blob: 247a974da62df7ee4c5b825a610d3c8992f6b022 [file] [log] [blame]
Sean Condonf69b0472022-01-11 14:10:45 +00001# SPDX-FileCopyrightText: 2022-present Open Networking Foundation <info@opennetworking.org>
2#
3# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
4
5package aether_2_0_0
6
7echo[config] {
8 config := input
9}
10
11allowed[config] {
12 application := applications # refer to rule below
13 connectivity_service := connectivityservices
14 device_group := devicegroups
15 enterprise := enterprises
16 ip_domain := ip_domains
17 site := sites
18 template := templates
19 traffic_class := trafficclasses
20 upf := upfs
21 vcs := vcss
22 config := {
23 "application": {
24 "application": [
25 application
26 ]
27 },
28 "connectivity-service": {
29 "connectivity-service": [
30 connectivity_service
31 ]
32 },
33 "device-group": {
34 "device-group": [
35 device_group
36 ]
37 },
38 "enterprise": {
39 "enterprise": [
40 enterprise
41 ]
42 },
43 "ip-domain": {
44 "ip-domain": [
45 ip_domain
46 ]
47 },
48 "site": {
49 "site": [
50 site
51 ]
52 },
53 "template": {
54 "template": [
55 template
56 ]
57 },
58 "traffic-class": {
59 "traffic-class": {
60 traffic_class
61 }
62 },
63 "upf": {
64 "upf": [
65 upf
66 ]
67 },
68 "vcs": {
69 "vcs": [
70 vcs
71 ]
72 }
73 }
74}
75
76applications[application] {
77 application := input.application.application[_]
78 ["AetherROCAdmin", application.enterprise][_] == input.groups[i]
79}
80
81connectivityservices[connectivity_service] {
82 connectivity_service := input.connectivity_service.connectivity_service[_]
83}
84
85devicegroups[device_group] {
86 device_group := input.device_group.device_group[_]
87 site := sites
88 device_group.site == site[_].id # allow only the device_groups of a known site
89}
90
91enterprises[enterprise] {
92 enterprise := input.enterprise.enterprise[_]
93 ["AetherROCAdmin", enterprise.id][_] == input.groups[i]
94}
95
96ip_domains[ip_domain] {
97 ip_domain := input.ip_domain.ip_domain[_]
98 ["AetherROCAdmin", ip_domain.enterprise][_] == input.groups[i]
99}
100
101sites[site] {
102 site := input.site.site[_]
103 ["AetherROCAdmin", site.enterprise][_] == input.groups[i]
104}
105
106templates[template] {
107 template := input.template.template[_]
108}
109
110trafficclasses[traffic_class] {
111 traffic_class := input.traffic_class.traffic_class[_]
112}
113
114upfs[upf] {
115 upf := input.upf.upf[_]
116 ["AetherROCAdmin", upf.enterprise][_] == input.groups[i]
117}
118
119vcss[vcs] {
120 vcs := input.vcs.vcs[_]
121 ["AetherROCAdmin", vcs.enterprise][_] == input.groups[i]
122}
123
124can_update_enterprise = true {
125 update_enterprise := input.updates.enterprise.enterprise[_]
126 ["AetherROCAdmin", update_enterprise.id][_] == input.groups[i]
127}