mirror of
https://github.com/openkmip/pykmip
synced 2025-12-05 23:53:19 +00:00
008f86cfa9
This change tweaks the format of operation policy files, renaming the 'default' section of each policy to 'preset'. This reinforces the idea that this section of the policy is used only when group- based access control is disabled. It also removes any ambiguity between this section of the policy and the actual 'default' policy built into the server.
189 lines
7.6 KiB
JSON
189 lines
7.6 KiB
JSON
{
|
|
"policy_A": {
|
|
"groups": {
|
|
"group_A": {
|
|
"CERTIFICATE": {
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
}
|
|
}
|
|
},
|
|
"preset": {
|
|
"CERTIFICATE": {
|
|
"LOCATE": "ALLOW_ALL",
|
|
"CHECK": "ALLOW_ALL",
|
|
"GET": "ALLOW_ALL",
|
|
"GET_ATTRIBUTES": "ALLOW_ALL",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_ALL",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_ALL",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"SYMMETRIC_KEY": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"PUBLIC_KEY": {
|
|
"LOCATE": "ALLOW_ALL",
|
|
"CHECK": "ALLOW_ALL",
|
|
"GET": "ALLOW_ALL",
|
|
"GET_ATTRIBUTES": "ALLOW_ALL",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_ALL",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_ALL",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"PRIVATE_KEY": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"SPLIT_KEY": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"TEMPLATE": {
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER"
|
|
},
|
|
"SECRET_DATA": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"OPAQUE_DATA": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"PGP_KEY": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
}
|
|
}
|
|
}
|
|
}
|