aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_interface/moon_interface/api
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2017-05-15 14:19:43 +0200
committerasteroide <thomas.duval@orange.com>2017-05-15 14:19:43 +0200
commit019b10d95976bb80bcce60ee93099b0fd57fcab5 (patch)
tree9e2b5c68dd8dadfc97346b77bf5549edbdf2c57a /moonv4/moon_interface/moon_interface/api
parent80ca346a4cb183a6a1e684f6d8a9e19e3fc55d0e (diff)
Update Moon engine to allow a session policy
Change-Id: I63a80597710f08a6641e159cc2306d3cc68b1240
Diffstat (limited to 'moonv4/moon_interface/moon_interface/api')
-rw-r--r--moonv4/moon_interface/moon_interface/api/rules.py25
1 files changed, 23 insertions, 2 deletions
diff --git a/moonv4/moon_interface/moon_interface/api/rules.py b/moonv4/moon_interface/moon_interface/api/rules.py
index 81639a37..7757d275 100644
--- a/moonv4/moon_interface/moon_interface/api/rules.py
+++ b/moonv4/moon_interface/moon_interface/api/rules.py
@@ -62,13 +62,34 @@ class Rules(Resource):
:request body: post = {
"meta_rule_id": "meta_rule_id1",
"rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "instructions": (
+ {"decision": "grant"},
+ )
"enabled": True
}
:return: {
"rules": [
"meta_rule_id": "meta_rule_id1",
- "rule_id1": ["subject_data_id1", "object_data_id1", "action_data_id1"],
- "rule_id2": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "rule_id1": {
+ "rule": ["subject_data_id1", "object_data_id1", "action_data_id1"],
+ "instructions": (
+ {"decision": "grant"}, # "grant" to immediately exit,
+ # "continue" to wait for the result of next policy
+ # "deny" to deny the request
+ )
+ }
+ "rule_id2": {
+ "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "instructions": (
+ {
+ "update": {
+ "operation": "add", # operations may be "add" or "delete"
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the policy named rbac
+ )
+ }
]
}
:internal_api: add_rule