diff options
-rw-r--r-- | moon_manager/moon_manager/api/assignments.py | 44 | ||||
-rw-r--r-- | moon_manager/moon_manager/api/data.py | 34 | ||||
-rw-r--r-- | moon_manager/moon_manager/api/meta_data.py | 6 | ||||
-rw-r--r-- | moon_manager/moon_manager/api/meta_rules.py | 21 | ||||
-rw-r--r-- | moon_manager/moon_manager/api/models.py | 14 | ||||
-rw-r--r-- | moon_manager/moon_manager/api/pdp.py | 20 | ||||
-rw-r--r-- | moon_manager/moon_manager/api/perimeter.py | 24 | ||||
-rw-r--r-- | moon_manager/moon_manager/api/policies.py | 38 | ||||
-rw-r--r-- | moon_manager/moon_manager/api/rules.py | 8 |
9 files changed, 101 insertions, 108 deletions
diff --git a/moon_manager/moon_manager/api/assignments.py b/moon_manager/moon_manager/api/assignments.py index 0b2cd20b..a090aa63 100644 --- a/moon_manager/moon_manager/api/assignments.py +++ b/moon_manager/moon_manager/api/assignments.py @@ -32,14 +32,14 @@ class SubjectAssignments(Resource): ) @check_auth - def get(self, uuid=None, perimeter_id=None, category_id=None, + def get(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Retrieve all subject assignments or a specific one for a given policy :param uuid: uuid of the policy :param perimeter_id: uuid of the subject :param category_id: uuid of the subject category - :param data_id: uuid of the subject scope + :param data_id: uuid of the subject scope (not used here) :param user_id: user ID who do the request :return: { "subject_data_id": { @@ -62,7 +62,7 @@ class SubjectAssignments(Resource): return {"subject_assignments": data} @check_auth - def post(self, uuid=None, perimeter_id=None, category_id=None, + def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Create a subject assignment. @@ -72,15 +72,15 @@ class SubjectAssignments(Resource): :param data_id: uuid of the subject scope (not used here) :param user_id: user ID who do the request :request body: { - "id": "UUID of the subject", - "category_id": "UUID of the category" - "data_id": "UUID of the scope" + "id": "UUID of the subject (mandatory)", + "category_id": "UUID of the category (mandatory)" + "data_id": "UUID of the scope (mandatory)" } :return: { "subject_data_id": { "policy_id": "ID of the policy", - "subject_id": "ID of the subject", - "category_id": "ID of the category", + "subject_id": "ID of the subject (mandatory)", + "category_id": "ID of the category (mandatory)", "assignments": "Assignments list (list of data_id)", } } @@ -101,7 +101,7 @@ class SubjectAssignments(Resource): return {"subject_assignments": data} @check_auth - def delete(self, uuid=None, perimeter_id=None, category_id=None, + def delete(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Delete a subject assignment for a given policy @@ -142,14 +142,14 @@ class ObjectAssignments(Resource): ) @check_auth - def get(self, uuid=None, perimeter_id=None, category_id=None, + def get(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Retrieve all object assignment or a specific one for a given policy :param uuid: uuid of the policy :param perimeter_id: uuid of the object :param category_id: uuid of the object category - :param data_id: uuid of the object scope + :param data_id: uuid of the object scope (not used here) :param user_id: user ID who do the request :return: { "object_data_id": { @@ -172,7 +172,7 @@ class ObjectAssignments(Resource): return {"object_assignments": data} @check_auth - def post(self, uuid=None, perimeter_id=None, category_id=None, + def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Create an object assignment. @@ -182,9 +182,9 @@ class ObjectAssignments(Resource): :param data_id: uuid of the object scope (not used here) :param user_id: user ID who do the request :request body: { - "id": "UUID of the action", - "category_id": "UUID of the category" - "data_id": "UUID of the scope" + "id": "UUID of the action (mandatory)", + "category_id": "UUID of the category (mandatory)", + "data_id": "UUID of the scope (mandatory)" } :return: { "object_data_id": { @@ -211,7 +211,7 @@ class ObjectAssignments(Resource): return {"object_assignments": data} @check_auth - def delete(self, uuid=None, perimeter_id=None, category_id=None, + def delete(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Delete a object assignment for a given policy @@ -252,7 +252,7 @@ class ActionAssignments(Resource): ) @check_auth - def get(self, uuid=None, perimeter_id=None, category_id=None, + def get(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Retrieve all action assignment or a specific one for a given policy @@ -282,7 +282,7 @@ class ActionAssignments(Resource): return {"action_assignments": data} @check_auth - def post(self, uuid=None, perimeter_id=None, category_id=None, + def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Create an action assignment. @@ -292,9 +292,9 @@ class ActionAssignments(Resource): :param data_id: uuid of the action scope (not used here) :param user_id: user ID who do the request :request body: { - "id": "UUID of the action", - "category_id": "UUID of the category", - "data_id": "UUID of the scope" + "id": "UUID of the action (mandatory)", + "category_id": "UUID of the category (mandatory)", + "data_id": "UUID of the scope (mandatory)" } :return: { "action_data_id": { @@ -321,7 +321,7 @@ class ActionAssignments(Resource): return {"action_assignments": data} @check_auth - def delete(self, uuid=None, perimeter_id=None, category_id=None, + def delete(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Delete a action assignment for a given policy diff --git a/moon_manager/moon_manager/api/data.py b/moon_manager/moon_manager/api/data.py index 88c9d59a..05e30236 100644 --- a/moon_manager/moon_manager/api/data.py +++ b/moon_manager/moon_manager/api/data.py @@ -32,8 +32,8 @@ class SubjectData(Resource): ) @check_auth - def get(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Retrieve all subject categories or a specific one if sid is given + def get(self, uuid, category_id=None, data_id=None, user_id=None): + """Retrieve all subject categories or a specific one if data_id is given for a given policy :param uuid: uuid of the policy @@ -64,15 +64,15 @@ class SubjectData(Resource): return {"subject_data": data} @check_auth - def post(self, uuid=None, category_id=None, data_id=None, user_id=None): + def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a subject. :param uuid: uuid of the policy :param category_id: uuid of the subject category - :param data_id: uuid of the subject data + :param data_id: uuid of the subject data (not used here) :param user_id: user ID who do the request :request body: { - "name": "name of the data", + "name": "name of the data (mandatory)", "description": "description of the data (optional)" } :return: { @@ -80,7 +80,7 @@ class SubjectData(Resource): "category_id": "category_id1", "data": { "subject_data_id": { - "name": "name of the data", + "name": "name of the data (mandatory)", "description": "description of the data (optional)" } } @@ -99,7 +99,7 @@ class SubjectData(Resource): return {"subject_data": data} @check_auth - def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): + def delete(self, uuid, category_id=None, data_id=None, user_id=None): """Delete a subject for a given policy :param uuid: uuid of the policy @@ -137,7 +137,7 @@ class ObjectData(Resource): ) @check_auth - def get(self, uuid=None, category_id=None, data_id=None, user_id=None): + def get(self, uuid, category_id=None, data_id=None, user_id=None): """Retrieve all object categories or a specific one if sid is given for a given policy @@ -169,15 +169,15 @@ class ObjectData(Resource): return {"object_data": data} @check_auth - def post(self, uuid=None, category_id=None, data_id=None, user_id=None): + def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a object. :param uuid: uuid of the policy :param category_id: uuid of the object category - :param data_id: uuid of the object data + :param data_id: uuid of the object data (not used here) :param user_id: user ID who do the request :request body: { - "name": "name of the data", + "name": "name of the data (mandatory)", "description": "description of the data (optional)" } :return: { @@ -204,7 +204,7 @@ class ObjectData(Resource): return {"object_data": data} @check_auth - def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): + def delete(self, uuid, category_id=None, data_id=None, user_id=None): """Delete a object for a given policy :param uuid: uuid of the policy @@ -242,7 +242,7 @@ class ActionData(Resource): ) @check_auth - def get(self, uuid=None, category_id=None, data_id=None, user_id=None): + def get(self, uuid, category_id=None, data_id=None, user_id=None): """Retrieve all action categories or a specific one if sid is given for a given policy @@ -274,7 +274,7 @@ class ActionData(Resource): return {"action_data": data} @check_auth - def post(self, uuid=None, category_id=None, data_id=None, user_id=None): + def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a action. :param uuid: uuid of the policy @@ -282,8 +282,8 @@ class ActionData(Resource): :param data_id: uuid of the action data :param user_id: user ID who do the request :request body: { - "name": "name of the data", - "description": "description of the data" + "name": "name of the data (mandatory)", + "description": "description of the data (optional)" } :return: { "policy_id": "policy_id1", @@ -309,7 +309,7 @@ class ActionData(Resource): return {"action_data": data} @check_auth - def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): + def delete(self, uuid, category_id=None, data_id=None, user_id=None): """Delete a action for a given policy :param uuid: uuid of the policy diff --git a/moon_manager/moon_manager/api/meta_data.py b/moon_manager/moon_manager/api/meta_data.py index 104f26be..3fc18ee3 100644 --- a/moon_manager/moon_manager/api/meta_data.py +++ b/moon_manager/moon_manager/api/meta_data.py @@ -59,7 +59,7 @@ class SubjectCategories(Resource): :param category_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the category", + "name": "name of the category (mandatory)", "description": "description of the category (optional)" } :return: { @@ -142,7 +142,7 @@ class ObjectCategories(Resource): :param category_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the category", + "name": "name of the category (mandatory)", "description": "description of the category (optional)" } :return: { @@ -225,7 +225,7 @@ class ActionCategories(Resource): :param category_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the category", + "name": "name of the category (mandatory)", "description": "description of the category (optional)" } :return: { diff --git a/moon_manager/moon_manager/api/meta_rules.py b/moon_manager/moon_manager/api/meta_rules.py index d2cbf5d1..0728a447 100644 --- a/moon_manager/moon_manager/api/meta_rules.py +++ b/moon_manager/moon_manager/api/meta_rules.py @@ -62,14 +62,14 @@ class MetaRules(Resource): def post(self, meta_rule_id=None, user_id=None): """Add a meta rule - :param meta_rule_id: Meta rule ID + :param meta_rule_id: Meta rule ID (not used here) :param user_id: user ID who do the request :request body: post = { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", + "name": "name of the meta rule (mandatory)", + "subject_categories": ["subject_category_id1 (mandatory)", "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] + "object_categories": ["object_category_id1 (mandatory)"], + "action_categories": ["action_category_id1 (mandatory)"] } :return: { "meta_rules": { @@ -94,7 +94,7 @@ class MetaRules(Resource): return {"meta_rules": data} @check_auth - def patch(self, meta_rule_id=None, user_id=None): + def patch(self, meta_rule_id, user_id=None): """Update a meta rule :param meta_rule_id: Meta rule ID @@ -129,18 +129,11 @@ class MetaRules(Resource): return {"meta_rules": data} @check_auth - def delete(self, meta_rule_id=None, user_id=None): + def delete(self, meta_rule_id, user_id=None): """Delete a meta rule :param meta_rule_id: Meta rule ID :param user_id: user ID who do the request - :request body: delete = { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - } :return: { "meta_rules": { "meta_rule_id1": { diff --git a/moon_manager/moon_manager/api/models.py b/moon_manager/moon_manager/api/models.py index 8a5f229c..2dec13dc 100644 --- a/moon_manager/moon_manager/api/models.py +++ b/moon_manager/moon_manager/api/models.py @@ -59,14 +59,14 @@ class Models(Resource): :param uuid: uuid of the model (not used here) :param user_id: user ID who do the request :request body: { - "name": "...", - "description": "... (optional)", + "name": "name of the model (mandatory)", + "description": "description of the model (optional)", "meta_rules": ["meta_rule_id1", ] } :return: { "model_id1": { - "name": "...", - "description": "... (optional)", + "name": "name of the model", + "description": "description of the model (optional)", "meta_rules": ["meta_rule_id1", ] } } @@ -82,7 +82,7 @@ class Models(Resource): return {"models": data} @check_auth - def delete(self, uuid=None, user_id=None): + def delete(self, uuid, user_id=None): """Delete a model :param uuid: uuid of the model to delete @@ -102,14 +102,14 @@ class Models(Resource): return {"result": True} @check_auth - def patch(self, uuid=None, user_id=None): + def patch(self, uuid, user_id=None): """Update a model :param uuid: uuid of the model to update :param user_id: user ID who do the request :return: { "model_id1": { - "name": "...", + "name": "name of the model", "description": "... (optional)", "meta_rules": ["meta_rule_id1", ] } diff --git a/moon_manager/moon_manager/api/pdp.py b/moon_manager/moon_manager/api/pdp.py index 4bc34a24..fba5c8ac 100644 --- a/moon_manager/moon_manager/api/pdp.py +++ b/moon_manager/moon_manager/api/pdp.py @@ -127,10 +127,10 @@ class PDP(Resource): :param uuid: uuid of the pdp (not used here) :param user_id: user ID who do the request :request body: { - "name": "...", - "security_pipeline": [...], - "keystone_project_id": "keystone_project_id1", - "description": "... (optional)", + "name": "name of the PDP (mandatory)", + "security_pipeline": ["may be empty"], + "keystone_project_id": "keystone_project_id1 (may be empty)", + "description": "description of the PDP (optional)", } :return: { "pdp_id1": { @@ -162,7 +162,7 @@ class PDP(Resource): return {"pdps": data} @check_auth - def delete(self, uuid=None, user_id=None): + def delete(self, uuid, user_id=None): """Delete a pdp :param uuid: uuid of the pdp to delete @@ -183,17 +183,17 @@ class PDP(Resource): return {"result": True} @check_auth - def patch(self, uuid=None, user_id=None): + def patch(self, uuid, user_id=None): """Update a pdp :param uuid: uuid of the pdp to update :param user_id: user ID who do the request :return: { "pdp_id1": { - "name": "...", - "security_pipeline": [...], - "keystone_project_id": "keystone_project_id1", - "description": "... (optional)", + "name": "name of the PDP", + "security_pipeline": ["may be empty"], + "keystone_project_id": "keystone_project_id1 (may be empty)", + "description": "description of the PDP (optional)", } } :internal_api: update_pdp diff --git a/moon_manager/moon_manager/api/perimeter.py b/moon_manager/moon_manager/api/perimeter.py index e1d999da..c69d623c 100644 --- a/moon_manager/moon_manager/api/perimeter.py +++ b/moon_manager/moon_manager/api/perimeter.py @@ -72,7 +72,7 @@ class Subjects(Resource): :param perimeter_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the subject", + "name": "name of the subject (mandatory)", "description": "description of the subject (optional)", "password": "password for the subject (optional)", "email": "email address of the subject (optional)" @@ -107,7 +107,7 @@ class Subjects(Resource): return {"subjects": data} @check_auth - def patch(self, uuid=None, perimeter_id=None, user_id=None): + def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a subject. :param uuid: uuid of the policy @@ -152,8 +152,8 @@ class Subjects(Resource): def delete(self, uuid=None, perimeter_id=None, user_id=None): """Delete a subject for a given policy - :param uuid: uuid of the policy - :param perimeter_id: uuid of the subject + :param uuid: uuid of the policy (mandatory if perimeter_id is not set) + :param perimeter_id: uuid of the subject (mandatory if uuid is not set) :param user_id: user ID who do the request :return: { "subject_id": { @@ -226,7 +226,7 @@ class Objects(Resource): :param perimeter_id: must not be used here :param user_id: user ID who do the request :request body: { - "object_name": "name of the object", + "object_name": "name of the object (mandatory)", "object_description": "description of the object (optional)" } :return: { @@ -254,7 +254,7 @@ class Objects(Resource): return {"objects": data} @check_auth - def patch(self, uuid=None, perimeter_id=None, user_id=None): + def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a object. :param uuid: uuid of the policy @@ -292,8 +292,8 @@ class Objects(Resource): def delete(self, uuid=None, perimeter_id=None, user_id=None): """Delete a object for a given policy - :param uuid: uuid of the policy - :param perimeter_id: uuid of the object + :param uuid: uuid of the policy (mandatory if perimeter_id is not set) + :param perimeter_id: uuid of the object (mandatory if uuid is not set) :param user_id: user ID who do the request :return: { "object_id": { @@ -360,7 +360,7 @@ class Actions(Resource): :param perimeter_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the action", + "name": "name of the action (mandatory)", "description": "description of the action (optional)" } :return: { @@ -388,7 +388,7 @@ class Actions(Resource): return {"actions": data} @check_auth - def patch(self, uuid=None, perimeter_id=None, user_id=None): + def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a action. :param uuid: uuid of the policy @@ -426,8 +426,8 @@ class Actions(Resource): def delete(self, uuid=None, perimeter_id=None, user_id=None): """Delete a action for a given policy - :param uuid: uuid of the policy - :param perimeter_id: uuid of the action + :param uuid: uuid of the policy (mandatory if perimeter_id is not set) + :param perimeter_id: uuid of the action (mandatory if uuid is not set) :param user_id: user ID who do the request :return: { "action_id": { diff --git a/moon_manager/moon_manager/api/policies.py b/moon_manager/moon_manager/api/policies.py index 3447beb1..1a9e0bae 100644 --- a/moon_manager/moon_manager/api/policies.py +++ b/moon_manager/moon_manager/api/policies.py @@ -38,10 +38,10 @@ class Policies(Resource): :param user_id: user ID who do the request :return: { "policy_id1": { - "name": "...", - "model_id": "...", - "genre": "... (optional)", - "description": "... (optional)", + "name": "name of the policy (mandatory)", + "model_id": "ID of the model linked to this policy", + "genre": "authz of admin (optional, default to authz)", + "description": "description of the policy (optional)", } } :internal_api: get_policies @@ -58,20 +58,20 @@ class Policies(Resource): def post(self, uuid=None, user_id=None): """Create policy. - :param uuid: uuid of the policy (not used here) + :param uuid: uuid of the policy (not used here if a new policy is created) :param user_id: user ID who do the request :request body: { - "name": "...", - "model_id": "...", - "genre": "... (optional)", - "description": "... (optional)", + "name": "name of the policy (mandatory)", + "model_id": "ID of the model linked to this policy", + "genre": "authz of admin (optional, default to authz)", + "description": "description of the policy (optional)", } :return: { "policy_id1": { - "name": "...", - "model_id": "...", - "genre": "... (optional)", - "description": "... (optional)", + "name": "name of the policy (mandatory)", + "model_id": "ID of the model linked to this policy", + "genre": "authz of admin (optional, default to authz)", + "description": "description of the policy (optional)", } } :internal_api: add_policy @@ -86,7 +86,7 @@ class Policies(Resource): return {"policies": data} @check_auth - def delete(self, uuid=None, user_id=None): + def delete(self, uuid, user_id=None): """Delete a policy :param uuid: uuid of the policy to delete @@ -106,17 +106,17 @@ class Policies(Resource): return {"result": True} @check_auth - def patch(self, uuid=None, user_id=None): + def patch(self, uuid, user_id=None): """Update a policy :param uuid: uuid of the policy to update :param user_id: user ID who do the request :return: { "policy_id1": { - "name": "...", - "model_id": "...", - "genre": "... (optional)", - "description": "... (optional)", + "name": "name of the policy (mandatory)", + "model_id": "ID of the model linked to this policy", + "genre": "authz of admin (optional, default to authz)", + "description": "description of the policy (optional)", } } :internal_api: update_policy diff --git a/moon_manager/moon_manager/api/rules.py b/moon_manager/moon_manager/api/rules.py index 57dcd45c..507516ed 100644 --- a/moon_manager/moon_manager/api/rules.py +++ b/moon_manager/moon_manager/api/rules.py @@ -62,12 +62,12 @@ class Rules(Resource): """Add a rule to a meta rule :param uuid: policy ID - :param rule_id: rule ID + :param rule_id: rule ID (not used here) :param user_id: user ID who do the request :request body: post = { - "meta_rule_id": "meta_rule_id1", - "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], - "instructions": ( + "meta_rule_id": "meta_rule_id1", # mandatory + "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], # mandatory + "instructions": ( # mandatory {"decision": "grant"}, ) "enabled": True |