b90ad2524f
The Tasks API was made admin-only in Mitaka to prevent it from being exposed directly to end users. The interoperable image import process introduced in Pike uses the tasks engine to perform the import. This patch introduces a new policy, 'tasks_api_access', that determines whether a user can make Tasks API calls. The currently existing task-related policies are retained so that operators can have fine-grained control over tasks. With this new policy, operators can restrict Tasks API access to admins, while at the same time, admin-level credentials are not required for glance to perform task-related functions on behalf of users. Change-Id: I3f66f7efa7c377d999a88457fc6492701a894f34 Closes-bug: #1711468
64 lines
1.4 KiB
JSON
64 lines
1.4 KiB
JSON
{
|
|
"context_is_admin": "role:admin",
|
|
"default": "role:admin",
|
|
|
|
"add_image": "",
|
|
"delete_image": "",
|
|
"get_image": "",
|
|
"get_images": "",
|
|
"modify_image": "",
|
|
"publicize_image": "role:admin",
|
|
"communitize_image": "",
|
|
"copy_from": "",
|
|
|
|
"download_image": "",
|
|
"upload_image": "",
|
|
|
|
"delete_image_location": "",
|
|
"get_image_location": "",
|
|
"set_image_location": "",
|
|
|
|
"add_member": "",
|
|
"delete_member": "",
|
|
"get_member": "",
|
|
"get_members": "",
|
|
"modify_member": "",
|
|
|
|
"manage_image_cache": "role:admin",
|
|
|
|
"get_task": "",
|
|
"get_tasks": "",
|
|
"add_task": "",
|
|
"modify_task": "",
|
|
"tasks_api_access": "role:admin",
|
|
|
|
"deactivate": "",
|
|
"reactivate": "",
|
|
|
|
"get_metadef_namespace": "",
|
|
"get_metadef_namespaces":"",
|
|
"modify_metadef_namespace":"",
|
|
"add_metadef_namespace":"",
|
|
|
|
"get_metadef_object":"",
|
|
"get_metadef_objects":"",
|
|
"modify_metadef_object":"",
|
|
"add_metadef_object":"",
|
|
|
|
"list_metadef_resource_types":"",
|
|
"get_metadef_resource_type":"",
|
|
"add_metadef_resource_type_association":"",
|
|
|
|
"get_metadef_property":"",
|
|
"get_metadef_properties":"",
|
|
"modify_metadef_property":"",
|
|
"add_metadef_property":"",
|
|
|
|
"get_metadef_tag":"",
|
|
"get_metadef_tags":"",
|
|
"modify_metadef_tag":"",
|
|
"add_metadef_tag":"",
|
|
"add_metadef_tags":""
|
|
|
|
}
|