aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_orchestrator/conf/policies/policy_authz
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/moon_orchestrator/conf/policies/policy_authz')
-rw-r--r--moonv4/moon_orchestrator/conf/policies/policy_authz/assignment.json55
-rw-r--r--moonv4/moon_orchestrator/conf/policies/policy_authz/metadata.json23
-rw-r--r--moonv4/moon_orchestrator/conf/policies/policy_authz/metarule.json24
-rw-r--r--moonv4/moon_orchestrator/conf/policies/policy_authz/perimeter.json21
-rw-r--r--moonv4/moon_orchestrator/conf/policies/policy_authz/rule.json25
-rw-r--r--moonv4/moon_orchestrator/conf/policies/policy_authz/scope.json49
6 files changed, 0 insertions, 197 deletions
diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/assignment.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/assignment.json
deleted file mode 100644
index 7a6c722e..00000000
--- a/moonv4/moon_orchestrator/conf/policies/policy_authz/assignment.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
- "subject_assignments": {
- "subject_security_level":{
- "admin": ["high"],
- "demo": ["medium"]
- },
- "domain":{
- "admin": ["ft"],
- "demo": ["xx"]
- },
- "role": {
- "admin": ["admin"],
- "demo": ["dev"]
- }
- },
-
- "action_assignments": {
- "resource_action":{
- "pause": ["vm_admin"],
- "unpause": ["vm_admin"],
- "start": ["vm_admin"],
- "stop": ["vm_admin"],
- "list": ["vm_access", "vm_admin"],
- "create": ["vm_admin"],
- "storage_list": ["storage_access"],
- "download": ["storage_access"],
- "post": ["storage_admin"],
- "upload": ["storage_admin"]
- },
- "access": {
- "pause": ["write"],
- "unpause": ["write"],
- "start": ["write"],
- "stop": ["write"],
- "list": ["read"],
- "create": ["write"],
- "storage_list": ["read"],
- "download": ["read"],
- "post": ["write"],
- "upload": ["write"]
- }
- },
-
- "object_assignments": {
- "object_security_level": {
- "servers": ["low"]
- },
- "type": {
- "servers": ["computing"]
- },
- "object_id": {
- "servers": ["servers"]
- }
- }
-}
diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/metadata.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/metadata.json
deleted file mode 100644
index 21a99eb2..00000000
--- a/moonv4/moon_orchestrator/conf/policies/policy_authz/metadata.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Simple_Policy",
- "genre": "authz",
- "description": "Simple Security Policy",
- "pdp_pipeline": ["authz:rbac_rule", "authz:mls_rule"],
-
- "subject_categories": [
- "subject_security_level",
- "domain",
- "role"
- ],
-
- "action_categories": [
- "resource_action",
- "access"
- ],
-
- "object_categories": [
- "object_security_level",
- "type",
- "object_id"
- ]
-}
diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/metarule.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/metarule.json
deleted file mode 100644
index c9afd6c2..00000000
--- a/moonv4/moon_orchestrator/conf/policies/policy_authz/metarule.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- "sub_meta_rules": {
- "mls_rule": {
- "subject_categories": ["subject_security_level"],
- "action_categories": ["resource_action"],
- "object_categories": ["object_security_level"],
- "algorithm": "inclusion"
- },
- "dte_rule": {
- "subject_categories": ["domain"],
- "action_categories": ["access"],
- "object_categories": ["type"],
- "algorithm": "inclusion"
- },
- "rbac_rule": {
- "subject_categories": ["role", "domain"],
- "action_categories": ["access"],
- "object_categories": ["object_id"],
- "algorithm": "inclusion"
- }
- },
- "aggregation": "all_true"
-}
-
diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/perimeter.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/perimeter.json
deleted file mode 100644
index 47a8ee45..00000000
--- a/moonv4/moon_orchestrator/conf/policies/policy_authz/perimeter.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "subjects": [
- "admin",
- "demo"
- ],
- "actions": [
- "pause",
- "unpause",
- "start",
- "stop",
- "create",
- "list",
- "upload",
- "download",
- "post",
- "storage_list"
- ],
- "objects": [
- "servers"
- ]
-}
diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/rule.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/rule.json
deleted file mode 100644
index 25f9d93a..00000000
--- a/moonv4/moon_orchestrator/conf/policies/policy_authz/rule.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
- "mls_rule":[
- ["high", "vm_admin", "medium"],
- ["high", "vm_admin", "low"],
- ["medium", "vm_admin", "low"],
- ["high", "vm_access", "high"],
- ["high", "vm_access", "medium"],
- ["high", "vm_access", "low"],
- ["medium", "vm_access", "medium"],
- ["medium", "vm_access", "low"],
- ["low", "vm_access", "low"]
- ],
- "dte_rule":[
- ["ft", "read", "computing"],
- ["ft", "write", "computing"],
- ["ft", "read", "storage"],
- ["ft", "write", "storage"],
- ["xx", "read", "storage"]
- ],
- "rbac_rule":[
- ["dev", "xx", "read", "servers"],
- ["admin", "xx", "read", "servers"],
- ["admin", "ft", "read", "servers"]
- ]
-}
diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/scope.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/scope.json
deleted file mode 100644
index 9b313daf..00000000
--- a/moonv4/moon_orchestrator/conf/policies/policy_authz/scope.json
+++ /dev/null
@@ -1,49 +0,0 @@
-{
- "subject_scopes": {
- "role": [
- "admin",
- "dev"
- ],
- "subject_security_level": [
- "high",
- "medium",
- "low"
- ],
- "domain": [
- "ft",
- "xx"
- ]
- },
-
- "action_scopes": {
- "resource_action": [
- "vm_admin",
- "vm_access",
- "storage_admin",
- "storage_access"
- ],
- "access": [
- "write",
- "read"
- ]
- },
-
- "object_scopes": {
- "object_security_level": [
- "high",
- "medium",
- "low"
- ],
- "type": [
- "computing",
- "storage"
- ],
- "object_id": [
- "servers",
- "vm1",
- "vm2",
- "file1",
- "file2"
- ]
- }
-}