From aa70ec0095fbfdb535c21599aec4c7f3215b3ba6 Mon Sep 17 00:00:00 2001
From: WuKong <rebirthmonkey@gmail.com>
Date: Wed, 1 Jul 2015 11:08:04 +0200
Subject: create a sub-dir for moon's doc
Change-Id: I06b66843f4bef550c6312a5f668f47d6861d6369
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
---
keystone-moon/doc/source/extensions/moon.rst | 145 -----
keystone-moon/doc/source/extensions/moon/moon.rst | 145 +++++
.../doc/source/extensions/moon/moon_api.rst | 628 +++++++++++++++++++++
keystone-moon/doc/source/extensions/moon_api.rst | 628 ---------------------
4 files changed, 773 insertions(+), 773 deletions(-)
delete mode 100644 keystone-moon/doc/source/extensions/moon.rst
create mode 100644 keystone-moon/doc/source/extensions/moon/moon.rst
create mode 100644 keystone-moon/doc/source/extensions/moon/moon_api.rst
delete mode 100644 keystone-moon/doc/source/extensions/moon_api.rst
(limited to 'keystone-moon/doc')
diff --git a/keystone-moon/doc/source/extensions/moon.rst b/keystone-moon/doc/source/extensions/moon.rst
deleted file mode 100644
index fc862675..00000000
--- a/keystone-moon/doc/source/extensions/moon.rst
+++ /dev/null
@@ -1,145 +0,0 @@
-..
- Copyright 2015 Orange
- All Rights Reserved.
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
-============
-Moon backend
-============
-
-Before doing anything, you must test your installation and check that your infrastructure is working.
-For example, check that you can create new virtual machines with admin and demo login.
-
-Configuration
--------------
-
-Moon is a contribute backend so you have to enable it by modifying /etc/keystone/keystone-paste.ini, like this:
-
-.. code-block:: ini
-
- [filter:moon]
- paste.filter_factory = keystone.contrib.moon.routers:Admin.factory
-
- ...
-
- [pipeline:public_api]
- # The last item in this pipeline must be public_service or an equivalent
- # application. It cannot be a filter.
- pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension moon public_service
-
- [pipeline:admin_api]
- # The last item in this pipeline must be admin_service or an equivalent
- # application. It cannot be a filter.
- pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension moon admin_service
-
- [pipeline:api_v3]
- # The last item in this pipeline must be service_v3 or an equivalent
- # application. It cannot be a filter.
- pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension moon service_v3
-
- ...
-
-You must modify /etc/keystone/keystone.conf as you need (see at the end of the file) and copy the following directories:
-
-.. code-block:: sh
-
- cp -R /opt/stack/keystone/examples/moon/policies/ /etc/keystone/
- cp -R /opt/stack/keystone/examples/moon/super_extension/ /etc/keystone/
-
-You can now update the Keystone database and create the directory for logs and restart the Keystone service:
-
-.. code-block:: sh
-
- cd /opt/stack/keystone
- ./bin/keystone-manage db_sync --extension moon
- sudo mkdir /var/log/moon/
- sudo chown vagrant /var/log/moon/
- sudo service apache2 restart
-
-You have to install our version of keystonemiddleware https://github.com/rebirthmonkey/keystonemiddleware :
-
-.. code-block:: sh
-
- cd
- git clone https://github.com/rebirthmonkey/keystonemiddleware.git
- cd keystonemiddleware
- sudo python setup.py install
-
-At this time, the only method to configure Moon is to use the python-moonclient which is a console based client:
-
-.. code-block:: sh
-
- cd
- git clone https://github.com/rebirthmonkey/moonclient.git
- cd moonclient
- sudo python setup.py install
-
-If afterwards, you have some problem restarting nova-api, try removing the package python-six:
-
-.. code-block:: sh
-
- sudo apt-get remove python-six
-
-
-Nova must be configured to send request to Keystone, you have to modify /etc/nova/api-paste.ini :
-
-.. code-block:: ini
-
- ...
-
- [composite:openstack_compute_api_v2]
- use = call:nova.api.auth:pipeline_factory
- noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
- noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2
- keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext moon ratelimit osapi_compute_app_v2
- keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext moon osapi_compute_app_v2
-
- [composite:openstack_compute_api_v21]
- use = call:nova.api.auth:pipeline_factory_v21
- noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21
- noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
- keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext moon osapi_compute_app_v21
-
- [composite:openstack_compute_api_v3]
- use = call:nova.api.auth:pipeline_factory_v21
- noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3
- noauth2 = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3
- keystone = request_id faultwrap sizelimit authtoken keystonecontext moon osapi_compute_app_v3
-
- ...
-
- [filter:moon]
- paste.filter_factory = keystonemiddleware.authz:filter_factory
-
-If Swift is also installed, you have to configured it, in /etc/swift/proxy-server.conf :
-
-.. code-block:: ini
-
- ...
-
- [pipeline:main]
- pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit crossdomain authtoken keystoneauth tempauth formpost staticweb container-quotas account-quotas slo dlo proxy-logging moon proxy-server
-
- ...
-
- [filter:moon]
- paste.filter_factory = keystonemiddleware.authz:filter_factory
-
-Nova and Swift must be restarted after that, depending on your configuration, you will have to use 'screen' (if using devstack)
-or 'service' on those daemons : nova-api and swift-proxy
-
-Usage
------
-
-TODO
\ No newline at end of file
diff --git a/keystone-moon/doc/source/extensions/moon/moon.rst b/keystone-moon/doc/source/extensions/moon/moon.rst
new file mode 100644
index 00000000..fc862675
--- /dev/null
+++ b/keystone-moon/doc/source/extensions/moon/moon.rst
@@ -0,0 +1,145 @@
+..
+ Copyright 2015 Orange
+ All Rights Reserved.
+
+ Licensed under the Apache License, Version 2.0 (the "License"); you may
+ not use this file except in compliance with the License. You may obtain
+ a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ License for the specific language governing permissions and limitations
+ under the License.
+
+============
+Moon backend
+============
+
+Before doing anything, you must test your installation and check that your infrastructure is working.
+For example, check that you can create new virtual machines with admin and demo login.
+
+Configuration
+-------------
+
+Moon is a contribute backend so you have to enable it by modifying /etc/keystone/keystone-paste.ini, like this:
+
+.. code-block:: ini
+
+ [filter:moon]
+ paste.filter_factory = keystone.contrib.moon.routers:Admin.factory
+
+ ...
+
+ [pipeline:public_api]
+ # The last item in this pipeline must be public_service or an equivalent
+ # application. It cannot be a filter.
+ pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension moon public_service
+
+ [pipeline:admin_api]
+ # The last item in this pipeline must be admin_service or an equivalent
+ # application. It cannot be a filter.
+ pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension moon admin_service
+
+ [pipeline:api_v3]
+ # The last item in this pipeline must be service_v3 or an equivalent
+ # application. It cannot be a filter.
+ pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension moon service_v3
+
+ ...
+
+You must modify /etc/keystone/keystone.conf as you need (see at the end of the file) and copy the following directories:
+
+.. code-block:: sh
+
+ cp -R /opt/stack/keystone/examples/moon/policies/ /etc/keystone/
+ cp -R /opt/stack/keystone/examples/moon/super_extension/ /etc/keystone/
+
+You can now update the Keystone database and create the directory for logs and restart the Keystone service:
+
+.. code-block:: sh
+
+ cd /opt/stack/keystone
+ ./bin/keystone-manage db_sync --extension moon
+ sudo mkdir /var/log/moon/
+ sudo chown vagrant /var/log/moon/
+ sudo service apache2 restart
+
+You have to install our version of keystonemiddleware https://github.com/rebirthmonkey/keystonemiddleware :
+
+.. code-block:: sh
+
+ cd
+ git clone https://github.com/rebirthmonkey/keystonemiddleware.git
+ cd keystonemiddleware
+ sudo python setup.py install
+
+At this time, the only method to configure Moon is to use the python-moonclient which is a console based client:
+
+.. code-block:: sh
+
+ cd
+ git clone https://github.com/rebirthmonkey/moonclient.git
+ cd moonclient
+ sudo python setup.py install
+
+If afterwards, you have some problem restarting nova-api, try removing the package python-six:
+
+.. code-block:: sh
+
+ sudo apt-get remove python-six
+
+
+Nova must be configured to send request to Keystone, you have to modify /etc/nova/api-paste.ini :
+
+.. code-block:: ini
+
+ ...
+
+ [composite:openstack_compute_api_v2]
+ use = call:nova.api.auth:pipeline_factory
+ noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
+ noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2
+ keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext moon ratelimit osapi_compute_app_v2
+ keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext moon osapi_compute_app_v2
+
+ [composite:openstack_compute_api_v21]
+ use = call:nova.api.auth:pipeline_factory_v21
+ noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21
+ noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
+ keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext moon osapi_compute_app_v21
+
+ [composite:openstack_compute_api_v3]
+ use = call:nova.api.auth:pipeline_factory_v21
+ noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3
+ noauth2 = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3
+ keystone = request_id faultwrap sizelimit authtoken keystonecontext moon osapi_compute_app_v3
+
+ ...
+
+ [filter:moon]
+ paste.filter_factory = keystonemiddleware.authz:filter_factory
+
+If Swift is also installed, you have to configured it, in /etc/swift/proxy-server.conf :
+
+.. code-block:: ini
+
+ ...
+
+ [pipeline:main]
+ pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit crossdomain authtoken keystoneauth tempauth formpost staticweb container-quotas account-quotas slo dlo proxy-logging moon proxy-server
+
+ ...
+
+ [filter:moon]
+ paste.filter_factory = keystonemiddleware.authz:filter_factory
+
+Nova and Swift must be restarted after that, depending on your configuration, you will have to use 'screen' (if using devstack)
+or 'service' on those daemons : nova-api and swift-proxy
+
+Usage
+-----
+
+TODO
\ No newline at end of file
diff --git a/keystone-moon/doc/source/extensions/moon/moon_api.rst b/keystone-moon/doc/source/extensions/moon/moon_api.rst
new file mode 100644
index 00000000..1f7ad10b
--- /dev/null
+++ b/keystone-moon/doc/source/extensions/moon/moon_api.rst
@@ -0,0 +1,628 @@
+Moon API
+========
+
+Here are Moon API with some examples of posted data and returned data.
+
+Intra-Extension API
+-------------------
+
+Authz
+~~~~~
+
+* ``GET /OS-MOON/authz/{tenant_id}/{subject_id}/{object_id}/{action_id}``
+
+.. code-block:: json
+
+ return = {
+ "authz": "OK/KO/OutOfScope",
+ "tenant_id": "tenant_id",
+ "subject_id": "subject_id",
+ "object_id": "object_id",
+ "action_id": "action_id"
+ }
+
+Intra_Extension
+~~~~~~~~~~~~~~~
+
+* ``GET /OS-MOON/authz_policies``
+
+.. code-block:: json
+
+ return = {
+ "authz_policies": ["policy_name1", "policy_name2"]
+ }
+
+* ``GET /OS-MOON/intra_extensions``
+
+.. code-block:: json
+
+ return = {
+ "intra_extensions": ["ie_uuid1", "ie_uuid2"]
+ }
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}``
+
+.. code-block:: json
+
+ return = {
+ "intra_extensions": {
+ "id": "uuid1",
+ "description": "",
+ "tenant": "tenant_uuid",
+ "model": "",
+ "genre": "",
+ "authz": {},
+ "admin": {}
+ }
+ }
+
+* ``POST /OS-MOON/intra_extensions``
+
+.. code-block:: json
+
+ post = {
+ "name" : "",
+ "policymodel": "",
+ "description": ""
+ }
+ return = {
+ "id": "uuid1",
+ "description": "",
+ "tenant": "tenant_uuid",
+ "model": "",
+ "genre": "",
+ "authz": {},
+ "admin": {}
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}``
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/tenant``
+
+.. code-block:: json
+
+ return = {
+ "tenant": "tenant_id"
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/tenant``
+
+.. code-block:: json
+
+ post = {
+ "tenant_id": "tenant_id"
+ }
+ return = {
+ "tenant": "tenant_id"
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/tenant/{tenant_id}``
+
+Perimeter
+~~~~~~~~~
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subjects``
+
+.. code-block:: json
+
+ return = {
+ "subjects": ["sub_uuid1", "sub_uuid2"]
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subjects``
+
+.. code-block:: json
+
+ post = {
+ "subject_id" : ""
+ }
+ return = {
+ "subjects": ["sub_uuid1", "sub_uuid2"]
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject/{subject_id}``
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/objects``
+
+.. code-block:: json
+
+ return = {
+ "objects": ["obj_uuid1", "obj_uuid2"]
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/objects``
+
+.. code-block:: json
+
+ post = {
+ "object_id" : ""
+ }
+ return = {
+ "objects": ["obj_uuid1", "obj_uuid2"]
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object/{object_id}``
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/actions``
+
+.. code-block:: json
+
+ return = {
+ "actions": ["act_uuid1", "act_uuid2"]
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/actions``
+
+.. code-block:: json
+
+ post = {
+ "action_id" : ""
+ }
+ return = {
+ "actions": ["act_uuid1", "act_uuid2"]
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/actions/{action_id}``
+
+Assignment
+~~~~~~~~~~
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments``
+
+.. code-block:: json
+
+ return = {
+ "subject_assignments": {
+ "subject_security_level":{
+ "user1": ["low"],
+ "user2": ["medium"],
+ "user3": ["high"]
+ }
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments``
+
+.. code-block:: json
+
+ post = {
+ "subject_id" : "",
+ "subject_category_id" : "",
+ "subject_category_scope_id" : ""
+ }
+ return = {
+ "subject_assignments": {
+ "subject_security_level":{
+ "user1": ["low"],
+ "user2": ["medium"],
+ "user3": ["high"]
+ }
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments/{subject_category}/{subject_id}/{subject_scope}``
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments``
+
+.. code-block:: json
+
+ return = {
+ "object_assignments": {
+ "object_security_level":{
+ "vm1": ["low"],
+ "vm2": ["medium"],
+ "vm3": ["high"]
+ }
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments``
+
+.. code-block:: json
+
+ post = {
+ "object_id" : "",
+ "object_category_id" : "",
+ "object_category_scope_id" : ""
+ }
+ return = {
+ "object_assignments": {
+ "object_security_level":{
+ "vm1": ["low"],
+ "vm2": ["medium"],
+ "vm3": ["high"]
+ }
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments/{object_category}/{object_id}/{object_scope}``
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments``
+
+.. code-block:: json
+
+ return = {
+ "action_assignments": {
+ "computing_action":{
+ "pause": ["vm_admin"],
+ "unpause": ["vm_admin"],
+ "start": ["vm_admin"],
+ "stop": ["vm_admin"]
+ }
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments``
+
+.. code-block:: json
+
+ post = {
+ "action_id" : "",
+ "action_category_id" : "",
+ "action_category_scope_id" : ""
+ }
+ return = {
+ "action_assignments": {
+ "computing_action":{
+ "pause": ["vm_admin"],
+ "unpause": ["vm_admin"],
+ "start": ["vm_admin"],
+ "stop": ["vm_admin"]
+ }
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments/{action_category}/{action_id}/{action_scope}``
+
+Metadata
+~~~~~~~~
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories``
+
+.. code-block:: json
+
+ return = {
+ "subject_categories": [ "subject_security_level" ]
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories``
+
+.. code-block:: json
+
+ post = {
+ "subject_category_id" : ""
+ }
+ return = {
+ "subject_categories": [ "subject_security_level" ]
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories/{subject_category_id}``
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories``
+
+.. code-block:: json
+
+ return = {
+ "object_categories": [ "object_security_level" ]
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories``
+
+.. code-block:: json
+
+ post = {
+ "object_category_id" : ""
+ }
+ return = {
+ "object_categories": [ "object_security_level" ]
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories/{object_category_id}``
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories``
+
+.. code-block:: json
+
+ return = {
+ "action_categories": [ "computing_action" ]
+ }
+
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories``
+
+.. code-block:: json
+
+ post = {
+ "action_category_id" : ""
+ }
+ return = {
+ "action_categories": [ "computing_action" ]
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories/{action_category_id}``
+
+Scope
+~~~~~
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope``
+
+.. code-block:: json
+
+ return = {
+ "subject_security_level": [ "high", "medium", "low" ]
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope``
+
+.. code-block:: json
+
+ post = {
+ "subject_category_id" : "",
+ "subject_category_scope_id" : ""
+ }
+ return = {
+ "subject_security_level": [ "high", "medium", "low" ]
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope/{subject_category}/{subject_scope}``
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope``
+
+.. code-block:: json
+
+ return = {
+ "object_security_level": [ "high", "medium", "low" ]
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope``
+
+.. code-block:: json
+
+ post = {
+ "object_category_id" : "",
+ "object_category_scope_id" : ""
+ }
+ return = {
+ "object_security_level": [ "high", "medium", "low" ]
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope/{object_category}/{object_scope}``
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope``
+
+.. code-block:: json
+
+ return = {
+ "computing_action": [ "vm_admin", "vm_access" ]
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope``
+
+.. code-block:: json
+
+ post = {
+ "action_id" : "",
+ "action_category_id" : "",
+ "action_category_scope_id" : ""
+ }
+ return = {
+ "computing_action": [ "vm_admin", "vm_access" ]
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope/{action_category}/{action_scope}``
+
+Metarule
+~~~~~~~~
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithms``
+
+.. code-block:: json
+
+ return = {
+ "aggregation_algorithms": [ "and_true_aggregation", "..."]
+ }
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithm``
+
+.. code-block:: json
+
+ return = {
+ "aggregation_algorithm": "and_true_aggregation"
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithm``
+
+.. code-block:: json
+
+ post = {
+ "aggregation": "and_true_aggregation"
+ }
+ return = {
+ "aggregation_algorithm": "and_true_aggregation"
+ }
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule``
+
+.. code-block:: json
+
+ return = {
+ "sub_meta_rule": {
+ "subject_categories": ["role"],
+ "action_categories": ["ie_action"],
+ "object_categories": ["id"],
+ "relation": "relation_super"
+ }
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule``
+
+.. code-block:: json
+
+ post = {
+ "relation_super": {
+ "subject_categories": ["role"],
+ "action_categories": ["ie_action"],
+ "object_categories": ["id"],
+ }
+ }
+ return = {
+ "sub_meta_rule": {
+ "subject_categories": ["role"],
+ "action_categories": ["ie_action"],
+ "object_categories": ["id"],
+ "relation": "relation_super"
+ }
+ }
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule_relations``
+
+.. code-block:: json
+
+ return = {
+ "sub_meta_rule_relations": ["relation_super", ]
+ }
+
+Rules
+~~~~~
+
+* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules``
+
+.. code-block:: json
+
+ return = {
+ "sub_rules": {
+ "relation_super": [
+ ["high", "vm_admin", "medium"],
+ ["high", "vm_admin", "low"],
+ ["medium", "vm_admin", "low"],
+ ["high", "vm_access", "high"],
+ ["high", "vm_access", "medium"],
+ ["high", "vm_access", "low"],
+ ["medium", "vm_access", "medium"],
+ ["medium", "vm_access", "low"],
+ ["low", "vm_access", "low"]
+ ]
+ }
+ }
+
+* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules``
+
+.. code-block:: json
+
+ post = {
+ "rules": ["admin", "vm_admin", "servers"],
+ "relation": "relation_super"
+ }
+
+* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules/{relation_name}/{rule}``
+
+
+Tenant mapping API
+------------------
+
+* ``GET /OS-MOON/tenants``
+
+.. code-block:: json
+
+ return = {
+ "tenant": {
+ "uuid1": {
+ "name": "tenant1",
+ "authz": "intra_extension_uuid1",
+ "admin": "intra_extension_uuid2"
+ },
+ "uuid2": {
+ "name": "tenant2",
+ "authz": "intra_extension_uuid1",
+ "admin": "intra_extension_uuid2"
+ }
+ }
+ }
+
+* ``GET /OS-MOON/tenant/{tenant_uuid}``
+
+.. code-block:: json
+
+ return = {
+ "tenant": {
+ "uuid": {
+ "name": "tenant1",
+ "authz": "intra_extension_uuid1",
+ "admin": "intra_extension_uuid2"
+ }
+ }
+ }
+
+* ``POST /OS-MOON/tenant``
+
+.. code-block:: json
+
+ post = {
+ "id": "uuid",
+ "name": "tenant1",
+ "authz": "intra_extension_uuid1",
+ "admin": "intra_extension_uuid2"
+ }
+ return = {
+ "tenant": {
+ "uuid": {
+ "name": "tenant1",
+ "authz": "intra_extension_uuid1",
+ "admin": "intra_extension_uuid2"
+ }
+ }
+ }
+
+* ``DELETE /OS-MOON/tenant/{tenant_uuid}/{intra_extension_uuid}``
+
+.. code-block:: json
+
+ return = {}
+
+Logs API
+--------
+
+* ``GET /OS-MOON/logs``
+
+InterExtension API
+------------------
+
+* ``GET /OS-MOON/inter_extensions``
+
+.. code-block:: json
+
+ return = {
+ "inter_extensions": ["ie_uuid1", "ie_uuid2"]
+ }
+
+* ``GET /OS-MOON/inter_extensions/{inter_extensions_id}``
+
+.. code-block:: json
+
+ return = {
+ "inter_extensions": {
+ "id": "uuid1",
+ "description": "",
+ "requesting_intra_extension_uuid": "uuid1",
+ "requested_intra_extension_uuid": "uuid2",
+ "genre": "trust_OR_coordinate",
+ "virtual_entity_uuid": "ve_uuid1"
+ }
+ }
+
+* ``POST /OS-MOON/inter_extensions``
+
+.. code-block:: json
+
+ post = {
+ "description": "",
+ "requesting_intra_extension_uuid": uuid1,
+ "requested_intra_extension_uuid": uuid2,
+ "genre": "trust_OR_coordinate",
+ "virtual_entity_uuid": "ve_uuid1"
+ }
+ return = {
+ "id": "uuid1",
+ "description": "",
+ "requesting_intra_extension_uuid": uuid1,
+ "requested_intra_extension_uuid": uuid2,
+ "genre": "trust_OR_coordinate",
+ "virtual_entity_uuid": "ve_uuid1"
+ }
+
+* ``DELETE /OS-MOON/inter_extensions/{inter_extensions_id}``
+
diff --git a/keystone-moon/doc/source/extensions/moon_api.rst b/keystone-moon/doc/source/extensions/moon_api.rst
deleted file mode 100644
index 1f7ad10b..00000000
--- a/keystone-moon/doc/source/extensions/moon_api.rst
+++ /dev/null
@@ -1,628 +0,0 @@
-Moon API
-========
-
-Here are Moon API with some examples of posted data and returned data.
-
-Intra-Extension API
--------------------
-
-Authz
-~~~~~
-
-* ``GET /OS-MOON/authz/{tenant_id}/{subject_id}/{object_id}/{action_id}``
-
-.. code-block:: json
-
- return = {
- "authz": "OK/KO/OutOfScope",
- "tenant_id": "tenant_id",
- "subject_id": "subject_id",
- "object_id": "object_id",
- "action_id": "action_id"
- }
-
-Intra_Extension
-~~~~~~~~~~~~~~~
-
-* ``GET /OS-MOON/authz_policies``
-
-.. code-block:: json
-
- return = {
- "authz_policies": ["policy_name1", "policy_name2"]
- }
-
-* ``GET /OS-MOON/intra_extensions``
-
-.. code-block:: json
-
- return = {
- "intra_extensions": ["ie_uuid1", "ie_uuid2"]
- }
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}``
-
-.. code-block:: json
-
- return = {
- "intra_extensions": {
- "id": "uuid1",
- "description": "",
- "tenant": "tenant_uuid",
- "model": "",
- "genre": "",
- "authz": {},
- "admin": {}
- }
- }
-
-* ``POST /OS-MOON/intra_extensions``
-
-.. code-block:: json
-
- post = {
- "name" : "",
- "policymodel": "",
- "description": ""
- }
- return = {
- "id": "uuid1",
- "description": "",
- "tenant": "tenant_uuid",
- "model": "",
- "genre": "",
- "authz": {},
- "admin": {}
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}``
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/tenant``
-
-.. code-block:: json
-
- return = {
- "tenant": "tenant_id"
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/tenant``
-
-.. code-block:: json
-
- post = {
- "tenant_id": "tenant_id"
- }
- return = {
- "tenant": "tenant_id"
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/tenant/{tenant_id}``
-
-Perimeter
-~~~~~~~~~
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subjects``
-
-.. code-block:: json
-
- return = {
- "subjects": ["sub_uuid1", "sub_uuid2"]
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subjects``
-
-.. code-block:: json
-
- post = {
- "subject_id" : ""
- }
- return = {
- "subjects": ["sub_uuid1", "sub_uuid2"]
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject/{subject_id}``
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/objects``
-
-.. code-block:: json
-
- return = {
- "objects": ["obj_uuid1", "obj_uuid2"]
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/objects``
-
-.. code-block:: json
-
- post = {
- "object_id" : ""
- }
- return = {
- "objects": ["obj_uuid1", "obj_uuid2"]
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object/{object_id}``
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/actions``
-
-.. code-block:: json
-
- return = {
- "actions": ["act_uuid1", "act_uuid2"]
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/actions``
-
-.. code-block:: json
-
- post = {
- "action_id" : ""
- }
- return = {
- "actions": ["act_uuid1", "act_uuid2"]
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/actions/{action_id}``
-
-Assignment
-~~~~~~~~~~
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments``
-
-.. code-block:: json
-
- return = {
- "subject_assignments": {
- "subject_security_level":{
- "user1": ["low"],
- "user2": ["medium"],
- "user3": ["high"]
- }
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments``
-
-.. code-block:: json
-
- post = {
- "subject_id" : "",
- "subject_category_id" : "",
- "subject_category_scope_id" : ""
- }
- return = {
- "subject_assignments": {
- "subject_security_level":{
- "user1": ["low"],
- "user2": ["medium"],
- "user3": ["high"]
- }
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_assignments/{subject_category}/{subject_id}/{subject_scope}``
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments``
-
-.. code-block:: json
-
- return = {
- "object_assignments": {
- "object_security_level":{
- "vm1": ["low"],
- "vm2": ["medium"],
- "vm3": ["high"]
- }
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments``
-
-.. code-block:: json
-
- post = {
- "object_id" : "",
- "object_category_id" : "",
- "object_category_scope_id" : ""
- }
- return = {
- "object_assignments": {
- "object_security_level":{
- "vm1": ["low"],
- "vm2": ["medium"],
- "vm3": ["high"]
- }
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_assignments/{object_category}/{object_id}/{object_scope}``
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments``
-
-.. code-block:: json
-
- return = {
- "action_assignments": {
- "computing_action":{
- "pause": ["vm_admin"],
- "unpause": ["vm_admin"],
- "start": ["vm_admin"],
- "stop": ["vm_admin"]
- }
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments``
-
-.. code-block:: json
-
- post = {
- "action_id" : "",
- "action_category_id" : "",
- "action_category_scope_id" : ""
- }
- return = {
- "action_assignments": {
- "computing_action":{
- "pause": ["vm_admin"],
- "unpause": ["vm_admin"],
- "start": ["vm_admin"],
- "stop": ["vm_admin"]
- }
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_assignments/{action_category}/{action_id}/{action_scope}``
-
-Metadata
-~~~~~~~~
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories``
-
-.. code-block:: json
-
- return = {
- "subject_categories": [ "subject_security_level" ]
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories``
-
-.. code-block:: json
-
- post = {
- "subject_category_id" : ""
- }
- return = {
- "subject_categories": [ "subject_security_level" ]
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_categories/{subject_category_id}``
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories``
-
-.. code-block:: json
-
- return = {
- "object_categories": [ "object_security_level" ]
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories``
-
-.. code-block:: json
-
- post = {
- "object_category_id" : ""
- }
- return = {
- "object_categories": [ "object_security_level" ]
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_categories/{object_category_id}``
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories``
-
-.. code-block:: json
-
- return = {
- "action_categories": [ "computing_action" ]
- }
-
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories``
-
-.. code-block:: json
-
- post = {
- "action_category_id" : ""
- }
- return = {
- "action_categories": [ "computing_action" ]
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_categories/{action_category_id}``
-
-Scope
-~~~~~
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope``
-
-.. code-block:: json
-
- return = {
- "subject_security_level": [ "high", "medium", "low" ]
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope``
-
-.. code-block:: json
-
- post = {
- "subject_category_id" : "",
- "subject_category_scope_id" : ""
- }
- return = {
- "subject_security_level": [ "high", "medium", "low" ]
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/subject_category_scope/{subject_category}/{subject_scope}``
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope``
-
-.. code-block:: json
-
- return = {
- "object_security_level": [ "high", "medium", "low" ]
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope``
-
-.. code-block:: json
-
- post = {
- "object_category_id" : "",
- "object_category_scope_id" : ""
- }
- return = {
- "object_security_level": [ "high", "medium", "low" ]
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/object_category_scope/{object_category}/{object_scope}``
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope``
-
-.. code-block:: json
-
- return = {
- "computing_action": [ "vm_admin", "vm_access" ]
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope``
-
-.. code-block:: json
-
- post = {
- "action_id" : "",
- "action_category_id" : "",
- "action_category_scope_id" : ""
- }
- return = {
- "computing_action": [ "vm_admin", "vm_access" ]
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/action_category_scope/{action_category}/{action_scope}``
-
-Metarule
-~~~~~~~~
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithms``
-
-.. code-block:: json
-
- return = {
- "aggregation_algorithms": [ "and_true_aggregation", "..."]
- }
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithm``
-
-.. code-block:: json
-
- return = {
- "aggregation_algorithm": "and_true_aggregation"
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/aggregation_algorithm``
-
-.. code-block:: json
-
- post = {
- "aggregation": "and_true_aggregation"
- }
- return = {
- "aggregation_algorithm": "and_true_aggregation"
- }
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule``
-
-.. code-block:: json
-
- return = {
- "sub_meta_rule": {
- "subject_categories": ["role"],
- "action_categories": ["ie_action"],
- "object_categories": ["id"],
- "relation": "relation_super"
- }
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule``
-
-.. code-block:: json
-
- post = {
- "relation_super": {
- "subject_categories": ["role"],
- "action_categories": ["ie_action"],
- "object_categories": ["id"],
- }
- }
- return = {
- "sub_meta_rule": {
- "subject_categories": ["role"],
- "action_categories": ["ie_action"],
- "object_categories": ["id"],
- "relation": "relation_super"
- }
- }
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_meta_rule_relations``
-
-.. code-block:: json
-
- return = {
- "sub_meta_rule_relations": ["relation_super", ]
- }
-
-Rules
-~~~~~
-
-* ``GET /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules``
-
-.. code-block:: json
-
- return = {
- "sub_rules": {
- "relation_super": [
- ["high", "vm_admin", "medium"],
- ["high", "vm_admin", "low"],
- ["medium", "vm_admin", "low"],
- ["high", "vm_access", "high"],
- ["high", "vm_access", "medium"],
- ["high", "vm_access", "low"],
- ["medium", "vm_access", "medium"],
- ["medium", "vm_access", "low"],
- ["low", "vm_access", "low"]
- ]
- }
- }
-
-* ``POST /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules``
-
-.. code-block:: json
-
- post = {
- "rules": ["admin", "vm_admin", "servers"],
- "relation": "relation_super"
- }
-
-* ``DELETE /OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules/{relation_name}/{rule}``
-
-
-Tenant mapping API
-------------------
-
-* ``GET /OS-MOON/tenants``
-
-.. code-block:: json
-
- return = {
- "tenant": {
- "uuid1": {
- "name": "tenant1",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- },
- "uuid2": {
- "name": "tenant2",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- }
- }
- }
-
-* ``GET /OS-MOON/tenant/{tenant_uuid}``
-
-.. code-block:: json
-
- return = {
- "tenant": {
- "uuid": {
- "name": "tenant1",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- }
- }
- }
-
-* ``POST /OS-MOON/tenant``
-
-.. code-block:: json
-
- post = {
- "id": "uuid",
- "name": "tenant1",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- }
- return = {
- "tenant": {
- "uuid": {
- "name": "tenant1",
- "authz": "intra_extension_uuid1",
- "admin": "intra_extension_uuid2"
- }
- }
- }
-
-* ``DELETE /OS-MOON/tenant/{tenant_uuid}/{intra_extension_uuid}``
-
-.. code-block:: json
-
- return = {}
-
-Logs API
---------
-
-* ``GET /OS-MOON/logs``
-
-InterExtension API
-------------------
-
-* ``GET /OS-MOON/inter_extensions``
-
-.. code-block:: json
-
- return = {
- "inter_extensions": ["ie_uuid1", "ie_uuid2"]
- }
-
-* ``GET /OS-MOON/inter_extensions/{inter_extensions_id}``
-
-.. code-block:: json
-
- return = {
- "inter_extensions": {
- "id": "uuid1",
- "description": "",
- "requesting_intra_extension_uuid": "uuid1",
- "requested_intra_extension_uuid": "uuid2",
- "genre": "trust_OR_coordinate",
- "virtual_entity_uuid": "ve_uuid1"
- }
- }
-
-* ``POST /OS-MOON/inter_extensions``
-
-.. code-block:: json
-
- post = {
- "description": "",
- "requesting_intra_extension_uuid": uuid1,
- "requested_intra_extension_uuid": uuid2,
- "genre": "trust_OR_coordinate",
- "virtual_entity_uuid": "ve_uuid1"
- }
- return = {
- "id": "uuid1",
- "description": "",
- "requesting_intra_extension_uuid": uuid1,
- "requested_intra_extension_uuid": uuid2,
- "genre": "trust_OR_coordinate",
- "virtual_entity_uuid": "ve_uuid1"
- }
-
-* ``DELETE /OS-MOON/inter_extensions/{inter_extensions_id}``
-
--
cgit