From be3c88d67ff707fbb0c601b326bc4bebf1729ad0 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 16:29:29 +0000 Subject: [PATCH] Update static topaz template assets --- static/assets/templates/api-auth.json | 22 + .../templates/api-auth/api-auth-objects.json | 492 ++++ .../api-auth/api-auth-relations.json | 449 ++++ .../templates/api-auth/ds-load/api-auth.json | 941 +++++++ .../assets/templates/api-auth/manifest.yaml | 59 + .../api-auth/test/api-auth_assertions.json | 354 +++ static/assets/templates/hosted/api-auth.json | 19 + .../assets/templates/hosted/multi-tenant.json | 19 + static/assets/templates/multi-tenant.json | 22 + .../multi-tenant/ds-load/multi-tenant.json | 156 ++ .../templates/multi-tenant/manifest.yaml | 81 + .../multi-tenant/multi-tenant-objects.json | 33 + .../multi-tenant/multi-tenant-relations.json | 123 + .../test/multi-tenant_assertions.json | 2328 +++++++++++++++++ static/assets/templates/templates.json | 18 +- 15 files changed, 5115 insertions(+), 1 deletion(-) create mode 100644 static/assets/templates/api-auth.json create mode 100644 static/assets/templates/api-auth/api-auth-objects.json create mode 100644 static/assets/templates/api-auth/api-auth-relations.json create mode 100644 static/assets/templates/api-auth/ds-load/api-auth.json create mode 100644 static/assets/templates/api-auth/manifest.yaml create mode 100644 static/assets/templates/api-auth/test/api-auth_assertions.json create mode 100644 static/assets/templates/hosted/api-auth.json create mode 100644 static/assets/templates/hosted/multi-tenant.json create mode 100644 static/assets/templates/multi-tenant.json create mode 100644 static/assets/templates/multi-tenant/ds-load/multi-tenant.json create mode 100644 static/assets/templates/multi-tenant/manifest.yaml create mode 100644 static/assets/templates/multi-tenant/multi-tenant-objects.json create mode 100644 static/assets/templates/multi-tenant/multi-tenant-relations.json create mode 100644 static/assets/templates/multi-tenant/test/multi-tenant_assertions.json diff --git a/static/assets/templates/api-auth.json b/static/assets/templates/api-auth.json new file mode 100644 index 0000000..27e9863 --- /dev/null +++ b/static/assets/templates/api-auth.json @@ -0,0 +1,22 @@ +{ + "name": "api-auth", + "description": "API Authorization template", + "assets": { + "manifest": "api-auth/manifest.yaml", + "policy": { + "name": "api-auth", + "resource": "ghcr.io/aserto-policies/policy-rebac:latest" + }, + "idp_data": [ + "citadel/citadel_objects.json", + "citadel/citadel_relations.json" + ], + "domain_data": [ + "api-auth/api-auth-objects.json", + "api-auth/api-auth-relations.json" + ], + "assertions": [ + "api-auth/test/api-auth_assertions.json" + ] + } +} diff --git a/static/assets/templates/api-auth/api-auth-objects.json b/static/assets/templates/api-auth/api-auth-objects.json new file mode 100644 index 0000000..8b246a6 --- /dev/null +++ b/static/assets/templates/api-auth/api-auth-objects.json @@ -0,0 +1,492 @@ +{ + "objects": [ + { + "type": "service", + "id": "petstore", + "displayName": "Petstore API", + "properties": { + "canonicalName": "petstore" + } + }, + { + "type": "group", + "id": "global-readers", + "displayName": "Global Readers" + }, + { + "type": "group", + "id": "global-writers", + "displayName": "Global Writers" + }, + { + "type": "group", + "id": "global-creators", + "displayName": "Global Creators" + }, + { + "type": "group", + "id": "global-deleters", + "displayName": "Global Deleters" + }, + { + "type": "group", + "id": "petstore-readers", + "displayName": "Petstore API Readers" + }, + { + "type": "group", + "id": "petstore-writers", + "displayName": "Petstore API Writers" + }, + { + "type": "group", + "id": "petstore-creators", + "displayName": "Petstore API Creators" + }, + { + "type": "group", + "id": "petstore-deleters", + "displayName": "Petstore API Deleters" + }, + { + "type": "endpoint", + "id": "petstore:GET:/store/order/{orderId}", + "displayName": "GET /store/order/{orderId}", + "properties": { + "canonicalName": "petstore:GET:/store/order/{orderId}", + "method": "GET", + "path": "/store/order/{orderId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:DELETE:/store/order/{orderId}", + "displayName": "DELETE /store/order/{orderId}", + "properties": { + "canonicalName": "petstore:DELETE:/store/order/{orderId}", + "method": "DELETE", + "path": "/store/order/{orderId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/user/createWithList", + "displayName": "POST /user/createWithList", + "properties": { + "canonicalName": "petstore:POST:/user/createWithList", + "method": "POST", + "path": "/user/createWithList", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/pet/{petId}", + "displayName": "GET /pet/{petId}", + "properties": { + "canonicalName": "petstore:GET:/pet/{petId}", + "method": "GET", + "path": "/pet/{petId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/pet/{petId}", + "displayName": "POST /pet/{petId}", + "properties": { + "canonicalName": "petstore:POST:/pet/{petId}", + "method": "POST", + "path": "/pet/{petId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:DELETE:/pet/{petId}", + "displayName": "DELETE /pet/{petId}", + "properties": { + "canonicalName": "petstore:DELETE:/pet/{petId}", + "method": "DELETE", + "path": "/pet/{petId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/user/login", + "displayName": "GET /user/login", + "properties": { + "canonicalName": "petstore:GET:/user/login", + "method": "GET", + "path": "/user/login", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/pet/{petId}/uploadImage", + "displayName": "POST /pet/{petId}/uploadImage", + "properties": { + "canonicalName": "petstore:POST:/pet/{petId}/uploadImage", + "method": "POST", + "path": "/pet/{petId}/uploadImage", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/store/order", + "displayName": "POST /store/order", + "properties": { + "canonicalName": "petstore:POST:/store/order", + "method": "POST", + "path": "/store/order", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/user/logout", + "displayName": "GET /user/logout", + "properties": { + "canonicalName": "petstore:GET:/user/logout", + "method": "GET", + "path": "/user/logout", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/store/inventory", + "displayName": "GET /store/inventory", + "properties": { + "canonicalName": "petstore:GET:/store/inventory", + "method": "GET", + "path": "/store/inventory", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/pet/findByStatus", + "displayName": "GET /pet/findByStatus", + "properties": { + "canonicalName": "petstore:GET:/pet/findByStatus", + "method": "GET", + "path": "/pet/findByStatus", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/user/{username}", + "displayName": "GET /user/{username}", + "properties": { + "canonicalName": "petstore:GET:/user/{username}", + "method": "GET", + "path": "/user/{username}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:PUT:/user/{username}", + "displayName": "PUT /user/{username}", + "properties": { + "canonicalName": "petstore:PUT:/user/{username}", + "method": "PUT", + "path": "/user/{username}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:DELETE:/user/{username}", + "displayName": "DELETE /user/{username}", + "properties": { + "canonicalName": "petstore:DELETE:/user/{username}", + "method": "DELETE", + "path": "/user/{username}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/pet/findByTags", + "displayName": "GET /pet/findByTags", + "properties": { + "canonicalName": "petstore:GET:/pet/findByTags", + "method": "GET", + "path": "/pet/findByTags", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/pet", + "displayName": "POST /pet", + "properties": { + "canonicalName": "petstore:POST:/pet", + "method": "POST", + "path": "/pet", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:PUT:/pet", + "displayName": "PUT /pet", + "properties": { + "canonicalName": "petstore:PUT:/pet", + "method": "PUT", + "path": "/pet", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/user", + "displayName": "POST /user", + "properties": { + "canonicalName": "petstore:POST:/user", + "method": "POST", + "path": "/user", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "service", + "id": "rick-and-morty", + "displayName": "Rick and Morty API", + "properties": { + "canonicalName": "rick-and-morty" + } + }, + { + "type": "group", + "id": "rick-and-morty-readers", + "displayName": "Rick and Morty API Readers" + }, + { + "type": "group", + "id": "rick-and-morty-writers", + "displayName": "Rick and Morty API Writers" + }, + { + "type": "group", + "id": "rick-and-morty-creators", + "displayName": "Rick and Morty API Creators" + }, + { + "type": "group", + "id": "rick-and-morty-deleters", + "displayName": "Rick and Morty API Deleters" + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/locations/:locationId", + "displayName": "GET /v1/locations/:locationId", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/locations/:locationId", + "method": "GET", + "path": "/v1/locations/:locationId", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/openapi.json", + "displayName": "GET /openapi.json", + "properties": { + "canonicalName": "rick-and-morty:GET:/openapi.json", + "method": "GET", + "path": "/openapi.json", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/characters", + "displayName": "GET /v1/characters", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/characters", + "method": "GET", + "path": "/v1/characters", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/characters/:characterId", + "displayName": "GET /v1/characters/:characterId", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/characters/:characterId", + "method": "GET", + "path": "/v1/characters/:characterId", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/episodes/", + "displayName": "GET /v1/episodes/", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/episodes/", + "method": "GET", + "path": "/v1/episodes/", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/episodes/:episodeId", + "displayName": "GET /v1/episodes/:episodeId", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/episodes/:episodeId", + "method": "GET", + "path": "/v1/episodes/:episodeId", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/locations", + "displayName": "GET /v1/locations", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/locations", + "method": "GET", + "path": "/v1/locations", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "service", + "id": "todo", + "displayName": "Todo List API", + "properties": { + "canonicalName": "todo" + } + }, + { + "type": "group", + "id": "todo-readers", + "displayName": "Todo List API Readers" + }, + { + "type": "group", + "id": "todo-writers", + "displayName": "Todo List API Writers" + }, + { + "type": "group", + "id": "todo-creators", + "displayName": "Todo List API Creators" + }, + { + "type": "group", + "id": "todo-deleters", + "displayName": "Todo List API Deleters" + }, + { + "type": "endpoint", + "id": "todo:PATCH:/v1/todos/{todoId}", + "displayName": "PATCH /v1/todos/{todoId}", + "properties": { + "canonicalName": "todo:PATCH:/v1/todos/{todoId}", + "method": "PATCH", + "path": "/v1/todos/{todoId}", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:DELETE:/v1/todos/{todoId}", + "displayName": "DELETE /v1/todos/{todoId}", + "properties": { + "canonicalName": "todo:DELETE:/v1/todos/{todoId}", + "method": "DELETE", + "path": "/v1/todos/{todoId}", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:GET:/v1/$todosAndUsers", + "displayName": "GET /v1/$todosAndUsers", + "properties": { + "canonicalName": "todo:GET:/v1/$todosAndUsers", + "method": "GET", + "path": "/v1/$todosAndUsers", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:GET:/v1/$todosWithNoUserId", + "displayName": "GET /v1/$todosWithNoUserId", + "properties": { + "canonicalName": "todo:GET:/v1/$todosWithNoUserId", + "method": "GET", + "path": "/v1/$todosWithNoUserId", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:GET:/v1/todos", + "displayName": "GET /v1/todos", + "properties": { + "canonicalName": "todo:GET:/v1/todos", + "method": "GET", + "path": "/v1/todos", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:POST:/v1/todos", + "displayName": "POST /v1/todos", + "properties": { + "canonicalName": "todo:POST:/v1/todos", + "method": "POST", + "path": "/v1/todos", + "service": "Todo List API", + "serviceID": "todo" + } + } + ] +} diff --git a/static/assets/templates/api-auth/api-auth-relations.json b/static/assets/templates/api-auth/api-auth-relations.json new file mode 100644 index 0000000..c4132f2 --- /dev/null +++ b/static/assets/templates/api-auth/api-auth-relations.json @@ -0,0 +1,449 @@ +{ + "relations": [ + { + "objectType": "service", + "objectId": "petstore", + "relation": "reader", + "subjectType": "group", + "subjectId": "petstore-readers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "petstore", + "relation": "writer", + "subjectType": "group", + "subjectId": "petstore-writers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "petstore", + "relation": "creator", + "subjectType": "group", + "subjectId": "petstore-creators", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "petstore", + "relation": "deleter", + "subjectType": "group", + "subjectId": "petstore-deleters", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "petstore-readers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-readers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "petstore-writers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-writers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "petstore-creators", + "relation": "member", + "subjectType": "group", + "subjectId": "global-creators", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "petstore-deleters", + "relation": "member", + "subjectType": "group", + "subjectId": "global-deleters", + "subjectRelation": "member" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/store/order/{orderId}", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:DELETE:/store/order/{orderId}", + "relation": "service-deleter", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/user/createWithList", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/pet/{petId}", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/pet/{petId}", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:DELETE:/pet/{petId}", + "relation": "service-deleter", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/user/login", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/pet/{petId}/uploadImage", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/store/order", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/user/logout", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/store/inventory", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/pet/findByStatus", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/user/{username}", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:PUT:/user/{username}", + "relation": "service-writer", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:DELETE:/user/{username}", + "relation": "service-deleter", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/pet/findByTags", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/pet", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:PUT:/pet", + "relation": "service-writer", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/user", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "service", + "objectId": "rick-and-morty", + "relation": "reader", + "subjectType": "group", + "subjectId": "rick-and-morty-readers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "rick-and-morty", + "relation": "writer", + "subjectType": "group", + "subjectId": "rick-and-morty-writers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "rick-and-morty", + "relation": "creator", + "subjectType": "group", + "subjectId": "rick-and-morty-creators", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "rick-and-morty", + "relation": "deleter", + "subjectType": "group", + "subjectId": "rick-and-morty-deleters", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "rick-and-morty-readers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-readers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "rick-and-morty-writers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-writers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "rick-and-morty-creators", + "relation": "member", + "subjectType": "group", + "subjectId": "global-creators", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "rick-and-morty-deleters", + "relation": "member", + "subjectType": "group", + "subjectId": "global-deleters", + "subjectRelation": "member" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/locations/:locationId", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/openapi.json", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/characters", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/characters/:characterId", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/episodes/", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/episodes/:episodeId", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/locations", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "service", + "objectId": "todo", + "relation": "reader", + "subjectType": "group", + "subjectId": "todo-readers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "todo", + "relation": "writer", + "subjectType": "group", + "subjectId": "todo-writers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "todo", + "relation": "creator", + "subjectType": "group", + "subjectId": "todo-creators", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "todo", + "relation": "deleter", + "subjectType": "group", + "subjectId": "todo-deleters", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "todo-readers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-readers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "todo-writers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-writers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "todo-creators", + "relation": "member", + "subjectType": "group", + "subjectId": "global-creators", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "todo-deleters", + "relation": "member", + "subjectType": "group", + "subjectId": "global-deleters", + "subjectRelation": "member" + }, + { + "objectType": "endpoint", + "objectId": "todo:PATCH:/v1/todos/{todoId}", + "relation": "service-writer", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:DELETE:/v1/todos/{todoId}", + "relation": "service-deleter", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:GET:/v1/$todosAndUsers", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:GET:/v1/$todosWithNoUserId", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:GET:/v1/todos", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:POST:/v1/todos", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "group", + "objectId": "global-deleters", + "relation": "member", + "subjectType": "user", + "subjectId": "rick@the-citadel.com" + }, + { + "objectType": "group", + "objectId": "petstore-creators", + "relation": "member", + "subjectType": "user", + "subjectId": "morty@the-citadel.com" + }, + { + "objectType": "group", + "objectId": "todo-readers", + "relation": "member", + "subjectType": "group", + "subjectId": "viewer", + "subjectRelation": "member" + }, + { + "objectType": "endpoint", + "objectId": "todo:POST:/v1/todos", + "relation": "invoker", + "subjectType": "user", + "subjectId": "morty@the-citadel.com" + } + ] +} diff --git a/static/assets/templates/api-auth/ds-load/api-auth.json b/static/assets/templates/api-auth/ds-load/api-auth.json new file mode 100644 index 0000000..5742713 --- /dev/null +++ b/static/assets/templates/api-auth/ds-load/api-auth.json @@ -0,0 +1,941 @@ +[ + { + "objects": [ + { + "type": "service", + "id": "petstore", + "displayName": "Petstore API", + "properties": { + "canonicalName": "petstore" + } + }, + { + "type": "group", + "id": "global-readers", + "displayName": "Global Readers" + }, + { + "type": "group", + "id": "global-writers", + "displayName": "Global Writers" + }, + { + "type": "group", + "id": "global-creators", + "displayName": "Global Creators" + }, + { + "type": "group", + "id": "global-deleters", + "displayName": "Global Deleters" + }, + { + "type": "group", + "id": "petstore-readers", + "displayName": "Petstore API Readers" + }, + { + "type": "group", + "id": "petstore-writers", + "displayName": "Petstore API Writers" + }, + { + "type": "group", + "id": "petstore-creators", + "displayName": "Petstore API Creators" + }, + { + "type": "group", + "id": "petstore-deleters", + "displayName": "Petstore API Deleters" + }, + { + "type": "endpoint", + "id": "petstore:GET:/store/order/{orderId}", + "displayName": "GET /store/order/{orderId}", + "properties": { + "canonicalName": "petstore:GET:/store/order/{orderId}", + "method": "GET", + "path": "/store/order/{orderId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:DELETE:/store/order/{orderId}", + "displayName": "DELETE /store/order/{orderId}", + "properties": { + "canonicalName": "petstore:DELETE:/store/order/{orderId}", + "method": "DELETE", + "path": "/store/order/{orderId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/user/createWithList", + "displayName": "POST /user/createWithList", + "properties": { + "canonicalName": "petstore:POST:/user/createWithList", + "method": "POST", + "path": "/user/createWithList", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/pet/{petId}", + "displayName": "GET /pet/{petId}", + "properties": { + "canonicalName": "petstore:GET:/pet/{petId}", + "method": "GET", + "path": "/pet/{petId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/pet/{petId}", + "displayName": "POST /pet/{petId}", + "properties": { + "canonicalName": "petstore:POST:/pet/{petId}", + "method": "POST", + "path": "/pet/{petId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:DELETE:/pet/{petId}", + "displayName": "DELETE /pet/{petId}", + "properties": { + "canonicalName": "petstore:DELETE:/pet/{petId}", + "method": "DELETE", + "path": "/pet/{petId}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/user/login", + "displayName": "GET /user/login", + "properties": { + "canonicalName": "petstore:GET:/user/login", + "method": "GET", + "path": "/user/login", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/pet/{petId}/uploadImage", + "displayName": "POST /pet/{petId}/uploadImage", + "properties": { + "canonicalName": "petstore:POST:/pet/{petId}/uploadImage", + "method": "POST", + "path": "/pet/{petId}/uploadImage", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/store/order", + "displayName": "POST /store/order", + "properties": { + "canonicalName": "petstore:POST:/store/order", + "method": "POST", + "path": "/store/order", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/user/logout", + "displayName": "GET /user/logout", + "properties": { + "canonicalName": "petstore:GET:/user/logout", + "method": "GET", + "path": "/user/logout", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/store/inventory", + "displayName": "GET /store/inventory", + "properties": { + "canonicalName": "petstore:GET:/store/inventory", + "method": "GET", + "path": "/store/inventory", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/pet/findByStatus", + "displayName": "GET /pet/findByStatus", + "properties": { + "canonicalName": "petstore:GET:/pet/findByStatus", + "method": "GET", + "path": "/pet/findByStatus", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/user/{username}", + "displayName": "GET /user/{username}", + "properties": { + "canonicalName": "petstore:GET:/user/{username}", + "method": "GET", + "path": "/user/{username}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:PUT:/user/{username}", + "displayName": "PUT /user/{username}", + "properties": { + "canonicalName": "petstore:PUT:/user/{username}", + "method": "PUT", + "path": "/user/{username}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:DELETE:/user/{username}", + "displayName": "DELETE /user/{username}", + "properties": { + "canonicalName": "petstore:DELETE:/user/{username}", + "method": "DELETE", + "path": "/user/{username}", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:GET:/pet/findByTags", + "displayName": "GET /pet/findByTags", + "properties": { + "canonicalName": "petstore:GET:/pet/findByTags", + "method": "GET", + "path": "/pet/findByTags", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/pet", + "displayName": "POST /pet", + "properties": { + "canonicalName": "petstore:POST:/pet", + "method": "POST", + "path": "/pet", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:PUT:/pet", + "displayName": "PUT /pet", + "properties": { + "canonicalName": "petstore:PUT:/pet", + "method": "PUT", + "path": "/pet", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "endpoint", + "id": "petstore:POST:/user", + "displayName": "POST /user", + "properties": { + "canonicalName": "petstore:POST:/user", + "method": "POST", + "path": "/user", + "service": "Petstore API", + "serviceID": "petstore" + } + }, + { + "type": "service", + "id": "rick-and-morty", + "displayName": "Rick and Morty API", + "properties": { + "canonicalName": "rick-and-morty" + } + }, + { + "type": "group", + "id": "rick-and-morty-readers", + "displayName": "Rick and Morty API Readers" + }, + { + "type": "group", + "id": "rick-and-morty-writers", + "displayName": "Rick and Morty API Writers" + }, + { + "type": "group", + "id": "rick-and-morty-creators", + "displayName": "Rick and Morty API Creators" + }, + { + "type": "group", + "id": "rick-and-morty-deleters", + "displayName": "Rick and Morty API Deleters" + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/locations/:locationId", + "displayName": "GET /v1/locations/:locationId", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/locations/:locationId", + "method": "GET", + "path": "/v1/locations/:locationId", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/openapi.json", + "displayName": "GET /openapi.json", + "properties": { + "canonicalName": "rick-and-morty:GET:/openapi.json", + "method": "GET", + "path": "/openapi.json", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/characters", + "displayName": "GET /v1/characters", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/characters", + "method": "GET", + "path": "/v1/characters", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/characters/:characterId", + "displayName": "GET /v1/characters/:characterId", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/characters/:characterId", + "method": "GET", + "path": "/v1/characters/:characterId", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/episodes/", + "displayName": "GET /v1/episodes/", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/episodes/", + "method": "GET", + "path": "/v1/episodes/", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/episodes/:episodeId", + "displayName": "GET /v1/episodes/:episodeId", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/episodes/:episodeId", + "method": "GET", + "path": "/v1/episodes/:episodeId", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "endpoint", + "id": "rick-and-morty:GET:/v1/locations", + "displayName": "GET /v1/locations", + "properties": { + "canonicalName": "rick-and-morty:GET:/v1/locations", + "method": "GET", + "path": "/v1/locations", + "service": "Rick and Morty API", + "serviceID": "rick-and-morty" + } + }, + { + "type": "service", + "id": "todo", + "displayName": "Todo List API", + "properties": { + "canonicalName": "todo" + } + }, + { + "type": "group", + "id": "todo-readers", + "displayName": "Todo List API Readers" + }, + { + "type": "group", + "id": "todo-writers", + "displayName": "Todo List API Writers" + }, + { + "type": "group", + "id": "todo-creators", + "displayName": "Todo List API Creators" + }, + { + "type": "group", + "id": "todo-deleters", + "displayName": "Todo List API Deleters" + }, + { + "type": "endpoint", + "id": "todo:PATCH:/v1/todos/{todoId}", + "displayName": "PATCH /v1/todos/{todoId}", + "properties": { + "canonicalName": "todo:PATCH:/v1/todos/{todoId}", + "method": "PATCH", + "path": "/v1/todos/{todoId}", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:DELETE:/v1/todos/{todoId}", + "displayName": "DELETE /v1/todos/{todoId}", + "properties": { + "canonicalName": "todo:DELETE:/v1/todos/{todoId}", + "method": "DELETE", + "path": "/v1/todos/{todoId}", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:GET:/v1/$todosAndUsers", + "displayName": "GET /v1/$todosAndUsers", + "properties": { + "canonicalName": "todo:GET:/v1/$todosAndUsers", + "method": "GET", + "path": "/v1/$todosAndUsers", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:GET:/v1/$todosWithNoUserId", + "displayName": "GET /v1/$todosWithNoUserId", + "properties": { + "canonicalName": "todo:GET:/v1/$todosWithNoUserId", + "method": "GET", + "path": "/v1/$todosWithNoUserId", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:GET:/v1/todos", + "displayName": "GET /v1/todos", + "properties": { + "canonicalName": "todo:GET:/v1/todos", + "method": "GET", + "path": "/v1/todos", + "service": "Todo List API", + "serviceID": "todo" + } + }, + { + "type": "endpoint", + "id": "todo:POST:/v1/todos", + "displayName": "POST /v1/todos", + "properties": { + "canonicalName": "todo:POST:/v1/todos", + "method": "POST", + "path": "/v1/todos", + "service": "Todo List API", + "serviceID": "todo" + } + } + ], + "relations": [ + { + "objectType": "service", + "objectId": "petstore", + "relation": "reader", + "subjectType": "group", + "subjectId": "petstore-readers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "petstore", + "relation": "writer", + "subjectType": "group", + "subjectId": "petstore-writers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "petstore", + "relation": "creator", + "subjectType": "group", + "subjectId": "petstore-creators", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "petstore", + "relation": "deleter", + "subjectType": "group", + "subjectId": "petstore-deleters", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "petstore-readers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-readers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "petstore-writers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-writers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "petstore-creators", + "relation": "member", + "subjectType": "group", + "subjectId": "global-creators", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "petstore-deleters", + "relation": "member", + "subjectType": "group", + "subjectId": "global-deleters", + "subjectRelation": "member" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/store/order/{orderId}", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:DELETE:/store/order/{orderId}", + "relation": "service-deleter", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/user/createWithList", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/pet/{petId}", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/pet/{petId}", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:DELETE:/pet/{petId}", + "relation": "service-deleter", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/user/login", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/pet/{petId}/uploadImage", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/store/order", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/user/logout", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/store/inventory", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/pet/findByStatus", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/user/{username}", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:PUT:/user/{username}", + "relation": "service-writer", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:DELETE:/user/{username}", + "relation": "service-deleter", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:GET:/pet/findByTags", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/pet", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:PUT:/pet", + "relation": "service-writer", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "endpoint", + "objectId": "petstore:POST:/user", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "petstore" + }, + { + "objectType": "service", + "objectId": "rick-and-morty", + "relation": "reader", + "subjectType": "group", + "subjectId": "rick-and-morty-readers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "rick-and-morty", + "relation": "writer", + "subjectType": "group", + "subjectId": "rick-and-morty-writers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "rick-and-morty", + "relation": "creator", + "subjectType": "group", + "subjectId": "rick-and-morty-creators", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "rick-and-morty", + "relation": "deleter", + "subjectType": "group", + "subjectId": "rick-and-morty-deleters", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "rick-and-morty-readers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-readers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "rick-and-morty-writers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-writers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "rick-and-morty-creators", + "relation": "member", + "subjectType": "group", + "subjectId": "global-creators", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "rick-and-morty-deleters", + "relation": "member", + "subjectType": "group", + "subjectId": "global-deleters", + "subjectRelation": "member" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/locations/:locationId", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/openapi.json", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/characters", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/characters/:characterId", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/episodes/", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/episodes/:episodeId", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "endpoint", + "objectId": "rick-and-morty:GET:/v1/locations", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "rick-and-morty" + }, + { + "objectType": "service", + "objectId": "todo", + "relation": "reader", + "subjectType": "group", + "subjectId": "todo-readers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "todo", + "relation": "writer", + "subjectType": "group", + "subjectId": "todo-writers", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "todo", + "relation": "creator", + "subjectType": "group", + "subjectId": "todo-creators", + "subjectRelation": "member" + }, + { + "objectType": "service", + "objectId": "todo", + "relation": "deleter", + "subjectType": "group", + "subjectId": "todo-deleters", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "todo-readers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-readers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "todo-writers", + "relation": "member", + "subjectType": "group", + "subjectId": "global-writers", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "todo-creators", + "relation": "member", + "subjectType": "group", + "subjectId": "global-creators", + "subjectRelation": "member" + }, + { + "objectType": "group", + "objectId": "todo-deleters", + "relation": "member", + "subjectType": "group", + "subjectId": "global-deleters", + "subjectRelation": "member" + }, + { + "objectType": "endpoint", + "objectId": "todo:PATCH:/v1/todos/{todoId}", + "relation": "service-writer", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:DELETE:/v1/todos/{todoId}", + "relation": "service-deleter", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:GET:/v1/$todosAndUsers", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:GET:/v1/$todosWithNoUserId", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:GET:/v1/todos", + "relation": "service-reader", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "endpoint", + "objectId": "todo:POST:/v1/todos", + "relation": "service-creator", + "subjectType": "service", + "subjectId": "todo" + }, + { + "objectType": "group", + "objectId": "global-deleters", + "relation": "member", + "subjectType": "user", + "subjectId": "rick@the-citadel.com" + }, + { + "objectType": "group", + "objectId": "petstore-creators", + "relation": "member", + "subjectType": "user", + "subjectId": "morty@the-citadel.com" + }, + { + "objectType": "group", + "objectId": "todo-readers", + "relation": "member", + "subjectType": "group", + "subjectId": "viewer", + "subjectRelation": "member" + }, + { + "objectType": "endpoint", + "objectId": "todo:POST:/v1/todos", + "relation": "invoker", + "subjectType": "user", + "subjectId": "morty@the-citadel.com" + } + ] + } +] diff --git a/static/assets/templates/api-auth/manifest.yaml b/static/assets/templates/api-auth/manifest.yaml new file mode 100644 index 0000000..3f43641 --- /dev/null +++ b/static/assets/templates/api-auth/manifest.yaml @@ -0,0 +1,59 @@ + +# yaml-language-server: $schema=https://www.topaz.sh/schema/manifest.json +--- + +# model +model: + version: 3 + +# object type definitions +types: + # user represents a user that can be granted role(s) + user: + relations: + manager: user + + permissions: + ### display_name: user#in_management_chain ### + in_management_chain: manager | manager->in_management_chain + + # group represents a collection of users and/or (nested) groups + group: + relations: + member: user | group#member + + # identity represents a collection of identities for users + identity: + relations: + identifier: user + + # service represents a set of endpoints + service: + relations: + owner: user + deleter: user | group#member + creator: user | group#member + writer: user | group#member + reader: user | group#member + + permissions: + can_get: reader | can_put + can_put: writer | can_post + can_patch: writer | can_post + can_post: creator | can_delete + can_delete: deleter | owner + + # endpoint represents a specific API endpoint + endpoint: + relations: + # each endpoint picks the reader/writer/creator/deleter relation to the service + # based on the method (GET -> reader, PUT/PATCH -> writer, etc) + service-reader: service + service-writer: service + service-creator: service + service-deleter: service + # invoker allows a user or group to get access to invoke this specific endpoint + invoker: user | group#member + permissions: + can_invoke: invoker | service-reader->can_get | service-writer->can_put | + service-creator->can_post | service-deleter->can_delete diff --git a/static/assets/templates/api-auth/test/api-auth_assertions.json b/static/assets/templates/api-auth/test/api-auth_assertions.json new file mode 100644 index 0000000..f530037 --- /dev/null +++ b/static/assets/templates/api-auth/test/api-auth_assertions.json @@ -0,0 +1,354 @@ +{ + "assertions": [ + { + "check": { + "object_type": "endpoint", + "object_id": "todo:DELETE:/v1/todos/{todoId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:DELETE:/v1/todos/{todoId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:DELETE:/v1/todos/{todoId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:DELETE:/v1/todos/{todoId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:DELETE:/v1/todos/{todoId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:GET:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:GET:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:GET:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:GET:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:GET:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:POST:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:POST:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:POST:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:POST:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "todo:POST:/v1/todos", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "rick-and-morty:GET:/v1/characters", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "rick-and-morty:GET:/v1/characters", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "rick-and-morty:GET:/v1/characters", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "rick-and-morty:GET:/v1/characters", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "rick-and-morty:GET:/v1/characters", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:GET:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:GET:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:GET:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:GET:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:GET:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:POST:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:POST:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:POST:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:POST:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:POST:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:DELETE:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:DELETE:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:DELETE:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:DELETE:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "endpoint", + "object_id": "petstore:DELETE:/pet/{petId}", + "relation": "can_invoke", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + } + ] +} diff --git a/static/assets/templates/hosted/api-auth.json b/static/assets/templates/hosted/api-auth.json new file mode 100644 index 0000000..961f591 --- /dev/null +++ b/static/assets/templates/hosted/api-auth.json @@ -0,0 +1,19 @@ +{ + "idp_data": [ + { + "name": "Citadel", + "description": "Demo Citadel IDP", + "provider_id": "6dd707ac-e7bd-11ec-808a-049ec1ced886", + "ds_load": "/assets/templates/citadel/ds-load/citadel.json" + } + ], + "domain_data": [ + { + "name": "API Authorization", + "description": "Sample data for API Authorization template", + "provider_id": "b357e76c-4083-11ef-b0b3-0425c56990f7", + "ds_load": "/assets/templates/api-auth/ds-load/api-auth.json" + } + ] +} + diff --git a/static/assets/templates/hosted/multi-tenant.json b/static/assets/templates/hosted/multi-tenant.json new file mode 100644 index 0000000..3982e2f --- /dev/null +++ b/static/assets/templates/hosted/multi-tenant.json @@ -0,0 +1,19 @@ +{ + "idp_data": [ + { + "name": "Citadel", + "description": "Demo Citadel IDP", + "provider_id": "6dd707ac-e7bd-11ec-808a-049ec1ced886", + "ds_load": "/assets/templates/citadel/ds-load/citadel.json" + } + ], + "domain_data": [ + { + "name": "Multi-tenant", + "description": "Sample data for multi-tenant template", + "provider_id": "87be795c-4076-11ef-91b2-04a8cc1036f3", + "ds_load": "/assets/templates/multi-tenant/ds-load/multi-tenant.json" + } + ] +} + diff --git a/static/assets/templates/multi-tenant.json b/static/assets/templates/multi-tenant.json new file mode 100644 index 0000000..c88c4be --- /dev/null +++ b/static/assets/templates/multi-tenant.json @@ -0,0 +1,22 @@ +{ + "name": "multi-tenant", + "description": "Multi-tenant template", + "assets": { + "manifest": "multi-tenant/manifest.yaml", + "policy": { + "name": "multi-tenant", + "resource": "ghcr.io/aserto-policies/policy-rebac:latest" + }, + "idp_data": [ + "citadel/citadel_objects.json", + "citadel/citadel_relations.json" + ], + "domain_data": [ + "multi-tenant/multi-tenant-objects.json", + "multi-tenant/multi-tenant-relations.json" + ], + "assertions": [ + "multi-tenant/test/multi-tenant_assertions.json" + ] + } +} diff --git a/static/assets/templates/multi-tenant/ds-load/multi-tenant.json b/static/assets/templates/multi-tenant/ds-load/multi-tenant.json new file mode 100644 index 0000000..379b90d --- /dev/null +++ b/static/assets/templates/multi-tenant/ds-load/multi-tenant.json @@ -0,0 +1,156 @@ +[ + { + "objects": [ + { + "type": "system", + "id": "system", + "display_name": "The entire system" + }, + { + "type": "tenant", + "id": "citadel", + "display_name": "Citadel tenant", + "properties": {} + }, + { + "type": "tenant", + "id": "smiths", + "display_name": "Smiths tenant", + "properties": {} + }, + { + "type": "resource", + "id": "citadel-adventures", + "display_name": "The Citadel adventures resource", + "properties": {} + }, + { + "type": "resource", + "id": "smiths-budget", + "display_name": "The Smiths family's budget", + "properties": {} + } + ], + "relations": [ + { + "object_type": "system", + "object_id": "system", + "relation": "admin", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + { + "object_type": "system", + "object_id": "system", + "relation": "editor", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + { + "object_type": "system", + "object_id": "system", + "relation": "viewer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + { + "object_type": "tenant", + "object_id": "citadel", + "relation": "system", + "subject_type": "system", + "subject_id": "system" + }, + { + "object_type": "tenant", + "object_id": "citadel", + "relation": "owner", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + { + "object_type": "tenant", + "object_id": "citadel", + "relation": "editor", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "system", + "subject_type": "system", + "subject_id": "system" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "owner", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "admin", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "editor", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "viewer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "viewer", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "tenant", + "subject_type": "tenant", + "subject_id": "smiths" + }, + { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "owner", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "tenant", + "subject_type": "tenant", + "subject_id": "citadel" + }, + { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "owner", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "reader", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + } + ] + } +] diff --git a/static/assets/templates/multi-tenant/manifest.yaml b/static/assets/templates/multi-tenant/manifest.yaml new file mode 100644 index 0000000..c9d6de0 --- /dev/null +++ b/static/assets/templates/multi-tenant/manifest.yaml @@ -0,0 +1,81 @@ +# yaml-language-server: $schema=manifest.json +--- + +# model +model: + version: 3 + +# object type definitions +types: + # user represents a user that can be granted role(s) + user: + relations: + manager: user + + permissions: + in_management_chain: manager | manager->in_management_chain + + # group represents a collection of users and/or (nested) groups + group: + relations: + member: user | group#member + + # identity represents a collection of identities for users + identity: + relations: + identifier: user + + # system represents the entire application and grants access to all tenants + system: + relations: + admin: user | group#member + editor: user | group#member + viewer: user | group#member + + permissions: + can_create_tenant: admin + + # tenant represents a tenant in a multi-tenant system + tenant: + relations: + # system that the tenant is part of. + system: system + owner: user + admin: user | group#member + editor: user | group#member + viewer: user | group#member + + permissions: + # group members into 3 high-level categories: can_administer, can_edit, can_view. + # these are used to define fine-grained permission. + can_administer: owner | admin | system->admin + can_edit: editor | can_administer | system->editor + can_view: viewer | can_edit | system->viewer + + # fine-grained permissions make it easier to change access levels without + # modifying application logic. + can_delete_tenant: owner | system->admin + can_manage_members: can_administer + can_list_members: can_view + # an owner cannot leave the tenant. they must be removed by another owner. + can_leave_tenant: can_view - owner + + can_create_resources: can_edit + can_delete_resources: can_administer + can_write_resources: can_edit + can_read_resources: can_view + + + # resource represents a resource within a tenant + resource: + relations: + # tenant that the resource is part of. + tenant: tenant + owner: user + writer: user | group#member + reader: user | group#member + + permissions: + can_delete: owner | tenant->can_delete_resources + can_write: writer | can_delete | tenant->can_write_resources + can_read: reader | can_write | tenant->can_read_resources diff --git a/static/assets/templates/multi-tenant/multi-tenant-objects.json b/static/assets/templates/multi-tenant/multi-tenant-objects.json new file mode 100644 index 0000000..dfe826b --- /dev/null +++ b/static/assets/templates/multi-tenant/multi-tenant-objects.json @@ -0,0 +1,33 @@ +{ + "objects": [ + { + "type": "system", + "id": "system", + "display_name": "The entire system" + }, + { + "type": "tenant", + "id": "citadel", + "display_name": "Citadel tenant", + "properties": {} + }, + { + "type": "tenant", + "id": "smiths", + "display_name": "Smiths tenant", + "properties": {} + }, + { + "type": "resource", + "id": "citadel-adventures", + "display_name": "The Citadel adventures resource", + "properties": {} + }, + { + "type": "resource", + "id": "smiths-budget", + "display_name": "The Smiths family's budget", + "properties": {} + } + ] +} diff --git a/static/assets/templates/multi-tenant/multi-tenant-relations.json b/static/assets/templates/multi-tenant/multi-tenant-relations.json new file mode 100644 index 0000000..ec56841 --- /dev/null +++ b/static/assets/templates/multi-tenant/multi-tenant-relations.json @@ -0,0 +1,123 @@ +{ + "relations": [ + { + "object_type": "system", + "object_id": "system", + "relation": "admin", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + { + "object_type": "system", + "object_id": "system", + "relation": "editor", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + { + "object_type": "system", + "object_id": "system", + "relation": "viewer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + { + "object_type": "tenant", + "object_id": "citadel", + "relation": "system", + "subject_type": "system", + "subject_id": "system" + }, + { + "object_type": "tenant", + "object_id": "citadel", + "relation": "owner", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + { + "object_type": "tenant", + "object_id": "citadel", + "relation": "editor", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "system", + "subject_type": "system", + "subject_id": "system" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "owner", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "admin", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "editor", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "viewer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + { + "object_type": "tenant", + "object_id": "smiths", + "relation": "viewer", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "tenant", + "subject_type": "tenant", + "subject_id": "smiths" + }, + { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "owner", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "tenant", + "subject_type": "tenant", + "subject_id": "citadel" + }, + { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "owner", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "reader", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + } + ] +} diff --git a/static/assets/templates/multi-tenant/test/multi-tenant_assertions.json b/static/assets/templates/multi-tenant/test/multi-tenant_assertions.json new file mode 100644 index 0000000..15e6f86 --- /dev/null +++ b/static/assets/templates/multi-tenant/test/multi-tenant_assertions.json @@ -0,0 +1,2328 @@ +{ + "assertions": [ + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "admin", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "admin", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "admin", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "admin", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "admin", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "can_create_tenant", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "can_create_tenant", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "can_create_tenant", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "can_create_tenant", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "can_create_tenant", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "editor", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "editor", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "editor", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "editor", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "editor", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "viewer", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "viewer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "viewer", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "viewer", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "system", + "object_id": "system", + "relation": "viewer", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "owner", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "owner", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "owner", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "owner", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "owner", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "admin", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "admin", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "admin", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "admin", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "admin", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "editor", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "editor", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "editor", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "editor", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "editor", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "viewer", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "viewer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "viewer", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "viewer", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "viewer", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "owner", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "owner", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "owner", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "owner", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "owner", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "admin", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "admin", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "admin", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "admin", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "admin", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "editor", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "editor", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "editor", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "editor", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "editor", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "viewer", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "viewer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "viewer", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "viewer", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "viewer", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_view", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_view", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_view", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_view", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_view", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_administer", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_edit", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_view", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_view", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_view", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_view", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_view", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_tenant", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_manage_members", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_list_members", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_leave_tenant", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_create_resources", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_delete_resources", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_write_resources", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "can_read_resources", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "owner", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "owner", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "owner", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "owner", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "owner", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "writer", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "writer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "writer", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "writer", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "writer", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "reader", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "reader", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "reader", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "reader", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "reader", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_write", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_write", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_write", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_write", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_write", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_read", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_read", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_read", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_read", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "citadel-adventures", + "relation": "can_read", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "owner", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "owner", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "owner", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "owner", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "owner", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "writer", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "writer", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "writer", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "writer", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "writer", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "reader", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "reader", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "reader", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "reader", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "reader", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_delete", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_write", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_write", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": false + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_write", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_write", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_write", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_read", + "subject_type": "user", + "subject_id": "rick@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_read", + "subject_type": "user", + "subject_id": "morty@the-citadel.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_read", + "subject_type": "user", + "subject_id": "summer@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_read", + "subject_type": "user", + "subject_id": "beth@the-smiths.com" + }, + "expected": true + }, + { + "check": { + "object_type": "resource", + "object_id": "smiths-budget", + "relation": "can_read", + "subject_type": "user", + "subject_id": "jerry@the-smiths.com" + }, + "expected": true + }, + + + + + { + "check": { + "object_type": "tenant", + "object_id": "citadel", + "relation": "system", + "subject_type": "system", + "subject_id": "system" + }, + "expected": true + }, + { + "check": { + "object_type": "tenant", + "object_id": "smiths", + "relation": "system", + "subject_type": "system", + "subject_id": "system" + }, + "expected": true + } + ] +} diff --git a/static/assets/templates/templates.json b/static/assets/templates/templates.json index a5e56da..f5f828a 100644 --- a/static/assets/templates/templates.json +++ b/static/assets/templates/templates.json @@ -31,6 +31,14 @@ "topaz_url": "gdrive.json", "hosted_url": "hosted/gdrive.json" }, + "api-auth": { + "title": "API Authorization", + "short_description": "Template for authorization of servics and endpoints", + "description": "The API Authorization template defines services and endpoints. You can import an OpenAPI spec and automatically generate services, endpoints, and groups for entitling users to a whole service, specific endpoints, or certain HTTP methods. You can evolve it to fit your needs.", + "docs_url": "https://docs.aserto.com/docs/quickstarts/api-auth/overview", + "topaz_url": "api-auth.json", + "hosted_url": "hosted/api-auth.json" + }, "slack": { "title": "Slack", "short_description": "Authorization template for workspaces and channels", @@ -41,10 +49,18 @@ }, "github": { "title": "GitHub", - "short_description": "Authorization template for repositories, organizations and teams.", + "short_description": "Authorization template for repositories, organizations and teams", "description": "The GitHub template defines repositories, organization and teams. Repos are owned by organizations, and their permissions are either assigned directly through relations, or inherited from the organization. You can evolve it to fit your needs.", "docs_url": "https://docs.aserto.com/docs/quickstarts/github/overview", "topaz_url": "github.json", "hosted_url": "hosted/github.json" + }, + "multi-tenant": { + "title": "Multi-Tenant RBAC", + "short_description": "Multi-tenant RBAC authorization template", + "description": "A multi-tenant authorization template in which resources belong to tenants and users can have different roles in different tenants, as well as system-wide roles. Tenant roles grant access to tenant resources, while system roles grant access to resources across all tenants. You can evolve it to fit your needs.", + "docs_url": "https://docs.aserto.com/docs/quickstarts/multi-tenant/overview", + "topaz_url": "multi-tenant.json", + "hosted_url": "hosted/multi-tenant.json" } }