be42f2035a
This patch adds policy based Role Based Access Control to the Ceilometer V2 APIs. Validation/Enforcement of the policy is executed for the different controllers and hence it is possible to granularly control access. Co-Authored-By: Fabio Giannetti <fabio.giannetti@hp.com> Change-Id: I788b9b31c8cfba9f3caa19f1f6d465a3f81101ad
32 lines
1.3 KiB
Plaintext
32 lines
1.3 KiB
Plaintext
{
|
|
"context_is_admin": "role:admin",
|
|
"context_is_project": "project_id:%(target.project_id)s",
|
|
"context_is_owner": "user_id:%(target.user_id)s",
|
|
"segregation": "rule:context_is_admin",
|
|
"service_role": "role:service",
|
|
"iaas_role": "role:iaas",
|
|
|
|
"telemetry:get_samples": "rule:service_role or rule:iaas_role",
|
|
"telemetry:get_sample": "rule:context_is_project",
|
|
"telemetry:query_sample": "rule:context_is_admin",
|
|
"telemetry:create_samples": "rule:context_is_admin",
|
|
|
|
"telemetry:compute_statistics": "rule:context_is_admin",
|
|
"telemetry:get_meters": "rule:context_is_admin",
|
|
|
|
"telemetry:get_resource": "rule:context_is_admin",
|
|
"telemetry:get_resources": "rule:context_is_admin",
|
|
|
|
"telemetry:get_alarm": "rule:context_is_admin",
|
|
"telemetry:query_alarm": "rule:context_is_admin",
|
|
"telemetry:get_alarm_state": "rule:context_is_admin",
|
|
"telemetry:get_alarms": "rule:context_is_admin",
|
|
"telemetry:create_alarm": "rule:context_is_admin",
|
|
"telemetry:set_alarm": "rule:context_is_admin",
|
|
"telemetry:delete_alarm": "rule:context_is_admin",
|
|
|
|
"telemetry:alarm_history": "rule:context_is_admin",
|
|
"telemetry:change_alarm_state": "rule:context_is_admin",
|
|
"telemetry:query_alarm_history": "rule:context_is_admin"
|
|
}
|