Repository: airavata Updated Branches: refs/heads/develop d1a6e5566 -> cd243d3bb
updating default xacml policy Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/cd243d3b Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/cd243d3b Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/cd243d3b Branch: refs/heads/develop Commit: cd243d3bb6b141e072c831d02180bb3873fc9dce Parents: d1a6e55 Author: scnakandala <[email protected]> Authored: Mon May 2 18:06:53 2016 -0400 Committer: scnakandala <[email protected]> Committed: Mon May 2 18:06:53 2016 -0400 ---------------------------------------------------------------------- .../resources/airavata-default-xacml-policy.xml | 206 +++++++++++-------- 1 file changed, 117 insertions(+), 89 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/cd243d3b/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml ---------------------------------------------------------------------- diff --git a/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml b/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml index 0801360..bee5b47 100644 --- a/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml +++ b/modules/configuration/server/src/main/resources/airavata-default-xacml-policy.xml @@ -29,43 +29,78 @@ <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>^(?:(?! +/airavata/getSSHPubKey| +/airavata/getAllGatewaySSHPubKeys| +/airavata/getAllGatewayPWDCredentials| +/airavata/getApplicationModule| +/airavata/getAllAppModules| +/airavata/getApplicationDeployment| +/airavata/getAllApplicationDeployments| +/airavata/getAppModuleDeployedResources| +/airavata/getStorageResource| +/airavata/getAllStorageResourceNames| +/airavata/getSCPDataMovement| +/airavata/getUnicoreDataMovement| +/airavata/getGridFTPDataMovement| +/airavata/getResourceJobManager| +/airavata/deleteResourceJobManager| +/airavata/getGatewayResourceProfile| +/airavata/getGatewayComputeResourcePreference| +/airavata/getGatewayStoragePreference| +/airavata/getAllGatewayComputeResourcePreferences| +/airavata/getAllGatewayStoragePreferences| +/airavata/getAllGatewayResourceProfiles| /airavata/getAPIVersion| -/airavata/addGateway| -/airavata/deleteteway| -/airavata/updateGateway| -/airavata/registerApplicationModule| -/airavata/deleteApplicationModule| -/airavata/updateApplicationInterface| -/airavata/deleteApplicationInterface| -/airavata/updateApplicationDeployment| -/airavata/registerApplicationDeployment| -/airavata/deleteApplicationDeployment| -/airavata/updateComputeResource| -/airavata/registerComputeResource| -/airavata/deleteBatchQueue| -/airavata/updateResourceJobManager| -/airavata/addLocalSubmissionDetails| -/airavata/updateResourceJobManager| -/airavaa/updateSSHJobSubmissionDetails| -/airavata/addSSHJobSubmissionDetails| -/airavata/addSSHForkJobSubmissionDetails| -/airavata/updateUnicoreJobSubmissionDetails| -/airavata/addUNICOREJobSubmissionDetails| -/airavata/addLocalDataMovementDetails| -/airavata/updateSCPDataMovementDetails| -/airavata/addSCPDataMovementDetails| -/airavata/updateGridFTPDataMovementDetails| -/airavata/addGridFTPDataMovementDetails| -/airavata/updateUnicoreDataMovementDetails| -/airavata/addUnicoreDataMovementDetails| -/airavata/deleteJobSubmissionInterface| -/airavata/deleteDataMovementInterface| -/airavata/deleteComputeResource| -/airavata/updateGatewayResourceProfile| -/airavata/registerGatewayResourceProfile| -/airavata/addGatewayComputeResourcePreference| -/airavata/deleteGatewayResourceProfile| -/airavata/deleteGatewayComputeResourcePreference).)*$\r?\n? +/airavata/getNotification| +/airavata/getAllNotifications| +/airavata/createProject| +/airavata/updateProject| +/airavata/getProject| +/airavata/deleteProject| +/airavata/getUserProjects| +/airavata/searchProjectsByProjectName| +/airavata/searchProjectsByProjectDesc| +/airavata/searchExperimentsByName| +/airavata/searchExperimentsByDesc| +/airavata/searchExperimentsByApplication| +/airavata/searchExperimentsByStatus| +/airavata/searchExperimentsByCreationTime| +/airavata/searchExperiments| +/airavata/getExperimentStatistics| +/airavata/getExperimentsInProject| +/airavata/getUserExperiments| +/airavata/createExperiment| +/airavata/deleteExperiment| +/airavata/getExperiment| +/airavata/getDetailedExperimentTree| +/airavata/updateExperiment| +/airavata/updateExperimentConfiguration| +/airavata/updateResourceScheduleing| +/airavata/validateExperiment| +/airavata/launchExperiment| +/airavata/getExperimentStatus| +/airavata/getExperimentOutputs| +/airavata/getIntermediateOutputs| +/airavata/getJobStatuses| +/airavata/getJobDetails| +/airavata/cloneExperiment| +/airavata/terminateExperiment| +/airavata/getApplicationInterface| +/airavata/getAllApplicationInterfaceNames| +/airavata/getAllApplicationInterfaces| +/airavata/getApplicationInputs| +/airavata/getApplicationOutputs| +/airavata/getAvailableAppInterfaceComputeResources| +/airavata/getComputeResource| +/airavata/getAllComputeResourceNames| +/airavata/getWorkflow| +/airavata/getWorkflowTemplateId| +/airavata/isWorkflowExistWithName| +/airavata/registerDataProduct| +/airavata/getDataProduct| +/airavata/registerReplicaLocation| +/airavata/getParentDataProduct| +/airavata/getChildDataProducts).)*$\r?\n? </AttributeValue> <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" @@ -90,63 +125,56 @@ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>^(?:(?! /airavata/getAPIVersion| -/airavata/addGateway| +/airavata/getNotification| +/airavata/getAllNotifications| +/airavata/createProject| +/airavata/updateProject| +/airavata/getProject| +/airavata/deleteProject| +/airavata/getUserProjects| +/airavata/searchProjectsByProjectName| +/airavata/searchProjectsByProjectDesc| +/airavata/searchExperimentsByName| +/airavata/searchExperimentsByDesc| +/airavata/searchExperimentsByApplication| +/airavata/searchExperimentsByStatus| +/airavata/searchExperimentsByCreationTime| +/airavata/searchExperiments| /airavata/getExperimentStatistics| -/airavata/deleteteway| -/airavata/updateGateway| -/airavata/registerApplicationModule| -/airavata/deleteApplicationModule| -/airavata/getAllApplicationInterfaces| -/airavata/updateApplicationInterface| -/airavata/deleteApplicationInterface| -/airavata/getAllComputeResourceNames| -/airavata/getAllApplicationDeployments| -/airavata/updateApplicationDeployment| -/airavata/registerApplicationDeployment| -/airavata/deleteApplicationDeployment| -/airavata/getAllAppModules| +/airavata/getExperimentsInProject| +/airavata/getUserExperiments| +/airavata/createExperiment| +/airavata/deleteExperiment| +/airavata/getExperiment| +/airavata/getDetailedExperimentTree| +/airavata/updateExperiment| +/airavata/updateExperimentConfiguration| +/airavata/updateResourceScheduleing| +/airavata/validateExperiment| +/airavata/launchExperiment| +/airavata/getExperimentStatus| +/airavata/getExperimentOutputs| +/airavata/getIntermediateOutputs| +/airavata/getJobStatuses| +/airavata/getJobDetails| +/airavata/cloneExperiment| +/airavata/terminateExperiment| /airavata/getApplicationInterface| +/airavata/getAllApplicationInterfaceNames| +/airavata/getAllApplicationInterfaces| /airavata/getApplicationInputs| /airavata/getApplicationOutputs| -/airavata/updateComputeResource| +/airavata/getAvailableAppInterfaceComputeResources| /airavata/getComputeResource| -/airavata/registerComputeResource| -/airavata/deleteBatchQueue| -/airavata/getLocalJobSubmission| -/airavata/updateResourceJobManager| -/airavata/addLocalSubmissionDetails| -/airavata/getSSHJobSubmission| -/airavata/updateResourceJobManager| -/airavata/getresourceJobManager| -/airavaa/updateSSHJobSubmissionDetails| -/airavata/addSSHJobSubmissionDetails| -/airavata/addSSHForkJobSubmissionDetails| -/airavata/getUnicoreJobSubmission| -/airavata/updateUnicoreJobSubmissionDetails| -/airavata/addUNICOREJobSubmissionDetails| -/airavata/addLocalDataMovementDetails| -/airavata/updateSCPDataMovementDetails| -/airavata/addSCPDataMovementDetails| -/airavata/updateGridFTPDataMovementDetails| -/airavata/addGridFTPDataMovementDetails| -/airavata/updateUnicoreDataMovementDetails| -/airavata/addUnicoreDataMovementDetails| -/airavata/getCloudJobSubmission| -/airavata/getSCPDataMovement| -/airavata/getGridFTPDataMovement| -/airavata/getUnicoreDataMovement| -/airavata/deleteJobSubmissionInterface| -/airavata/deleteDataMovementInterface| -/airavata/deleteComputeResource| -/airavata/updateGatewayResourceProfile| -/airavata/registerGatewayResourceProfile| -/airavata/getAllGateways| -/airavata/getGateway| -/airavata/getAllGatewayComputeResources| -/airavata/addGatewayComputeResourcePreference| -/airavata/deleteGatewayResourceProfile| -/airavata/deleteGatewayComputeResourcePreference| -/airavata/getAvailableAppInterfaceComputeResources).)*$\r?\n? +/airavata/getAllComputeResourceNames| +/airavata/getWorkflow| +/airavata/getWorkflowTemplateId| +/airavata/isWorkflowExistWithName| +/airavata/registerDataProduct| +/airavata/getDataProduct| +/airavata/registerReplicaLocation| +/airavata/getParentDataProduct| +/airavata/getChildDataProducts).)*$\r?\n? </AttributeValue> <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" @@ -157,7 +185,7 @@ </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>airavata-user</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>gateway-user</AttributeValue> <AttributeDesignator AttributeId="http://wso2.org/claims/role"; Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/>
