Blame - aether-roc-umbrella/files/opa-rbac/aether-3.0.0.rego - roc-helm-charts

blob: 1be87442f831bc4f34180b0d22828f9697eed634 [file] [log] [blame]

Scott Baker	6965439	2021-09-17 13:50:16 -0700	[diff] [blame]	1	# SPDX-FileCopyrightText: 2021-present Open Networking Foundation <info@opennetworking.org>
				2	#
Sean Condon	160ec1d	2022-02-08 12:58:25 +0000	[diff] [blame^]	3	# SPDX-License-Identifier: Apache-2.0
Scott Baker	6965439	2021-09-17 13:50:16 -0700	[diff] [blame]	4
				5	package aether_3_0_0
				6
				7	echo[config] {
				8	config := input
				9	}
				10
				11	allowed[config] {
				12	ap_list := ap_lists # refer to rule below
				13	application := applications
				14	connectivity_service := connectivityservices
				15	device_group := devicegroups
				16	enterprise := enterprises
				17	ip_domain := ip_domains
				18	network := networks
				19	site := sites
				20	template := templates
				21	traffic_class := trafficclasses
				22	upf := upfs
				23	vcs := vcss
				24	config := {
				25	"ap-list": {
				26	"ap-list": [
				27	ap_list
				28	]
				29	},
				30	"application": {
				31	"application": [
				32	application
				33	]
				34	},
				35	"connectivity-service": {
				36	"connectivity-service": [
				37	connectivity_service
				38	]
				39	},
				40	"device-group": {
				41	"device-group": [
				42	device_group
				43	]
				44	},
				45	"enterprise": {
				46	"enterprise": [
				47	enterprise
				48	]
				49	},
				50	"ip-domain": {
				51	"ip-domain": [
				52	ip_domain
				53	]
				54	},
				55	"network": {
				56	"network": [
				57	network
				58	]
				59	},
				60	"site": {
				61	"site": [
				62	site
				63	]
				64	},
				65	"template": {
				66	"template": [
				67	template
				68	]
				69	},
				70	"traffic_class": {
				71	"traffic_class": {
				72	traffic_class
				73	}
				74	},
				75	"upf": {
				76	"upf": [
				77	upf
				78	]
				79	},
				80	"vcs": {
				81	"vcs": [
				82	vcs
				83	]
				84	}
				85	}
				86	}
				87
				88	ap_lists[ap_list] {
				89	ap_list := input.ap_list.ap_list[_]
				90	["AetherROCAdmin", ap_list.enterprise][_] == input.groups[i]
				91	}
				92
				93	applications[application] {
				94	application := input.application.application[_]
				95	["AetherROCAdmin", application.enterprise][_] == input.groups[i]
				96	}
				97
				98	connectivityservices[connectivity_service] {
				99	connectivity_service := input.connectivity_service.connectivity_service[_]
				100	}
				101
				102	devicegroups[device_group] {
				103	device_group := input.device_group.device_group[_]
				104	site := sites
				105	device_group.site == site[_].id # allow only the device_groups of a known site
				106	}
				107
				108	enterprises[enterprise] {
				109	enterprise := input.enterprise.enterprise[_]
				110	["AetherROCAdmin", enterprise.id][_] == input.groups[i]
				111	}
				112
				113	ip_domains[ip_domain] {
				114	ip_domain := input.ip_domain.ip_domain[_]
				115	["AetherROCAdmin", ip_domain.enterprise][_] == input.groups[i]
				116	}
				117
				118	networks[network] {
				119	network := input.network.network[_]
				120	["AetherROCAdmin", network.enterprise][_] == input.groups[i]
				121	}
				122
				123	sites[site] {
				124	site := input.site.site[_]
				125	["AetherROCAdmin", site.enterprise][_] == input.groups[i]
				126	}
				127
				128	templates[template] {
				129	template := input.template.template[_]
				130	}
				131
				132	trafficclasses[traffic_class] {
				133	traffic_class := input.traffic_class.traffic_class[_]
				134	}
				135
				136	upfs[upf] {
				137	upf := input.upf.upf[_]
				138	["AetherROCAdmin", upf.enterprise][_] == input.groups[i]
				139	}
				140
				141	vcss[vcs] {
				142	vcs := input.vcs.vcs[_]
				143	["AetherROCAdmin", vcs.enterprise][_] == input.groups[i]
				144	}
				145
				146	can_update_enterprise = true {
				147	update_enterprise := input.updates.enterprise.enterprise[_]
				148	["AetherROCAdmin", update_enterprise.id][_] == input.groups[i]
				149	}