roc-umbrella: releasing 2.0.8 for new roc-api v0.9.2
Change-Id: Ie132508a0e713af2566645493893f701e177d6e1
diff --git a/aether-roc-umbrella/files/opa-rbac/aether-2.0.0.rego b/aether-roc-umbrella/files/opa-rbac/aether-2.0.0.rego
index 247a974..6689a0b 100644
--- a/aether-roc-umbrella/files/opa-rbac/aether-2.0.0.rego
+++ b/aether-roc-umbrella/files/opa-rbac/aether-2.0.0.rego
@@ -9,119 +9,23 @@
}
allowed[config] {
- application := applications # refer to rule below
- connectivity_service := connectivityservices
- device_group := devicegroups
- enterprise := enterprises
- ip_domain := ip_domains
- site := sites
- template := templates
- traffic_class := trafficclasses
- upf := upfs
- vcs := vcss
+ enterprise := enterprise_rule
config := {
- "application": {
- "application": [
- application
- ]
- },
- "connectivity-service": {
- "connectivity-service": [
- connectivity_service
- ]
- },
- "device-group": {
- "device-group": [
- device_group
- ]
- },
- "enterprise": {
+ "connectivity_services": object.get(input, "connectivity_services", {}),
+ "enterprises": {
"enterprise": [
enterprise
]
- },
- "ip-domain": {
- "ip-domain": [
- ip_domain
- ]
- },
- "site": {
- "site": [
- site
- ]
- },
- "template": {
- "template": [
- template
- ]
- },
- "traffic-class": {
- "traffic-class": {
- traffic_class
- }
- },
- "upf": {
- "upf": [
- upf
- ]
- },
- "vcs": {
- "vcs": [
- vcs
- ]
}
}
}
-applications[application] {
- application := input.application.application[_]
- ["AetherROCAdmin", application.enterprise][_] == input.groups[i]
-}
-
-connectivityservices[connectivity_service] {
- connectivity_service := input.connectivity_service.connectivity_service[_]
-}
-
-devicegroups[device_group] {
- device_group := input.device_group.device_group[_]
- site := sites
- device_group.site == site[_].id # allow only the device_groups of a known site
-}
-
-enterprises[enterprise] {
- enterprise := input.enterprise.enterprise[_]
- ["AetherROCAdmin", enterprise.id][_] == input.groups[i]
-}
-
-ip_domains[ip_domain] {
- ip_domain := input.ip_domain.ip_domain[_]
- ["AetherROCAdmin", ip_domain.enterprise][_] == input.groups[i]
-}
-
-sites[site] {
- site := input.site.site[_]
- ["AetherROCAdmin", site.enterprise][_] == input.groups[i]
-}
-
-templates[template] {
- template := input.template.template[_]
-}
-
-trafficclasses[traffic_class] {
- traffic_class := input.traffic_class.traffic_class[_]
-}
-
-upfs[upf] {
- upf := input.upf.upf[_]
- ["AetherROCAdmin", upf.enterprise][_] == input.groups[i]
-}
-
-vcss[vcs] {
- vcs := input.vcs.vcs[_]
- ["AetherROCAdmin", vcs.enterprise][_] == input.groups[i]
+enterprise_rule[enterprise] {
+ enterprise := input.enterprises.enterprise[_]
+ ["AetherROCAdmin", enterprise.ent_id][_] == input.groups[i]
}
can_update_enterprise = true {
- update_enterprise := input.updates.enterprise.enterprise[_]
- ["AetherROCAdmin", update_enterprise.id][_] == input.groups[i]
+ update_enterprise := input.updates.enterprises.enterprise[_]
+ ["AetherROCAdmin", update_enterprise.ent_id][_] == input.groups[i]
}