diff options
Diffstat (limited to 'keystone-moon/examples')
37 files changed, 168 insertions, 544 deletions
diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/assignment.json b/keystone-moon/examples/moon/policies/mls_conf/authz/assignment.json deleted file mode 100644 index c917638c..00000000 --- a/keystone-moon/examples/moon/policies/mls_conf/authz/assignment.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "subject_assignments": { - "subject_security_level":{ - "user1": ["low"], - "user2": ["medium"], - "user3": ["high"] - } - }, - - "action_assignments": { - "computing_action":{ - "pause": ["vm_admin"], - "unpause": ["vm_admin"], - "start": ["vm_admin"], - "stop": ["vm_admin"] - } - }, - - "object_assignments": { - "object_security_level": { - "vm1": ["low"], - "vm2": ["medium"] - } - } -}
\ No newline at end of file diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/metarule.json b/keystone-moon/examples/moon/policies/mls_conf/authz/metarule.json deleted file mode 100644 index 0f717458..00000000 --- a/keystone-moon/examples/moon/policies/mls_conf/authz/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "relation_super": { - "subject_categories": ["subject_security_level"], - "action_categories": ["computing_action"], - "object_categories": ["object_security_level"], - "relation": "relation_super" - } - }, - "aggregation": "and_true_aggregation" -} - diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/rules.json b/keystone-moon/examples/moon/policies/mls_conf/authz/rules.json deleted file mode 100644 index 7badb6f5..00000000 --- a/keystone-moon/examples/moon/policies/mls_conf/authz/rules.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "relation_super":[ - ["high", "vm_admin", "medium"], - ["high", "vm_admin", "low"], - ["medium", "vm_admin", "low"], - ["high", "vm_access", "high"], - ["high", "vm_access", "medium"], - ["high", "vm_access", "low"], - ["medium", "vm_access", "medium"], - ["medium", "vm_access", "low"], - ["low", "vm_access", "low"] - ] -}
\ No newline at end of file diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/scope.json b/keystone-moon/examples/moon/policies/mls_conf/authz/scope.json deleted file mode 100644 index f07b0071..00000000 --- a/keystone-moon/examples/moon/policies/mls_conf/authz/scope.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "subject_category_scope": { - "subject_security_level": [ - "high", - "medium", - "low" - ] - }, - - "action_category_scope": { - "computing_action": [ - "vm_admin", - "vm_access" - ] - }, - - "object_category_scope": { - "object_security_level": [ - "high", - "medium", - "low" - ] - } -} diff --git a/keystone-moon/examples/moon/policies/policy_admin/assignment.json b/keystone-moon/examples/moon/policies/policy_admin/assignment.json new file mode 100644 index 00000000..9b183a3c --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_admin/assignment.json @@ -0,0 +1,41 @@ +{ + "subject_assignments": { + "domain":{ + "admin": ["ft"], + "demo": ["xx"] + }, + "role": { + "admin": ["admin"] + } + }, + + "action_assignments": { + "access": { + "read": ["admin", "user"], + "write": ["admin"], + "create": ["admin"], + "delete": ["admin"] + } + }, + + "object_assignments": { + "id": { + "subjects": ["subjects"], + "objects": ["objects"], + "actions": ["actions"], + "subject_categories": ["subject_categories"], + "object_categories": ["object_categories"], + "action_categories": ["action_categories"], + "subject_category_scope": ["subject_category_scope"], + "object_category_scope": ["object_category_scope"], + "action_category_scope": ["action_category_scope"], + "sub_rules": ["sub_rules"], + "sub_meta_rule": ["sub_meta_rule"], + "subject_assignments": ["subject_assignments"], + "object_assignments": ["object_assignments"], + "action_assignments": ["action_assignments"], + "sub_meta_rule_relations": ["sub_meta_rule_relations"], + "aggregation_algorithms": ["aggregation_algorithms"] + } + } +} diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/metadata.json b/keystone-moon/examples/moon/policies/policy_admin/metadata.json index 0c21f178..29770673 100644 --- a/keystone-moon/examples/moon/policies/mls_conf/authz/metadata.json +++ b/keystone-moon/examples/moon/policies/policy_admin/metadata.json @@ -1,18 +1,19 @@ { "name": "MLS_metadata", - "model": "MLS", - "genre": "authz", + "model": "RBAC", + "genre": "admin", "description": "", "subject_categories": [ - "subject_security_level" + "domain", + "role" ], "action_categories": [ - "computing_action" + "access" ], "object_categories": [ - "object_security_level" + "id" ] } diff --git a/keystone-moon/examples/moon/policies/policy_admin/metarule.json b/keystone-moon/examples/moon/policies/policy_admin/metarule.json new file mode 100644 index 00000000..1cb06eb5 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_admin/metarule.json @@ -0,0 +1,12 @@ +{ + "sub_meta_rules": { + "rbac_rule": { + "subject_categories": ["role", "domain"], + "action_categories": ["access"], + "object_categories": ["id"], + "algorithm": "inclusion" + } + }, + "aggregation": "all_true" +} + diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/perimeter.json b/keystone-moon/examples/moon/policies/policy_admin/perimeter.json index e570aae1..b5edec1c 100644 --- a/keystone-moon/examples/moon/policies/policy_mls_admin/perimeter.json +++ b/keystone-moon/examples/moon/policies/policy_admin/perimeter.json @@ -1,6 +1,7 @@ { "subjects": [ - "admin" + "admin", + "demo" ], "actions": [ "read", diff --git a/keystone-moon/examples/moon/policies/policy_admin/rules.json b/keystone-moon/examples/moon/policies/policy_admin/rules.json new file mode 100644 index 00000000..650405a9 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_admin/rules.json @@ -0,0 +1,22 @@ +{ + "rbac_rule":[ + + ["admin" , "ft", "admin", "subjects"], + ["admin" , "ft", "admin", "objects"], + ["admin" , "ft", "admin", "actions"], + ["admin" , "ft", "admin", "subject_categories"], + ["admin" , "ft", "admin", "object_categories"], + ["admin" , "ft", "admin", "action_categories"], + ["admin" , "ft", "admin", "subject_category_scope"], + ["admin" , "ft", "admin", "object_category_scope"], + ["admin" , "ft", "admin", "action_category_scope"], + ["admin" , "ft", "admin", "sub_rules"], + ["admin" , "ft", "admin", "sub_meta_rule"], + ["admin" , "ft", "admin", "subject_assignments"], + ["admin" , "ft", "admin", "object_assignments"], + ["admin" , "ft", "admin", "action_assignments"], + ["admin" , "ft", "admin", "sub_meta_rule_relations"], + ["admin" , "ft", "admin", "aggregation_algorithms"] + + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/scope.json b/keystone-moon/examples/moon/policies/policy_admin/scope.json index faf06d2c..ee6f570e 100644 --- a/keystone-moon/examples/moon/policies/policy_rbac_admin/scope.json +++ b/keystone-moon/examples/moon/policies/policy_admin/scope.json @@ -2,13 +2,17 @@ "subject_category_scope": { "role": [ "admin" + ], + "domain": [ + "ft", + "xx" ] }, "action_category_scope": { - "ie_action": [ - "ie_access", - "ie_admin" + "access": [ + "admin", + "user" ] }, diff --git a/keystone-moon/examples/moon/policies/policy_r2/assignment.json b/keystone-moon/examples/moon/policies/policy_authz/assignment.json index f907de5a..ebab0ec6 100644 --- a/keystone-moon/examples/moon/policies/policy_r2/assignment.json +++ b/keystone-moon/examples/moon/policies/policy_authz/assignment.json @@ -1,19 +1,16 @@ { "subject_assignments": { "subject_security_level":{ - "user1": ["high"], - "user2": ["medium"], - "user3": ["low"] + "admin": ["high"], + "demo": ["medium"] }, "domain":{ - "user1": ["ft"], - "user2": ["ft"], - "user3": ["xxx"] + "admin": ["ft"], + "demo": ["xx"] }, "role": { - "user1": ["admin"], - "user2": ["dev"], - "user3": ["admin", "dev"] + "admin": ["admin"], + "demo": ["dev"] } }, @@ -24,10 +21,10 @@ "start": ["vm_admin"], "stop": ["vm_admin"], "list": ["vm_access", "vm_admin"], - "create": ["vm_admin"] + "create": ["vm_admin"], "storage_list": ["storage_access"], "download": ["storage_access"], - "post": ["storage_admin"] + "post": ["storage_admin"], "upload": ["storage_admin"] }, "access": { @@ -36,10 +33,10 @@ "start": ["write"], "stop": ["write"], "list": ["read"], - "create": ["write"] + "create": ["write"], "storage_list": ["read"], "download": ["read"], - "post": ["write"] + "post": ["write"], "upload": ["write"] } }, diff --git a/keystone-moon/examples/moon/policies/policy_r2/metadata.json b/keystone-moon/examples/moon/policies/policy_authz/metadata.json index 4a5a5a1a..4a5a5a1a 100644 --- a/keystone-moon/examples/moon/policies/policy_r2/metadata.json +++ b/keystone-moon/examples/moon/policies/policy_authz/metadata.json diff --git a/keystone-moon/examples/moon/policies/policy_r2/metarule.json b/keystone-moon/examples/moon/policies/policy_authz/metarule.json index df683ca9..df683ca9 100644 --- a/keystone-moon/examples/moon/policies/policy_r2/metarule.json +++ b/keystone-moon/examples/moon/policies/policy_authz/metarule.json diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/perimeter.json b/keystone-moon/examples/moon/policies/policy_authz/perimeter.json index 4bf88de7..be029c13 100644 --- a/keystone-moon/examples/moon/policies/policy_mls_authz/perimeter.json +++ b/keystone-moon/examples/moon/policies/policy_authz/perimeter.json @@ -1,6 +1,7 @@ { "subjects": [ - "admin" + "admin", + "demo" ], "actions": [ "pause", @@ -11,6 +12,10 @@ "list" ], "objects": [ - "servers" + "servers", + "vm1", + "vm2", + "file1", + "file2" ] } diff --git a/keystone-moon/examples/moon/policies/policy_r2/rule.json b/keystone-moon/examples/moon/policies/policy_authz/rules.json index 348f6d63..73e791d7 100644 --- a/keystone-moon/examples/moon/policies/policy_r2/rule.json +++ b/keystone-moon/examples/moon/policies/policy_authz/rules.json @@ -15,19 +15,19 @@ ["ft", "write", "computing"], ["ft", "read", "storage"], ["ft", "write", "storage"], - ["xxx", "read", "storage"] + ["xx", "read", "storage"] ], "rbac_rule":[ - [dev", "xxx", "read", "servers"], - ["dev", "xxx", "read", "vm1"], - ["dev", "xxx", "read", "vm2"], - ["dev", "xxx", "read", "file1"], - ["dev", "xxx", "read", "file2"], - ["dev", "xxx", "write", "vm1"], - ["dev", "xxx", "write", "vm2"], - ["dev", "xxx", "write", "file1"], - ["dev", "xxx", "write", "file2"], - ["admin", "xxx", "read", "servers"], + ["dev", "xx", "read", "servers"], + ["dev", "xx", "read", "vm1"], + ["dev", "xx", "read", "vm2"], + ["dev", "xx", "read", "file1"], + ["dev", "xx", "read", "file2"], + ["dev", "xx", "write", "vm1"], + ["dev", "xx", "write", "vm2"], + ["dev", "xx", "write", "file1"], + ["dev", "xx", "write", "file2"], + ["admin", "xx", "read", "servers"], ["admin", "ft", "read", "servers"], ["admin", "ft", "read", "vm1"], ["admin", "ft", "read", "vm2"], @@ -37,5 +37,5 @@ ["admin", "ft", "write", "vm2"], ["admin", "ft", "write", "file1"], ["admin", "ft", "write", "file2"] - ], + ] } diff --git a/keystone-moon/examples/moon/policies/policy_authz/scope.json b/keystone-moon/examples/moon/policies/policy_authz/scope.json new file mode 100644 index 00000000..b22ad2aa --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_authz/scope.json @@ -0,0 +1,49 @@ +{ + "subject_category_scope": { + "role": [ + "admin", + "dev" + ], + "subject_security_level": [ + "high", + "medium", + "low" + ], + "domain": [ + "ft", + "xx" + ] + }, + + "action_category_scope": { + "resource_action": [ + "vm_admin", + "vm_access", + "storage_admin", + "storage_access" + ], + "access": [ + "write", + "read" + ] + }, + + "object_category_scope": { + "object_security_level": [ + "high", + "medium", + "low" + ], + "type": [ + "computing", + "storage" + ], + "id": [ + "servers", + "vm1", + "vm2", + "file1", + "file2" + ] + } +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/assignment.json b/keystone-moon/examples/moon/policies/policy_mls_admin/assignment.json deleted file mode 100644 index e1c208df..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_admin/assignment.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "subject_assignments": { - "role":{ - "admin": ["admin" ] - } - }, - - "action_assignments": { - "ie_action":{ - "read": ["ie_admin", "ie_access"], - "write": ["ie_admin"], - "create": ["ie_admin"], - "delete": ["ie_admin"] - } - }, - - "object_assignments": { - "id": { - "subjects": ["subjects"], - "objects": ["objects"], - "actions": ["actions"], - "subject_categories": ["subject_categories"], - "object_categories": ["object_categories"], - "action_categories": ["action_categories"], - "subject_category_scope": ["subject_category_scope"], - "object_category_scope": ["object_category_scope"], - "action_category_scope": ["action_category_scope"], - "sub_rules": ["sub_rules"], - "sub_meta_rule": ["sub_meta_rule"], - "subject_assignments": ["subject_assignments"], - "object_assignments": ["object_assignments"], - "action_assignments": ["action_assignments"], - "sub_meta_rule_relations": ["sub_meta_rule_relations"], - "aggregation_algorithms": ["aggregation_algorithms"] - } - } -} diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/metadata.json b/keystone-moon/examples/moon/policies/policy_mls_admin/metadata.json deleted file mode 100644 index f65cb271..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_admin/metadata.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "RBAC_metadata", - "model": "RBAC", - "genre": "authz", - "description": "Role Based access Control authorization policy", - - "subject_categories": [ - "role" - ], - - "action_categories": [ - "ie_action" - ], - - "object_categories": [ - "id" - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/metarule.json b/keystone-moon/examples/moon/policies/policy_mls_admin/metarule.json deleted file mode 100644 index 3a2c7b75..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_admin/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "relation_super": { - "subject_categories": ["role"], - "action_categories": ["ie_action"], - "object_categories": ["id"], - "relation": "relation_super" - } - }, - "aggregation": "and_true_aggregation" -} - diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/rules.json b/keystone-moon/examples/moon/policies/policy_mls_admin/rules.json deleted file mode 100644 index e17ba8f3..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_admin/rules.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "relation_super":[ - ["admin", "ie_admin", "subjects"], - ["admin", "ie_admin", "objects"], - ["admin", "ie_admin", "actions"], - ["admin", "ie_admin", "subject_categories"], - ["admin", "ie_admin", "object_categories"], - ["admin", "ie_admin", "action_categories"], - ["admin", "ie_admin", "subject_category_scope"], - ["admin", "ie_admin", "object_category_scope"], - ["admin", "ie_admin", "action_category_scope"], - ["admin", "ie_admin", "sub_rules"], - ["admin", "ie_admin", "sub_meta_rule"], - ["admin", "ie_admin", "subject_assignments"], - ["admin", "ie_admin", "object_assignments"], - ["admin", "ie_admin", "action_assignments"], - ["admin", "ie_admin", "sub_meta_rule_relations"], - ["admin", "ie_admin", "aggregation_algorithms"] - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/scope.json b/keystone-moon/examples/moon/policies/policy_mls_admin/scope.json deleted file mode 100644 index faf06d2c..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_admin/scope.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "subject_category_scope": { - "role": [ - "admin" - ] - }, - - "action_category_scope": { - "ie_action": [ - "ie_access", - "ie_admin" - ] - }, - - "object_category_scope": { - "id": [ - "subjects", - "objects", - "actions", - "subject_categories", - "object_categories", - "action_categories", - "subject_category_scope", - "object_category_scope", - "action_category_scope", - "sub_rules", - "sub_meta_rule", - "subject_assignments", - "object_assignments", - "action_assignments", - "sub_meta_rule_relations", - "aggregation_algorithms" - ] - } -} diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/assignment.json b/keystone-moon/examples/moon/policies/policy_mls_authz/assignment.json deleted file mode 100644 index e2a244b3..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_authz/assignment.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "subject_assignments": { - "subject_security_level":{ - } - }, - - "action_assignments": { - "computing_action":{ - "pause": ["vm_admin"], - "unpause": ["vm_admin"], - "start": ["vm_admin"], - "stop": ["vm_admin"], - "list": ["vm_access", "vm_admin"], - "create": ["vm_admin"] - } - }, - - "object_assignments": { - "object_security_level": { - "servers": ["low"] - } - } -} diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/metadata.json b/keystone-moon/examples/moon/policies/policy_mls_authz/metadata.json deleted file mode 100644 index 56dc57df..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_authz/metadata.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "MLS_metadata", - "model": "MLS", - "genre": "authz", - "description": "Multi Layer Security authorization policy", - - "subject_categories": [ - "subject_security_level" - ], - - "action_categories": [ - "computing_action", - "storage_action" - ], - - "object_categories": [ - "object_security_level" - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/metarule.json b/keystone-moon/examples/moon/policies/policy_mls_authz/metarule.json deleted file mode 100644 index 0f717458..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_authz/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "relation_super": { - "subject_categories": ["subject_security_level"], - "action_categories": ["computing_action"], - "object_categories": ["object_security_level"], - "relation": "relation_super" - } - }, - "aggregation": "and_true_aggregation" -} - diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/rules.json b/keystone-moon/examples/moon/policies/policy_mls_authz/rules.json deleted file mode 100644 index f018a6fc..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_authz/rules.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "relation_super":[ - ["high", "vm_admin", "medium"], - ["high", "vm_admin", "low"], - ["medium", "vm_admin", "low"], - ["high", "vm_access", "high"], - ["high", "vm_access", "medium"], - ["high", "vm_access", "low"], - ["medium", "vm_access", "medium"], - ["medium", "vm_access", "low"], - ["low", "vm_access", "low"] - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/scope.json b/keystone-moon/examples/moon/policies/policy_mls_authz/scope.json deleted file mode 100644 index d3146acb..00000000 --- a/keystone-moon/examples/moon/policies/policy_mls_authz/scope.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "subject_category_scope": { - "subject_security_level": [ - "high", - "medium", - "low" - ] - }, - - "action_category_scope": { - "computing_action": [ - "vm_access", - "vm_admin" - ] - }, - - "object_category_scope": { - "object_security_level": [ - "high", - "medium", - "low" - ] - } -} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json deleted file mode 100644 index e1c208df..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "subject_assignments": { - "role":{ - "admin": ["admin" ] - } - }, - - "action_assignments": { - "ie_action":{ - "read": ["ie_admin", "ie_access"], - "write": ["ie_admin"], - "create": ["ie_admin"], - "delete": ["ie_admin"] - } - }, - - "object_assignments": { - "id": { - "subjects": ["subjects"], - "objects": ["objects"], - "actions": ["actions"], - "subject_categories": ["subject_categories"], - "object_categories": ["object_categories"], - "action_categories": ["action_categories"], - "subject_category_scope": ["subject_category_scope"], - "object_category_scope": ["object_category_scope"], - "action_category_scope": ["action_category_scope"], - "sub_rules": ["sub_rules"], - "sub_meta_rule": ["sub_meta_rule"], - "subject_assignments": ["subject_assignments"], - "object_assignments": ["object_assignments"], - "action_assignments": ["action_assignments"], - "sub_meta_rule_relations": ["sub_meta_rule_relations"], - "aggregation_algorithms": ["aggregation_algorithms"] - } - } -} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/metadata.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/metadata.json deleted file mode 100644 index f65cb271..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_admin/metadata.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "RBAC_metadata", - "model": "RBAC", - "genre": "authz", - "description": "Role Based access Control authorization policy", - - "subject_categories": [ - "role" - ], - - "action_categories": [ - "ie_action" - ], - - "object_categories": [ - "id" - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/metarule.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/metarule.json deleted file mode 100644 index 3a2c7b75..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_admin/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "relation_super": { - "subject_categories": ["role"], - "action_categories": ["ie_action"], - "object_categories": ["id"], - "relation": "relation_super" - } - }, - "aggregation": "and_true_aggregation" -} - diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/perimeter.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/perimeter.json deleted file mode 100644 index e570aae1..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_admin/perimeter.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "subjects": [ - "admin" - ], - "actions": [ - "read", - "write", - "create", - "delete" - ], - "objects": [ - "subjects", - "objects", - "actions", - "subject_categories", - "object_categories", - "action_categories", - "subject_category_scope", - "object_category_scope", - "action_category_scope", - "sub_rules", - "subject_assignments", - "object_assignments", - "action_assignments", - "sub_meta_rule_relations", - "aggregation_algorithms", - "sub_meta_rule" - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/rules.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/rules.json deleted file mode 100644 index e17ba8f3..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_admin/rules.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "relation_super":[ - ["admin", "ie_admin", "subjects"], - ["admin", "ie_admin", "objects"], - ["admin", "ie_admin", "actions"], - ["admin", "ie_admin", "subject_categories"], - ["admin", "ie_admin", "object_categories"], - ["admin", "ie_admin", "action_categories"], - ["admin", "ie_admin", "subject_category_scope"], - ["admin", "ie_admin", "object_category_scope"], - ["admin", "ie_admin", "action_category_scope"], - ["admin", "ie_admin", "sub_rules"], - ["admin", "ie_admin", "sub_meta_rule"], - ["admin", "ie_admin", "subject_assignments"], - ["admin", "ie_admin", "object_assignments"], - ["admin", "ie_admin", "action_assignments"], - ["admin", "ie_admin", "sub_meta_rule_relations"], - ["admin", "ie_admin", "aggregation_algorithms"] - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/assignment.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/assignment.json deleted file mode 100644 index e804b56a..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_authz/assignment.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "subject_assignments": { - "role":{ - "admin": ["admin" ] - } - }, - - "action_assignments": { - "computing_action":{ - "pause": ["vm_admin"], - "unpause": ["vm_admin"], - "start": ["vm_admin"], - "stop": ["vm_admin"], - "list": ["vm_access", "vm_admin"], - "create": ["vm_admin"] - }, - "storage_action":{ - "get": ["vm_access"], - "set": ["vm_access", "vm_admin"] - } - }, - - "object_assignments": { - "id": { - "servers": ["servers"] - } - } -} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/metadata.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/metadata.json deleted file mode 100644 index 7f34ed7a..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_authz/metadata.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "MLS_metadata", - "model": "MLS", - "genre": "authz", - "description": "Multi Layer Security authorization policy", - - "subject_categories": [ - "role" - ], - - "action_categories": [ - "computing_action", - "storage_action" - ], - - "object_categories": [ - "id" - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/metarule.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/metarule.json deleted file mode 100644 index ce828339..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_authz/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "relation_super": { - "subject_categories": ["role"], - "action_categories": ["computing_action", "storage_action"], - "object_categories": ["id"], - "relation": "relation_super" - } - }, - "aggregation": "and_true_aggregation" -} - diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/perimeter.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/perimeter.json deleted file mode 100644 index 4bf88de7..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_authz/perimeter.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "subjects": [ - "admin" - ], - "actions": [ - "pause", - "unpause", - "start", - "stop", - "create", - "list" - ], - "objects": [ - "servers" - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/rules.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/rules.json deleted file mode 100644 index 7f9dc3bb..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_authz/rules.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "relation_super":[ - ["admin", "vm_admin", "vm_admin", "servers"], - ["admin", "vm_access", "vm_access", "servers"] - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/scope.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/scope.json deleted file mode 100644 index 34c5350a..00000000 --- a/keystone-moon/examples/moon/policies/policy_rbac_authz/scope.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "subject_category_scope": { - "role": [ - "admin" - ] - }, - - "action_category_scope": { - "computing_action": [ - "vm_access", - "vm_admin" - ], - "storage_action": [ - "vm_access", - "vm_admin" - ] - }, - - "object_category_scope": { - "id": [ - "servers" - ] - } -} |