aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon')
-rw-r--r--keystone-moon/doc/source/extensions/moon/moon_api.rst964
1 files changed, 590 insertions, 374 deletions
diff --git a/keystone-moon/doc/source/extensions/moon/moon_api.rst b/keystone-moon/doc/source/extensions/moon/moon_api.rst
index 1f7ad10b..f2546d4d 100644
--- a/keystone-moon/doc/source/extensions/moon/moon_api.rst
+++ b/keystone-moon/doc/source/extensions/moon/moon_api.rst
@@ -3,626 +3,842 @@ Moon API
Here are Moon API with some examples of posted data and returned data.
-Intra-Extension API
--------------------
+All requests must be prefexied by /v3/OS-MOON.
Authz
-~~~~~
+-----
-* ``GET /OS-MOON/authz/{tenant_id}/{subject_id}/{object_id}/{action_id}``
+**GET /authz/{tenant_id}/{subject_k_id}/{object_name}/{action_name}**
+ Authorization API.
.. code-block:: json
return = {
- "authz": "OK/KO/OutOfScope",
- "tenant_id": "tenant_id",
- "subject_id": "subject_id",
- "object_id": "object_id",
- "action_id": "action_id"
- }
+ "authz": "True or False"
+ }
-Intra_Extension
-~~~~~~~~~~~~~~~
-* ``GET /OS-MOON/authz_policies``
+Intra-Extension API
+-------------------
+
+Configuration
+~~~~~~~~~~~~~
+
+**GET /configuration/templates**
+
+ List all policy templates.
.. code-block:: json
return = {
- "authz_policies": ["policy_name1", "policy_name2"]
- }
+ "template_id": {
+ "name": "name of the template",
+ "description": "description of the template",
+ }
+ }
+
-* ``GET /OS-MOON/intra_extensions``
+**GET /configuration/aggregation_algorithms**
+
+ List all aggregation algorithms.
.. code-block:: json
return = {
- "intra_extensions": ["ie_uuid1", "ie_uuid2"]
- }
+ "algorithm_id": {
+ "name": "name of the algorithm",
+ "description": "description of the algorithm",
+ }
+ }
+
+
+**GET /configuration/sub_meta_rule_algorithms**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}``
+ List all sub meta rule algorithms.
.. code-block:: json
return = {
- "intra_extensions": {
- "id": "uuid1",
- "description": "",
- "tenant": "tenant_uuid",
- "model": "",
- "genre": "",
- "authz": {},
- "admin": {}
- }
- }
+ "algorithm_id": {
+ "name": "name of the algorithm",
+ "description": "description of the algorithm",
+ }
+ }
-* ``POST /OS-MOON/intra_extensions``
+
+Tenants
+~~~~~~~
+
+**GET /tenants**
+
+ List all tenants.
.. code-block:: json
- post = {
- "name" : "",
- "policymodel": "",
- "description": ""
- }
return = {
- "id": "uuid1",
- "description": "",
- "tenant": "tenant_uuid",
- "model": "",
- "genre": "",
- "authz": {},
- "admin": {}
- }
+ "tenant_id": {
+ "name": "name of the tenant",
+ "description": "description of the tenant",
+ "intra_authz_extension_id": "id of the intra extension authz",
+ "intra_admin_extension_id": "id of the intra extension authz"
+ }
+ }
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}``
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/tenant``
+**POST /tenants**
+
+ Add a tenant.
.. code-block:: json
+ post = {
+ "tenant_name": "name of the tenant",
+ "tenant_description": "description of the tenant",
+ "tenant_intra_authz_extension_id": "id of the intra extension authz",
+ "tenant_intra_admin_extension_id": "id of the intra extension admin"
+ }
return = {
- "tenant": "tenant_id"
- }
+ "tenant_id": {
+ "name": "name of the tenant",
+ "description": "description of the tenant",
+ "intra_authz_extension_id": "id of the intra extension authz",
+ "intra_admin_extension_id": "id of the intra extension authz"
+ }
+ }
+
+
+**POST /tenants/{tenant_id}**
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/tenant``
+ Show information of one tenant.
.. code-block:: json
- post = {
- "tenant_id": "tenant_id"
- }
return = {
- "tenant": "tenant_id"
- }
+ "tenant_id": {
+ "name": "name of the tenant",
+ "description": "description of the tenant",
+ "intra_authz_extension_id": "id of the intra extension authz",
+ "intra_admin_extension_id": "id of the intra extension authz"
+ }
+ }
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/tenant/{tenant_id}``
-Perimeter
-~~~~~~~~~
+**POST /tenants/{tenant_id}**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subjects``
+ Modify a tenant.
.. code-block:: json
+ post = {
+ "tenant_name": "name of the tenant",
+ "tenant_description": "description of the tenant",
+ "tenant_intra_authz_extension_id": "id of the intra extension authz",
+ "tenant_intra_admin_extension_id": "id of the intra extension admin"
+ }
return = {
- "subjects": ["sub_uuid1", "sub_uuid2"]
- }
+ "tenant_id": {
+ "name": "name of the tenant",
+ "description": "description of the tenant",
+ "intra_authz_extension_id": "id of the intra extension authz",
+ "intra_admin_extension_id": "id of the intra extension authz"
+ }
+ }
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subjects``
+
+**DELETE /tenants/{tenant_id}**
+
+ Delete a tenant.
.. code-block:: json
- post = {
- "subject_id" : ""
- }
- return = {
- "subjects": ["sub_uuid1", "sub_uuid2"]
- }
+ return = {}
+
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject/{subject_id}``
+Intra-Extension
+~~~~~~~~~~~~~~~
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/objects``
+**GET /intra_extensions/init**
+
+ Initialize the root Intra_Extension (if needed).
.. code-block:: json
- return = {
- "objects": ["obj_uuid1", "obj_uuid2"]
- }
+ return = {}
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/objects``
+
+**GET /intra_extensions**
+
+ List all Intra_Extensions.
.. code-block:: json
- post = {
- "object_id" : ""
- }
return = {
- "objects": ["obj_uuid1", "obj_uuid2"]
- }
+ "intra_extension_id": {
+ "name": "name of the intra extension",
+ "model": "model of the intra extension"
+ }
+ }
+
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object/{object_id}``
+**POST /intra_extensions**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/actions``
+ Create a new Intra_Extension.
.. code-block:: json
- return = {
- "actions": ["act_uuid1", "act_uuid2"]
- }
+ post = {
+ "intra_extension_name": "name of the intra extension",
+ "intra_extension_model": "model of the intra extension (taken from /configuration/templates)",
+ "intra_extension_description": "description of the intra extension",
+
+ }
+ return = {}
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/actions``
+
+**GET /intra_extensions/{intra_extension_id}/**
+
+ Show details about one Intra_Extension.
.. code-block:: json
- post = {
- "action_id" : ""
- }
return = {
- "actions": ["act_uuid1", "act_uuid2"]
- }
+ "id": "intra_extension_id",
+ "name": "name of the intra extension",
+ "model": "model of the intra extension",
+ "genre": "genre of the intra extension",
+ "description": "model of the intra extension"
+ }
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/actions/{action_id}``
-Assignment
-~~~~~~~~~~
+**DELETE /intra_extensions/{intra_extension_id}/**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments``
+ Delete an Intra_Extension.
.. code-block:: json
- return = {
- "subject_assignments": {
- "subject_security_level":{
- "user1": ["low"],
- "user2": ["medium"],
- "user3": ["high"]
- }
- }
+ return = {}
+
+
+Intra-Extension Subjects
+~~~~~~~~~~~~~~~~~~~~~~~~
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments``
+**GET /intra_extensions/{intra_extension_id}/subjects**
+
+ List all subjects.
.. code-block:: json
- post = {
- "subject_id" : "",
- "subject_category_id" : "",
- "subject_category_scope_id" : ""
- }
return = {
- "subject_assignments": {
- "subject_security_level":{
- "user1": ["low"],
- "user2": ["medium"],
- "user3": ["high"]
- }
- }
+ "subject_id": {
+ "name": "name of the subject",
+ "keystone_id": "keystone id of the subject"
+ }
+ }
+
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments/{subject_category}/{subject_id}/{subject_scope}``
+**POST /intra_extensions/{intra_extension_id}/subjects**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments``
+ List all subjects.
.. code-block:: json
+ post = {
+ "subject_name": "name of the subject",
+ "subject_description": "description of the subject",
+ "subject_password": "password for the subject",
+ "subject_email": "email address of the subject"
+ }
return = {
- "object_assignments": {
- "object_security_level":{
- "vm1": ["low"],
- "vm2": ["medium"],
- "vm3": ["high"]
- }
- }
+ "subject_id": {
+ "name": "name of the subject",
+ "keystone_id": "keystone id of the subject"
+ }
+ }
+
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments``
+**DELETE /intra_extensions/{intra_extension_id}/subjects/{subject_id}**
+
+ Delete a subject.
.. code-block:: json
- post = {
- "object_id" : "",
- "object_category_id" : "",
- "object_category_scope_id" : ""
- }
- return = {
- "object_assignments": {
- "object_security_level":{
- "vm1": ["low"],
- "vm2": ["medium"],
- "vm3": ["high"]
- }
- }
+ return = {}
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments/{object_category}/{object_id}/{object_scope}``
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments``
+**GET /intra_extensions/{intra_extension_id}/subject_categories**
+
+ List all subject categories.
.. code-block:: json
return = {
- "action_assignments": {
- "computing_action":{
- "pause": ["vm_admin"],
- "unpause": ["vm_admin"],
- "start": ["vm_admin"],
- "stop": ["vm_admin"]
- }
- }
+ "subject_category_id": {
+ "name": "name of the category",
+ "description": "description of the category"
+ }
+ }
+
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments``
+**POST /intra_extensions/{intra_extension_id}/subject_categories**
+
+ Add a new subject category.
.. code-block:: json
- post = {
- "action_id" : "",
- "action_category_id" : "",
- "action_category_scope_id" : ""
- }
+ post = {
+ "subject_category_name": "name of the category",
+ "subject_category_description": "description of the category"
+ }
return = {
- "action_assignments": {
- "computing_action":{
- "pause": ["vm_admin"],
- "unpause": ["vm_admin"],
- "start": ["vm_admin"],
- "stop": ["vm_admin"]
- }
- }
+ "subject_category_id": {
+ "name": "name of the category",
+ "description": "description of the category"
+ }
+ }
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments/{action_category}/{action_id}/{action_scope}``
-Metadata
-~~~~~~~~
+**DELETE /intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories``
+ Delete a subject category.
.. code-block:: json
- return = {
- "subject_categories": [ "subject_security_level" ]
- }
+ return = {}
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories``
+
+**GET /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}**
+
+ List all subject scopes for a specific subject category.
.. code-block:: json
- post = {
- "subject_category_id" : ""
- }
return = {
- "subject_categories": [ "subject_security_level" ]
- }
+ "subject_scope_id": {
+ "name": "name of the scope",
+ "description": "description of the scope"
+ }
+ }
+
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories/{subject_category_id}``
+**POST /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories``
+ Add a new subject scope for a specific subject category.
.. code-block:: json
+ post = {
+ "subject_scope_name": "name of the scope",
+ "subject_scope_description": "description of the scope"
+ }
return = {
- "object_categories": [ "object_security_level" ]
- }
+ "subject_scope_id": {
+ "name": "name of the scope",
+ "description": "description of the scope"
+ }
+ }
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories``
+
+**DELETE /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}**
+
+ Delete a subject scope.
.. code-block:: json
- post = {
- "object_category_id" : ""
- }
- return = {
- "object_categories": [ "object_security_level" ]
- }
+ return = {}
+
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories/{object_category_id}``
+**GET /intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories``
+ List all subject assignments for a subject and for a subject category.
.. code-block:: json
- return = {
- "action_categories": [ "computing_action" ]
- }
+ return = [
+ "subject_assignment_id1", "subject_assignment_id2"
+ ]
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories``
+**POST /intra_extensions/{intra_extension_id}/subject_assignments**
+
+ Add an assignment.
.. code-block:: json
- post = {
- "action_category_id" : ""
- }
- return = {
- "action_categories": [ "computing_action" ]
- }
+ post = {
+ "subject_id": "id of the subject",
+ "subject_category_id": "id of the category",
+ "subject_scope_id": "id of the scope"
+ }
+ return = [
+ "subject_assignment_id1", "subject_assignment_id2"
+ ]
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories/{action_category_id}``
-Scope
-~~~~~
+**DELETE /intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}/{subject_scope_id}**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope``
+ Delete a subject assignment.
.. code-block:: json
- return = {
- "subject_security_level": [ "high", "medium", "low" ]
- }
+ return = {}
+
+
+Intra-Extension Objects
+~~~~~~~~~~~~~~~~~~~~~~~
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope``
+**GET /intra_extensions/{intra_extension_id}/objects**
+
+ List all objects.
.. code-block:: json
- post = {
- "subject_category_id" : "",
- "subject_category_scope_id" : ""
- }
return = {
- "subject_security_level": [ "high", "medium", "low" ]
- }
+ "object_id": {
+ "name": "name of the object",
+ "keystone_id": "keystone id of the object"
+ }
+ }
+
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope/{subject_category}/{subject_scope}``
+**POST /intra_extensions/{intra_extension_id}/objects**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope``
+ List all objects.
.. code-block:: json
+ post = {
+ "object_name": "name of the object",
+ "object_description": "description of the object"
+ }
return = {
- "object_security_level": [ "high", "medium", "low" ]
- }
+ "object_id": {
+ "name": "name of the object",
+ "keystone_id": "keystone id of the object"
+ }
+ }
+
+
+**DELETE /intra_extensions/{intra_extension_id}/objects/{object_id}**
+
+ Delete a object.
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope``
+.. code-block:: json
+
+ return = {}
+
+
+**GET /intra_extensions/{intra_extension_id}/object_categories**
+
+ List all object categories.
.. code-block:: json
- post = {
- "object_category_id" : "",
- "object_category_scope_id" : ""
- }
return = {
- "object_security_level": [ "high", "medium", "low" ]
- }
+ "object_category_id": {
+ "name": "name of the category",
+ "description": "description of the category"
+ }
+ }
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope/{object_category}/{object_scope}``
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope``
+**POST /intra_extensions/{intra_extension_id}/object_categories**
+
+ Add a new object category.
.. code-block:: json
+ post = {
+ "object_category_name": "name of the category",
+ "object_category_description": "description of the category"
+ }
return = {
- "computing_action": [ "vm_admin", "vm_access" ]
- }
+ "object_category_id": {
+ "name": "name of the category",
+ "description": "description of the category"
+ }
+ }
+
+
+**DELETE /intra_extensions/{intra_extension_id}/object_categories/{object_category_id}**
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope``
+ Delete a object category.
+
+.. code-block:: json
+
+ return = {}
+
+
+**GET /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}**
+
+ List all object scopes for a specific object category.
.. code-block:: json
- post = {
- "action_id" : "",
- "action_category_id" : "",
- "action_category_scope_id" : ""
- }
return = {
- "computing_action": [ "vm_admin", "vm_access" ]
- }
+ "object_scope_id": {
+ "name": "name of the scope",
+ "description": "description of the scope"
+ }
+ }
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope/{action_category}/{action_scope}``
-Metarule
-~~~~~~~~
+**POST /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithms``
+ Add a new object scope for a specific object category.
.. code-block:: json
+ post = {
+ "object_scope_name": "name of the scope",
+ "object_scope_description": "description of the scope"
+ }
return = {
- "aggregation_algorithms": [ "and_true_aggregation", "..."]
- }
+ "object_scope_id": {
+ "name": "name of the scope",
+ "description": "description of the scope"
+ }
+ }
+
+
+**DELETE /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}**
+
+ Delete a object scope.
+
+.. code-block:: json
+
+ return = {}
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithm``
+
+**GET /intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}**
+
+ List all object assignments for a object and for a object category.
+
+.. code-block:: json
+
+ return = [
+ "object_assignment_id1", "object_assignment_id2"
+ ]
+
+
+**POST /intra_extensions/{intra_extension_id}/object_assignments**
+
+ Add an assignment.
+
+.. code-block:: json
+
+ post = {
+ "object_id": "id of the object",
+ "object_category_id": "id of the category",
+ "object_scope_id": "id of the scope"
+ }
+ return = [
+ "object_assignment_id1", "object_assignment_id2"
+ ]
+
+
+**DELETE /intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}/{object_scope_id}**
+
+ Delete a object assignment.
+
+.. code-block:: json
+
+ return = {}
+
+
+Intra-Extension Actions
+~~~~~~~~~~~~~~~~~~~~~~~
+
+**GET /intra_extensions/{intra_extension_id}/actions**
+
+ List all actions.
.. code-block:: json
return = {
- "aggregation_algorithm": "and_true_aggregation"
- }
+ "action_id": {
+ "name": "name of the action",
+ "keystone_id": "keystone id of the action"
+ }
+ }
+
+
+**POST /intra_extensions/{intra_extension_id}/actions**
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithm``
+ List all actions.
.. code-block:: json
- post = {
- "aggregation": "and_true_aggregation"
- }
+ post = {
+ "action_name": "name of the action",
+ "action_description": "description of the action",
+ "action_password": "password for the action",
+ "action_email": "email address of the action"
+ }
return = {
- "aggregation_algorithm": "and_true_aggregation"
- }
+ "action_id": {
+ "name": "name of the action",
+ "keystone_id": "keystone id of the action"
+ }
+ }
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule``
+
+**DELETE /intra_extensions/{intra_extension_id}/actions/{action_id}**
+
+ Delete a action.
+
+.. code-block:: json
+
+ return = {}
+
+
+**GET /intra_extensions/{intra_extension_id}/action_categories**
+
+ List all action categories.
.. code-block:: json
return = {
- "sub_meta_rule": {
- "subject_categories": ["role"],
- "action_categories": ["ie_action"],
- "object_categories": ["id"],
- "relation": "relation_super"
- }
- }
+ "action_category_id": {
+ "name": "name of the category",
+ "description": "description of the category"
+ }
+ }
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule``
+
+**POST /intra_extensions/{intra_extension_id}/action_categories**
+
+ Add a new action category.
.. code-block:: json
- post = {
- "relation_super": {
- "subject_categories": ["role"],
- "action_categories": ["ie_action"],
- "object_categories": ["id"],
- }
- }
+ post = {
+ "action_category_name": "name of the category",
+ "action_category_description": "description of the category"
+ }
return = {
- "sub_meta_rule": {
- "subject_categories": ["role"],
- "action_categories": ["ie_action"],
- "object_categories": ["id"],
- "relation": "relation_super"
- }
- }
+ "action_category_id": {
+ "name": "name of the category",
+ "description": "description of the category"
+ }
+ }
+
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule_relations``
+**DELETE /intra_extensions/{intra_extension_id}/action_categories/{action_category_id}**
+
+ Delete a action category.
+
+.. code-block:: json
+
+ return = {}
+
+
+**GET /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}**
+
+ List all action scopes for a specific action category.
.. code-block:: json
return = {
- "sub_meta_rule_relations": ["relation_super", ]
- }
+ "action_scope_id": {
+ "name": "name of the scope",
+ "description": "description of the scope"
+ }
+ }
+
-Rules
-~~~~~
+**POST /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}**
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules``
+ Add a new action scope for a specific action category.
.. code-block:: json
+ post = {
+ "action_scope_name": "name of the scope",
+ "action_scope_description": "description of the scope"
+ }
return = {
- "sub_rules": {
- "relation_super": [
- ["high", "vm_admin", "medium"],
- ["high", "vm_admin", "low"],
- ["medium", "vm_admin", "low"],
- ["high", "vm_access", "high"],
- ["high", "vm_access", "medium"],
- ["high", "vm_access", "low"],
- ["medium", "vm_access", "medium"],
- ["medium", "vm_access", "low"],
- ["low", "vm_access", "low"]
- ]
- }
- }
+ "action_scope_id": {
+ "name": "name of the scope",
+ "description": "description of the scope"
+ }
+ }
+
+
+**DELETE /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}**
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules``
+ Delete a action scope.
.. code-block:: json
- post = {
- "rules": ["admin", "vm_admin", "servers"],
- "relation": "relation_super"
- }
+ return = {}
+
+
+**GET /intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}**
+
+ List all action assignments for a action and for a action category.
+
+.. code-block:: json
+
+ return = [
+ "action_assignment_id1", "action_assignment_id2"
+ ]
+
+
+**POST /intra_extensions/{intra_extension_id}/action_assignments**
+
+ Add an assignment.
+
+.. code-block:: json
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules/{relation_name}/{rule}``
+ post = {
+ "action_id": "id of the action",
+ "action_category_id": "id of the category",
+ "action_scope_id": "id of the scope"
+ }
+ return = [
+ "action_assignment_id1", "action_assignment_id2"
+ ]
-Tenant mapping API
-------------------
+**DELETE /intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}/{action_scope_id}**
-* ``GET /OS-MOON/tenants``
+ Delete a action assignment.
+
+.. code-block:: json
+
+ return = {}
+
+
+Intra-Extension Rules
+~~~~~~~~~~~~~~~~~~~~~
+
+**GET /intra_extensions/{intra_extension_id}/aggregation_algorithm**
+
+ List aggregation algorithm for an intra extension.
.. code-block:: json
return = {
- "tenant": {
- "uuid1": {
- "name": "tenant1",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- },
- "uuid2": {
- "name": "tenant2",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- }
- }
- }
+ "aggregation_algorithm_id": {
+ "name": "name of the aggregation algorithm",
+ "description": "description of the aggregation algorithm"
+ }
+ }
+
-* ``GET /OS-MOON/tenant/{tenant_uuid}``
+**POST /intra_extensions/{intra_extension_id}/aggregation_algorithm**
+
+ Set the current aggregation algorithm for an intra extension.
.. code-block:: json
+ post = {
+ "aggregation_algorithm_id": "id of the aggregation algorithm",
+ "aggregation_algorithm_description": "description of the aggregation algorithm"
+ }
return = {
- "tenant": {
- "uuid": {
- "name": "tenant1",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- }
- }
- }
+ "aggregation_algorithm_id": {
+ "name": "name of the aggregation algorithm",
+ "description": "description of the aggregation algorithm"
+ }
+ }
+
-* ``POST /OS-MOON/tenant``
+**GET /intra_extensions/{intra_extension_id}/sub_meta_rules**
+
+ Show the current sub meta rules.
.. code-block:: json
- post = {
- "id": "uuid",
- "name": "tenant1",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- }
return = {
- "tenant": {
- "uuid": {
- "name": "tenant1",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- }
- }
- }
+ "sub_meta_rule_id": {
+ "name": "name of the aggregation algorithm",
+ "algorithm": "algorithm of the aggregation algorithm",
+ "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "object_categories": ["object_category_id1", "object_category_id2"],
+ "action_categories": ["action_category_id1", "action_category_id2"]
+ }
+ }
-* ``DELETE /OS-MOON/tenant/{tenant_uuid}/{intra_extension_uuid}``
.. code-block:: json
return = {}
-Logs API
---------
-* ``GET /OS-MOON/logs``
+**GET /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}**
+
+ Set the current sub meta rule.
+
+.. code-block:: json
+
+ post = {
+ "sub_meta_rule_name": "name of the sub meta rule",
+ "sub_meta_rule_algorithm": "name of the sub meta rule algorithm",
+ "sub_meta_rule_subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "sub_meta_rule_object_categories": ["object_category_id1", "object_category_id2"],
+ "sub_meta_rule_action_categories": ["action_category_id1", "action_category_id2"]
+ }
+ return = {}
+
-InterExtension API
-------------------
+**GET /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}**
-* ``GET /OS-MOON/inter_extensions``
+ List all rules.
.. code-block:: json
return = {
- "inter_extensions": ["ie_uuid1", "ie_uuid2"]
- }
+ "rule_id1": ["subject_scope_id1", "object_scope_id1", "action_scope_id1"],
+ "rule_id2": ["subject_scope_id2", "object_scope_id2", "action_scope_id2"]
+ }
+
+
+**POST /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}**
-* ``GET /OS-MOON/inter_extensions/{inter_extensions_id}``
+ Add a new rule.
.. code-block:: json
- return = {
- "inter_extensions": {
- "id": "uuid1",
- "description": "",
- "requesting_intra_extension_uuid": "uuid1",
- "requested_intra_extension_uuid": "uuid2",
- "genre": "trust_OR_coordinate",
- "virtual_entity_uuid": "ve_uuid1"
- }
- }
+ post = {
+ "subject_categories": ["subject_scope_id1"],
+ "object_categories": ["object_scope_id1"],
+ "action_categories": ["action_scope_id1"],
+ "enabled": True
+ }
+ return = {}
+
-* ``POST /OS-MOON/inter_extensions``
+**DELETE /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}**
+
+ Delete a rule.
.. code-block:: json
- post = {
- "description": "",
- "requesting_intra_extension_uuid": uuid1,
- "requested_intra_extension_uuid": uuid2,
- "genre": "trust_OR_coordinate",
- "virtual_entity_uuid": "ve_uuid1"
- }
- return = {
- "id": "uuid1",
- "description": "",
- "requesting_intra_extension_uuid": uuid1,
- "requested_intra_extension_uuid": uuid2,
- "genre": "trust_OR_coordinate",
- "virtual_entity_uuid": "ve_uuid1"
- }
+ return = {}
+
+
+Logs
+~~~~
+
+**GET /logs/{options}**
+
+ List all logs.
+ Options can be:
+
+ * ``filter=<filter_characters>``
+ * ``from=<show logs from this date>``
+ * ``to=<show logs to this date>``
+ * ``event_number=<get n logs>``
+
+ Time format is '%Y-%m-%d-%H:%M:%S' (eg. "2015-04-15-13:45:20")
+
+.. code-block:: json
-* ``DELETE /OS-MOON/inter_extensions/{inter_extensions_id}``
+ return = [
+ "2015-04-15-13:45:20 ...",
+ "2015-04-15-13:45:21 ...",
+ "2015-04-15-13:45:22 ...",
+ "2015-04-15-13:45:23 ..."
+ ]