Sync default policy rules
This patch updates default policy-in-code rules in horizon based on nova/neutron/keystone/glance/cinder RC deliverables. It also bumps a few packages versions in lower-constraints.txt and requirements.txt to fix the failed lower-constraints job after updating policy rules. Change-Id: I168bb171076e3442b29670461a29d12c9988df52
This commit is contained in:
manchandavishal
parent
1bb9092abf
commit
05473b765e
@ -54,19 +54,19 @@ openstacksdk==0.11.2
|
||||
os-client-config==1.28.0
|
||||
os-service-types==1.2.0
|
||||
osc-lib==1.8.0
|
||||
oslo.concurrency==3.26.0
|
||||
oslo.config==5.2.0
|
||||
oslo.context==2.22.0
|
||||
oslo.i18n==5.0.1
|
||||
oslo.log==3.36.0
|
||||
oslo.concurrency==4.5.0
|
||||
oslo.config==8.8.0
|
||||
oslo.context==4.1.0
|
||||
oslo.i18n==5.1.0
|
||||
oslo.log==4.7.0
|
||||
oslo.messaging==5.29.0
|
||||
oslo.middleware==3.31.0
|
||||
oslo.policy==3.2.0
|
||||
oslo.serialization==2.18.0
|
||||
oslo.policy==3.11.0
|
||||
oslo.serialization==4.3.0
|
||||
oslo.service==1.24.0
|
||||
oslo.upgradecheck==0.1.1
|
||||
oslo.utils==4.8.0
|
||||
osprofiler==2.3.0
|
||||
oslo.upgradecheck==1.5.0
|
||||
oslo.utils==4.12.0
|
||||
osprofiler==3.4.2
|
||||
Paste==2.0.2
|
||||
PasteDeploy==1.5.0
|
||||
pbr==5.5.0
|
||||
@ -97,14 +97,14 @@ python-neutronclient==6.7.0
|
||||
python-novaclient==9.1.0
|
||||
python-swiftclient==3.2.0
|
||||
pytz==2013.6
|
||||
PyYAML==3.12
|
||||
PyYAML==6.0
|
||||
rcssmin==1.0.6
|
||||
reno==3.1.0
|
||||
repoze.lru==0.7
|
||||
requests==2.25.1
|
||||
requestsexceptions==1.2.0
|
||||
restructuredtext-lint==1.1.1
|
||||
rfc3986==0.3.1
|
||||
rfc3986==1.5.0
|
||||
rjsmin==1.1.0
|
||||
Routes==2.3.1
|
||||
selenium==2.50.1
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,13 +1,9 @@
|
||||
- check_str: ''
|
||||
deprecated_reason: In order to allow operators to accept the default policies from
|
||||
code by not defining them in the policy file, while still working with old policy
|
||||
files that rely on the ``default`` rule for policies that are not specified in
|
||||
the policy file, the ``default`` rule must now be explicitly set to ``"role:admin"``
|
||||
when that is the desired default for unspecified rules.
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: role:admin
|
||||
name: default
|
||||
deprecated_since: Ussuri
|
||||
deprecated_since: null
|
||||
description: Defines the default rule used for policies that historically had an
|
||||
empty policy in the supplied policy.json file.
|
||||
name: default
|
||||
@ -18,16 +14,12 @@
|
||||
name: context_is_admin
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: role:role:admin or (role:member and project_id:%(project_id)s and project_id:%(owner)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s and project_id:%(owner)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: add_image
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Create new image
|
||||
name: add_image
|
||||
operations:
|
||||
@ -37,15 +29,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: delete_image
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Deletes the image
|
||||
name: delete_image
|
||||
operations:
|
||||
@ -55,16 +43,12 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s
|
||||
or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: get_image
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Get specified image
|
||||
name: get_image
|
||||
operations:
|
||||
@ -74,15 +58,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: get_images
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Get all available images
|
||||
name: get_images
|
||||
operations:
|
||||
@ -92,15 +72,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: modify_image
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Updates given image
|
||||
name: modify_image
|
||||
operations:
|
||||
@ -119,15 +95,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: communitize_image
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Communitize given image
|
||||
name: communitize_image
|
||||
operations:
|
||||
@ -137,16 +109,12 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s
|
||||
or "community":%(visibility)s or "public":%(visibility)s))
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: download_image
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Downloads given image
|
||||
name: download_image
|
||||
operations:
|
||||
@ -156,15 +124,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: upload_image
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Uploads data to specified image
|
||||
name: upload_image
|
||||
operations:
|
||||
@ -174,15 +138,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: delete_image_location
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Deletes the location of given image
|
||||
name: delete_image_location
|
||||
operations:
|
||||
@ -192,15 +152,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: get_image_location
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Reads the location of the image
|
||||
name: get_image_location
|
||||
operations:
|
||||
@ -210,15 +166,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: set_image_location
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Sets location URI to given image
|
||||
name: set_image_location
|
||||
operations:
|
||||
@ -228,15 +180,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: add_member
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Create image member
|
||||
name: add_member
|
||||
operations:
|
||||
@ -246,15 +194,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: delete_member
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Delete image member
|
||||
name: delete_member
|
||||
operations:
|
||||
@ -264,15 +208,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: get_member
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Show image member details
|
||||
name: get_member
|
||||
operations:
|
||||
@ -282,15 +222,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: get_members
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: List image members
|
||||
name: get_members
|
||||
operations:
|
||||
@ -300,15 +236,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(member_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: modify_member
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Update image member
|
||||
name: modify_member
|
||||
operations:
|
||||
@ -325,15 +257,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: deactivate
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Deactivate image
|
||||
name: deactivate
|
||||
operations:
|
||||
@ -343,15 +271,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: '
|
||||
|
||||
The image API now supports roles.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: reactivate
|
||||
deprecated_since: W
|
||||
deprecated_since: null
|
||||
description: Reactivate image
|
||||
name: reactivate
|
||||
operations:
|
||||
@ -370,18 +294,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:default
|
||||
deprecated_reason: '
|
||||
|
||||
From Xena we are enforcing policy checks in the API and policy layer where task
|
||||
policies were enforcing will be removed. Since task APIs are already deprecated
|
||||
and `tasks_api_access` is checked for each API at API layer, there will be no
|
||||
benefit of other having other task related policies.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: get_task
|
||||
deprecated_since: X
|
||||
deprecated_since: null
|
||||
description: 'Get an image task.
|
||||
|
||||
|
||||
@ -406,18 +323,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:default
|
||||
deprecated_reason: '
|
||||
|
||||
From Xena we are enforcing policy checks in the API and policy layer where task
|
||||
policies were enforcing will be removed. Since task APIs are already deprecated
|
||||
and `tasks_api_access` is checked for each API at API layer, there will be no
|
||||
benefit of other having other task related policies.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: get_task
|
||||
deprecated_since: X
|
||||
name: get_tasks
|
||||
deprecated_since: null
|
||||
description: 'List tasks for all images.
|
||||
|
||||
|
||||
@ -442,18 +352,11 @@
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:default
|
||||
deprecated_reason: '
|
||||
|
||||
From Xena we are enforcing policy checks in the API and policy layer where task
|
||||
policies were enforcing will be removed. Since task APIs are already deprecated
|
||||
and `tasks_api_access` is checked for each API at API layer, there will be no
|
||||
benefit of other having other task related policies.
|
||||
|
||||
'
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:default
|
||||
name: add_task
|
||||
deprecated_since: X
|
||||
deprecated_since: null
|
||||
description: 'List tasks for all images.
|
||||
|
||||
|
||||
@ -528,133 +431,337 @@
|
||||
name: metadef_admin
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: get_metadef_namespace
|
||||
deprecated_since: null
|
||||
description: Get a specific namespace.
|
||||
name: get_metadef_namespace
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces/{namespace_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: get_metadef_namespaces
|
||||
deprecated_since: null
|
||||
description: List namespace.
|
||||
name: get_metadef_namespaces
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Modify an existing namespace.
|
||||
name: modify_metadef_namespace
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/metadefs/namespaces/{namespace_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Create a namespace.
|
||||
name: add_metadef_namespace
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/metadefs/namespaces
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Delete a namespace.
|
||||
name: delete_metadef_namespace
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/metadefs/namespaces/{namespace_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: get_metadef_object
|
||||
deprecated_since: null
|
||||
description: Get a specific object from a namespace.
|
||||
name: get_metadef_object
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: get_metadef_objects
|
||||
deprecated_since: null
|
||||
description: Get objects from a namespace.
|
||||
name: get_metadef_objects
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/objects
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Update an object within a namespace.
|
||||
name: modify_metadef_object
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Create an object within a namespace.
|
||||
name: add_metadef_object
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/objects
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Delete an object within a namespace.
|
||||
name: delete_metadef_object
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: list_metadef_resource_types
|
||||
deprecated_since: null
|
||||
description: List meta definition resource types.
|
||||
name: list_metadef_resource_types
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/resource_types
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: get_metadef_resource_type
|
||||
deprecated_since: null
|
||||
description: Get meta definition resource types associations.
|
||||
name: get_metadef_resource_type
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/resource_types
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Create meta definition resource types association.
|
||||
name: add_metadef_resource_type_association
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/resource_types
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Delete meta definition resource types association.
|
||||
name: remove_metadef_resource_type_association
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/resource_types/{name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: get_metadef_property
|
||||
deprecated_since: null
|
||||
description: Get a specific meta definition property.
|
||||
name: get_metadef_property
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: get_metadef_properties
|
||||
deprecated_since: null
|
||||
description: List meta definition properties.
|
||||
name: get_metadef_properties
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/properties
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Update meta definition property.
|
||||
name: modify_metadef_property
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Create meta definition property.
|
||||
name: add_metadef_property
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/properties
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Delete meta definition property.
|
||||
name: remove_metadef_property
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: get_metadef_tag
|
||||
deprecated_since: null
|
||||
description: Get tag definition.
|
||||
name: get_metadef_tag
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:metadef_default
|
||||
description: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:metadef_default
|
||||
name: get_metadef_tags
|
||||
deprecated_since: null
|
||||
description: List tag definitions.
|
||||
name: get_metadef_tags
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/tags
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Update tag definition.
|
||||
name: modify_metadef_tag
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Add tag definition.
|
||||
name: add_metadef_tag
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Create tag definitions.
|
||||
name: add_metadef_tags
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/tags
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Delete tag definition.
|
||||
name: delete_metadef_tag
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: rule:metadef_admin
|
||||
description: null
|
||||
description: Delete tag definitions.
|
||||
name: delete_metadef_tags
|
||||
operations: []
|
||||
scope_types: null
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/metadefs/namespaces/{namespace_name}/tags
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
- check_str: role:admin
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:manage_image_cache
|
||||
name: cache_image
|
||||
deprecated_since: null
|
||||
description: Queue image for caching
|
||||
name: cache_image
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/cache/{image_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:admin
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:manage_image_cache
|
||||
name: cache_list
|
||||
deprecated_since: null
|
||||
description: List cache status
|
||||
name: cache_list
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/cache
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:admin
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:manage_image_cache
|
||||
name: cache_delete
|
||||
deprecated_since: null
|
||||
description: Delete image(s) from cache and/or queue
|
||||
name: cache_delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/cache
|
||||
- method: DELETE
|
||||
path: /v2/cache/{image_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:admin
|
||||
description: Expose store specific information
|
||||
name: stores_info_detail
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/info/stores/detail
|
||||
scope_types:
|
||||
- system
|
||||
- project
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -40,14 +40,14 @@
|
||||
# Get specified image
|
||||
# GET /v2/images/{image_id}
|
||||
# Intended scope(s): system, project
|
||||
#"get_image": "role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))"
|
||||
#"get_image": "role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
||||
|
||||
# DEPRECATED
|
||||
# "get_image":"rule:default" has been deprecated since W in favor of
|
||||
# "get_image":"role:admin or (role:reader and
|
||||
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
||||
# "community":%(visibility)s or "public":%(visibility)s or
|
||||
# "shared":%(visibility)s))".
|
||||
# 'community':%(visibility)s or 'public':%(visibility)s or
|
||||
# 'shared':%(visibility)s))".
|
||||
# The image API now supports roles.
|
||||
|
||||
# Get all available images
|
||||
@ -91,14 +91,14 @@
|
||||
# Downloads given image
|
||||
# GET /v2/images/{image_id}/file
|
||||
# Intended scope(s): system, project
|
||||
#"download_image": "role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))"
|
||||
#"download_image": "role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
||||
|
||||
# DEPRECATED
|
||||
# "download_image":"rule:default" has been deprecated since W in favor
|
||||
# of "download_image":"role:admin or (role:member and
|
||||
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
||||
# "community":%(visibility)s or "public":%(visibility)s or
|
||||
# "shared":%(visibility)s))".
|
||||
# 'community':%(visibility)s or 'public':%(visibility)s or
|
||||
# 'shared':%(visibility)s))".
|
||||
# The image API now supports roles.
|
||||
|
||||
# Uploads data to specified image
|
||||
@ -319,55 +319,235 @@
|
||||
|
||||
#"metadef_admin": "role:admin"
|
||||
|
||||
#"get_metadef_namespace": "rule:metadef_default"
|
||||
# Get a specific namespace.
|
||||
# GET /v2/metadefs/namespaces/{namespace_name}
|
||||
# Intended scope(s): system, project
|
||||
#"get_metadef_namespace": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
|
||||
#"get_metadef_namespaces": "rule:metadef_default"
|
||||
# DEPRECATED
|
||||
# "get_metadef_namespace":"rule:metadef_default" has been deprecated
|
||||
# since X in favor of "get_metadef_namespace":"role:admin or
|
||||
# (role:reader and (project_id:%(project_id)s or
|
||||
# 'public':%(visibility)s))".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# List namespace.
|
||||
# GET /v2/metadefs/namespaces
|
||||
# Intended scope(s): system, project
|
||||
#"get_metadef_namespaces": "role:admin or (role:reader and project_id:%(project_id)s)"
|
||||
|
||||
# DEPRECATED
|
||||
# "get_metadef_namespaces":"rule:metadef_default" has been deprecated
|
||||
# since X in favor of "get_metadef_namespaces":"role:admin or
|
||||
# (role:reader and project_id:%(project_id)s)".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# Modify an existing namespace.
|
||||
# PUT /v2/metadefs/namespaces/{namespace_name}
|
||||
# Intended scope(s): system, project
|
||||
#"modify_metadef_namespace": "rule:metadef_admin"
|
||||
|
||||
# Create a namespace.
|
||||
# POST /v2/metadefs/namespaces
|
||||
# Intended scope(s): system, project
|
||||
#"add_metadef_namespace": "rule:metadef_admin"
|
||||
|
||||
# Delete a namespace.
|
||||
# DELETE /v2/metadefs/namespaces/{namespace_name}
|
||||
# Intended scope(s): system, project
|
||||
#"delete_metadef_namespace": "rule:metadef_admin"
|
||||
|
||||
#"get_metadef_object": "rule:metadef_default"
|
||||
# Get a specific object from a namespace.
|
||||
# GET /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||
# Intended scope(s): system, project
|
||||
#"get_metadef_object": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
|
||||
#"get_metadef_objects": "rule:metadef_default"
|
||||
# DEPRECATED
|
||||
# "get_metadef_object":"rule:metadef_default" has been deprecated
|
||||
# since X in favor of "get_metadef_object":"role:admin or (role:reader
|
||||
# and (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# Get objects from a namespace.
|
||||
# GET /v2/metadefs/namespaces/{namespace_name}/objects
|
||||
# Intended scope(s): system, project
|
||||
#"get_metadef_objects": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
|
||||
# DEPRECATED
|
||||
# "get_metadef_objects":"rule:metadef_default" has been deprecated
|
||||
# since X in favor of "get_metadef_objects":"role:admin or
|
||||
# (role:reader and (project_id:%(project_id)s or
|
||||
# 'public':%(visibility)s))".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# Update an object within a namespace.
|
||||
# PUT /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||
# Intended scope(s): system, project
|
||||
#"modify_metadef_object": "rule:metadef_admin"
|
||||
|
||||
# Create an object within a namespace.
|
||||
# POST /v2/metadefs/namespaces/{namespace_name}/objects
|
||||
# Intended scope(s): system, project
|
||||
#"add_metadef_object": "rule:metadef_admin"
|
||||
|
||||
# Delete an object within a namespace.
|
||||
# DELETE /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||
# Intended scope(s): system, project
|
||||
#"delete_metadef_object": "rule:metadef_admin"
|
||||
|
||||
#"list_metadef_resource_types": "rule:metadef_default"
|
||||
# List meta definition resource types.
|
||||
# GET /v2/metadefs/resource_types
|
||||
# Intended scope(s): system, project
|
||||
#"list_metadef_resource_types": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
|
||||
#"get_metadef_resource_type": "rule:metadef_default"
|
||||
# DEPRECATED
|
||||
# "list_metadef_resource_types":"rule:metadef_default" has been
|
||||
# deprecated since X in favor of
|
||||
# "list_metadef_resource_types":"role:admin or (role:reader and
|
||||
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# Get meta definition resource types associations.
|
||||
# GET /v2/metadefs/namespaces/{namespace_name}/resource_types
|
||||
# Intended scope(s): system, project
|
||||
#"get_metadef_resource_type": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
|
||||
# DEPRECATED
|
||||
# "get_metadef_resource_type":"rule:metadef_default" has been
|
||||
# deprecated since X in favor of
|
||||
# "get_metadef_resource_type":"role:admin or (role:reader and
|
||||
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# Create meta definition resource types association.
|
||||
# POST /v2/metadefs/namespaces/{namespace_name}/resource_types
|
||||
# Intended scope(s): system, project
|
||||
#"add_metadef_resource_type_association": "rule:metadef_admin"
|
||||
|
||||
# Delete meta definition resource types association.
|
||||
# POST /v2/metadefs/namespaces/{namespace_name}/resource_types/{name}
|
||||
# Intended scope(s): system, project
|
||||
#"remove_metadef_resource_type_association": "rule:metadef_admin"
|
||||
|
||||
#"get_metadef_property": "rule:metadef_default"
|
||||
# Get a specific meta definition property.
|
||||
# GET /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||
# Intended scope(s): system, project
|
||||
#"get_metadef_property": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
|
||||
#"get_metadef_properties": "rule:metadef_default"
|
||||
# DEPRECATED
|
||||
# "get_metadef_property":"rule:metadef_default" has been deprecated
|
||||
# since X in favor of "get_metadef_property":"role:admin or
|
||||
# (role:reader and (project_id:%(project_id)s or
|
||||
# 'public':%(visibility)s))".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# List meta definition properties.
|
||||
# GET /v2/metadefs/namespaces/{namespace_name}/properties
|
||||
# Intended scope(s): system, project
|
||||
#"get_metadef_properties": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
|
||||
# DEPRECATED
|
||||
# "get_metadef_properties":"rule:metadef_default" has been deprecated
|
||||
# since X in favor of "get_metadef_properties":"role:admin or
|
||||
# (role:reader and (project_id:%(project_id)s or
|
||||
# 'public':%(visibility)s))".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# Update meta definition property.
|
||||
# GET /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||
# Intended scope(s): system, project
|
||||
#"modify_metadef_property": "rule:metadef_admin"
|
||||
|
||||
# Create meta definition property.
|
||||
# POST /v2/metadefs/namespaces/{namespace_name}/properties
|
||||
# Intended scope(s): system, project
|
||||
#"add_metadef_property": "rule:metadef_admin"
|
||||
|
||||
# Delete meta definition property.
|
||||
# DELETE /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||
# Intended scope(s): system, project
|
||||
#"remove_metadef_property": "rule:metadef_admin"
|
||||
|
||||
#"get_metadef_tag": "rule:metadef_default"
|
||||
# Get tag definition.
|
||||
# GET /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||
# Intended scope(s): system, project
|
||||
#"get_metadef_tag": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
|
||||
#"get_metadef_tags": "rule:metadef_default"
|
||||
# DEPRECATED
|
||||
# "get_metadef_tag":"rule:metadef_default" has been deprecated since X
|
||||
# in favor of "get_metadef_tag":"role:admin or (role:reader and
|
||||
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# List tag definitions.
|
||||
# GET /v2/metadefs/namespaces/{namespace_name}/tags
|
||||
# Intended scope(s): system, project
|
||||
#"get_metadef_tags": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
|
||||
# DEPRECATED
|
||||
# "get_metadef_tags":"rule:metadef_default" has been deprecated since
|
||||
# X in favor of "get_metadef_tags":"role:admin or (role:reader and
|
||||
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||
# The metadata API now supports project scope and default roles.
|
||||
|
||||
# Update tag definition.
|
||||
# PUT /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||
# Intended scope(s): system, project
|
||||
#"modify_metadef_tag": "rule:metadef_admin"
|
||||
|
||||
# Add tag definition.
|
||||
# POST /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||
# Intended scope(s): system, project
|
||||
#"add_metadef_tag": "rule:metadef_admin"
|
||||
|
||||
# Create tag definitions.
|
||||
# POST /v2/metadefs/namespaces/{namespace_name}/tags
|
||||
# Intended scope(s): system, project
|
||||
#"add_metadef_tags": "rule:metadef_admin"
|
||||
|
||||
# Delete tag definition.
|
||||
# DELETE /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||
# Intended scope(s): system, project
|
||||
#"delete_metadef_tag": "rule:metadef_admin"
|
||||
|
||||
# Delete tag definitions.
|
||||
# DELETE /v2/metadefs/namespaces/{namespace_name}/tags
|
||||
# Intended scope(s): system, project
|
||||
#"delete_metadef_tags": "rule:metadef_admin"
|
||||
|
||||
# Queue image for caching
|
||||
# PUT /v2/cache/{image_id}
|
||||
# Intended scope(s): project
|
||||
#"cache_image": "role:admin"
|
||||
|
||||
# DEPRECATED
|
||||
# "cache_image":"rule:manage_image_cache" has been deprecated since X
|
||||
# in favor of "cache_image":"role:admin".
|
||||
# The image API now supports roles.
|
||||
|
||||
# List cache status
|
||||
# GET /v2/cache
|
||||
# Intended scope(s): project
|
||||
#"cache_list": "role:admin"
|
||||
|
||||
# DEPRECATED
|
||||
# "cache_list":"rule:manage_image_cache" has been deprecated since X
|
||||
# in favor of "cache_list":"role:admin".
|
||||
# The image API now supports roles.
|
||||
|
||||
# Delete image(s) from cache and/or queue
|
||||
# DELETE /v2/cache
|
||||
# DELETE /v2/cache/{image_id}
|
||||
# Intended scope(s): project
|
||||
#"cache_delete": "role:admin"
|
||||
|
||||
# DEPRECATED
|
||||
# "cache_delete":"rule:manage_image_cache" has been deprecated since X
|
||||
# in favor of "cache_delete":"role:admin".
|
||||
# The image API now supports roles.
|
||||
|
||||
# Expose store specific information
|
||||
# GET /v2/info/stores/detail
|
||||
# Intended scope(s): system, project
|
||||
#"stores_info_detail": "role:admin"
|
||||
|
||||
|
||||
@ -68,13 +68,12 @@
|
||||
#"identity:get_application_credential": "(role:reader and system_scope:all) or rule:owner"
|
||||
|
||||
# DEPRECATED
|
||||
# "identity:get_application_credentials":"rule:admin_or_owner" has
|
||||
# been deprecated since T in favor of
|
||||
# "identity:get_application_credential":"rule:admin_or_owner" has been
|
||||
# deprecated since T in favor of
|
||||
# "identity:get_application_credential":"(role:reader and
|
||||
# system_scope:all) or rule:owner".
|
||||
# The application credential API is now aware of system scope and
|
||||
# default roles.
|
||||
#"identity:get_application_credentials": "rule:identity:get_application_credential"
|
||||
|
||||
# List application credentials for a user.
|
||||
# GET /v3/users/{user_id}/application_credentials
|
||||
@ -101,13 +100,12 @@
|
||||
#"identity:delete_application_credential": "(role:admin and system_scope:all) or rule:owner"
|
||||
|
||||
# DEPRECATED
|
||||
# "identity:delete_application_credentials":"rule:admin_or_owner" has
|
||||
# "identity:delete_application_credential":"rule:admin_or_owner" has
|
||||
# been deprecated since T in favor of
|
||||
# "identity:delete_application_credential":"(role:admin and
|
||||
# system_scope:all) or rule:owner".
|
||||
# The application credential API is now aware of system scope and
|
||||
# default roles.
|
||||
#"identity:delete_application_credentials": "rule:identity:delete_application_credential"
|
||||
|
||||
# Get service catalog.
|
||||
# GET /v3/auth/catalog
|
||||
@ -426,13 +424,12 @@
|
||||
#"identity:ec2_create_credential": "(role:admin and system_scope:all) or rule:owner"
|
||||
|
||||
# DEPRECATED
|
||||
# "identity:ec2_create_credentials":"rule:admin_or_owner" has been
|
||||
# "identity:ec2_create_credential":"rule:admin_or_owner" has been
|
||||
# deprecated since T in favor of
|
||||
# "identity:ec2_create_credential":"(role:admin and system_scope:all)
|
||||
# or rule:owner".
|
||||
# The EC2 credential API is now aware of system scope and default
|
||||
# roles.
|
||||
#"identity:ec2_create_credentials": "rule:identity:ec2_create_credential"
|
||||
|
||||
# Delete ec2 credential.
|
||||
# DELETE /v3/users/{user_id}/credentials/OS-EC2/{credential_id}
|
||||
@ -440,14 +437,12 @@
|
||||
#"identity:ec2_delete_credential": "(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"
|
||||
|
||||
# DEPRECATED
|
||||
# "identity:ec2_delete_credentials":"rule:admin_required or
|
||||
# (rule:owner and user_id:%(target.credential.user_id)s)" has been
|
||||
# deprecated since T in favor of
|
||||
# "identity:ec2_delete_credential":"(role:admin and system_scope:all)
|
||||
# or user_id:%(target.credential.user_id)s".
|
||||
# "identity:ec2_delete_credential":"rule:admin_required or (rule:owner
|
||||
# and user_id:%(target.credential.user_id)s)" has been deprecated
|
||||
# since T in favor of "identity:ec2_delete_credential":"(role:admin
|
||||
# and system_scope:all) or user_id:%(target.credential.user_id)s".
|
||||
# The EC2 credential API is now aware of system scope and default
|
||||
# roles.
|
||||
#"identity:ec2_delete_credentials": "rule:identity:ec2_delete_credential"
|
||||
|
||||
# Show endpoint details.
|
||||
# GET /v3/endpoints/{endpoint_id}
|
||||
@ -1013,13 +1008,12 @@
|
||||
#"identity:create_identity_provider": "role:admin and system_scope:all"
|
||||
|
||||
# DEPRECATED
|
||||
# "identity:create_identity_providers":"rule:admin_required" has been
|
||||
# "identity:create_identity_provider":"rule:admin_required" has been
|
||||
# deprecated since S in favor of
|
||||
# "identity:create_identity_provider":"role:admin and
|
||||
# system_scope:all".
|
||||
# The identity provider API is now aware of system scope and default
|
||||
# roles.
|
||||
#"identity:create_identity_providers": "rule:identity:create_identity_provider"
|
||||
|
||||
# List identity providers.
|
||||
# GET /v3/OS-FEDERATION/identity_providers
|
||||
@ -1042,12 +1036,11 @@
|
||||
#"identity:get_identity_provider": "role:reader and system_scope:all"
|
||||
|
||||
# DEPRECATED
|
||||
# "identity:get_identity_providers":"rule:admin_required" has been
|
||||
# "identity:get_identity_provider":"rule:admin_required" has been
|
||||
# deprecated since S in favor of
|
||||
# "identity:get_identity_provider":"role:reader and system_scope:all".
|
||||
# The identity provider API is now aware of system scope and default
|
||||
# roles.
|
||||
#"identity:get_identity_providers": "rule:identity:get_identity_provider"
|
||||
|
||||
# Update identity provider.
|
||||
# PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||
@ -1055,13 +1048,12 @@
|
||||
#"identity:update_identity_provider": "role:admin and system_scope:all"
|
||||
|
||||
# DEPRECATED
|
||||
# "identity:update_identity_providers":"rule:admin_required" has been
|
||||
# "identity:update_identity_provider":"rule:admin_required" has been
|
||||
# deprecated since S in favor of
|
||||
# "identity:update_identity_provider":"role:admin and
|
||||
# system_scope:all".
|
||||
# The identity provider API is now aware of system scope and default
|
||||
# roles.
|
||||
#"identity:update_identity_providers": "rule:identity:update_identity_provider"
|
||||
|
||||
# Delete identity provider.
|
||||
# DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||
@ -1069,13 +1061,12 @@
|
||||
#"identity:delete_identity_provider": "role:admin and system_scope:all"
|
||||
|
||||
# DEPRECATED
|
||||
# "identity:delete_identity_providers":"rule:admin_required" has been
|
||||
# "identity:delete_identity_provider":"rule:admin_required" has been
|
||||
# deprecated since S in favor of
|
||||
# "identity:delete_identity_provider":"role:admin and
|
||||
# system_scope:all".
|
||||
# The identity provider API is now aware of system scope and default
|
||||
# roles.
|
||||
#"identity:delete_identity_providers": "rule:identity:delete_identity_provider"
|
||||
|
||||
# Get information about an association between two roles. When a
|
||||
# relationship exists between a prior role and an implied role and the
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -20,14 +20,14 @@ futurist>=1.2.0 # Apache-2.0
|
||||
iso8601>=0.1.11 # MIT
|
||||
keystoneauth1>=4.3.1 # Apache-2.0
|
||||
netaddr>=0.7.18 # BSD
|
||||
oslo.concurrency>=3.26.0 # Apache-2.0
|
||||
oslo.config>=5.2.0 # Apache-2.0
|
||||
oslo.i18n>=5.0.1 # Apache-2.0
|
||||
oslo.policy>=3.2.0 # Apache-2.0
|
||||
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
||||
oslo.upgradecheck>=0.1.1 # Apache-2.0
|
||||
oslo.utils>=4.8.0 # Apache-2.0
|
||||
osprofiler>=2.3.0 # Apache-2.0
|
||||
oslo.concurrency>=4.5.0 # Apache-2.0
|
||||
oslo.config>=8.8.0 # Apache-2.0
|
||||
oslo.i18n>=5.1.0 # Apache-2.0
|
||||
oslo.policy>=3.11.0 # Apache-2.0
|
||||
oslo.serialization>=4.3.0 # Apache-2.0
|
||||
oslo.upgradecheck>=1.5.0 # Apache-2.0
|
||||
oslo.utils>=4.12.0 # Apache-2.0
|
||||
osprofiler>=3.4.2 # Apache-2.0
|
||||
pymongo!=3.1,>=3.0.2 # Apache-2.0
|
||||
pyScss>=1.3.7 # MIT License
|
||||
python-cinderclient>=8.0.0 # Apache-2.0
|
||||
@ -37,7 +37,7 @@ python-neutronclient>=6.7.0 # Apache-2.0
|
||||
python-novaclient>=9.1.0 # Apache-2.0
|
||||
python-swiftclient>=3.2.0 # Apache-2.0
|
||||
pytz>=2013.6 # MIT
|
||||
PyYAML>=3.12 # MIT
|
||||
PyYAML>=6.0 # MIT
|
||||
requests>=2.25.1 # Apache-2.0
|
||||
six>=1.16.0 # MIT
|
||||
semantic-version>=2.3.1 # BSD
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user