diff options
-rw-r--r-- | keystone-moon/doc/source/extensions/moon/moon_api.rst | 964 |
1 files changed, 590 insertions, 374 deletions
diff --git a/keystone-moon/doc/source/extensions/moon/moon_api.rst b/keystone-moon/doc/source/extensions/moon/moon_api.rst index 1f7ad10b..f2546d4d 100644 --- a/keystone-moon/doc/source/extensions/moon/moon_api.rst +++ b/keystone-moon/doc/source/extensions/moon/moon_api.rst @@ -3,626 +3,842 @@ Moon API Here are Moon API with some examples of posted data and returned data. -Intra-Extension API -------------------- +All requests must be prefexied by /v3/OS-MOON. Authz -~~~~~ +----- -* ``GET /OS-MOON/authz/{tenant_id}/{subject_id}/{object_id}/{action_id}`` +**GET /authz/{tenant_id}/{subject_k_id}/{object_name}/{action_name}** + Authorization API. .. code-block:: json return = { - "authz": "OK/KO/OutOfScope", - "tenant_id": "tenant_id", - "subject_id": "subject_id", - "object_id": "object_id", - "action_id": "action_id" - } + "authz": "True or False" + } -Intra_Extension -~~~~~~~~~~~~~~~ -* ``GET /OS-MOON/authz_policies`` +Intra-Extension API +------------------- + +Configuration +~~~~~~~~~~~~~ + +**GET /configuration/templates** + + List all policy templates. .. code-block:: json return = { - "authz_policies": ["policy_name1", "policy_name2"] - } + "template_id": { + "name": "name of the template", + "description": "description of the template", + } + } + -* ``GET /OS-MOON/intra_extensions`` +**GET /configuration/aggregation_algorithms** + + List all aggregation algorithms. .. code-block:: json return = { - "intra_extensions": ["ie_uuid1", "ie_uuid2"] - } + "algorithm_id": { + "name": "name of the algorithm", + "description": "description of the algorithm", + } + } + + +**GET /configuration/sub_meta_rule_algorithms** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}`` + List all sub meta rule algorithms. .. code-block:: json return = { - "intra_extensions": { - "id": "uuid1", - "description": "", - "tenant": "tenant_uuid", - "model": "", - "genre": "", - "authz": {}, - "admin": {} - } - } + "algorithm_id": { + "name": "name of the algorithm", + "description": "description of the algorithm", + } + } -* ``POST /OS-MOON/intra_extensions`` + +Tenants +~~~~~~~ + +**GET /tenants** + + List all tenants. .. code-block:: json - post = { - "name" : "", - "policymodel": "", - "description": "" - } return = { - "id": "uuid1", - "description": "", - "tenant": "tenant_uuid", - "model": "", - "genre": "", - "authz": {}, - "admin": {} - } + "tenant_id": { + "name": "name of the tenant", + "description": "description of the tenant", + "intra_authz_extension_id": "id of the intra extension authz", + "intra_admin_extension_id": "id of the intra extension authz" + } + } -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}`` -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/tenant`` +**POST /tenants** + + Add a tenant. .. code-block:: json + post = { + "tenant_name": "name of the tenant", + "tenant_description": "description of the tenant", + "tenant_intra_authz_extension_id": "id of the intra extension authz", + "tenant_intra_admin_extension_id": "id of the intra extension admin" + } return = { - "tenant": "tenant_id" - } + "tenant_id": { + "name": "name of the tenant", + "description": "description of the tenant", + "intra_authz_extension_id": "id of the intra extension authz", + "intra_admin_extension_id": "id of the intra extension authz" + } + } + + +**POST /tenants/{tenant_id}** -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/tenant`` + Show information of one tenant. .. code-block:: json - post = { - "tenant_id": "tenant_id" - } return = { - "tenant": "tenant_id" - } + "tenant_id": { + "name": "name of the tenant", + "description": "description of the tenant", + "intra_authz_extension_id": "id of the intra extension authz", + "intra_admin_extension_id": "id of the intra extension authz" + } + } -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/tenant/{tenant_id}`` -Perimeter -~~~~~~~~~ +**POST /tenants/{tenant_id}** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subjects`` + Modify a tenant. .. code-block:: json + post = { + "tenant_name": "name of the tenant", + "tenant_description": "description of the tenant", + "tenant_intra_authz_extension_id": "id of the intra extension authz", + "tenant_intra_admin_extension_id": "id of the intra extension admin" + } return = { - "subjects": ["sub_uuid1", "sub_uuid2"] - } + "tenant_id": { + "name": "name of the tenant", + "description": "description of the tenant", + "intra_authz_extension_id": "id of the intra extension authz", + "intra_admin_extension_id": "id of the intra extension authz" + } + } -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subjects`` + +**DELETE /tenants/{tenant_id}** + + Delete a tenant. .. code-block:: json - post = { - "subject_id" : "" - } - return = { - "subjects": ["sub_uuid1", "sub_uuid2"] - } + return = {} + -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject/{subject_id}`` +Intra-Extension +~~~~~~~~~~~~~~~ -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/objects`` +**GET /intra_extensions/init** + + Initialize the root Intra_Extension (if needed). .. code-block:: json - return = { - "objects": ["obj_uuid1", "obj_uuid2"] - } + return = {} -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/objects`` + +**GET /intra_extensions** + + List all Intra_Extensions. .. code-block:: json - post = { - "object_id" : "" - } return = { - "objects": ["obj_uuid1", "obj_uuid2"] - } + "intra_extension_id": { + "name": "name of the intra extension", + "model": "model of the intra extension" + } + } + -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object/{object_id}`` +**POST /intra_extensions** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/actions`` + Create a new Intra_Extension. .. code-block:: json - return = { - "actions": ["act_uuid1", "act_uuid2"] - } + post = { + "intra_extension_name": "name of the intra extension", + "intra_extension_model": "model of the intra extension (taken from /configuration/templates)", + "intra_extension_description": "description of the intra extension", + + } + return = {} -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/actions`` + +**GET /intra_extensions/{intra_extension_id}/** + + Show details about one Intra_Extension. .. code-block:: json - post = { - "action_id" : "" - } return = { - "actions": ["act_uuid1", "act_uuid2"] - } + "id": "intra_extension_id", + "name": "name of the intra extension", + "model": "model of the intra extension", + "genre": "genre of the intra extension", + "description": "model of the intra extension" + } -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/actions/{action_id}`` -Assignment -~~~~~~~~~~ +**DELETE /intra_extensions/{intra_extension_id}/** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments`` + Delete an Intra_Extension. .. code-block:: json - return = { - "subject_assignments": { - "subject_security_level":{ - "user1": ["low"], - "user2": ["medium"], - "user3": ["high"] - } - } + return = {} + + +Intra-Extension Subjects +~~~~~~~~~~~~~~~~~~~~~~~~ -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments`` +**GET /intra_extensions/{intra_extension_id}/subjects** + + List all subjects. .. code-block:: json - post = { - "subject_id" : "", - "subject_category_id" : "", - "subject_category_scope_id" : "" - } return = { - "subject_assignments": { - "subject_security_level":{ - "user1": ["low"], - "user2": ["medium"], - "user3": ["high"] - } - } + "subject_id": { + "name": "name of the subject", + "keystone_id": "keystone id of the subject" + } + } + -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments/{subject_category}/{subject_id}/{subject_scope}`` +**POST /intra_extensions/{intra_extension_id}/subjects** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments`` + List all subjects. .. code-block:: json + post = { + "subject_name": "name of the subject", + "subject_description": "description of the subject", + "subject_password": "password for the subject", + "subject_email": "email address of the subject" + } return = { - "object_assignments": { - "object_security_level":{ - "vm1": ["low"], - "vm2": ["medium"], - "vm3": ["high"] - } - } + "subject_id": { + "name": "name of the subject", + "keystone_id": "keystone id of the subject" + } + } + -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments`` +**DELETE /intra_extensions/{intra_extension_id}/subjects/{subject_id}** + + Delete a subject. .. code-block:: json - post = { - "object_id" : "", - "object_category_id" : "", - "object_category_scope_id" : "" - } - return = { - "object_assignments": { - "object_security_level":{ - "vm1": ["low"], - "vm2": ["medium"], - "vm3": ["high"] - } - } + return = {} -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments/{object_category}/{object_id}/{object_scope}`` -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments`` +**GET /intra_extensions/{intra_extension_id}/subject_categories** + + List all subject categories. .. code-block:: json return = { - "action_assignments": { - "computing_action":{ - "pause": ["vm_admin"], - "unpause": ["vm_admin"], - "start": ["vm_admin"], - "stop": ["vm_admin"] - } - } + "subject_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } + -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments`` +**POST /intra_extensions/{intra_extension_id}/subject_categories** + + Add a new subject category. .. code-block:: json - post = { - "action_id" : "", - "action_category_id" : "", - "action_category_scope_id" : "" - } + post = { + "subject_category_name": "name of the category", + "subject_category_description": "description of the category" + } return = { - "action_assignments": { - "computing_action":{ - "pause": ["vm_admin"], - "unpause": ["vm_admin"], - "start": ["vm_admin"], - "stop": ["vm_admin"] - } - } + "subject_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments/{action_category}/{action_id}/{action_scope}`` -Metadata -~~~~~~~~ +**DELETE /intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories`` + Delete a subject category. .. code-block:: json - return = { - "subject_categories": [ "subject_security_level" ] - } + return = {} -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories`` + +**GET /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}** + + List all subject scopes for a specific subject category. .. code-block:: json - post = { - "subject_category_id" : "" - } return = { - "subject_categories": [ "subject_security_level" ] - } + "subject_scope_id": { + "name": "name of the scope", + "description": "description of the scope" + } + } + -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories/{subject_category_id}`` +**POST /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories`` + Add a new subject scope for a specific subject category. .. code-block:: json + post = { + "subject_scope_name": "name of the scope", + "subject_scope_description": "description of the scope" + } return = { - "object_categories": [ "object_security_level" ] - } + "subject_scope_id": { + "name": "name of the scope", + "description": "description of the scope" + } + } -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories`` + +**DELETE /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}** + + Delete a subject scope. .. code-block:: json - post = { - "object_category_id" : "" - } - return = { - "object_categories": [ "object_security_level" ] - } + return = {} + -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories/{object_category_id}`` +**GET /intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories`` + List all subject assignments for a subject and for a subject category. .. code-block:: json - return = { - "action_categories": [ "computing_action" ] - } + return = [ + "subject_assignment_id1", "subject_assignment_id2" + ] -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories`` +**POST /intra_extensions/{intra_extension_id}/subject_assignments** + + Add an assignment. .. code-block:: json - post = { - "action_category_id" : "" - } - return = { - "action_categories": [ "computing_action" ] - } + post = { + "subject_id": "id of the subject", + "subject_category_id": "id of the category", + "subject_scope_id": "id of the scope" + } + return = [ + "subject_assignment_id1", "subject_assignment_id2" + ] -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories/{action_category_id}`` -Scope -~~~~~ +**DELETE /intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}/{subject_scope_id}** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope`` + Delete a subject assignment. .. code-block:: json - return = { - "subject_security_level": [ "high", "medium", "low" ] - } + return = {} + + +Intra-Extension Objects +~~~~~~~~~~~~~~~~~~~~~~~ -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope`` +**GET /intra_extensions/{intra_extension_id}/objects** + + List all objects. .. code-block:: json - post = { - "subject_category_id" : "", - "subject_category_scope_id" : "" - } return = { - "subject_security_level": [ "high", "medium", "low" ] - } + "object_id": { + "name": "name of the object", + "keystone_id": "keystone id of the object" + } + } + -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope/{subject_category}/{subject_scope}`` +**POST /intra_extensions/{intra_extension_id}/objects** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope`` + List all objects. .. code-block:: json + post = { + "object_name": "name of the object", + "object_description": "description of the object" + } return = { - "object_security_level": [ "high", "medium", "low" ] - } + "object_id": { + "name": "name of the object", + "keystone_id": "keystone id of the object" + } + } + + +**DELETE /intra_extensions/{intra_extension_id}/objects/{object_id}** + + Delete a object. -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope`` +.. code-block:: json + + return = {} + + +**GET /intra_extensions/{intra_extension_id}/object_categories** + + List all object categories. .. code-block:: json - post = { - "object_category_id" : "", - "object_category_scope_id" : "" - } return = { - "object_security_level": [ "high", "medium", "low" ] - } + "object_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope/{object_category}/{object_scope}`` -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope`` +**POST /intra_extensions/{intra_extension_id}/object_categories** + + Add a new object category. .. code-block:: json + post = { + "object_category_name": "name of the category", + "object_category_description": "description of the category" + } return = { - "computing_action": [ "vm_admin", "vm_access" ] - } + "object_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } + + +**DELETE /intra_extensions/{intra_extension_id}/object_categories/{object_category_id}** -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope`` + Delete a object category. + +.. code-block:: json + + return = {} + + +**GET /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}** + + List all object scopes for a specific object category. .. code-block:: json - post = { - "action_id" : "", - "action_category_id" : "", - "action_category_scope_id" : "" - } return = { - "computing_action": [ "vm_admin", "vm_access" ] - } + "object_scope_id": { + "name": "name of the scope", + "description": "description of the scope" + } + } -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope/{action_category}/{action_scope}`` -Metarule -~~~~~~~~ +**POST /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithms`` + Add a new object scope for a specific object category. .. code-block:: json + post = { + "object_scope_name": "name of the scope", + "object_scope_description": "description of the scope" + } return = { - "aggregation_algorithms": [ "and_true_aggregation", "..."] - } + "object_scope_id": { + "name": "name of the scope", + "description": "description of the scope" + } + } + + +**DELETE /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}** + + Delete a object scope. + +.. code-block:: json + + return = {} -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithm`` + +**GET /intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}** + + List all object assignments for a object and for a object category. + +.. code-block:: json + + return = [ + "object_assignment_id1", "object_assignment_id2" + ] + + +**POST /intra_extensions/{intra_extension_id}/object_assignments** + + Add an assignment. + +.. code-block:: json + + post = { + "object_id": "id of the object", + "object_category_id": "id of the category", + "object_scope_id": "id of the scope" + } + return = [ + "object_assignment_id1", "object_assignment_id2" + ] + + +**DELETE /intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}/{object_scope_id}** + + Delete a object assignment. + +.. code-block:: json + + return = {} + + +Intra-Extension Actions +~~~~~~~~~~~~~~~~~~~~~~~ + +**GET /intra_extensions/{intra_extension_id}/actions** + + List all actions. .. code-block:: json return = { - "aggregation_algorithm": "and_true_aggregation" - } + "action_id": { + "name": "name of the action", + "keystone_id": "keystone id of the action" + } + } + + +**POST /intra_extensions/{intra_extension_id}/actions** -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithm`` + List all actions. .. code-block:: json - post = { - "aggregation": "and_true_aggregation" - } + post = { + "action_name": "name of the action", + "action_description": "description of the action", + "action_password": "password for the action", + "action_email": "email address of the action" + } return = { - "aggregation_algorithm": "and_true_aggregation" - } + "action_id": { + "name": "name of the action", + "keystone_id": "keystone id of the action" + } + } -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule`` + +**DELETE /intra_extensions/{intra_extension_id}/actions/{action_id}** + + Delete a action. + +.. code-block:: json + + return = {} + + +**GET /intra_extensions/{intra_extension_id}/action_categories** + + List all action categories. .. code-block:: json return = { - "sub_meta_rule": { - "subject_categories": ["role"], - "action_categories": ["ie_action"], - "object_categories": ["id"], - "relation": "relation_super" - } - } + "action_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule`` + +**POST /intra_extensions/{intra_extension_id}/action_categories** + + Add a new action category. .. code-block:: json - post = { - "relation_super": { - "subject_categories": ["role"], - "action_categories": ["ie_action"], - "object_categories": ["id"], - } - } + post = { + "action_category_name": "name of the category", + "action_category_description": "description of the category" + } return = { - "sub_meta_rule": { - "subject_categories": ["role"], - "action_categories": ["ie_action"], - "object_categories": ["id"], - "relation": "relation_super" - } - } + "action_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } + -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule_relations`` +**DELETE /intra_extensions/{intra_extension_id}/action_categories/{action_category_id}** + + Delete a action category. + +.. code-block:: json + + return = {} + + +**GET /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}** + + List all action scopes for a specific action category. .. code-block:: json return = { - "sub_meta_rule_relations": ["relation_super", ] - } + "action_scope_id": { + "name": "name of the scope", + "description": "description of the scope" + } + } + -Rules -~~~~~ +**POST /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}** -* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules`` + Add a new action scope for a specific action category. .. code-block:: json + post = { + "action_scope_name": "name of the scope", + "action_scope_description": "description of the scope" + } return = { - "sub_rules": { - "relation_super": [ - ["high", "vm_admin", "medium"], - ["high", "vm_admin", "low"], - ["medium", "vm_admin", "low"], - ["high", "vm_access", "high"], - ["high", "vm_access", "medium"], - ["high", "vm_access", "low"], - ["medium", "vm_access", "medium"], - ["medium", "vm_access", "low"], - ["low", "vm_access", "low"] - ] - } - } + "action_scope_id": { + "name": "name of the scope", + "description": "description of the scope" + } + } + + +**DELETE /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}** -* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules`` + Delete a action scope. .. code-block:: json - post = { - "rules": ["admin", "vm_admin", "servers"], - "relation": "relation_super" - } + return = {} + + +**GET /intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}** + + List all action assignments for a action and for a action category. + +.. code-block:: json + + return = [ + "action_assignment_id1", "action_assignment_id2" + ] + + +**POST /intra_extensions/{intra_extension_id}/action_assignments** + + Add an assignment. + +.. code-block:: json -* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules/{relation_name}/{rule}`` + post = { + "action_id": "id of the action", + "action_category_id": "id of the category", + "action_scope_id": "id of the scope" + } + return = [ + "action_assignment_id1", "action_assignment_id2" + ] -Tenant mapping API ------------------- +**DELETE /intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}/{action_scope_id}** -* ``GET /OS-MOON/tenants`` + Delete a action assignment. + +.. code-block:: json + + return = {} + + +Intra-Extension Rules +~~~~~~~~~~~~~~~~~~~~~ + +**GET /intra_extensions/{intra_extension_id}/aggregation_algorithm** + + List aggregation algorithm for an intra extension. .. code-block:: json return = { - "tenant": { - "uuid1": { - "name": "tenant1", - "authz": "intra_extension_uuid1", - "admin": "intra_extension_uuid2" - }, - "uuid2": { - "name": "tenant2", - "authz": "intra_extension_uuid1", - "admin": "intra_extension_uuid2" - } - } - } + "aggregation_algorithm_id": { + "name": "name of the aggregation algorithm", + "description": "description of the aggregation algorithm" + } + } + -* ``GET /OS-MOON/tenant/{tenant_uuid}`` +**POST /intra_extensions/{intra_extension_id}/aggregation_algorithm** + + Set the current aggregation algorithm for an intra extension. .. code-block:: json + post = { + "aggregation_algorithm_id": "id of the aggregation algorithm", + "aggregation_algorithm_description": "description of the aggregation algorithm" + } return = { - "tenant": { - "uuid": { - "name": "tenant1", - "authz": "intra_extension_uuid1", - "admin": "intra_extension_uuid2" - } - } - } + "aggregation_algorithm_id": { + "name": "name of the aggregation algorithm", + "description": "description of the aggregation algorithm" + } + } + -* ``POST /OS-MOON/tenant`` +**GET /intra_extensions/{intra_extension_id}/sub_meta_rules** + + Show the current sub meta rules. .. code-block:: json - post = { - "id": "uuid", - "name": "tenant1", - "authz": "intra_extension_uuid1", - "admin": "intra_extension_uuid2" - } return = { - "tenant": { - "uuid": { - "name": "tenant1", - "authz": "intra_extension_uuid1", - "admin": "intra_extension_uuid2" - } - } - } + "sub_meta_rule_id": { + "name": "name of the aggregation algorithm", + "algorithm": "algorithm of the aggregation algorithm", + "subject_categories": ["subject_category_id1", "subject_category_id2"], + "object_categories": ["object_category_id1", "object_category_id2"], + "action_categories": ["action_category_id1", "action_category_id2"] + } + } -* ``DELETE /OS-MOON/tenant/{tenant_uuid}/{intra_extension_uuid}`` .. code-block:: json return = {} -Logs API --------- -* ``GET /OS-MOON/logs`` +**GET /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}** + + Set the current sub meta rule. + +.. code-block:: json + + post = { + "sub_meta_rule_name": "name of the sub meta rule", + "sub_meta_rule_algorithm": "name of the sub meta rule algorithm", + "sub_meta_rule_subject_categories": ["subject_category_id1", "subject_category_id2"], + "sub_meta_rule_object_categories": ["object_category_id1", "object_category_id2"], + "sub_meta_rule_action_categories": ["action_category_id1", "action_category_id2"] + } + return = {} + -InterExtension API ------------------- +**GET /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}** -* ``GET /OS-MOON/inter_extensions`` + List all rules. .. code-block:: json return = { - "inter_extensions": ["ie_uuid1", "ie_uuid2"] - } + "rule_id1": ["subject_scope_id1", "object_scope_id1", "action_scope_id1"], + "rule_id2": ["subject_scope_id2", "object_scope_id2", "action_scope_id2"] + } + + +**POST /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}** -* ``GET /OS-MOON/inter_extensions/{inter_extensions_id}`` + Add a new rule. .. code-block:: json - return = { - "inter_extensions": { - "id": "uuid1", - "description": "", - "requesting_intra_extension_uuid": "uuid1", - "requested_intra_extension_uuid": "uuid2", - "genre": "trust_OR_coordinate", - "virtual_entity_uuid": "ve_uuid1" - } - } + post = { + "subject_categories": ["subject_scope_id1"], + "object_categories": ["object_scope_id1"], + "action_categories": ["action_scope_id1"], + "enabled": True + } + return = {} + -* ``POST /OS-MOON/inter_extensions`` +**DELETE /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}** + + Delete a rule. .. code-block:: json - post = { - "description": "", - "requesting_intra_extension_uuid": uuid1, - "requested_intra_extension_uuid": uuid2, - "genre": "trust_OR_coordinate", - "virtual_entity_uuid": "ve_uuid1" - } - return = { - "id": "uuid1", - "description": "", - "requesting_intra_extension_uuid": uuid1, - "requested_intra_extension_uuid": uuid2, - "genre": "trust_OR_coordinate", - "virtual_entity_uuid": "ve_uuid1" - } + return = {} + + +Logs +~~~~ + +**GET /logs/{options}** + + List all logs. + Options can be: + + * ``filter=<filter_characters>`` + * ``from=<show logs from this date>`` + * ``to=<show logs to this date>`` + * ``event_number=<get n logs>`` + + Time format is '%Y-%m-%d-%H:%M:%S' (eg. "2015-04-15-13:45:20") + +.. code-block:: json -* ``DELETE /OS-MOON/inter_extensions/{inter_extensions_id}`` + return = [ + "2015-04-15-13:45:20 ...", + "2015-04-15-13:45:21 ...", + "2015-04-15-13:45:22 ...", + "2015-04-15-13:45:23 ..." + ] |