diff options
author | asteroide <thomas.duval@orange.com> | 2017-05-15 14:19:43 +0200 |
---|---|---|
committer | asteroide <thomas.duval@orange.com> | 2017-05-15 14:19:43 +0200 |
commit | 019b10d95976bb80bcce60ee93099b0fd57fcab5 (patch) | |
tree | 9e2b5c68dd8dadfc97346b77bf5549edbdf2c57a /moonv4/moon_interface/moon_interface/api | |
parent | 80ca346a4cb183a6a1e684f6d8a9e19e3fc55d0e (diff) |
Update Moon engine to allow a session policy
Change-Id: I63a80597710f08a6641e159cc2306d3cc68b1240
Diffstat (limited to 'moonv4/moon_interface/moon_interface/api')
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/rules.py | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/moonv4/moon_interface/moon_interface/api/rules.py b/moonv4/moon_interface/moon_interface/api/rules.py index 81639a37..7757d275 100644 --- a/moonv4/moon_interface/moon_interface/api/rules.py +++ b/moonv4/moon_interface/moon_interface/api/rules.py @@ -62,13 +62,34 @@ class Rules(Resource): :request body: post = { "meta_rule_id": "meta_rule_id1", "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], + "instructions": ( + {"decision": "grant"}, + ) "enabled": True } :return: { "rules": [ "meta_rule_id": "meta_rule_id1", - "rule_id1": ["subject_data_id1", "object_data_id1", "action_data_id1"], - "rule_id2": ["subject_data_id2", "object_data_id2", "action_data_id2"], + "rule_id1": { + "rule": ["subject_data_id1", "object_data_id1", "action_data_id1"], + "instructions": ( + {"decision": "grant"}, # "grant" to immediately exit, + # "continue" to wait for the result of next policy + # "deny" to deny the request + ) + } + "rule_id2": { + "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], + "instructions": ( + { + "update": { + "operation": "add", # operations may be "add" or "delete" + "target": "rbac:role:admin" # add the role admin to the current user + } + }, + {"chain": {"name": "rbac"}} # chain with the policy named rbac + ) + } ] } :internal_api: add_rule |