aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--moon_manager/moon_manager/api/assignments.py44
-rw-r--r--moon_manager/moon_manager/api/data.py34
-rw-r--r--moon_manager/moon_manager/api/meta_data.py6
-rw-r--r--moon_manager/moon_manager/api/meta_rules.py21
-rw-r--r--moon_manager/moon_manager/api/models.py14
-rw-r--r--moon_manager/moon_manager/api/pdp.py20
-rw-r--r--moon_manager/moon_manager/api/perimeter.py24
-rw-r--r--moon_manager/moon_manager/api/policies.py38
-rw-r--r--moon_manager/moon_manager/api/rules.py8
9 files changed, 101 insertions, 108 deletions
diff --git a/moon_manager/moon_manager/api/assignments.py b/moon_manager/moon_manager/api/assignments.py
index 0b2cd20b..a090aa63 100644
--- a/moon_manager/moon_manager/api/assignments.py
+++ b/moon_manager/moon_manager/api/assignments.py
@@ -32,14 +32,14 @@ class SubjectAssignments(Resource):
)
@check_auth
- def get(self, uuid=None, perimeter_id=None, category_id=None,
+ def get(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Retrieve all subject assignments or a specific one for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the subject
:param category_id: uuid of the subject category
- :param data_id: uuid of the subject scope
+ :param data_id: uuid of the subject scope (not used here)
:param user_id: user ID who do the request
:return: {
"subject_data_id": {
@@ -62,7 +62,7 @@ class SubjectAssignments(Resource):
return {"subject_assignments": data}
@check_auth
- def post(self, uuid=None, perimeter_id=None, category_id=None,
+ def post(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Create a subject assignment.
@@ -72,15 +72,15 @@ class SubjectAssignments(Resource):
:param data_id: uuid of the subject scope (not used here)
:param user_id: user ID who do the request
:request body: {
- "id": "UUID of the subject",
- "category_id": "UUID of the category"
- "data_id": "UUID of the scope"
+ "id": "UUID of the subject (mandatory)",
+ "category_id": "UUID of the category (mandatory)"
+ "data_id": "UUID of the scope (mandatory)"
}
:return: {
"subject_data_id": {
"policy_id": "ID of the policy",
- "subject_id": "ID of the subject",
- "category_id": "ID of the category",
+ "subject_id": "ID of the subject (mandatory)",
+ "category_id": "ID of the category (mandatory)",
"assignments": "Assignments list (list of data_id)",
}
}
@@ -101,7 +101,7 @@ class SubjectAssignments(Resource):
return {"subject_assignments": data}
@check_auth
- def delete(self, uuid=None, perimeter_id=None, category_id=None,
+ def delete(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Delete a subject assignment for a given policy
@@ -142,14 +142,14 @@ class ObjectAssignments(Resource):
)
@check_auth
- def get(self, uuid=None, perimeter_id=None, category_id=None,
+ def get(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Retrieve all object assignment or a specific one for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the object
:param category_id: uuid of the object category
- :param data_id: uuid of the object scope
+ :param data_id: uuid of the object scope (not used here)
:param user_id: user ID who do the request
:return: {
"object_data_id": {
@@ -172,7 +172,7 @@ class ObjectAssignments(Resource):
return {"object_assignments": data}
@check_auth
- def post(self, uuid=None, perimeter_id=None, category_id=None,
+ def post(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Create an object assignment.
@@ -182,9 +182,9 @@ class ObjectAssignments(Resource):
:param data_id: uuid of the object scope (not used here)
:param user_id: user ID who do the request
:request body: {
- "id": "UUID of the action",
- "category_id": "UUID of the category"
- "data_id": "UUID of the scope"
+ "id": "UUID of the action (mandatory)",
+ "category_id": "UUID of the category (mandatory)",
+ "data_id": "UUID of the scope (mandatory)"
}
:return: {
"object_data_id": {
@@ -211,7 +211,7 @@ class ObjectAssignments(Resource):
return {"object_assignments": data}
@check_auth
- def delete(self, uuid=None, perimeter_id=None, category_id=None,
+ def delete(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Delete a object assignment for a given policy
@@ -252,7 +252,7 @@ class ActionAssignments(Resource):
)
@check_auth
- def get(self, uuid=None, perimeter_id=None, category_id=None,
+ def get(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Retrieve all action assignment or a specific one for a given policy
@@ -282,7 +282,7 @@ class ActionAssignments(Resource):
return {"action_assignments": data}
@check_auth
- def post(self, uuid=None, perimeter_id=None, category_id=None,
+ def post(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Create an action assignment.
@@ -292,9 +292,9 @@ class ActionAssignments(Resource):
:param data_id: uuid of the action scope (not used here)
:param user_id: user ID who do the request
:request body: {
- "id": "UUID of the action",
- "category_id": "UUID of the category",
- "data_id": "UUID of the scope"
+ "id": "UUID of the action (mandatory)",
+ "category_id": "UUID of the category (mandatory)",
+ "data_id": "UUID of the scope (mandatory)"
}
:return: {
"action_data_id": {
@@ -321,7 +321,7 @@ class ActionAssignments(Resource):
return {"action_assignments": data}
@check_auth
- def delete(self, uuid=None, perimeter_id=None, category_id=None,
+ def delete(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Delete a action assignment for a given policy
diff --git a/moon_manager/moon_manager/api/data.py b/moon_manager/moon_manager/api/data.py
index 88c9d59a..05e30236 100644
--- a/moon_manager/moon_manager/api/data.py
+++ b/moon_manager/moon_manager/api/data.py
@@ -32,8 +32,8 @@ class SubjectData(Resource):
)
@check_auth
- def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all subject categories or a specific one if sid is given
+ def get(self, uuid, category_id=None, data_id=None, user_id=None):
+ """Retrieve all subject categories or a specific one if data_id is given
for a given policy
:param uuid: uuid of the policy
@@ -64,15 +64,15 @@ class SubjectData(Resource):
return {"subject_data": data}
@check_auth
- def post(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def post(self, uuid, category_id=None, data_id=None, user_id=None):
"""Create or update a subject.
:param uuid: uuid of the policy
:param category_id: uuid of the subject category
- :param data_id: uuid of the subject data
+ :param data_id: uuid of the subject data (not used here)
:param user_id: user ID who do the request
:request body: {
- "name": "name of the data",
+ "name": "name of the data (mandatory)",
"description": "description of the data (optional)"
}
:return: {
@@ -80,7 +80,7 @@ class SubjectData(Resource):
"category_id": "category_id1",
"data": {
"subject_data_id": {
- "name": "name of the data",
+ "name": "name of the data (mandatory)",
"description": "description of the data (optional)"
}
}
@@ -99,7 +99,7 @@ class SubjectData(Resource):
return {"subject_data": data}
@check_auth
- def delete(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def delete(self, uuid, category_id=None, data_id=None, user_id=None):
"""Delete a subject for a given policy
:param uuid: uuid of the policy
@@ -137,7 +137,7 @@ class ObjectData(Resource):
)
@check_auth
- def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def get(self, uuid, category_id=None, data_id=None, user_id=None):
"""Retrieve all object categories or a specific one if sid is given
for a given policy
@@ -169,15 +169,15 @@ class ObjectData(Resource):
return {"object_data": data}
@check_auth
- def post(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def post(self, uuid, category_id=None, data_id=None, user_id=None):
"""Create or update a object.
:param uuid: uuid of the policy
:param category_id: uuid of the object category
- :param data_id: uuid of the object data
+ :param data_id: uuid of the object data (not used here)
:param user_id: user ID who do the request
:request body: {
- "name": "name of the data",
+ "name": "name of the data (mandatory)",
"description": "description of the data (optional)"
}
:return: {
@@ -204,7 +204,7 @@ class ObjectData(Resource):
return {"object_data": data}
@check_auth
- def delete(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def delete(self, uuid, category_id=None, data_id=None, user_id=None):
"""Delete a object for a given policy
:param uuid: uuid of the policy
@@ -242,7 +242,7 @@ class ActionData(Resource):
)
@check_auth
- def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def get(self, uuid, category_id=None, data_id=None, user_id=None):
"""Retrieve all action categories or a specific one if sid is given
for a given policy
@@ -274,7 +274,7 @@ class ActionData(Resource):
return {"action_data": data}
@check_auth
- def post(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def post(self, uuid, category_id=None, data_id=None, user_id=None):
"""Create or update a action.
:param uuid: uuid of the policy
@@ -282,8 +282,8 @@ class ActionData(Resource):
:param data_id: uuid of the action data
:param user_id: user ID who do the request
:request body: {
- "name": "name of the data",
- "description": "description of the data"
+ "name": "name of the data (mandatory)",
+ "description": "description of the data (optional)"
}
:return: {
"policy_id": "policy_id1",
@@ -309,7 +309,7 @@ class ActionData(Resource):
return {"action_data": data}
@check_auth
- def delete(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def delete(self, uuid, category_id=None, data_id=None, user_id=None):
"""Delete a action for a given policy
:param uuid: uuid of the policy
diff --git a/moon_manager/moon_manager/api/meta_data.py b/moon_manager/moon_manager/api/meta_data.py
index 104f26be..3fc18ee3 100644
--- a/moon_manager/moon_manager/api/meta_data.py
+++ b/moon_manager/moon_manager/api/meta_data.py
@@ -59,7 +59,7 @@ class SubjectCategories(Resource):
:param category_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the category",
+ "name": "name of the category (mandatory)",
"description": "description of the category (optional)"
}
:return: {
@@ -142,7 +142,7 @@ class ObjectCategories(Resource):
:param category_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the category",
+ "name": "name of the category (mandatory)",
"description": "description of the category (optional)"
}
:return: {
@@ -225,7 +225,7 @@ class ActionCategories(Resource):
:param category_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the category",
+ "name": "name of the category (mandatory)",
"description": "description of the category (optional)"
}
:return: {
diff --git a/moon_manager/moon_manager/api/meta_rules.py b/moon_manager/moon_manager/api/meta_rules.py
index d2cbf5d1..0728a447 100644
--- a/moon_manager/moon_manager/api/meta_rules.py
+++ b/moon_manager/moon_manager/api/meta_rules.py
@@ -62,14 +62,14 @@ class MetaRules(Resource):
def post(self, meta_rule_id=None, user_id=None):
"""Add a meta rule
- :param meta_rule_id: Meta rule ID
+ :param meta_rule_id: Meta rule ID (not used here)
:param user_id: user ID who do the request
:request body: post = {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
+ "name": "name of the meta rule (mandatory)",
+ "subject_categories": ["subject_category_id1 (mandatory)",
"subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
+ "object_categories": ["object_category_id1 (mandatory)"],
+ "action_categories": ["action_category_id1 (mandatory)"]
}
:return: {
"meta_rules": {
@@ -94,7 +94,7 @@ class MetaRules(Resource):
return {"meta_rules": data}
@check_auth
- def patch(self, meta_rule_id=None, user_id=None):
+ def patch(self, meta_rule_id, user_id=None):
"""Update a meta rule
:param meta_rule_id: Meta rule ID
@@ -129,18 +129,11 @@ class MetaRules(Resource):
return {"meta_rules": data}
@check_auth
- def delete(self, meta_rule_id=None, user_id=None):
+ def delete(self, meta_rule_id, user_id=None):
"""Delete a meta rule
:param meta_rule_id: Meta rule ID
:param user_id: user ID who do the request
- :request body: delete = {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- }
:return: {
"meta_rules": {
"meta_rule_id1": {
diff --git a/moon_manager/moon_manager/api/models.py b/moon_manager/moon_manager/api/models.py
index 8a5f229c..2dec13dc 100644
--- a/moon_manager/moon_manager/api/models.py
+++ b/moon_manager/moon_manager/api/models.py
@@ -59,14 +59,14 @@ class Models(Resource):
:param uuid: uuid of the model (not used here)
:param user_id: user ID who do the request
:request body: {
- "name": "...",
- "description": "... (optional)",
+ "name": "name of the model (mandatory)",
+ "description": "description of the model (optional)",
"meta_rules": ["meta_rule_id1", ]
}
:return: {
"model_id1": {
- "name": "...",
- "description": "... (optional)",
+ "name": "name of the model",
+ "description": "description of the model (optional)",
"meta_rules": ["meta_rule_id1", ]
}
}
@@ -82,7 +82,7 @@ class Models(Resource):
return {"models": data}
@check_auth
- def delete(self, uuid=None, user_id=None):
+ def delete(self, uuid, user_id=None):
"""Delete a model
:param uuid: uuid of the model to delete
@@ -102,14 +102,14 @@ class Models(Resource):
return {"result": True}
@check_auth
- def patch(self, uuid=None, user_id=None):
+ def patch(self, uuid, user_id=None):
"""Update a model
:param uuid: uuid of the model to update
:param user_id: user ID who do the request
:return: {
"model_id1": {
- "name": "...",
+ "name": "name of the model",
"description": "... (optional)",
"meta_rules": ["meta_rule_id1", ]
}
diff --git a/moon_manager/moon_manager/api/pdp.py b/moon_manager/moon_manager/api/pdp.py
index 4bc34a24..fba5c8ac 100644
--- a/moon_manager/moon_manager/api/pdp.py
+++ b/moon_manager/moon_manager/api/pdp.py
@@ -127,10 +127,10 @@ class PDP(Resource):
:param uuid: uuid of the pdp (not used here)
:param user_id: user ID who do the request
:request body: {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "... (optional)",
+ "name": "name of the PDP (mandatory)",
+ "security_pipeline": ["may be empty"],
+ "keystone_project_id": "keystone_project_id1 (may be empty)",
+ "description": "description of the PDP (optional)",
}
:return: {
"pdp_id1": {
@@ -162,7 +162,7 @@ class PDP(Resource):
return {"pdps": data}
@check_auth
- def delete(self, uuid=None, user_id=None):
+ def delete(self, uuid, user_id=None):
"""Delete a pdp
:param uuid: uuid of the pdp to delete
@@ -183,17 +183,17 @@ class PDP(Resource):
return {"result": True}
@check_auth
- def patch(self, uuid=None, user_id=None):
+ def patch(self, uuid, user_id=None):
"""Update a pdp
:param uuid: uuid of the pdp to update
:param user_id: user ID who do the request
:return: {
"pdp_id1": {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "... (optional)",
+ "name": "name of the PDP",
+ "security_pipeline": ["may be empty"],
+ "keystone_project_id": "keystone_project_id1 (may be empty)",
+ "description": "description of the PDP (optional)",
}
}
:internal_api: update_pdp
diff --git a/moon_manager/moon_manager/api/perimeter.py b/moon_manager/moon_manager/api/perimeter.py
index e1d999da..c69d623c 100644
--- a/moon_manager/moon_manager/api/perimeter.py
+++ b/moon_manager/moon_manager/api/perimeter.py
@@ -72,7 +72,7 @@ class Subjects(Resource):
:param perimeter_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the subject",
+ "name": "name of the subject (mandatory)",
"description": "description of the subject (optional)",
"password": "password for the subject (optional)",
"email": "email address of the subject (optional)"
@@ -107,7 +107,7 @@ class Subjects(Resource):
return {"subjects": data}
@check_auth
- def patch(self, uuid=None, perimeter_id=None, user_id=None):
+ def patch(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a subject.
:param uuid: uuid of the policy
@@ -152,8 +152,8 @@ class Subjects(Resource):
def delete(self, uuid=None, perimeter_id=None, user_id=None):
"""Delete a subject for a given policy
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the subject
+ :param uuid: uuid of the policy (mandatory if perimeter_id is not set)
+ :param perimeter_id: uuid of the subject (mandatory if uuid is not set)
:param user_id: user ID who do the request
:return: {
"subject_id": {
@@ -226,7 +226,7 @@ class Objects(Resource):
:param perimeter_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "object_name": "name of the object",
+ "object_name": "name of the object (mandatory)",
"object_description": "description of the object (optional)"
}
:return: {
@@ -254,7 +254,7 @@ class Objects(Resource):
return {"objects": data}
@check_auth
- def patch(self, uuid=None, perimeter_id=None, user_id=None):
+ def patch(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a object.
:param uuid: uuid of the policy
@@ -292,8 +292,8 @@ class Objects(Resource):
def delete(self, uuid=None, perimeter_id=None, user_id=None):
"""Delete a object for a given policy
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the object
+ :param uuid: uuid of the policy (mandatory if perimeter_id is not set)
+ :param perimeter_id: uuid of the object (mandatory if uuid is not set)
:param user_id: user ID who do the request
:return: {
"object_id": {
@@ -360,7 +360,7 @@ class Actions(Resource):
:param perimeter_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the action",
+ "name": "name of the action (mandatory)",
"description": "description of the action (optional)"
}
:return: {
@@ -388,7 +388,7 @@ class Actions(Resource):
return {"actions": data}
@check_auth
- def patch(self, uuid=None, perimeter_id=None, user_id=None):
+ def patch(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a action.
:param uuid: uuid of the policy
@@ -426,8 +426,8 @@ class Actions(Resource):
def delete(self, uuid=None, perimeter_id=None, user_id=None):
"""Delete a action for a given policy
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the action
+ :param uuid: uuid of the policy (mandatory if perimeter_id is not set)
+ :param perimeter_id: uuid of the action (mandatory if uuid is not set)
:param user_id: user ID who do the request
:return: {
"action_id": {
diff --git a/moon_manager/moon_manager/api/policies.py b/moon_manager/moon_manager/api/policies.py
index 3447beb1..1a9e0bae 100644
--- a/moon_manager/moon_manager/api/policies.py
+++ b/moon_manager/moon_manager/api/policies.py
@@ -38,10 +38,10 @@ class Policies(Resource):
:param user_id: user ID who do the request
:return: {
"policy_id1": {
- "name": "...",
- "model_id": "...",
- "genre": "... (optional)",
- "description": "... (optional)",
+ "name": "name of the policy (mandatory)",
+ "model_id": "ID of the model linked to this policy",
+ "genre": "authz of admin (optional, default to authz)",
+ "description": "description of the policy (optional)",
}
}
:internal_api: get_policies
@@ -58,20 +58,20 @@ class Policies(Resource):
def post(self, uuid=None, user_id=None):
"""Create policy.
- :param uuid: uuid of the policy (not used here)
+ :param uuid: uuid of the policy (not used here if a new policy is created)
:param user_id: user ID who do the request
:request body: {
- "name": "...",
- "model_id": "...",
- "genre": "... (optional)",
- "description": "... (optional)",
+ "name": "name of the policy (mandatory)",
+ "model_id": "ID of the model linked to this policy",
+ "genre": "authz of admin (optional, default to authz)",
+ "description": "description of the policy (optional)",
}
:return: {
"policy_id1": {
- "name": "...",
- "model_id": "...",
- "genre": "... (optional)",
- "description": "... (optional)",
+ "name": "name of the policy (mandatory)",
+ "model_id": "ID of the model linked to this policy",
+ "genre": "authz of admin (optional, default to authz)",
+ "description": "description of the policy (optional)",
}
}
:internal_api: add_policy
@@ -86,7 +86,7 @@ class Policies(Resource):
return {"policies": data}
@check_auth
- def delete(self, uuid=None, user_id=None):
+ def delete(self, uuid, user_id=None):
"""Delete a policy
:param uuid: uuid of the policy to delete
@@ -106,17 +106,17 @@ class Policies(Resource):
return {"result": True}
@check_auth
- def patch(self, uuid=None, user_id=None):
+ def patch(self, uuid, user_id=None):
"""Update a policy
:param uuid: uuid of the policy to update
:param user_id: user ID who do the request
:return: {
"policy_id1": {
- "name": "...",
- "model_id": "...",
- "genre": "... (optional)",
- "description": "... (optional)",
+ "name": "name of the policy (mandatory)",
+ "model_id": "ID of the model linked to this policy",
+ "genre": "authz of admin (optional, default to authz)",
+ "description": "description of the policy (optional)",
}
}
:internal_api: update_policy
diff --git a/moon_manager/moon_manager/api/rules.py b/moon_manager/moon_manager/api/rules.py
index 57dcd45c..507516ed 100644
--- a/moon_manager/moon_manager/api/rules.py
+++ b/moon_manager/moon_manager/api/rules.py
@@ -62,12 +62,12 @@ class Rules(Resource):
"""Add a rule to a meta rule
:param uuid: policy ID
- :param rule_id: rule ID
+ :param rule_id: rule ID (not used here)
:param user_id: user ID who do the request
:request body: post = {
- "meta_rule_id": "meta_rule_id1",
- "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
- "instructions": (
+ "meta_rule_id": "meta_rule_id1", # mandatory
+ "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], # mandatory
+ "instructions": ( # mandatory
{"decision": "grant"},
)
"enabled": True