)
@check_auth
- def get(self, uuid=None, perimeter_id=None, category_id=None,
+ def get(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Retrieve all subject assignments or a specific one for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the subject
:param category_id: uuid of the subject category
- :param data_id: uuid of the subject scope
+ :param data_id: uuid of the subject scope (not used here)
:param user_id: user ID who do the request
:return: {
"subject_data_id": {
return {"subject_assignments": data}
@check_auth
- def post(self, uuid=None, perimeter_id=None, category_id=None,
+ def post(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Create a subject assignment.
:param data_id: uuid of the subject scope (not used here)
:param user_id: user ID who do the request
:request body: {
- "id": "UUID of the subject",
- "category_id": "UUID of the category"
- "data_id": "UUID of the scope"
+ "id": "UUID of the subject (mandatory)",
+ "category_id": "UUID of the category (mandatory)"
+ "data_id": "UUID of the scope (mandatory)"
}
:return: {
"subject_data_id": {
"policy_id": "ID of the policy",
- "subject_id": "ID of the subject",
- "category_id": "ID of the category",
+ "subject_id": "ID of the subject (mandatory)",
+ "category_id": "ID of the category (mandatory)",
"assignments": "Assignments list (list of data_id)",
}
}
return {"subject_assignments": data}
@check_auth
- def delete(self, uuid=None, perimeter_id=None, category_id=None,
+ def delete(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Delete a subject assignment for a given policy
)
@check_auth
- def get(self, uuid=None, perimeter_id=None, category_id=None,
+ def get(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Retrieve all object assignment or a specific one for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the object
:param category_id: uuid of the object category
- :param data_id: uuid of the object scope
+ :param data_id: uuid of the object scope (not used here)
:param user_id: user ID who do the request
:return: {
"object_data_id": {
return {"object_assignments": data}
@check_auth
- def post(self, uuid=None, perimeter_id=None, category_id=None,
+ def post(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Create an object assignment.
:param data_id: uuid of the object scope (not used here)
:param user_id: user ID who do the request
:request body: {
- "id": "UUID of the action",
- "category_id": "UUID of the category"
- "data_id": "UUID of the scope"
+ "id": "UUID of the action (mandatory)",
+ "category_id": "UUID of the category (mandatory)",
+ "data_id": "UUID of the scope (mandatory)"
}
:return: {
"object_data_id": {
return {"object_assignments": data}
@check_auth
- def delete(self, uuid=None, perimeter_id=None, category_id=None,
+ def delete(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Delete a object assignment for a given policy
)
@check_auth
- def get(self, uuid=None, perimeter_id=None, category_id=None,
+ def get(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Retrieve all action assignment or a specific one for a given policy
return {"action_assignments": data}
@check_auth
- def post(self, uuid=None, perimeter_id=None, category_id=None,
+ def post(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Create an action assignment.
:param data_id: uuid of the action scope (not used here)
:param user_id: user ID who do the request
:request body: {
- "id": "UUID of the action",
- "category_id": "UUID of the category",
- "data_id": "UUID of the scope"
+ "id": "UUID of the action (mandatory)",
+ "category_id": "UUID of the category (mandatory)",
+ "data_id": "UUID of the scope (mandatory)"
}
:return: {
"action_data_id": {
return {"action_assignments": data}
@check_auth
- def delete(self, uuid=None, perimeter_id=None, category_id=None,
+ def delete(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
"""Delete a action assignment for a given policy
)
@check_auth
- def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all subject categories or a specific one if sid is given
+ def get(self, uuid, category_id=None, data_id=None, user_id=None):
+ """Retrieve all subject categories or a specific one if data_id is given
for a given policy
:param uuid: uuid of the policy
return {"subject_data": data}
@check_auth
- def post(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def post(self, uuid, category_id=None, data_id=None, user_id=None):
"""Create or update a subject.
:param uuid: uuid of the policy
:param category_id: uuid of the subject category
- :param data_id: uuid of the subject data
+ :param data_id: uuid of the subject data (not used here)
:param user_id: user ID who do the request
:request body: {
- "name": "name of the data",
+ "name": "name of the data (mandatory)",
"description": "description of the data (optional)"
}
:return: {
"category_id": "category_id1",
"data": {
"subject_data_id": {
- "name": "name of the data",
+ "name": "name of the data (mandatory)",
"description": "description of the data (optional)"
}
}
return {"subject_data": data}
@check_auth
- def delete(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def delete(self, uuid, category_id=None, data_id=None, user_id=None):
"""Delete a subject for a given policy
:param uuid: uuid of the policy
)
@check_auth
- def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def get(self, uuid, category_id=None, data_id=None, user_id=None):
"""Retrieve all object categories or a specific one if sid is given
for a given policy
return {"object_data": data}
@check_auth
- def post(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def post(self, uuid, category_id=None, data_id=None, user_id=None):
"""Create or update a object.
:param uuid: uuid of the policy
:param category_id: uuid of the object category
- :param data_id: uuid of the object data
+ :param data_id: uuid of the object data (not used here)
:param user_id: user ID who do the request
:request body: {
- "name": "name of the data",
+ "name": "name of the data (mandatory)",
"description": "description of the data (optional)"
}
:return: {
return {"object_data": data}
@check_auth
- def delete(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def delete(self, uuid, category_id=None, data_id=None, user_id=None):
"""Delete a object for a given policy
:param uuid: uuid of the policy
)
@check_auth
- def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def get(self, uuid, category_id=None, data_id=None, user_id=None):
"""Retrieve all action categories or a specific one if sid is given
for a given policy
return {"action_data": data}
@check_auth
- def post(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def post(self, uuid, category_id=None, data_id=None, user_id=None):
"""Create or update a action.
:param uuid: uuid of the policy
:param data_id: uuid of the action data
:param user_id: user ID who do the request
:request body: {
- "name": "name of the data",
- "description": "description of the data"
+ "name": "name of the data (mandatory)",
+ "description": "description of the data (optional)"
}
:return: {
"policy_id": "policy_id1",
return {"action_data": data}
@check_auth
- def delete(self, uuid=None, category_id=None, data_id=None, user_id=None):
+ def delete(self, uuid, category_id=None, data_id=None, user_id=None):
"""Delete a action for a given policy
:param uuid: uuid of the policy
:param category_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the category",
+ "name": "name of the category (mandatory)",
"description": "description of the category (optional)"
}
:return: {
:param category_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the category",
+ "name": "name of the category (mandatory)",
"description": "description of the category (optional)"
}
:return: {
:param category_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the category",
+ "name": "name of the category (mandatory)",
"description": "description of the category (optional)"
}
:return: {
def post(self, meta_rule_id=None, user_id=None):
"""Add a meta rule
- :param meta_rule_id: Meta rule ID
+ :param meta_rule_id: Meta rule ID (not used here)
:param user_id: user ID who do the request
:request body: post = {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
+ "name": "name of the meta rule (mandatory)",
+ "subject_categories": ["subject_category_id1 (mandatory)",
"subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
+ "object_categories": ["object_category_id1 (mandatory)"],
+ "action_categories": ["action_category_id1 (mandatory)"]
}
:return: {
"meta_rules": {
return {"meta_rules": data}
@check_auth
- def patch(self, meta_rule_id=None, user_id=None):
+ def patch(self, meta_rule_id, user_id=None):
"""Update a meta rule
:param meta_rule_id: Meta rule ID
return {"meta_rules": data}
@check_auth
- def delete(self, meta_rule_id=None, user_id=None):
+ def delete(self, meta_rule_id, user_id=None):
"""Delete a meta rule
:param meta_rule_id: Meta rule ID
:param user_id: user ID who do the request
- :request body: delete = {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- }
:return: {
"meta_rules": {
"meta_rule_id1": {
:param uuid: uuid of the model (not used here)
:param user_id: user ID who do the request
:request body: {
- "name": "...",
- "description": "... (optional)",
+ "name": "name of the model (mandatory)",
+ "description": "description of the model (optional)",
"meta_rules": ["meta_rule_id1", ]
}
:return: {
"model_id1": {
- "name": "...",
- "description": "... (optional)",
+ "name": "name of the model",
+ "description": "description of the model (optional)",
"meta_rules": ["meta_rule_id1", ]
}
}
return {"models": data}
@check_auth
- def delete(self, uuid=None, user_id=None):
+ def delete(self, uuid, user_id=None):
"""Delete a model
:param uuid: uuid of the model to delete
return {"result": True}
@check_auth
- def patch(self, uuid=None, user_id=None):
+ def patch(self, uuid, user_id=None):
"""Update a model
:param uuid: uuid of the model to update
:param user_id: user ID who do the request
:return: {
"model_id1": {
- "name": "...",
+ "name": "name of the model",
"description": "... (optional)",
"meta_rules": ["meta_rule_id1", ]
}
:param uuid: uuid of the pdp (not used here)
:param user_id: user ID who do the request
:request body: {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "... (optional)",
+ "name": "name of the PDP (mandatory)",
+ "security_pipeline": ["may be empty"],
+ "keystone_project_id": "keystone_project_id1 (may be empty)",
+ "description": "description of the PDP (optional)",
}
:return: {
"pdp_id1": {
return {"pdps": data}
@check_auth
- def delete(self, uuid=None, user_id=None):
+ def delete(self, uuid, user_id=None):
"""Delete a pdp
:param uuid: uuid of the pdp to delete
return {"result": True}
@check_auth
- def patch(self, uuid=None, user_id=None):
+ def patch(self, uuid, user_id=None):
"""Update a pdp
:param uuid: uuid of the pdp to update
:param user_id: user ID who do the request
:return: {
"pdp_id1": {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "... (optional)",
+ "name": "name of the PDP",
+ "security_pipeline": ["may be empty"],
+ "keystone_project_id": "keystone_project_id1 (may be empty)",
+ "description": "description of the PDP (optional)",
}
}
:internal_api: update_pdp
:param perimeter_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the subject",
+ "name": "name of the subject (mandatory)",
"description": "description of the subject (optional)",
"password": "password for the subject (optional)",
"email": "email address of the subject (optional)"
return {"subjects": data}
@check_auth
- def patch(self, uuid=None, perimeter_id=None, user_id=None):
+ def patch(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a subject.
:param uuid: uuid of the policy
def delete(self, uuid=None, perimeter_id=None, user_id=None):
"""Delete a subject for a given policy
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the subject
+ :param uuid: uuid of the policy (mandatory if perimeter_id is not set)
+ :param perimeter_id: uuid of the subject (mandatory if uuid is not set)
:param user_id: user ID who do the request
:return: {
"subject_id": {
:param perimeter_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "object_name": "name of the object",
+ "object_name": "name of the object (mandatory)",
"object_description": "description of the object (optional)"
}
:return: {
return {"objects": data}
@check_auth
- def patch(self, uuid=None, perimeter_id=None, user_id=None):
+ def patch(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a object.
:param uuid: uuid of the policy
def delete(self, uuid=None, perimeter_id=None, user_id=None):
"""Delete a object for a given policy
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the object
+ :param uuid: uuid of the policy (mandatory if perimeter_id is not set)
+ :param perimeter_id: uuid of the object (mandatory if uuid is not set)
:param user_id: user ID who do the request
:return: {
"object_id": {
:param perimeter_id: must not be used here
:param user_id: user ID who do the request
:request body: {
- "name": "name of the action",
+ "name": "name of the action (mandatory)",
"description": "description of the action (optional)"
}
:return: {
return {"actions": data}
@check_auth
- def patch(self, uuid=None, perimeter_id=None, user_id=None):
+ def patch(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a action.
:param uuid: uuid of the policy
def delete(self, uuid=None, perimeter_id=None, user_id=None):
"""Delete a action for a given policy
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the action
+ :param uuid: uuid of the policy (mandatory if perimeter_id is not set)
+ :param perimeter_id: uuid of the action (mandatory if uuid is not set)
:param user_id: user ID who do the request
:return: {
"action_id": {
:param user_id: user ID who do the request
:return: {
"policy_id1": {
- "name": "...",
- "model_id": "...",
- "genre": "... (optional)",
- "description": "... (optional)",
+ "name": "name of the policy (mandatory)",
+ "model_id": "ID of the model linked to this policy",
+ "genre": "authz of admin (optional, default to authz)",
+ "description": "description of the policy (optional)",
}
}
:internal_api: get_policies
def post(self, uuid=None, user_id=None):
"""Create policy.
- :param uuid: uuid of the policy (not used here)
+ :param uuid: uuid of the policy (not used here if a new policy is created)
:param user_id: user ID who do the request
:request body: {
- "name": "...",
- "model_id": "...",
- "genre": "... (optional)",
- "description": "... (optional)",
+ "name": "name of the policy (mandatory)",
+ "model_id": "ID of the model linked to this policy",
+ "genre": "authz of admin (optional, default to authz)",
+ "description": "description of the policy (optional)",
}
:return: {
"policy_id1": {
- "name": "...",
- "model_id": "...",
- "genre": "... (optional)",
- "description": "... (optional)",
+ "name": "name of the policy (mandatory)",
+ "model_id": "ID of the model linked to this policy",
+ "genre": "authz of admin (optional, default to authz)",
+ "description": "description of the policy (optional)",
}
}
:internal_api: add_policy
return {"policies": data}
@check_auth
- def delete(self, uuid=None, user_id=None):
+ def delete(self, uuid, user_id=None):
"""Delete a policy
:param uuid: uuid of the policy to delete
return {"result": True}
@check_auth
- def patch(self, uuid=None, user_id=None):
+ def patch(self, uuid, user_id=None):
"""Update a policy
:param uuid: uuid of the policy to update
:param user_id: user ID who do the request
:return: {
"policy_id1": {
- "name": "...",
- "model_id": "...",
- "genre": "... (optional)",
- "description": "... (optional)",
+ "name": "name of the policy (mandatory)",
+ "model_id": "ID of the model linked to this policy",
+ "genre": "authz of admin (optional, default to authz)",
+ "description": "description of the policy (optional)",
}
}
:internal_api: update_policy
"""Add a rule to a meta rule
:param uuid: policy ID
- :param rule_id: rule ID
+ :param rule_id: rule ID (not used here)
:param user_id: user ID who do the request
:request body: post = {
- "meta_rule_id": "meta_rule_id1",
- "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
- "instructions": (
+ "meta_rule_id": "meta_rule_id1", # mandatory
+ "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], # mandatory
+ "instructions": ( # mandatory
{"decision": "grant"},
)
"enabled": True
Code Review / moon.git / commitdiff