K2HR3 - K2Hdkc based Resource and Roles and policy Rules
K2HR3 system overview
K2HR3 (K2Hdkc based Resource and Roles and policy Rules) is one of extended RBAC (Role Based Access Control) system.
K2HR3 works as RBAC in cooperation with OpenStack which is one of IaaS(Infrastructure as a Service), and also provides useful functions for using RBAC.
K2HR3 is a system that defines and controls HOW(policy Rule), WHO(Role), WHAT(Resource), as RBAC.
Users of K2HR3 can define Role(WHO) groups to access freely defined Resource(WHAT) and control access by policy Rule(HOW).
By defining the information and assets required for any system as a Resource(WHAT), K2HR3 system can give the opportunity to provide access control in every situation.
K2HR3 provides +SERVICE feature, it strongly supports user system, function and information linkage.
The K2HR3 system consists of several subsystems and components.
They are registered as submodules in this repository.
Below is a brief description of each submodule.
K2HR3 Web Application
K2HR3 Web Application is one subsystem of K2HR3 system.
This is accessed from the browser by users and operates as the control panel of the K2HR3 system.
K2HR3 Web Application is created with React.js and Node.js.
User can manipulate Roles, policy Rules, Resource, Service data using this K2HR3 Web Application.
K2HR3 REST API
K2HR3 REST API provides for manipulating data such as ROLE, POLICY RULE, RESOURCE and SERVICE stored in the K2HR3 Data Server(k2hdkc).
Using the K2HR3 REST API provided by this K2HR3 API server, the K2HR3 Web Application and its Web Server communicates with the K2HR3 Data Server(k2hdkc).
And users and hosts of the ROLE member directly call this K2HR3 REST API on this K2HR3 API Server, and get/put RESOURCE data.
K2HR3 OpenStack Notification Listener
K2HR3 OpenStack Notification Listener is an OpenStack Notification Listener that listens to notifications from OpenStack services.
OpenStack services emit notifications to the message bus, which is provided by oslo.messaging transports notification messages to a message broker server.
The default broker server is RabbitMQ.
When K2HR3 OpenStack Notification Listener catches a notification message from RabbitMQ, it sends the payload to the K2hR3 system.
K2HR3 Utilities is a utility for the quick setup K2HR3 system.
This will easily set up all the subcomponents of the K2HR3 system(K2HR3 Web Application and Web Server, K2HR3 REST API, K2HR3 Data Server(k2hdkc), K2HR3 OpenStack Notification Listener). You can test the K2HR3 system in this environment. Before using K2HR3 Utilities, OpenStack must be set up in the your environment.
How to use K2HR3 Utilities is explained in K2HR3 Setup.
This software is released under the MIT License, see the license file.
K2HR3 is one of AntPickax products.
Copyright(C) 2017 Yahoo Japan Corporation.