From 678249d36047c90120c82ec2ff7eda5b591a742b Mon Sep 17 00:00:00 2001
From: WuKong <rebirthmonkey@gmail.com>
Date: Tue, 21 Jul 2015 14:00:00 +0200
Subject: add super_extension

Change-Id: I7b234759a4aed653228f02d39df16021286242ed
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
---
 .../moon/policies/policy_super/assignment.json     | 23 ++++++++++++++++++++++
 .../moon/policies/policy_super/metadata.json       | 18 +++++++++++++++++
 .../moon/policies/policy_super/metarule.json       | 12 +++++++++++
 .../moon/policies/policy_super/perimeter.json      | 15 ++++++++++++++
 .../examples/moon/policies/policy_super/rule.json  | 12 +++++++++++
 .../examples/moon/policies/policy_super/scope.json | 23 ++++++++++++++++++++++
 6 files changed, 103 insertions(+)
 create mode 100644 keystone-moon/examples/moon/policies/policy_super/assignment.json
 create mode 100644 keystone-moon/examples/moon/policies/policy_super/metadata.json
 create mode 100644 keystone-moon/examples/moon/policies/policy_super/metarule.json
 create mode 100644 keystone-moon/examples/moon/policies/policy_super/perimeter.json
 create mode 100644 keystone-moon/examples/moon/policies/policy_super/rule.json
 create mode 100644 keystone-moon/examples/moon/policies/policy_super/scope.json

(limited to 'keystone-moon/examples')

diff --git a/keystone-moon/examples/moon/policies/policy_super/assignment.json b/keystone-moon/examples/moon/policies/policy_super/assignment.json
new file mode 100644
index 00000000..3e10a055
--- /dev/null
+++ b/keystone-moon/examples/moon/policies/policy_super/assignment.json
@@ -0,0 +1,23 @@
+{
+    "subject_assignments": {
+        "role": {
+			"super_admin": ["admin"]
+		}
+    },
+
+    "action_assignments": {
+        "action_id": {
+			"read": ["read"],
+			"write": ["write"]
+		}
+    },
+
+    "object_assignments": {
+        "object_id": {
+            "templates": ["templates"],
+		    "sub_meta_rule_algorithm": ["sub_meta_rule_relations"],
+		    "aggregation_algorithms": ["aggregation_algorithms"],
+            "tenants": ["tenants"]
+		}
+    }
+}
diff --git a/keystone-moon/examples/moon/policies/policy_super/metadata.json b/keystone-moon/examples/moon/policies/policy_super/metadata.json
new file mode 100644
index 00000000..b6eb92f3
--- /dev/null
+++ b/keystone-moon/examples/moon/policies/policy_super/metadata.json
@@ -0,0 +1,18 @@
+{
+    "name": "MLS_metadata",
+    "model": "RBAC",
+    "genre": "admin",
+    "description": "",
+
+    "subject_categories": [
+        "role"
+    ],
+
+    "action_categories": [
+        "action_id"
+    ],
+
+    "object_categories": [
+        "object_id"
+    ]
+}
diff --git a/keystone-moon/examples/moon/policies/policy_super/metarule.json b/keystone-moon/examples/moon/policies/policy_super/metarule.json
new file mode 100644
index 00000000..86dbfad2
--- /dev/null
+++ b/keystone-moon/examples/moon/policies/policy_super/metarule.json
@@ -0,0 +1,12 @@
+{
+    "sub_meta_rules": {
+		"rbac_rule": {
+			"subject_categories": ["role"],
+			"action_categories": ["action_id"],
+			"object_categories": ["object_id"],
+			"algorithm": "inclusion"
+		}
+	},
+	"aggregation": "all_true"
+}
+
diff --git a/keystone-moon/examples/moon/policies/policy_super/perimeter.json b/keystone-moon/examples/moon/policies/policy_super/perimeter.json
new file mode 100644
index 00000000..e0be02fa
--- /dev/null
+++ b/keystone-moon/examples/moon/policies/policy_super/perimeter.json
@@ -0,0 +1,15 @@
+{
+    "subjects": [
+        "super_admin"
+    ],
+    "actions": [
+        "read",
+        "write"
+    ],
+    "objects": [
+        "templates",
+        "aggregation_algorithms",
+        "sub_meta_rule_algorithms",
+        "tenants"
+    ]
+}
diff --git a/keystone-moon/examples/moon/policies/policy_super/rule.json b/keystone-moon/examples/moon/policies/policy_super/rule.json
new file mode 100644
index 00000000..234158bc
--- /dev/null
+++ b/keystone-moon/examples/moon/policies/policy_super/rule.json
@@ -0,0 +1,12 @@
+{
+    "rbac_rule":[
+        ["admin" , "read", "templates"],
+        ["admin" , "read", "aggregation_algorithms"],
+        ["admin" , "read", "sub_meta_rule_algorithms"],
+        ["admin" , "read", "tenants"],
+        ["admin" , "write", "templates"],
+        ["admin" , "write", "aggregation_algorithms"],
+        ["admin" , "write", "sub_meta_rule_algorithms"],
+        ["admin" , "write", "tenants"]
+    ]
+}
diff --git a/keystone-moon/examples/moon/policies/policy_super/scope.json b/keystone-moon/examples/moon/policies/policy_super/scope.json
new file mode 100644
index 00000000..bac0b47a
--- /dev/null
+++ b/keystone-moon/examples/moon/policies/policy_super/scope.json
@@ -0,0 +1,23 @@
+{
+  "subject_scopes": {
+    "role": [
+      "admin"
+    ]
+  },
+
+  "action_scopes": {
+    "action_id": [
+      "read",
+      "write"
+    ]
+  },
+
+  "object_scopes": {
+    "object_id": [
+        "templates",
+        "aggregation_algorithms",
+        "sub_meta_rule_algorithms",
+        "tenants"
+      ]
+    }
+}
-- 
cgit 1.2.3-korg