Aether-3397: roc-umbrella add new 2.1.0 models
Change-Id: I935fad4da414c074831ae681f3c51048f88989c0
diff --git a/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego b/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego
index d764f4a..c377dba 100644
--- a/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego
+++ b/aether-roc-umbrella/files/opa-rbac/aether-2.1.0.rego
@@ -9,20 +9,36 @@
}
allowed[config] {
- enterprise := enterprise_rule
+ application := application_rule
+ site := site_rule
+ template := template_rule
+ traffic_class := traffic_class_rule
config := {
- "connectivity_services": object.get(input, "connectivity_services", {}),
- "enterprises": {
- "enterprise": [
- enterprise
- ]
- }
+ "application": application,
+ "site": site,
+ "template": template,
+ "traffic_class": traffic_class
}
}
-enterprise_rule[enterprise] {
- enterprise := input.enterprises.enterprise[_]
- ["AetherROCAdmin", enterprise.enterprise_id][_] == input.groups[i]
+application_rule[application] {
+ ["AetherROCAdmin", input.target][_] == input.groups[i]
+ application := input.application
+}
+
+site_rule[site] {
+ ["AetherROCAdmin", input.target][_] == input.groups[i]
+ site := input.site
+}
+
+template_rule[template] {
+ ["AetherROCAdmin", input.target][_] == input.groups[i]
+ template := input.template
+}
+
+traffic_class_rule[traffic_class] {
+ ["AetherROCAdmin", input.target][_] == input.groups[i]
+ traffic_class := input.traffic_class
}
can_update_enterprise = true {