 - hostname: manager - orchestrator: - container: wukongsun/moon_orchestrator:v4.1 - hostname: orchestrator - port_start: 38001 - -logging: - version: 1 - - formatters: - brief: - format: "%(levelname)s %(name)s %(message)-30s" - custom: - format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" - - handlers: - console: - class : logging.StreamHandler - formatter: brief - level : INFO - stream : ext://sys.stdout - file: - class : logging.handlers.RotatingFileHandler - formatter: custom - level : DEBUG - filename: /tmp/moon.log - maxBytes: 1048576 - backupCount: 3 - - loggers: - moon: - level: DEBUG - handlers: [console, file] - propagate: no - - root: - level: ERROR - handlers: [console] - diff --git a/moon_orchestrator/conf/plugins/authz.py b/moon_orchestrator/conf/plugins/authz.py deleted file mode 100644 index 4a1441c9..00000000 --- a/moon_orchestrator/conf/plugins/authz.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import time -import hashlib -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -# TODO (asteroide): select the right template folder -TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers") -# TODO (asteroide): add specific configuration options for that plugin - - -class AuthzFunction(DockerBase): - - id = "moon_authz_function" - __build = """RUN mkdir -p /etc/moon/ -COPY conf /etc/moon/ -ADD dist/{py_pkg}.tar.gz /root -WORKDIR /root/{py_pkg} -RUN pip3 install -r requirements.txt -RUN pip3 install . -""" - - def __init__(self, uuid, conf_file="", docker=None, network_config=None): - self.id = "authz_"+hashlib.sha224(uuid.encode("utf-8")).hexdigest() - super(AuthzFunction, self).__init__( - name="moon_authz", - run_cmd=["python3", "-m", "moon_authz", uuid], - conf_file=conf_file, - docker=docker, - network_config=network_config, - build_cmd=self.__build, - id=self.id, - tag="" - # tag=CONF.security_function.container - ) - # note(asteroide): time to let the new docker boot - time.sleep(3) - # self.get_status() - - def get_status(self): - return True - # transport = oslo_messaging.get_transport(CONF) - # target = oslo_messaging.Target(topic=self.id, version='1.0') - # client = oslo_messaging.RPCClient(transport, target) - # LOG.info("Calling Status on {}".format(self.id)) - # ret = client.call({"component_id": self.id}, 'get_status', args=None) - # LOG.info(ret) - # return ret - - -def run(uuid, conf_file="", docker=None, network_config=None): - return AuthzFunction(uuid, - conf_file=conf_file, - docker=docker, - network_config=network_config) diff --git a/moon_orchestrator/conf/plugins/session.py b/moon_orchestrator/conf/plugins/session.py deleted file mode 100644 index 6fa2cfe2..00000000 --- a/moon_orchestrator/conf/plugins/session.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import time -import hashlib -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -# TODO (asteroide): select the right template folder -TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers") -# TODO (asteroide): add specific configuration options for that plugin - - -class AuthzFunction(DockerBase): - - id = "moon_session_function" - __build = """RUN mkdir -p /etc/moon/ -COPY conf /etc/moon/ -ADD dist/{py_pkg}.tar.gz /root -WORKDIR /root/{py_pkg} -RUN pip3 install -r requirements.txt -RUN pip3 install . -""" - - def __init__(self, uuid, conf_file="", docker=None, network_config=None): - self.id = "session_"+hashlib.sha224(uuid.encode("utf-8")).hexdigest() - super(AuthzFunction, self).__init__( - name="moon_authz", - run_cmd=["python3", "-m", "moon_authz", uuid], - conf_file=conf_file, - docker=docker, - network_config=network_config, - build_cmd=self.__build, - id=self.id, - tag="" - # tag=CONF.security_function.container - ) - # note(asteroide): time to let the new docker boot - time.sleep(3) - # self.get_status() - - def get_status(self): - return True - # transport = oslo_messaging.get_transport(CONF) - # target = oslo_messaging.Target(topic=self.id, version='1.0') - # client = oslo_messaging.RPCClient(transport, target) - # LOG.info("Calling Status on {}".format(self.id)) - # ret = client.call({"component_id": self.id}, 'get_status', args=None) - # LOG.info(ret) - # return ret - - -def run(uuid, conf_file="", docker=None, network_config=None): - return AuthzFunction(uuid, - conf_file=conf_file, - docker=docker, - network_config=network_config) diff --git a/moon_orchestrator/conf/policies/policy_authz/assignment.json b/moon_orchestrator/conf/policies/policy_authz/assignment.json deleted file mode 100644 index 7a6c722e..00000000 --- a/moon_orchestrator/conf/policies/policy_authz/assignment.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "subject_assignments": { - "subject_security_level":{ - "admin": ["high"], - "demo": ["medium"] - }, - "domain":{ - "admin": ["ft"], - "demo": ["xx"] - }, - "role": { - "admin": ["admin"], - "demo": ["dev"] - } - }, - - "action_assignments": { - "resource_action":{ - "pause": ["vm_admin"], - "unpause": ["vm_admin"], - "start": ["vm_admin"], - "stop": ["vm_admin"], - "list": ["vm_access", "vm_admin"], - "create": ["vm_admin"], - "storage_list": ["storage_access"], - "download": ["storage_access"], - "post": ["storage_admin"], - "upload": ["storage_admin"] - }, - "access": { - "pause": ["write"], - "unpause": ["write"], - "start": ["write"], - "stop": ["write"], - "list": ["read"], - "create": ["write"], - "storage_list": ["read"], - "download": ["read"], - "post": ["write"], - "upload": ["write"] - } - }, - - "object_assignments": { - "object_security_level": { - "servers": ["low"] - }, - "type": { - "servers": ["computing"] - }, - "object_id": { - "servers": ["servers"] - } - } -} diff --git a/moon_orchestrator/conf/policies/policy_authz/metadata.json b/moon_orchestrator/conf/policies/policy_authz/metadata.json deleted file mode 100644 index 21a99eb2..00000000 --- a/moon_orchestrator/conf/policies/policy_authz/metadata.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "name": "Simple_Policy", - "genre": "authz", - "description": "Simple Security Policy", - "pdp_pipeline": ["authz:rbac_rule", "authz:mls_rule"], - - "subject_categories": [ - "subject_security_level", - "domain", - "role" - ], - - "action_categories": [ - "resource_action", - "access" - ], - - "object_categories": [ - "object_security_level", - "type", - "object_id" - ] -} diff --git a/moon_orchestrator/conf/policies/policy_authz/metarule.json b/moon_orchestrator/conf/policies/policy_authz/metarule.json deleted file mode 100644 index c9afd6c2..00000000 --- a/moon_orchestrator/conf/policies/policy_authz/metarule.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "sub_meta_rules": { - "mls_rule": { - "subject_categories": ["subject_security_level"], - "action_categories": ["resource_action"], - "object_categories": ["object_security_level"], - "algorithm": "inclusion" - }, - "dte_rule": { - "subject_categories": ["domain"], - "action_categories": ["access"], - "object_categories": ["type"], - "algorithm": "inclusion" - }, - "rbac_rule": { - "subject_categories": ["role", "domain"], - "action_categories": ["access"], - "object_categories": ["object_id"], - "algorithm": "inclusion" - } - }, - "aggregation": "all_true" -} - diff --git a/moon_orchestrator/conf/policies/policy_authz/perimeter.json b/moon_orchestrator/conf/policies/policy_authz/perimeter.json deleted file mode 100644 index 47a8ee45..00000000 --- a/moon_orchestrator/conf/policies/policy_authz/perimeter.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "subjects": [ - "admin", - "demo" - ], - "actions": [ - "pause", - "unpause", - "start", - "stop", - "create", - "list", - "upload", - "download", - "post", - "storage_list" - ], - "objects": [ - "servers" - ] -} diff --git a/moon_orchestrator/conf/policies/policy_authz/rule.json b/moon_orchestrator/conf/policies/policy_authz/rule.json deleted file mode 100644 index 25f9d93a..00000000 --- a/moon_orchestrator/conf/policies/policy_authz/rule.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "mls_rule":[ - ["high", "vm_admin", "medium"], - ["high", "vm_admin", "low"], - ["medium", "vm_admin", "low"], - ["high", "vm_access", "high"], - ["high", "vm_access", "medium"], - ["high", "vm_access", "low"], - ["medium", "vm_access", "medium"], - ["medium", "vm_access", "low"], - ["low", "vm_access", "low"] - ], - "dte_rule":[ - ["ft", "read", "computing"], - ["ft", "write", "computing"], - ["ft", "read", "storage"], - ["ft", "write", "storage"], - ["xx", "read", "storage"] - ], - "rbac_rule":[ - ["dev", "xx", "read", "servers"], - ["admin", "xx", "read", "servers"], - ["admin", "ft", "read", "servers"] - ] -} diff --git a/moon_orchestrator/conf/policies/policy_authz/scope.json b/moon_orchestrator/conf/policies/policy_authz/scope.json deleted file mode 100644 index 9b313daf..00000000 --- a/moon_orchestrator/conf/policies/policy_authz/scope.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "subject_scopes": { - "role": [ - "admin", - "dev" - ], - "subject_security_level": [ - "high", - "medium", - "low" - ], - "domain": [ - "ft", - "xx" - ] - }, - - "action_scopes": { - "resource_action": [ - "vm_admin", - "vm_access", - "storage_admin", - "storage_access" - ], - "access": [ - "write", - "read" - ] - }, - - "object_scopes": { - "object_security_level": [ - "high", - "medium", - "low" - ], - "type": [ - "computing", - "storage" - ], - "object_id": [ - "servers", - "vm1", - "vm2", - "file1", - "file2" - ] - } -} diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/assignment.json b/moon_orchestrator/conf/policies/policy_empty_admin/assignment.json deleted file mode 100644 index 24018a09..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_admin/assignment.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "subject_assignments": {}, - - "action_assignments": {}, - - "object_assignments": {} -} diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/metadata.json b/moon_orchestrator/conf/policies/policy_empty_admin/metadata.json deleted file mode 100644 index 3c9be2e5..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_admin/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "Empty_Policy", - "model": "", - "genre": "admin", - "description": "Empty Policy", - - "subject_categories": [], - - "action_categories": [], - - "object_categories": [] -} diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/metarule.json b/moon_orchestrator/conf/policies/policy_empty_admin/metarule.json deleted file mode 100644 index 7acd8848..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_admin/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "mls_rule": { - "subject_categories": [], - "action_categories": [], - "object_categories": [], - "algorithm": "" - } - }, - "aggregation": "" -} - diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json b/moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json deleted file mode 100644 index 54dbfc31..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "subjects": [], - "actions": [ - "read", - "write" - ], - "objects": [ - "authz.subjects", - "authz.objects", - "authz.actions", - "authz.subject_categories", - "authz.object_categories", - "authz.action_categories", - "authz.subject_scopes", - "authz.object_scopes", - "authz.action_scopes", - "authz.subject_assignments", - "authz.object_assignments", - "authz.action_assignments", - "authz.aggregation_algorithm", - "authz.sub_meta_rules", - "authz.rules", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_scopes", - "admin.object_scopes", - "admin.action_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] -} diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/rule.json b/moon_orchestrator/conf/policies/policy_empty_admin/rule.json deleted file mode 100644 index fe4fae5a..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_admin/rule.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mls_rule":[] -} diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/scope.json b/moon_orchestrator/conf/policies/policy_empty_admin/scope.json deleted file mode 100644 index 1efebe6f..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_admin/scope.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "subject_scopes": {}, - - "action_scopes": {}, - - "object_scopes": {} -} diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/assignment.json b/moon_orchestrator/conf/policies/policy_empty_authz/assignment.json deleted file mode 100644 index 24018a09..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_authz/assignment.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "subject_assignments": {}, - - "action_assignments": {}, - - "object_assignments": {} -} diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/metadata.json b/moon_orchestrator/conf/policies/policy_empty_authz/metadata.json deleted file mode 100644 index 4f300d78..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_authz/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "MLS_Policy", - "model": "MLS", - "genre": "authz", - "description": "Multi Level Security Policy", - - "subject_categories": [], - - "action_categories": [], - - "object_categories": [] -} diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/metarule.json b/moon_orchestrator/conf/policies/policy_empty_authz/metarule.json deleted file mode 100644 index 7acd8848..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_authz/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "mls_rule": { - "subject_categories": [], - "action_categories": [], - "object_categories": [], - "algorithm": "" - } - }, - "aggregation": "" -} - diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json b/moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json deleted file mode 100644 index 9da8a8c0..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "subjects": [], - "actions": [], - "objects": [] -} diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/rule.json b/moon_orchestrator/conf/policies/policy_empty_authz/rule.json deleted file mode 100644 index fe4fae5a..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_authz/rule.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mls_rule":[] -} diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/scope.json b/moon_orchestrator/conf/policies/policy_empty_authz/scope.json deleted file mode 100644 index 1efebe6f..00000000 --- a/moon_orchestrator/conf/policies/policy_empty_authz/scope.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "subject_scopes": {}, - - "action_scopes": {}, - - "object_scopes": {} -} diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/assignment.json b/moon_orchestrator/conf/policies/policy_mls_authz/assignment.json deleted file mode 100644 index 0712dfbc..00000000 --- a/moon_orchestrator/conf/policies/policy_mls_authz/assignment.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "subject_assignments": { - "subject_security_level":{ - "admin": ["high"], - "demo": ["medium"] - } - }, - - "action_assignments": { - "resource_action":{ - "pause": ["vm_admin"], - "unpause": ["vm_admin"], - "start": ["vm_admin"], - "stop": ["vm_admin"], - "list": ["vm_access", "vm_admin"], - "create": ["vm_admin"], - "storage_list": ["storage_access"], - "download": ["storage_access"], - "post": ["storage_admin"], - "upload": ["storage_admin"] - } - }, - - "object_assignments": { - "object_security_level": { - "servers": ["low"] - } - } -} diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/metadata.json b/moon_orchestrator/conf/policies/policy_mls_authz/metadata.json deleted file mode 100644 index c419c815..00000000 --- a/moon_orchestrator/conf/policies/policy_mls_authz/metadata.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "MLS_Policy", - "model": "MLS", - "genre": "authz", - "description": "Multi Level Security Policy", - - "subject_categories": [ - "subject_security_level" - ], - - "action_categories": [ - "resource_action" - ], - - "object_categories": [ - "object_security_level" - ] -} diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/metarule.json b/moon_orchestrator/conf/policies/policy_mls_authz/metarule.json deleted file mode 100644 index e068927c..00000000 --- a/moon_orchestrator/conf/policies/policy_mls_authz/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "mls_rule": { - "subject_categories": ["subject_security_level"], - "action_categories": ["resource_action"], - "object_categories": ["object_security_level"], - "algorithm": "inclusion" - } - }, - "aggregation": "all_true" -} - diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json b/moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json deleted file mode 100644 index 47a8ee45..00000000 --- a/moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "subjects": [ - "admin", - "demo" - ], - "actions": [ - "pause", - "unpause", - "start", - "stop", - "create", - "list", - "upload", - "download", - "post", - "storage_list" - ], - "objects": [ - "servers" - ] -} diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/rule.json b/moon_orchestrator/conf/policies/policy_mls_authz/rule.json deleted file mode 100644 index b17dc822..00000000 --- a/moon_orchestrator/conf/policies/policy_mls_authz/rule.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "mls_rule":[ - ["high", "vm_admin", "medium"], - ["high", "vm_admin", "low"], - ["medium", "vm_admin", "low"], - ["high", "vm_access", "medium"], - ["high", "vm_access", "low"], - ["medium", "vm_access", "low"], - ["high", "storage_admin", "medium"], - ["high", "storage_admin", "low"], - ["medium", "storage_admin", "low"], - ["high", "storage_access", "medium"], - ["high", "storage_access", "low"], - ["medium", "storage_access", "low"] - ] -} diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/scope.json b/moon_orchestrator/conf/policies/policy_mls_authz/scope.json deleted file mode 100644 index 6cc1c28e..00000000 --- a/moon_orchestrator/conf/policies/policy_mls_authz/scope.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "subject_scopes": { - "subject_security_level": [ - "high", - "medium", - "low" - ] - }, - - "action_scopes": { - "resource_action": [ - "vm_admin", - "vm_access", - "storage_admin", - "storage_access" - ] - }, - - "object_scopes": { - "object_security_level": [ - "high", - "medium", - "low" - ] - } -} diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json b/moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json deleted file mode 100644 index f2378333..00000000 --- a/moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "subject_assignments": { - "role": { - "admin": ["root_role"], - "demo": ["dev_role"] - } - }, - "action_assignments": { - "action_id": { - "read": ["read"], - "write": ["write"] - } - }, - "object_assignments": { - "object_id": { - "authz.subjects": ["authz.subjects"], - "authz.objects": ["authz.objects"], - "authz.actions": ["authz.actions"], - "authz.subject_categories": ["authz.subject_categories"], - "authz.object_categories": ["authz.object_categories"], - "authz.action_categories": ["authz.action_categories"], - "authz.subject_scopes": ["authz.subject_scopes"], - "authz.object_scopes": ["authz.object_scopes"], - "authz.action_scopes": ["authz.action_scopes"], - "authz.subject_assignments": ["authz.subject_assignments"], - "authz.object_assignments": ["authz.object_assignments"], - "authz.action_assignments": ["authz.action_assignments"], - "authz.aggregation_algorithm": ["authz.aggregation_algorithm"], - "authz.sub_meta_rules": ["authz.sub_meta_rules"], - "authz.rules": ["authz.rules"], - "admin.subjects": ["admin.subjects"], - "admin.objects": ["admin.objects"], - "admin.actions": ["admin.actions"], - "admin.subject_categories": ["admin.subject_categories"], - "admin.object_categories": ["admin.object_categories"], - "admin.action_categories": ["admin.action_categories"], - "admin.subject_scopes": ["admin.subject_scopes"], - "admin.object_scopes": ["admin.object_scopes"], - "admin.action_scopes": ["admin.action_scopes"], - "admin.subject_assignments": ["admin.subject_assignments"], - "admin.object_assignments": ["admin.object_assignments"], - "admin.action_assignments": ["admin.action_assignments"], - "admin.aggregation_algorithm": ["admin.aggregation_algorithm"], - "admin.sub_meta_rules": ["admin.sub_meta_rules"], - "admin.rules": ["admin.rules"] - } - } -} diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json b/moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json deleted file mode 100644 index 9ee8a11d..00000000 --- a/moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "RBAC Admin Policy", - "model": "RBAC", - "genre": "admin", - "description": "", - - "subject_categories": [ - "role" - ], - - "action_categories": [ - "action_id" - ], - - "object_categories": [ - "object_id" - ] -} diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json b/moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json deleted file mode 100644 index 86dbfad2..00000000 --- a/moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "rbac_rule": { - "subject_categories": ["role"], - "action_categories": ["action_id"], - "object_categories": ["object_id"], - "algorithm": "inclusion" - } - }, - "aggregation": "all_true" -} - diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json b/moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json deleted file mode 100644 index 1155533e..00000000 --- a/moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "subjects": [ - "admin", - "demo" - ], - "actions": [ - "read", - "write" - ], - "objects": [ - "authz.subjects", - "authz.objects", - "authz.actions", - "authz.subject_categories", - "authz.object_categories", - "authz.action_categories", - "authz.subject_scopes", - "authz.object_scopes", - "authz.action_scopes", - "authz.subject_assignments", - "authz.object_assignments", - "authz.action_assignments", - "authz.aggregation_algorithm", - "authz.sub_meta_rules", - "authz.rules", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_scopes", - "admin.object_scopes", - "admin.action_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] -} diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/rule.json b/moon_orchestrator/conf/policies/policy_rbac_admin/rule.json deleted file mode 100644 index c89ceff3..00000000 --- a/moon_orchestrator/conf/policies/policy_rbac_admin/rule.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "rbac_rule":[ - ["root_role" , "read", "authz.subjects"], - ["root_role" , "read", "authz.objects"], - ["root_role" , "read", "authz.actions"], - ["root_role" , "read", "authz.subject_categories"], - ["root_role" , "read", "authz.object_categories"], - ["root_role" , "read", "authz.action_categories"], - ["root_role" , "read", "authz.subject_scopes"], - ["root_role" , "read", "authz.object_scopes"], - ["root_role" , "read", "authz.action_scopes"], - ["root_role" , "read", "authz.subject_assignments"], - ["root_role" , "read", "authz.object_assignments"], - ["root_role" , "read", "authz.action_assignments"], - ["root_role" , "read", "authz.aggregation_algorithm"], - ["root_role" , "read", "authz.sub_meta_rules"], - ["root_role" , "read", "authz.rules"], - ["root_role" , "write", "authz.subjects"], - ["root_role" , "write", "authz.objects"], - ["root_role" , "write", "authz.actions"], - ["root_role" , "write", "authz.subject_categories"], - ["root_role" , "write", "authz.object_categories"], - ["root_role" , "write", "authz.action_categories"], - ["root_role" , "write", "authz.subject_scopes"], - ["root_role" , "write", "authz.object_scopes"], - ["root_role" , "write", "authz.action_scopes"], - ["root_role" , "write", "authz.subject_assignments"], - ["root_role" , "write", "authz.object_assignments"], - ["root_role" , "write", "authz.action_assignments"], - ["root_role" , "write", "authz.aggregation_algorithm"], - ["root_role" , "write", "authz.sub_meta_rules"], - ["root_role" , "write", "authz.rules"], - ["root_role" , "read", "admin.subjects"], - ["root_role" , "read", "admin.objects"], - ["root_role" , "read", "admin.actions"], - ["root_role" , "read", "admin.subject_categories"], - ["root_role" , "read", "admin.object_categories"], - ["root_role" , "read", "admin.action_categories"], - ["root_role" , "read", "admin.subject_scopes"], - ["root_role" , "read", "admin.object_scopes"], - ["root_role" , "read", "admin.action_scopes"], - ["root_role" , "read", "admin.subject_assignments"], - ["root_role" , "read", "admin.object_assignments"], - ["root_role" , "read", "admin.action_assignments"], - ["root_role" , "read", "admin.aggregation_algorithm"], - ["root_role" , "read", "admin.sub_meta_rules"], - ["root_role" , "read", "admin.rules"], - ["root_role" , "write", "admin.subjects"], - ["root_role" , "write", "admin.objects"], - ["root_role" , "write", "admin.actions"], - ["root_role" , "write", "admin.subject_categories"], - ["root_role" , "write", "admin.object_categories"], - ["root_role" , "write", "admin.action_categories"], - ["root_role" , "write", "admin.subject_scopes"], - ["root_role" , "write", "admin.object_scopes"], - ["root_role" , "write", "admin.action_scopes"], - ["root_role" , "write", "admin.subject_assignments"], - ["root_role" , "write", "admin.object_assignments"], - ["root_role" , "write", "admin.action_assignments"], - ["root_role" , "write", "admin.aggregation_algorithm"], - ["root_role" , "write", "admin.sub_meta_rules"], - ["root_role" , "write", "admin.rules"], - ["dev_role" , "read", "authz.subjects"], - ["dev_role" , "read", "authz.objects"], - ["dev_role" , "read", "authz.actions"], - ["dev_role" , "read", "authz.subject_categories"], - ["dev_role" , "read", "authz.object_categories"], - ["dev_role" , "read", "authz.action_categories"], - ["dev_role" , "read", "authz.subject_scopes"], - ["dev_role" , "read", "authz.object_scopes"], - ["dev_role" , "read", "authz.action_scopes"], - ["dev_role" , "read", "authz.subject_assignments"], - ["dev_role" , "read", "authz.object_assignments"], - ["dev_role" , "read", "authz.action_assignments"], - ["dev_role" , "read", "authz.aggregation_algorithm"], - ["dev_role" , "read", "authz.sub_meta_rules"], - ["dev_role" , "read", "authz.rules"], - ["dev_role" , "read", "admin.subjects"], - ["dev_role" , "read", "admin.objects"], - ["dev_role" , "read", "admin.actions"], - ["dev_role" , "read", "admin.subject_categories"], - ["dev_role" , "read", "admin.object_categories"], - ["dev_role" , "read", "admin.action_categories"], - ["dev_role" , "read", "admin.subject_scopes"], - ["dev_role" , "read", "admin.object_scopes"], - ["dev_role" , "read", "admin.action_scopes"], - ["dev_role" , "read", "admin.subject_assignments"], - ["dev_role" , "read", "admin.object_assignments"], - ["dev_role" , "read", "admin.action_assignments"], - ["dev_role" , "read", "admin.aggregation_algorithm"], - ["dev_role" , "read", "admin.sub_meta_rules"], - ["dev_role" , "read", "admin.rules"] - ] -} diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/scope.json b/moon_orchestrator/conf/policies/policy_rbac_admin/scope.json deleted file mode 100644 index 149056a6..00000000 --- a/moon_orchestrator/conf/policies/policy_rbac_admin/scope.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "subject_scopes": { - "role": [ - "root_role", - "dev_role" - ] - }, - "action_scopes": { - "action_id": [ - "read", - "write" - ] - }, - "object_scopes": { - "object_id": [ - "authz.subjects", - "authz.objects", - "authz.actions", - "authz.subject_categories", - "authz.object_categories", - "authz.action_categories", - "authz.subject_scopes", - "authz.object_scopes", - "authz.action_scopes", - "authz.subject_assignments", - "authz.object_assignments", - "authz.action_assignments", - "authz.aggregation_algorithm", - "authz.sub_meta_rules", - "authz.rules", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_scopes", - "admin.object_scopes", - "admin.action_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] - } -} diff --git a/moon_orchestrator/conf/policies/policy_root/assignment.json b/moon_orchestrator/conf/policies/policy_root/assignment.json deleted file mode 100644 index e849ae13..00000000 --- a/moon_orchestrator/conf/policies/policy_root/assignment.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "subject_assignments": { - "role": { - "admin": ["root_role"] - } - }, - - "action_assignments": { - "action_id": { - "read": ["read"], - "write": ["write"] - } - }, - - "object_assignments": { - "object_id": { - "templates": ["templates"], - "sub_meta_rule_algorithms": ["sub_meta_rule_algorithms"], - "aggregation_algorithms": ["aggregation_algorithms"], - "tenants": ["tenants"], - "intra_extensions": ["intra_extensions"], - "admin.subjects": ["admin.subjects"], - "admin.objects": ["admin.objects"], - "admin.actions": ["admin.actions"], - "admin.subject_categories": ["admin.subject_categories"], - "admin.object_categories": ["admin.object_categories"], - "admin.action_categories": ["admin.action_categories"], - "admin.subject_category_scopes": ["admin.subject_category_scopes"], - "admin.object_category_scopes": ["admin.object_category_scopes"], - "admin.action_category_scopes": ["admin.action_category_scopes"], - "admin.subject_assignments": ["admin.subject_assignments"], - "admin.object_assignments": ["admin.object_assignments"], - "admin.action_assignments": ["admin.action_assignments"], - "admin.aggregation_algorithm": ["admin.aggregation_algorithm"], - "admin.sub_meta_rules": ["admin.sub_meta_rules"], - "admin.rules": ["admin.rules"] - } - } -} diff --git a/moon_orchestrator/conf/policies/policy_root/metadata.json b/moon_orchestrator/conf/policies/policy_root/metadata.json deleted file mode 100644 index 9dd7a928..00000000 --- a/moon_orchestrator/conf/policies/policy_root/metadata.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "Root Policy", - "model": "RBAC", - "genre": "admin", - "description": "root extension", - "pdp_pipeline": ["authz:rbac_rule"], - - "subject_categories": [ - "role" - ], - - "action_categories": [ - "action_id" - ], - - "object_categories": [ - "object_id" - ] -} diff --git a/moon_orchestrator/conf/policies/policy_root/metarule.json b/moon_orchestrator/conf/policies/policy_root/metarule.json deleted file mode 100644 index 86dbfad2..00000000 --- a/moon_orchestrator/conf/policies/policy_root/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "rbac_rule": { - "subject_categories": ["role"], - "action_categories": ["action_id"], - "object_categories": ["object_id"], - "algorithm": "inclusion" - } - }, - "aggregation": "all_true" -} - diff --git a/moon_orchestrator/conf/policies/policy_root/perimeter.json b/moon_orchestrator/conf/policies/policy_root/perimeter.json deleted file mode 100644 index 788a27f2..00000000 --- a/moon_orchestrator/conf/policies/policy_root/perimeter.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "subjects": [ - "admin" - ], - "actions": [ - "read", - "write" - ], - "objects": [ - "templates", - "aggregation_algorithms", - "sub_meta_rule_algorithms", - "tenants", - "intra_extensions", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_category_scopes", - "admin.object_category_scopes", - "admin.action_category_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] -} diff --git a/moon_orchestrator/conf/policies/policy_root/rule.json b/moon_orchestrator/conf/policies/policy_root/rule.json deleted file mode 100644 index 9bbd5e4c..00000000 --- a/moon_orchestrator/conf/policies/policy_root/rule.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "rbac_rule":[ - ["root_role" , "read", "templates"], - ["root_role" , "read", "aggregation_algorithms"], - ["root_role" , "read", "sub_meta_rule_algorithms"], - ["root_role" , "read", "tenants"], - ["root_role" , "read", "intra_extensions"], - ["root_role" , "write", "templates"], - ["root_role" , "write", "aggregation_algorithms"], - ["root_role" , "write", "sub_meta_rule_algorithms"], - ["root_role" , "write", "tenants"], - ["root_role" , "write", "intra_extensions"], - ["root_role" , "read", "admin.subjects"], - ["root_role" , "read", "admin.objects"], - ["root_role" , "read", "admin.actions"], - ["root_role" , "read", "admin.subject_categories"], - ["root_role" , "read", "admin.object_categories"], - ["root_role" , "read", "admin.action_categories"], - ["root_role" , "read", "admin.subject_category_scopes"], - ["root_role" , "read", "admin.object_category_scopes"], - ["root_role" , "read", "admin.action_category_scopes"], - ["root_role" , "read", "admin.subject_assignments"], - ["root_role" , "read", "admin.object_assignments"], - ["root_role" , "read", "admin.action_assignments"], - ["root_role" , "read", "admin.aggregation_algorithm"], - ["root_role" , "read", "admin.sub_meta_rules"], - ["root_role" , "read", "admin.rules"], - ["root_role" , "write", "admin.subjects"], - ["root_role" , "write", "admin.objects"], - ["root_role" , "write", "admin.actions"], - ["root_role" , "write", "admin.subject_categories"], - ["root_role" , "write", "admin.object_categories"], - ["root_role" , "write", "admin.action_categories"], - ["root_role" , "write", "admin.subject_category_scopes"], - ["root_role" , "write", "admin.object_category_scopes"], - ["root_role" , "write", "admin.action_category_scopes"], - ["root_role" , "write", "admin.subject_assignments"], - ["root_role" , "write", "admin.object_assignments"], - ["root_role" , "write", "admin.action_assignments"], - ["root_role" , "write", "admin.aggregation_algorithm"], - ["root_role" , "write", "admin.sub_meta_rules"], - ["root_role" , "write", "admin.rules"] - ] -} diff --git a/moon_orchestrator/conf/policies/policy_root/scope.json b/moon_orchestrator/conf/policies/policy_root/scope.json deleted file mode 100644 index 43f9ced8..00000000 --- a/moon_orchestrator/conf/policies/policy_root/scope.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "subject_scopes": { - "role": [ - "root_role" - ] - }, - - "action_scopes": { - "action_id": [ - "read", - "write" - ] - }, - - "object_scopes": { - "object_id": [ - "templates", - "aggregation_algorithms", - "sub_meta_rule_algorithms", - "tenants", - "intra_extensions", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_category_scopes", - "admin.object_category_scopes", - "admin.action_category_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] - } -} |