Sync default policy rules
This patch updates default policy-in-code rules in horizon based on nova/neutron/glance RC deliverables. It doesn't update policy rules for cinder and keystone as I have found no changes in their policy rules. Horizon needs to update default policy-in-code rules for all backend services before releasing the horizon[1]. [1] https://docs.openstack.org/horizon/latest/contributor/policies/releasing.html#things-to-do-before-releasing Change-Id: Ia636b32d0eeec9a4d399fcdbb4d4db1aeaa4fdab
This commit is contained in:
parent
db1859f74e
commit
316c24c5af
@ -1,7 +1,7 @@
|
|||||||
- check_str: ''
|
- check_str: ''
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: role:admin
|
check_str: rule:context_is_admin
|
||||||
name: default
|
name: default
|
||||||
deprecated_since: null
|
deprecated_since: null
|
||||||
description: Defines the default rule used for policies that historically had an
|
description: Defines the default rule used for policies that historically had an
|
||||||
@ -14,7 +14,8 @@
|
|||||||
name: context_is_admin
|
name: context_is_admin
|
||||||
operations: []
|
operations: []
|
||||||
scope_types: null
|
scope_types: null
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s and project_id:%(owner)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s and
|
||||||
|
project_id:%(owner)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -27,7 +28,7 @@
|
|||||||
path: /v2/images
|
path: /v2/images
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -40,8 +41,9 @@
|
|||||||
path: /v2/images/{image_id}
|
path: /v2/images/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))
|
or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s
|
||||||
|
or 'shared':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -54,7 +56,7 @@
|
|||||||
path: /v2/images/{image_id}
|
path: /v2/images/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:reader and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -67,7 +69,7 @@
|
|||||||
path: /v2/images
|
path: /v2/images
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -80,7 +82,7 @@
|
|||||||
path: /v2/images/{image_id}
|
path: /v2/images/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
description: Publicize given image
|
description: Publicize given image
|
||||||
name: publicize_image
|
name: publicize_image
|
||||||
operations:
|
operations:
|
||||||
@ -88,7 +90,7 @@
|
|||||||
path: /v2/images/{image_id}
|
path: /v2/images/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -101,8 +103,9 @@
|
|||||||
path: /v2/images/{image_id}
|
path: /v2/images/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s
|
- check_str: rule:context_is_admin or (role:member and (project_id:%(project_id)s
|
||||||
or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))
|
or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s
|
||||||
|
or 'shared':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -115,7 +118,7 @@
|
|||||||
path: /v2/images/{image_id}/file
|
path: /v2/images/{image_id}/file
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -128,7 +131,7 @@
|
|||||||
path: /v2/images/{image_id}/file
|
path: /v2/images/{image_id}/file
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -141,7 +144,7 @@
|
|||||||
path: /v2/images/{image_id}
|
path: /v2/images/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:reader and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -154,7 +157,7 @@
|
|||||||
path: /v2/images/{image_id}
|
path: /v2/images/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -167,7 +170,7 @@
|
|||||||
path: /v2/images/{image_id}
|
path: /v2/images/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -180,7 +183,7 @@
|
|||||||
path: /v2/images/{image_id}/members
|
path: /v2/images/{image_id}/members
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -193,7 +196,8 @@
|
|||||||
path: /v2/images/{image_id}/members/{member_id}
|
path: /v2/images/{image_id}/members/{member_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)
|
- check_str: rule:context_is_admin or role:reader and (project_id:%(project_id)s or
|
||||||
|
project_id:%(member_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -206,7 +210,8 @@
|
|||||||
path: /v2/images/{image_id}/members/{member_id}
|
path: /v2/images/{image_id}/members/{member_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)
|
- check_str: rule:context_is_admin or role:reader and (project_id:%(project_id)s or
|
||||||
|
project_id:%(member_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -219,7 +224,7 @@
|
|||||||
path: /v2/images/{image_id}/members
|
path: /v2/images/{image_id}/members
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(member_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(member_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -232,13 +237,13 @@
|
|||||||
path: /v2/images/{image_id}/members/{member_id}
|
path: /v2/images/{image_id}/members/{member_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
description: Manage image cache
|
description: Manage image cache
|
||||||
name: manage_image_cache
|
name: manage_image_cache
|
||||||
operations: []
|
operations: []
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -251,7 +256,7 @@
|
|||||||
path: /v2/images/{image_id}/actions/deactivate
|
path: /v2/images/{image_id}/actions/deactivate
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
@ -264,7 +269,7 @@
|
|||||||
path: /v2/images/{image_id}/actions/reactivate
|
path: /v2/images/{image_id}/actions/reactivate
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
description: Copy existing image to other stores
|
description: Copy existing image to other stores
|
||||||
name: copy_image
|
name: copy_image
|
||||||
operations:
|
operations:
|
||||||
@ -373,7 +378,7 @@
|
|||||||
path: /v2/tasks/{task_id}
|
path: /v2/tasks/{task_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
description: '
|
description: '
|
||||||
|
|
||||||
This is a generic blanket policy for protecting all task APIs. It is not
|
This is a generic blanket policy for protecting all task APIs. It is not
|
||||||
@ -400,12 +405,13 @@
|
|||||||
name: metadef_default
|
name: metadef_default
|
||||||
operations: []
|
operations: []
|
||||||
scope_types: null
|
scope_types: null
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
description: null
|
description: null
|
||||||
name: metadef_admin
|
name: metadef_admin
|
||||||
operations: []
|
operations: []
|
||||||
scope_types: null
|
scope_types: null
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
|
or 'public':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -418,7 +424,7 @@
|
|||||||
path: /v2/metadefs/namespaces/{namespace_name}
|
path: /v2/metadefs/namespaces/{namespace_name}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
- check_str: rule:context_is_admin or (role:reader and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -455,7 +461,8 @@
|
|||||||
path: /v2/metadefs/namespaces/{namespace_name}
|
path: /v2/metadefs/namespaces/{namespace_name}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
|
or 'public':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -468,7 +475,8 @@
|
|||||||
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
|
or 'public':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -505,7 +513,8 @@
|
|||||||
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
|
or 'public':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -518,7 +527,8 @@
|
|||||||
path: /v2/metadefs/resource_types
|
path: /v2/metadefs/resource_types
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
|
or 'public':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -547,7 +557,8 @@
|
|||||||
path: /v2/metadefs/namespaces/{namespace_name}/resource_types/{name}
|
path: /v2/metadefs/namespaces/{namespace_name}/resource_types/{name}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
|
or 'public':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -560,7 +571,8 @@
|
|||||||
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
|
or 'public':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -597,7 +609,8 @@
|
|||||||
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
|
or 'public':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -610,7 +623,8 @@
|
|||||||
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
- check_str: rule:context_is_admin or (role:reader and (project_id:%(project_id)s
|
||||||
|
or 'public':%(visibility)s))
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:metadef_default
|
check_str: rule:metadef_default
|
||||||
@ -663,7 +677,7 @@
|
|||||||
path: /v2/metadefs/namespaces/{namespace_name}/tags
|
path: /v2/metadefs/namespaces/{namespace_name}/tags
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:manage_image_cache
|
check_str: rule:manage_image_cache
|
||||||
@ -676,7 +690,7 @@
|
|||||||
path: /v2/cache/{image_id}
|
path: /v2/cache/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:manage_image_cache
|
check_str: rule:manage_image_cache
|
||||||
@ -689,7 +703,7 @@
|
|||||||
path: /v2/cache
|
path: /v2/cache
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:manage_image_cache
|
check_str: rule:manage_image_cache
|
||||||
@ -704,7 +718,7 @@
|
|||||||
path: /v2/cache/{image_id}
|
path: /v2/cache/{image_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: rule:context_is_admin
|
||||||
description: Expose store specific information
|
description: Expose store specific information
|
||||||
name: stores_info_detail
|
name: stores_info_detail
|
||||||
operations:
|
operations:
|
||||||
|
@ -344,7 +344,7 @@
|
|||||||
path: /auto-allocated-topology/{project_id}
|
path: /auto-allocated-topology/{project_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only
|
- check_str: role:reader
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:regular_user
|
check_str: rule:regular_user
|
||||||
@ -357,6 +357,47 @@
|
|||||||
path: /availability_zones
|
path: /availability_zones
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:admin_only
|
||||||
|
name: create_default_security_group_rule
|
||||||
|
deprecated_since: null
|
||||||
|
description: Create a templated of the security group rule
|
||||||
|
name: create_default_security_group_rule
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /default-security-group-rules
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: role:reader
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:regular_user
|
||||||
|
name: get_default_security_group_rule
|
||||||
|
deprecated_since: null
|
||||||
|
description: Get a templated of the security group rule
|
||||||
|
name: get_default_security_group_rule
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /default-security-group-rules
|
||||||
|
- method: GET
|
||||||
|
path: /default-security-group-rules/{id}
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:admin_only
|
||||||
|
name: delete_default_security_group_rule
|
||||||
|
deprecated_since: null
|
||||||
|
description: Delete a templated of the security group rule
|
||||||
|
name: delete_default_security_group_rule
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /default-security-group-rules/{id}
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
- check_str: rule:admin_only
|
- check_str: rule:admin_only
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
@ -584,7 +625,7 @@
|
|||||||
path: /floatingip_pools
|
path: /floatingip_pools
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
- check_str: (rule:admin_only) or (role:member and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_ext_parent_owner
|
check_str: rule:admin_or_ext_parent_owner
|
||||||
@ -597,7 +638,7 @@
|
|||||||
path: /floatingips/{floatingip_id}/port_forwardings
|
path: /floatingips/{floatingip_id}/port_forwardings
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:ext_parent_owner
|
- check_str: (rule:admin_only) or (role:reader and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_ext_parent_owner
|
check_str: rule:admin_or_ext_parent_owner
|
||||||
@ -612,7 +653,7 @@
|
|||||||
path: /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
path: /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
- check_str: (rule:admin_only) or (role:member and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_ext_parent_owner
|
check_str: rule:admin_or_ext_parent_owner
|
||||||
@ -625,7 +666,7 @@
|
|||||||
path: /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
path: /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
- check_str: (rule:admin_only) or (role:member and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_ext_parent_owner
|
check_str: rule:admin_or_ext_parent_owner
|
||||||
@ -1339,6 +1380,38 @@
|
|||||||
path: /network_segment_ranges/{id}
|
path: /network_segment_ranges/{id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
description: Get port binding information
|
||||||
|
name: get_port_binding
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /ports/{port_id}/bindings/
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
description: Create port binding on the host
|
||||||
|
name: create_port_binding
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /ports/{port_id}/bindings/
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
description: Delete port binding on the host
|
||||||
|
name: delete_port_binding
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /ports/{port_id}/bindings/
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
description: Activate port binding on the host
|
||||||
|
name: activate
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /ports/{port_id}/bindings/{host}
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
- check_str: 'field:port:device_owner=~^network:'
|
- check_str: 'field:port:device_owner=~^network:'
|
||||||
description: Definition of port with network device_owner
|
description: Definition of port with network device_owner
|
||||||
name: network_device
|
name: network_device
|
||||||
@ -1362,8 +1435,8 @@
|
|||||||
path: /ports
|
path: /ports
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: not rule:network_device or rule:admin_only or rule:context_is_advsvc
|
- check_str: not rule:network_device or rule:context_is_advsvc or (rule:admin_only)
|
||||||
or rule:network_owner
|
or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner
|
check_str: not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner
|
||||||
@ -1374,7 +1447,7 @@
|
|||||||
operations: *id004
|
operations: *id004
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_advsvc or rule:network_owner or rule:admin_only
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
||||||
@ -1385,7 +1458,8 @@
|
|||||||
operations: *id004
|
operations: *id004
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_advsvc or rule:network_owner or rule:admin_only or rule:shared
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
|
or rule:shared
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared
|
check_str: rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared
|
||||||
@ -1396,7 +1470,7 @@
|
|||||||
operations: *id004
|
operations: *id004
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_advsvc or rule:network_owner or rule:admin_only
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
||||||
@ -1407,7 +1481,8 @@
|
|||||||
operations: *id004
|
operations: *id004
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_advsvc or rule:network_owner or rule:admin_only or rule:shared
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
|
or rule:shared
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared
|
check_str: rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared
|
||||||
@ -1418,7 +1493,7 @@
|
|||||||
operations: *id004
|
operations: *id004
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_advsvc or rule:network_owner or rule:admin_only
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
||||||
@ -1462,7 +1537,7 @@
|
|||||||
operations: *id004
|
operations: *id004
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only or rule:network_owner
|
- check_str: (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_network_owner
|
check_str: rule:admin_or_network_owner
|
||||||
@ -1473,7 +1548,7 @@
|
|||||||
operations: *id004
|
operations: *id004
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only or rule:network_owner
|
- check_str: (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_network_owner
|
check_str: rule:admin_or_network_owner
|
||||||
@ -1485,7 +1560,7 @@
|
|||||||
operations: *id004
|
operations: *id004
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only or rule:network_owner
|
- check_str: (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_network_owner
|
check_str: rule:admin_or_network_owner
|
||||||
@ -1497,7 +1572,14 @@
|
|||||||
operations: *id004
|
operations: *id004
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only or rule:context_is_advsvc or role:reader and project_id:%(project_id)s
|
- check_str: rule:admin_only
|
||||||
|
description: Specify ``hints`` attribute when creating a port
|
||||||
|
name: create_port:hints
|
||||||
|
operations: *id004
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:reader and rule:network_owner)
|
||||||
|
or role:reader and project_id:%(project_id)s
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_owner_or_network_owner
|
check_str: rule:context_is_advsvc or rule:admin_owner_or_network_owner
|
||||||
@ -1567,6 +1649,12 @@
|
|||||||
operations: *id005
|
operations: *id005
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
description: Get ``hints`` attribute of a port
|
||||||
|
name: get_port:hints
|
||||||
|
operations: *id005
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s or rule:context_is_advsvc
|
- check_str: rule:admin_only or role:member and project_id:%(project_id)s or rule:context_is_advsvc
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
@ -1580,8 +1668,8 @@
|
|||||||
path: /ports/{id}
|
path: /ports/{id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: not rule:network_device or rule:context_is_advsvc or rule:network_owner
|
- check_str: not rule:network_device or rule:context_is_advsvc or (rule:admin_only)
|
||||||
or rule:admin_only
|
or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner
|
check_str: not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner
|
||||||
@ -1603,7 +1691,7 @@
|
|||||||
operations: *id006
|
operations: *id006
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_advsvc or rule:network_owner or rule:admin_only
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
||||||
@ -1614,7 +1702,7 @@
|
|||||||
operations: *id006
|
operations: *id006
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_advsvc or rule:network_owner or rule:admin_only
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
||||||
@ -1625,7 +1713,8 @@
|
|||||||
operations: *id006
|
operations: *id006
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_advsvc or rule:network_owner or rule:admin_only or rule:shared
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
|
or rule:shared
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared
|
check_str: rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared
|
||||||
@ -1636,7 +1725,7 @@
|
|||||||
operations: *id006
|
operations: *id006
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_advsvc or rule:network_owner or rule:admin_only
|
- check_str: rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
check_str: rule:context_is_advsvc or rule:admin_or_network_owner
|
||||||
@ -1680,7 +1769,7 @@
|
|||||||
operations: *id006
|
operations: *id006
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only or rule:network_owner
|
- check_str: (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_network_owner
|
check_str: rule:admin_or_network_owner
|
||||||
@ -1691,7 +1780,7 @@
|
|||||||
operations: *id006
|
operations: *id006
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only or rule:network_owner
|
- check_str: (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_network_owner
|
check_str: rule:admin_or_network_owner
|
||||||
@ -1703,7 +1792,7 @@
|
|||||||
operations: *id006
|
operations: *id006
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only or rule:network_owner
|
- check_str: (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_network_owner
|
check_str: rule:admin_or_network_owner
|
||||||
@ -1725,8 +1814,14 @@
|
|||||||
operations: *id006
|
operations: *id006
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only or rule:context_is_advsvc or role:member and project_id:%(project_id)s
|
- check_str: rule:admin_only
|
||||||
or rule:network_owner
|
description: Update ``hints`` attribute of a port
|
||||||
|
name: update_port:hints
|
||||||
|
operations: *id006
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: rule:context_is_advsvc or role:member and project_id:%(project_id)s or
|
||||||
|
(rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:context_is_advsvc or rule:admin_owner_or_network_owner
|
check_str: rule:context_is_advsvc or rule:admin_owner_or_network_owner
|
||||||
@ -1798,7 +1893,7 @@
|
|||||||
path: /qos/policies/{id}
|
path: /qos/policies/{id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:admin_only
|
- check_str: role:reader
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:regular_user
|
check_str: rule:regular_user
|
||||||
@ -1813,7 +1908,7 @@
|
|||||||
path: /qos/rule-types/{rule_type}
|
path: /qos/rule-types/{rule_type}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:reader and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:regular_user
|
check_str: rule:regular_user
|
||||||
@ -1867,7 +1962,7 @@
|
|||||||
path: /qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}
|
path: /qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:reader and rule:ext_parent_owner)
|
||||||
description: Get a QoS packet rate limit rule
|
description: Get a QoS packet rate limit rule
|
||||||
name: get_policy_packet_rate_limit_rule
|
name: get_policy_packet_rate_limit_rule
|
||||||
operations:
|
operations:
|
||||||
@ -1901,7 +1996,7 @@
|
|||||||
path: /qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}
|
path: /qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:reader and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:regular_user
|
check_str: rule:regular_user
|
||||||
@ -1955,7 +2050,7 @@
|
|||||||
path: /qos/policies/{policy_id}/dscp_marking_rules/{rule_id}
|
path: /qos/policies/{policy_id}/dscp_marking_rules/{rule_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:reader and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:regular_user
|
check_str: rule:regular_user
|
||||||
@ -2009,7 +2104,7 @@
|
|||||||
path: /qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}
|
path: /qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:reader and rule:ext_parent_owner)
|
||||||
description: Get a QoS minimum packet rate rule
|
description: Get a QoS minimum packet rate rule
|
||||||
name: get_policy_minimum_packet_rate_rule
|
name: get_policy_minimum_packet_rate_rule
|
||||||
operations:
|
operations:
|
||||||
@ -2043,7 +2138,7 @@
|
|||||||
path: /qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}
|
path: /qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:reader and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:regular_user
|
check_str: rule:regular_user
|
||||||
@ -2082,7 +2177,7 @@
|
|||||||
path: /qos/alias_bandwidth_limit_rules/{rule_id}/
|
path: /qos/alias_bandwidth_limit_rules/{rule_id}/
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:reader and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:regular_user
|
check_str: rule:regular_user
|
||||||
@ -2121,7 +2216,7 @@
|
|||||||
path: /qos/alias_dscp_marking_rules/{rule_id}/
|
path: /qos/alias_dscp_marking_rules/{rule_id}/
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:reader and rule:ext_parent_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:regular_user
|
check_str: rule:regular_user
|
||||||
@ -2393,6 +2488,18 @@
|
|||||||
operations: *id007
|
operations: *id007
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
description: Specify ``enable_default_route_bfd`` attribute when creating a router
|
||||||
|
name: create_router:enable_default_route_bfd
|
||||||
|
operations: *id007
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
description: Specify ``enable_default_route_ecmp`` attribute when creating a router
|
||||||
|
name: create_router:enable_default_route_ecmp
|
||||||
|
operations: *id007
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
@ -2512,6 +2619,18 @@
|
|||||||
operations: *id009
|
operations: *id009
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
description: Specify ``enable_default_route_bfd`` attribute when updating a router
|
||||||
|
name: update_router:enable_default_route_bfd
|
||||||
|
operations: *id007
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: rule:admin_only
|
||||||
|
description: Specify ``enable_default_route_ecmp`` attribute when updating a router
|
||||||
|
name: update_router:enable_default_route_ecmp
|
||||||
|
operations: *id007
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
@ -2754,7 +2873,7 @@
|
|||||||
path: /service-providers
|
path: /service-providers
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:network_owner
|
- check_str: (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_network_owner
|
check_str: rule:admin_or_network_owner
|
||||||
@ -2815,7 +2934,7 @@
|
|||||||
operations: *id011
|
operations: *id011
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:network_owner
|
- check_str: (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_network_owner
|
check_str: rule:admin_or_network_owner
|
||||||
@ -2850,7 +2969,7 @@
|
|||||||
operations: *id012
|
operations: *id012
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:network_owner
|
- check_str: (rule:admin_only) or (role:member and rule:network_owner)
|
||||||
deprecated_reason: null
|
deprecated_reason: null
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:admin_or_network_owner
|
check_str: rule:admin_or_network_owner
|
||||||
|
@ -1004,13 +1004,21 @@
|
|||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
- check_str: rule:context_is_admin
|
- check_str: rule:context_is_admin
|
||||||
description: Cold migrate a server to a host
|
description: Cold migrate a server without specifying a host
|
||||||
name: os_compute_api:os-migrate-server:migrate
|
name: os_compute_api:os-migrate-server:migrate
|
||||||
operations:
|
operations:
|
||||||
- method: POST
|
- method: POST
|
||||||
path: /servers/{server_id}/action (migrate)
|
path: /servers/{server_id}/action (migrate)
|
||||||
scope_types:
|
scope_types:
|
||||||
- project
|
- project
|
||||||
|
- check_str: rule:context_is_admin
|
||||||
|
description: Cold migrate a server to a specified host
|
||||||
|
name: os_compute_api:os-migrate-server:migrate:host
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /servers/{server_id}/action (migrate)
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
- check_str: rule:context_is_admin
|
- check_str: rule:context_is_admin
|
||||||
description: Live migrate a server to a new host without a reboot
|
description: Live migrate a server to a new host without a reboot
|
||||||
name: os_compute_api:os-migrate-server:migrate_live
|
name: os_compute_api:os-migrate-server:migrate_live
|
||||||
|
@ -3,8 +3,8 @@
|
|||||||
#"default": ""
|
#"default": ""
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "default":"role:admin" has been deprecated since Ussuri in favor of
|
# "default":"rule:context_is_admin" has been deprecated since Ussuri
|
||||||
# "default":"".
|
# in favor of "default":"".
|
||||||
# In order to allow operators to accept the default policies from code
|
# In order to allow operators to accept the default policies from code
|
||||||
# by not defining them in the policy file, while still working with
|
# by not defining them in the policy file, while still working with
|
||||||
# old policy files that rely on the ``default`` rule for policies that
|
# old policy files that rely on the ``default`` rule for policies that
|
||||||
@ -18,33 +18,33 @@
|
|||||||
# Create new image
|
# Create new image
|
||||||
# POST /v2/images
|
# POST /v2/images
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"add_image": "role:admin or (role:member and project_id:%(project_id)s and project_id:%(owner)s)"
|
#"add_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s and project_id:%(owner)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "add_image":"rule:default" has been deprecated since W in favor of
|
# "add_image":"rule:default" has been deprecated since W in favor of
|
||||||
# "add_image":"role:admin or (role:member and
|
# "add_image":"rule:context_is_admin or (role:member and
|
||||||
# project_id:%(project_id)s and project_id:%(owner)s)".
|
# project_id:%(project_id)s and project_id:%(owner)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Deletes the image
|
# Deletes the image
|
||||||
# DELETE /v2/images/{image_id}
|
# DELETE /v2/images/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"delete_image": "role:admin or (role:member and project_id:%(project_id)s)"
|
#"delete_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "delete_image":"rule:default" has been deprecated since W in favor
|
# "delete_image":"rule:default" has been deprecated since W in favor
|
||||||
# of "delete_image":"role:admin or (role:member and
|
# of "delete_image":"rule:context_is_admin or (role:member and
|
||||||
# project_id:%(project_id)s)".
|
# project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Get specified image
|
# Get specified image
|
||||||
# GET /v2/images/{image_id}
|
# GET /v2/images/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_image": "role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
#"get_image": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_image":"rule:default" has been deprecated since W in favor of
|
# "get_image":"rule:default" has been deprecated since W in favor of
|
||||||
# "get_image":"role:admin or (role:reader and
|
# "get_image":"rule:context_is_admin or (role:reader and
|
||||||
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
||||||
# 'community':%(visibility)s or 'public':%(visibility)s or
|
# 'community':%(visibility)s or 'public':%(visibility)s or
|
||||||
# 'shared':%(visibility)s))".
|
# 'shared':%(visibility)s))".
|
||||||
@ -53,49 +53,49 @@
|
|||||||
# Get all available images
|
# Get all available images
|
||||||
# GET /v2/images
|
# GET /v2/images
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_images": "role:admin or (role:reader and project_id:%(project_id)s)"
|
#"get_images": "rule:context_is_admin or (role:reader and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_images":"rule:default" has been deprecated since W in favor of
|
# "get_images":"rule:default" has been deprecated since W in favor of
|
||||||
# "get_images":"role:admin or (role:reader and
|
# "get_images":"rule:context_is_admin or (role:reader and
|
||||||
# project_id:%(project_id)s)".
|
# project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Updates given image
|
# Updates given image
|
||||||
# PATCH /v2/images/{image_id}
|
# PATCH /v2/images/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"modify_image": "role:admin or (role:member and project_id:%(project_id)s)"
|
#"modify_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "modify_image":"rule:default" has been deprecated since W in favor
|
# "modify_image":"rule:default" has been deprecated since W in favor
|
||||||
# of "modify_image":"role:admin or (role:member and
|
# of "modify_image":"rule:context_is_admin or (role:member and
|
||||||
# project_id:%(project_id)s)".
|
# project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Publicize given image
|
# Publicize given image
|
||||||
# PATCH /v2/images/{image_id}
|
# PATCH /v2/images/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"publicize_image": "role:admin"
|
#"publicize_image": "rule:context_is_admin"
|
||||||
|
|
||||||
# Communitize given image
|
# Communitize given image
|
||||||
# PATCH /v2/images/{image_id}
|
# PATCH /v2/images/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"communitize_image": "role:admin or (role:member and project_id:%(project_id)s)"
|
#"communitize_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "communitize_image":"rule:default" has been deprecated since W in
|
# "communitize_image":"rule:default" has been deprecated since W in
|
||||||
# favor of "communitize_image":"role:admin or (role:member and
|
# favor of "communitize_image":"rule:context_is_admin or (role:member
|
||||||
# project_id:%(project_id)s)".
|
# and project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Downloads given image
|
# Downloads given image
|
||||||
# GET /v2/images/{image_id}/file
|
# GET /v2/images/{image_id}/file
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"download_image": "role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
#"download_image": "rule:context_is_admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "download_image":"rule:default" has been deprecated since W in favor
|
# "download_image":"rule:default" has been deprecated since W in favor
|
||||||
# of "download_image":"role:admin or (role:member and
|
# of "download_image":"rule:context_is_admin or (role:member and
|
||||||
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
||||||
# 'community':%(visibility)s or 'public':%(visibility)s or
|
# 'community':%(visibility)s or 'public':%(visibility)s or
|
||||||
# 'shared':%(visibility)s))".
|
# 'shared':%(visibility)s))".
|
||||||
@ -104,131 +104,131 @@
|
|||||||
# Uploads data to specified image
|
# Uploads data to specified image
|
||||||
# PUT /v2/images/{image_id}/file
|
# PUT /v2/images/{image_id}/file
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"upload_image": "role:admin or (role:member and project_id:%(project_id)s)"
|
#"upload_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "upload_image":"rule:default" has been deprecated since W in favor
|
# "upload_image":"rule:default" has been deprecated since W in favor
|
||||||
# of "upload_image":"role:admin or (role:member and
|
# of "upload_image":"rule:context_is_admin or (role:member and
|
||||||
# project_id:%(project_id)s)".
|
# project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Deletes the location of given image
|
# Deletes the location of given image
|
||||||
# PATCH /v2/images/{image_id}
|
# PATCH /v2/images/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"delete_image_location": "role:admin"
|
#"delete_image_location": "rule:context_is_admin"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "delete_image_location":"rule:default" has been deprecated since W
|
# "delete_image_location":"rule:default" has been deprecated since W
|
||||||
# in favor of "delete_image_location":"role:admin".
|
# in favor of "delete_image_location":"rule:context_is_admin".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Reads the location of the image
|
# Reads the location of the image
|
||||||
# GET /v2/images/{image_id}
|
# GET /v2/images/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_image_location": "role:admin or (role:reader and project_id:%(project_id)s)"
|
#"get_image_location": "rule:context_is_admin or (role:reader and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_image_location":"rule:default" has been deprecated since W in
|
# "get_image_location":"rule:default" has been deprecated since W in
|
||||||
# favor of "get_image_location":"role:admin or (role:reader and
|
# favor of "get_image_location":"rule:context_is_admin or (role:reader
|
||||||
# project_id:%(project_id)s)".
|
# and project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Sets location URI to given image
|
# Sets location URI to given image
|
||||||
# PATCH /v2/images/{image_id}
|
# PATCH /v2/images/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"set_image_location": "role:admin or (role:member and project_id:%(project_id)s)"
|
#"set_image_location": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "set_image_location":"rule:default" has been deprecated since W in
|
# "set_image_location":"rule:default" has been deprecated since W in
|
||||||
# favor of "set_image_location":"role:admin or (role:member and
|
# favor of "set_image_location":"rule:context_is_admin or (role:member
|
||||||
# project_id:%(project_id)s)".
|
# and project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Create image member
|
# Create image member
|
||||||
# POST /v2/images/{image_id}/members
|
# POST /v2/images/{image_id}/members
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"add_member": "role:admin or (role:member and project_id:%(project_id)s)"
|
#"add_member": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "add_member":"rule:default" has been deprecated since W in favor of
|
# "add_member":"rule:default" has been deprecated since W in favor of
|
||||||
# "add_member":"role:admin or (role:member and
|
# "add_member":"rule:context_is_admin or (role:member and
|
||||||
# project_id:%(project_id)s)".
|
# project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Delete image member
|
# Delete image member
|
||||||
# DELETE /v2/images/{image_id}/members/{member_id}
|
# DELETE /v2/images/{image_id}/members/{member_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"delete_member": "role:admin or (role:member and project_id:%(project_id)s)"
|
#"delete_member": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "delete_member":"rule:default" has been deprecated since W in favor
|
# "delete_member":"rule:default" has been deprecated since W in favor
|
||||||
# of "delete_member":"role:admin or (role:member and
|
# of "delete_member":"rule:context_is_admin or (role:member and
|
||||||
# project_id:%(project_id)s)".
|
# project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Show image member details
|
# Show image member details
|
||||||
# GET /v2/images/{image_id}/members/{member_id}
|
# GET /v2/images/{image_id}/members/{member_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_member": "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
|
#"get_member": "rule:context_is_admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_member":"rule:default" has been deprecated since W in favor of
|
# "get_member":"rule:default" has been deprecated since W in favor of
|
||||||
# "get_member":"role:admin or role:reader and
|
# "get_member":"rule:context_is_admin or role:reader and
|
||||||
# (project_id:%(project_id)s or project_id:%(member_id)s)".
|
# (project_id:%(project_id)s or project_id:%(member_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# List image members
|
# List image members
|
||||||
# GET /v2/images/{image_id}/members
|
# GET /v2/images/{image_id}/members
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_members": "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
|
#"get_members": "rule:context_is_admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_members":"rule:default" has been deprecated since W in favor of
|
# "get_members":"rule:default" has been deprecated since W in favor of
|
||||||
# "get_members":"role:admin or role:reader and
|
# "get_members":"rule:context_is_admin or role:reader and
|
||||||
# (project_id:%(project_id)s or project_id:%(member_id)s)".
|
# (project_id:%(project_id)s or project_id:%(member_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Update image member
|
# Update image member
|
||||||
# PUT /v2/images/{image_id}/members/{member_id}
|
# PUT /v2/images/{image_id}/members/{member_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"modify_member": "role:admin or (role:member and project_id:%(member_id)s)"
|
#"modify_member": "rule:context_is_admin or (role:member and project_id:%(member_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "modify_member":"rule:default" has been deprecated since W in favor
|
# "modify_member":"rule:default" has been deprecated since W in favor
|
||||||
# of "modify_member":"role:admin or (role:member and
|
# of "modify_member":"rule:context_is_admin or (role:member and
|
||||||
# project_id:%(member_id)s)".
|
# project_id:%(member_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Manage image cache
|
# Manage image cache
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"manage_image_cache": "role:admin"
|
#"manage_image_cache": "rule:context_is_admin"
|
||||||
|
|
||||||
# Deactivate image
|
# Deactivate image
|
||||||
# POST /v2/images/{image_id}/actions/deactivate
|
# POST /v2/images/{image_id}/actions/deactivate
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"deactivate": "role:admin or (role:member and project_id:%(project_id)s)"
|
#"deactivate": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "deactivate":"rule:default" has been deprecated since W in favor of
|
# "deactivate":"rule:default" has been deprecated since W in favor of
|
||||||
# "deactivate":"role:admin or (role:member and
|
# "deactivate":"rule:context_is_admin or (role:member and
|
||||||
# project_id:%(project_id)s)".
|
# project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Reactivate image
|
# Reactivate image
|
||||||
# POST /v2/images/{image_id}/actions/reactivate
|
# POST /v2/images/{image_id}/actions/reactivate
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"reactivate": "role:admin or (role:member and project_id:%(project_id)s)"
|
#"reactivate": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "reactivate":"rule:default" has been deprecated since W in favor of
|
# "reactivate":"rule:default" has been deprecated since W in favor of
|
||||||
# "reactivate":"role:admin or (role:member and
|
# "reactivate":"rule:context_is_admin or (role:member and
|
||||||
# project_id:%(project_id)s)".
|
# project_id:%(project_id)s)".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Copy existing image to other stores
|
# Copy existing image to other stores
|
||||||
# POST /v2/images/{image_id}/import
|
# POST /v2/images/{image_id}/import
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"copy_image": "role:admin"
|
#"copy_image": "rule:context_is_admin"
|
||||||
|
|
||||||
# Get an image task.
|
# Get an image task.
|
||||||
#
|
#
|
||||||
@ -313,33 +313,33 @@
|
|||||||
# POST /v2/tasks
|
# POST /v2/tasks
|
||||||
# DELETE /v2/tasks/{task_id}
|
# DELETE /v2/tasks/{task_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"tasks_api_access": "role:admin"
|
#"tasks_api_access": "rule:context_is_admin"
|
||||||
|
|
||||||
#"metadef_default": ""
|
#"metadef_default": ""
|
||||||
|
|
||||||
#"metadef_admin": "role:admin"
|
#"metadef_admin": "rule:context_is_admin"
|
||||||
|
|
||||||
# Get a specific namespace.
|
# Get a specific namespace.
|
||||||
# GET /v2/metadefs/namespaces/{namespace_name}
|
# GET /v2/metadefs/namespaces/{namespace_name}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_metadef_namespace": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
#"get_metadef_namespace": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_metadef_namespace":"rule:metadef_default" has been deprecated
|
# "get_metadef_namespace":"rule:metadef_default" has been deprecated
|
||||||
# since X in favor of "get_metadef_namespace":"role:admin or
|
# since X in favor of "get_metadef_namespace":"rule:context_is_admin
|
||||||
# (role:reader and (project_id:%(project_id)s or
|
# or (role:reader and (project_id:%(project_id)s or
|
||||||
# 'public':%(visibility)s))".
|
# 'public':%(visibility)s))".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
# List namespace.
|
# List namespace.
|
||||||
# GET /v2/metadefs/namespaces
|
# GET /v2/metadefs/namespaces
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_metadef_namespaces": "role:admin or (role:reader and project_id:%(project_id)s)"
|
#"get_metadef_namespaces": "rule:context_is_admin or (role:reader and project_id:%(project_id)s)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_metadef_namespaces":"rule:metadef_default" has been deprecated
|
# "get_metadef_namespaces":"rule:metadef_default" has been deprecated
|
||||||
# since X in favor of "get_metadef_namespaces":"role:admin or
|
# since X in favor of "get_metadef_namespaces":"rule:context_is_admin
|
||||||
# (role:reader and project_id:%(project_id)s)".
|
# or (role:reader and project_id:%(project_id)s)".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
# Modify an existing namespace.
|
# Modify an existing namespace.
|
||||||
@ -360,22 +360,23 @@
|
|||||||
# Get a specific object from a namespace.
|
# Get a specific object from a namespace.
|
||||||
# GET /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
# GET /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_metadef_object": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
#"get_metadef_object": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_metadef_object":"rule:metadef_default" has been deprecated
|
# "get_metadef_object":"rule:metadef_default" has been deprecated
|
||||||
# since X in favor of "get_metadef_object":"role:admin or (role:reader
|
# since X in favor of "get_metadef_object":"rule:context_is_admin or
|
||||||
# and (project_id:%(project_id)s or 'public':%(visibility)s))".
|
# (role:reader and (project_id:%(project_id)s or
|
||||||
|
# 'public':%(visibility)s))".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
# Get objects from a namespace.
|
# Get objects from a namespace.
|
||||||
# GET /v2/metadefs/namespaces/{namespace_name}/objects
|
# GET /v2/metadefs/namespaces/{namespace_name}/objects
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_metadef_objects": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
#"get_metadef_objects": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_metadef_objects":"rule:metadef_default" has been deprecated
|
# "get_metadef_objects":"rule:metadef_default" has been deprecated
|
||||||
# since X in favor of "get_metadef_objects":"role:admin or
|
# since X in favor of "get_metadef_objects":"rule:context_is_admin or
|
||||||
# (role:reader and (project_id:%(project_id)s or
|
# (role:reader and (project_id:%(project_id)s or
|
||||||
# 'public':%(visibility)s))".
|
# 'public':%(visibility)s))".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
@ -398,25 +399,25 @@
|
|||||||
# List meta definition resource types.
|
# List meta definition resource types.
|
||||||
# GET /v2/metadefs/resource_types
|
# GET /v2/metadefs/resource_types
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"list_metadef_resource_types": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
#"list_metadef_resource_types": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "list_metadef_resource_types":"rule:metadef_default" has been
|
# "list_metadef_resource_types":"rule:metadef_default" has been
|
||||||
# deprecated since X in favor of
|
# deprecated since X in favor of
|
||||||
# "list_metadef_resource_types":"role:admin or (role:reader and
|
# "list_metadef_resource_types":"rule:context_is_admin or (role:reader
|
||||||
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
# and (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
# Get meta definition resource types associations.
|
# Get meta definition resource types associations.
|
||||||
# GET /v2/metadefs/namespaces/{namespace_name}/resource_types
|
# GET /v2/metadefs/namespaces/{namespace_name}/resource_types
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_metadef_resource_type": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
#"get_metadef_resource_type": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_metadef_resource_type":"rule:metadef_default" has been
|
# "get_metadef_resource_type":"rule:metadef_default" has been
|
||||||
# deprecated since X in favor of
|
# deprecated since X in favor of
|
||||||
# "get_metadef_resource_type":"role:admin or (role:reader and
|
# "get_metadef_resource_type":"rule:context_is_admin or (role:reader
|
||||||
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
# and (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
# Create meta definition resource types association.
|
# Create meta definition resource types association.
|
||||||
@ -432,11 +433,11 @@
|
|||||||
# Get a specific meta definition property.
|
# Get a specific meta definition property.
|
||||||
# GET /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
# GET /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_metadef_property": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
#"get_metadef_property": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_metadef_property":"rule:metadef_default" has been deprecated
|
# "get_metadef_property":"rule:metadef_default" has been deprecated
|
||||||
# since X in favor of "get_metadef_property":"role:admin or
|
# since X in favor of "get_metadef_property":"rule:context_is_admin or
|
||||||
# (role:reader and (project_id:%(project_id)s or
|
# (role:reader and (project_id:%(project_id)s or
|
||||||
# 'public':%(visibility)s))".
|
# 'public':%(visibility)s))".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
@ -444,12 +445,12 @@
|
|||||||
# List meta definition properties.
|
# List meta definition properties.
|
||||||
# GET /v2/metadefs/namespaces/{namespace_name}/properties
|
# GET /v2/metadefs/namespaces/{namespace_name}/properties
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_metadef_properties": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
#"get_metadef_properties": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_metadef_properties":"rule:metadef_default" has been deprecated
|
# "get_metadef_properties":"rule:metadef_default" has been deprecated
|
||||||
# since X in favor of "get_metadef_properties":"role:admin or
|
# since X in favor of "get_metadef_properties":"rule:context_is_admin
|
||||||
# (role:reader and (project_id:%(project_id)s or
|
# or (role:reader and (project_id:%(project_id)s or
|
||||||
# 'public':%(visibility)s))".
|
# 'public':%(visibility)s))".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
@ -471,23 +472,24 @@
|
|||||||
# Get tag definition.
|
# Get tag definition.
|
||||||
# GET /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
# GET /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_metadef_tag": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
#"get_metadef_tag": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_metadef_tag":"rule:metadef_default" has been deprecated since X
|
# "get_metadef_tag":"rule:metadef_default" has been deprecated since X
|
||||||
# in favor of "get_metadef_tag":"role:admin or (role:reader and
|
# in favor of "get_metadef_tag":"rule:context_is_admin or (role:reader
|
||||||
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
# and (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
# List tag definitions.
|
# List tag definitions.
|
||||||
# GET /v2/metadefs/namespaces/{namespace_name}/tags
|
# GET /v2/metadefs/namespaces/{namespace_name}/tags
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_metadef_tags": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
#"get_metadef_tags": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_metadef_tags":"rule:metadef_default" has been deprecated since
|
# "get_metadef_tags":"rule:metadef_default" has been deprecated since
|
||||||
# X in favor of "get_metadef_tags":"role:admin or (role:reader and
|
# X in favor of "get_metadef_tags":"rule:context_is_admin or
|
||||||
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
# (role:reader and (project_id:%(project_id)s or
|
||||||
|
# 'public':%(visibility)s))".
|
||||||
# The metadata API now supports project scope and default roles.
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update tag definition.
|
# Update tag definition.
|
||||||
@ -518,36 +520,36 @@
|
|||||||
# Queue image for caching
|
# Queue image for caching
|
||||||
# PUT /v2/cache/{image_id}
|
# PUT /v2/cache/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"cache_image": "role:admin"
|
#"cache_image": "rule:context_is_admin"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "cache_image":"rule:manage_image_cache" has been deprecated since X
|
# "cache_image":"rule:manage_image_cache" has been deprecated since X
|
||||||
# in favor of "cache_image":"role:admin".
|
# in favor of "cache_image":"rule:context_is_admin".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# List cache status
|
# List cache status
|
||||||
# GET /v2/cache
|
# GET /v2/cache
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"cache_list": "role:admin"
|
#"cache_list": "rule:context_is_admin"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "cache_list":"rule:manage_image_cache" has been deprecated since X
|
# "cache_list":"rule:manage_image_cache" has been deprecated since X
|
||||||
# in favor of "cache_list":"role:admin".
|
# in favor of "cache_list":"rule:context_is_admin".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Delete image(s) from cache and/or queue
|
# Delete image(s) from cache and/or queue
|
||||||
# DELETE /v2/cache
|
# DELETE /v2/cache
|
||||||
# DELETE /v2/cache/{image_id}
|
# DELETE /v2/cache/{image_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"cache_delete": "role:admin"
|
#"cache_delete": "rule:context_is_admin"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "cache_delete":"rule:manage_image_cache" has been deprecated since X
|
# "cache_delete":"rule:manage_image_cache" has been deprecated since X
|
||||||
# in favor of "cache_delete":"role:admin".
|
# in favor of "cache_delete":"rule:context_is_admin".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Expose store specific information
|
# Expose store specific information
|
||||||
# GET /v2/info/stores/detail
|
# GET /v2/info/stores/detail
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"stores_info_detail": "role:admin"
|
#"stores_info_detail": "rule:context_is_admin"
|
||||||
|
|
||||||
|
@ -265,14 +265,51 @@
|
|||||||
# List availability zones
|
# List availability zones
|
||||||
# GET /availability_zones
|
# GET /availability_zones
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_availability_zone": "rule:admin_only"
|
#"get_availability_zone": "role:reader"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_availability_zone":"rule:regular_user" has been deprecated
|
# "get_availability_zone":"rule:regular_user" has been deprecated
|
||||||
# since W in favor of "get_availability_zone":"rule:admin_only".
|
# since W in favor of "get_availability_zone":"role:reader".
|
||||||
# The Availability Zone API now supports project scope and default
|
# The Availability Zone API now supports project scope and default
|
||||||
# roles.
|
# roles.
|
||||||
|
|
||||||
|
# Create a templated of the security group rule
|
||||||
|
# POST /default-security-group-rules
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"create_default_security_group_rule": "rule:admin_only"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "create_default_security_group_rule":"rule:admin_only" has been
|
||||||
|
# deprecated since 2023.2 in favor of
|
||||||
|
# "create_default_security_group_rule":"rule:admin_only".
|
||||||
|
# The default security group rules API supports system scope and
|
||||||
|
# default roles.
|
||||||
|
|
||||||
|
# Get a templated of the security group rule
|
||||||
|
# GET /default-security-group-rules
|
||||||
|
# GET /default-security-group-rules/{id}
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"get_default_security_group_rule": "role:reader"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "get_default_security_group_rule":"rule:regular_user" has been
|
||||||
|
# deprecated since 2023.2 in favor of
|
||||||
|
# "get_default_security_group_rule":"role:reader".
|
||||||
|
# The default security group rules API supports system scope and
|
||||||
|
# default roles.
|
||||||
|
|
||||||
|
# Delete a templated of the security group rule
|
||||||
|
# DELETE /default-security-group-rules/{id}
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"delete_default_security_group_rule": "rule:admin_only"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "delete_default_security_group_rule":"rule:admin_only" has been
|
||||||
|
# deprecated since 2023.2 in favor of
|
||||||
|
# "delete_default_security_group_rule":"rule:admin_only".
|
||||||
|
# The default security group rules API supports system scope and
|
||||||
|
# default roles.
|
||||||
|
|
||||||
# Create a flavor
|
# Create a flavor
|
||||||
# POST /flavors
|
# POST /flavors
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
@ -460,14 +497,13 @@
|
|||||||
# Create a floating IP port forwarding
|
# Create a floating IP port forwarding
|
||||||
# POST /floatingips/{floatingip_id}/port_forwardings
|
# POST /floatingips/{floatingip_id}/port_forwardings
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_floatingip_port_forwarding": "(rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner"
|
#"create_floatingip_port_forwarding": "(rule:admin_only) or (role:member and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_floatingip_port_forwarding":"rule:admin_or_ext_parent_owner"
|
# "create_floatingip_port_forwarding":"rule:admin_or_ext_parent_owner"
|
||||||
# has been deprecated since W in favor of
|
# has been deprecated since W in favor of
|
||||||
# "create_floatingip_port_forwarding":"(rule:admin_only) or
|
# "create_floatingip_port_forwarding":"(rule:admin_only) or
|
||||||
# (role:member and project_id:%(project_id)s) or
|
# (role:member and rule:ext_parent_owner)".
|
||||||
# rule:ext_parent_owner".
|
|
||||||
# The floating IP port forwarding API now supports system scope and
|
# The floating IP port forwarding API now supports system scope and
|
||||||
# default roles.
|
# default roles.
|
||||||
|
|
||||||
@ -475,41 +511,39 @@
|
|||||||
# GET /floatingips/{floatingip_id}/port_forwardings
|
# GET /floatingips/{floatingip_id}/port_forwardings
|
||||||
# GET /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
# GET /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_floatingip_port_forwarding": "(rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:ext_parent_owner"
|
#"get_floatingip_port_forwarding": "(rule:admin_only) or (role:reader and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_floatingip_port_forwarding":"rule:admin_or_ext_parent_owner"
|
# "get_floatingip_port_forwarding":"rule:admin_or_ext_parent_owner"
|
||||||
# has been deprecated since W in favor of
|
# has been deprecated since W in favor of
|
||||||
# "get_floatingip_port_forwarding":"(rule:admin_only) or (role:reader
|
# "get_floatingip_port_forwarding":"(rule:admin_only) or (role:reader
|
||||||
# and project_id:%(project_id)s) or rule:ext_parent_owner".
|
# and rule:ext_parent_owner)".
|
||||||
# The floating IP port forwarding API now supports system scope and
|
# The floating IP port forwarding API now supports system scope and
|
||||||
# default roles.
|
# default roles.
|
||||||
|
|
||||||
# Update a floating IP port forwarding
|
# Update a floating IP port forwarding
|
||||||
# PUT /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
# PUT /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_floatingip_port_forwarding": "(rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner"
|
#"update_floatingip_port_forwarding": "(rule:admin_only) or (role:member and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_floatingip_port_forwarding":"rule:admin_or_ext_parent_owner"
|
# "update_floatingip_port_forwarding":"rule:admin_or_ext_parent_owner"
|
||||||
# has been deprecated since W in favor of
|
# has been deprecated since W in favor of
|
||||||
# "update_floatingip_port_forwarding":"(rule:admin_only) or
|
# "update_floatingip_port_forwarding":"(rule:admin_only) or
|
||||||
# (role:member and project_id:%(project_id)s) or
|
# (role:member and rule:ext_parent_owner)".
|
||||||
# rule:ext_parent_owner".
|
|
||||||
# The floating IP port forwarding API now supports system scope and
|
# The floating IP port forwarding API now supports system scope and
|
||||||
# default roles.
|
# default roles.
|
||||||
|
|
||||||
# Delete a floating IP port forwarding
|
# Delete a floating IP port forwarding
|
||||||
# DELETE /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
# DELETE /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"delete_floatingip_port_forwarding": "(rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner"
|
#"delete_floatingip_port_forwarding": "(rule:admin_only) or (role:member and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "delete_floatingip_port_forwarding":"rule:admin_or_ext_parent_owner"
|
# "delete_floatingip_port_forwarding":"rule:admin_or_ext_parent_owner"
|
||||||
# has been deprecated since W in favor of
|
# has been deprecated since W in favor of
|
||||||
# "delete_floatingip_port_forwarding":"(rule:admin_only) or
|
# "delete_floatingip_port_forwarding":"(rule:admin_only) or
|
||||||
# (role:member and project_id:%(project_id)s) or
|
# (role:member and rule:ext_parent_owner)".
|
||||||
# rule:ext_parent_owner".
|
|
||||||
# The floating IP port forwarding API now supports system scope and
|
# The floating IP port forwarding API now supports system scope and
|
||||||
# default roles.
|
# default roles.
|
||||||
|
|
||||||
@ -1139,6 +1173,26 @@
|
|||||||
# The network segment range API now supports project scope and default
|
# The network segment range API now supports project scope and default
|
||||||
# roles.
|
# roles.
|
||||||
|
|
||||||
|
# Get port binding information
|
||||||
|
# GET /ports/{port_id}/bindings/
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"get_port_binding": "rule:admin_only"
|
||||||
|
|
||||||
|
# Create port binding on the host
|
||||||
|
# POST /ports/{port_id}/bindings/
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"create_port_binding": "rule:admin_only"
|
||||||
|
|
||||||
|
# Delete port binding on the host
|
||||||
|
# DELETE /ports/{port_id}/bindings/
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"delete_port_binding": "rule:admin_only"
|
||||||
|
|
||||||
|
# Activate port binding on the host
|
||||||
|
# PUT /ports/{port_id}/bindings/{host}
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"activate": "rule:admin_only"
|
||||||
|
|
||||||
# Definition of port with network device_owner
|
# Definition of port with network device_owner
|
||||||
#"network_device": "field:port:device_owner=~^network:"
|
#"network_device": "field:port:device_owner=~^network:"
|
||||||
|
|
||||||
@ -1159,75 +1213,77 @@
|
|||||||
# Specify ``device_owner`` attribute when creating a port
|
# Specify ``device_owner`` attribute when creating a port
|
||||||
# POST /ports
|
# POST /ports
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_port:device_owner": "not rule:network_device or rule:admin_only or rule:context_is_advsvc or rule:network_owner"
|
#"create_port:device_owner": "not rule:network_device or rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_port:device_owner":"not rule:network_device or
|
# "create_port:device_owner":"not rule:network_device or
|
||||||
# rule:context_is_advsvc or rule:admin_or_network_owner" has been
|
# rule:context_is_advsvc or rule:admin_or_network_owner" has been
|
||||||
# deprecated since W in favor of "create_port:device_owner":"not
|
# deprecated since W in favor of "create_port:device_owner":"not
|
||||||
# rule:network_device or rule:admin_only or rule:context_is_advsvc or
|
# rule:network_device or rule:context_is_advsvc or (rule:admin_only)
|
||||||
# rule:network_owner".
|
# or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify ``mac_address`` attribute when creating a port
|
# Specify ``mac_address`` attribute when creating a port
|
||||||
# POST /ports
|
# POST /ports
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_port:mac_address": "rule:context_is_advsvc or rule:network_owner or rule:admin_only"
|
#"create_port:mac_address": "rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_port:mac_address":"rule:context_is_advsvc or
|
# "create_port:mac_address":"rule:context_is_advsvc or
|
||||||
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
||||||
# "create_port:mac_address":"rule:context_is_advsvc or
|
# "create_port:mac_address":"rule:context_is_advsvc or
|
||||||
# rule:network_owner or rule:admin_only".
|
# (rule:admin_only) or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify ``fixed_ips`` information when creating a port
|
# Specify ``fixed_ips`` information when creating a port
|
||||||
# POST /ports
|
# POST /ports
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_port:fixed_ips": "rule:context_is_advsvc or rule:network_owner or rule:admin_only or rule:shared"
|
#"create_port:fixed_ips": "rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner) or rule:shared"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_port:fixed_ips":"rule:context_is_advsvc or
|
# "create_port:fixed_ips":"rule:context_is_advsvc or
|
||||||
# rule:admin_or_network_owner or rule:shared" has been deprecated
|
# rule:admin_or_network_owner or rule:shared" has been deprecated
|
||||||
# since W in favor of "create_port:fixed_ips":"rule:context_is_advsvc
|
# since W in favor of "create_port:fixed_ips":"rule:context_is_advsvc
|
||||||
# or rule:network_owner or rule:admin_only or rule:shared".
|
# or (rule:admin_only) or (role:member and rule:network_owner) or
|
||||||
|
# rule:shared".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify IP address in ``fixed_ips`` when creating a port
|
# Specify IP address in ``fixed_ips`` when creating a port
|
||||||
# POST /ports
|
# POST /ports
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:network_owner or rule:admin_only"
|
#"create_port:fixed_ips:ip_address": "rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_port:fixed_ips:ip_address":"rule:context_is_advsvc or
|
# "create_port:fixed_ips:ip_address":"rule:context_is_advsvc or
|
||||||
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
||||||
# "create_port:fixed_ips:ip_address":"rule:context_is_advsvc or
|
# "create_port:fixed_ips:ip_address":"rule:context_is_advsvc or
|
||||||
# rule:network_owner or rule:admin_only".
|
# (rule:admin_only) or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify subnet ID in ``fixed_ips`` when creating a port
|
# Specify subnet ID in ``fixed_ips`` when creating a port
|
||||||
# POST /ports
|
# POST /ports
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:network_owner or rule:admin_only or rule:shared"
|
#"create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner) or rule:shared"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_port:fixed_ips:subnet_id":"rule:context_is_advsvc or
|
# "create_port:fixed_ips:subnet_id":"rule:context_is_advsvc or
|
||||||
# rule:admin_or_network_owner or rule:shared" has been deprecated
|
# rule:admin_or_network_owner or rule:shared" has been deprecated
|
||||||
# since W in favor of
|
# since W in favor of
|
||||||
# "create_port:fixed_ips:subnet_id":"rule:context_is_advsvc or
|
# "create_port:fixed_ips:subnet_id":"rule:context_is_advsvc or
|
||||||
# rule:network_owner or rule:admin_only or rule:shared".
|
# (rule:admin_only) or (role:member and rule:network_owner) or
|
||||||
|
# rule:shared".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify ``port_security_enabled`` attribute when creating a port
|
# Specify ``port_security_enabled`` attribute when creating a port
|
||||||
# POST /ports
|
# POST /ports
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_port:port_security_enabled": "rule:context_is_advsvc or rule:network_owner or rule:admin_only"
|
#"create_port:port_security_enabled": "rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_port:port_security_enabled":"rule:context_is_advsvc or
|
# "create_port:port_security_enabled":"rule:context_is_advsvc or
|
||||||
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
||||||
# "create_port:port_security_enabled":"rule:context_is_advsvc or
|
# "create_port:port_security_enabled":"rule:context_is_advsvc or
|
||||||
# rule:network_owner or rule:admin_only".
|
# (rule:admin_only) or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify ``binding:host_id`` attribute when creating a port
|
# Specify ``binding:host_id`` attribute when creating a port
|
||||||
@ -1265,52 +1321,58 @@
|
|||||||
# Specify ``allowed_address_pairs`` attribute when creating a port
|
# Specify ``allowed_address_pairs`` attribute when creating a port
|
||||||
# POST /ports
|
# POST /ports
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_port:allowed_address_pairs": "rule:admin_only or rule:network_owner"
|
#"create_port:allowed_address_pairs": "(rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_port:allowed_address_pairs":"rule:admin_or_network_owner"
|
# "create_port:allowed_address_pairs":"rule:admin_or_network_owner"
|
||||||
# has been deprecated since W in favor of
|
# has been deprecated since W in favor of
|
||||||
# "create_port:allowed_address_pairs":"rule:admin_only or
|
# "create_port:allowed_address_pairs":"(rule:admin_only) or
|
||||||
# rule:network_owner".
|
# (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify ``mac_address` of `allowed_address_pairs`` attribute when
|
# Specify ``mac_address` of `allowed_address_pairs`` attribute when
|
||||||
# creating a port
|
# creating a port
|
||||||
# POST /ports
|
# POST /ports
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_port:allowed_address_pairs:mac_address": "rule:admin_only or rule:network_owner"
|
#"create_port:allowed_address_pairs:mac_address": "(rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_port:allowed_address_pairs:mac_address":"rule:admin_or_netwo
|
# "create_port:allowed_address_pairs:mac_address":"rule:admin_or_netwo
|
||||||
# rk_owner" has been deprecated since W in favor of
|
# rk_owner" has been deprecated since W in favor of
|
||||||
# "create_port:allowed_address_pairs:mac_address":"rule:admin_only or
|
# "create_port:allowed_address_pairs:mac_address":"(rule:admin_only)
|
||||||
# rule:network_owner".
|
# or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify ``ip_address`` of ``allowed_address_pairs`` attribute when
|
# Specify ``ip_address`` of ``allowed_address_pairs`` attribute when
|
||||||
# creating a port
|
# creating a port
|
||||||
# POST /ports
|
# POST /ports
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_port:allowed_address_pairs:ip_address": "rule:admin_only or rule:network_owner"
|
#"create_port:allowed_address_pairs:ip_address": "(rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_port:allowed_address_pairs:ip_address":"rule:admin_or_networ
|
# "create_port:allowed_address_pairs:ip_address":"rule:admin_or_networ
|
||||||
# k_owner" has been deprecated since W in favor of
|
# k_owner" has been deprecated since W in favor of
|
||||||
# "create_port:allowed_address_pairs:ip_address":"rule:admin_only or
|
# "create_port:allowed_address_pairs:ip_address":"(rule:admin_only) or
|
||||||
# rule:network_owner".
|
# (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Specify ``hints`` attribute when creating a port
|
||||||
|
# POST /ports
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"create_port:hints": "rule:admin_only"
|
||||||
|
|
||||||
# Get a port
|
# Get a port
|
||||||
# GET /ports
|
# GET /ports
|
||||||
# GET /ports/{id}
|
# GET /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_port": "rule:admin_only or rule:context_is_advsvc or role:reader and project_id:%(project_id)s"
|
#"get_port": "rule:context_is_advsvc or (rule:admin_only) or (role:reader and rule:network_owner) or role:reader and project_id:%(project_id)s"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_port":"rule:context_is_advsvc or
|
# "get_port":"rule:context_is_advsvc or
|
||||||
# rule:admin_owner_or_network_owner" has been deprecated since W in
|
# rule:admin_owner_or_network_owner" has been deprecated since W in
|
||||||
# favor of "get_port":"rule:admin_only or rule:context_is_advsvc or
|
# favor of "get_port":"rule:context_is_advsvc or (rule:admin_only) or
|
||||||
# role:reader and project_id:%(project_id)s".
|
# (role:reader and rule:network_owner) or role:reader and
|
||||||
|
# project_id:%(project_id)s".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Get ``binding:vif_type`` attribute of a port
|
# Get ``binding:vif_type`` attribute of a port
|
||||||
@ -1369,6 +1431,12 @@
|
|||||||
# since W in favor of "get_port:resource_request":"rule:admin_only".
|
# since W in favor of "get_port:resource_request":"rule:admin_only".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Get ``hints`` attribute of a port
|
||||||
|
# GET /ports
|
||||||
|
# GET /ports/{id}
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"get_port:hints": "rule:admin_only"
|
||||||
|
|
||||||
# Update a port
|
# Update a port
|
||||||
# PUT /ports/{id}
|
# PUT /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
@ -1384,14 +1452,14 @@
|
|||||||
# Update ``device_owner`` attribute of a port
|
# Update ``device_owner`` attribute of a port
|
||||||
# PUT /ports/{id}
|
# PUT /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:network_owner or rule:admin_only"
|
#"update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_port:device_owner":"not rule:network_device or
|
# "update_port:device_owner":"not rule:network_device or
|
||||||
# rule:context_is_advsvc or rule:admin_or_network_owner" has been
|
# rule:context_is_advsvc or rule:admin_or_network_owner" has been
|
||||||
# deprecated since W in favor of "update_port:device_owner":"not
|
# deprecated since W in favor of "update_port:device_owner":"not
|
||||||
# rule:network_device or rule:context_is_advsvc or rule:network_owner
|
# rule:network_device or rule:context_is_advsvc or (rule:admin_only)
|
||||||
# or rule:admin_only".
|
# or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update ``mac_address`` attribute of a port
|
# Update ``mac_address`` attribute of a port
|
||||||
@ -1409,50 +1477,51 @@
|
|||||||
# Specify ``fixed_ips`` information when updating a port
|
# Specify ``fixed_ips`` information when updating a port
|
||||||
# PUT /ports/{id}
|
# PUT /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_port:fixed_ips": "rule:context_is_advsvc or rule:network_owner or rule:admin_only"
|
#"update_port:fixed_ips": "rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_port:fixed_ips":"rule:context_is_advsvc or
|
# "update_port:fixed_ips":"rule:context_is_advsvc or
|
||||||
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
||||||
# "update_port:fixed_ips":"rule:context_is_advsvc or
|
# "update_port:fixed_ips":"rule:context_is_advsvc or (rule:admin_only)
|
||||||
# rule:network_owner or rule:admin_only".
|
# or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify IP address in ``fixed_ips`` information when updating a port
|
# Specify IP address in ``fixed_ips`` information when updating a port
|
||||||
# PUT /ports/{id}
|
# PUT /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:network_owner or rule:admin_only"
|
#"update_port:fixed_ips:ip_address": "rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_port:fixed_ips:ip_address":"rule:context_is_advsvc or
|
# "update_port:fixed_ips:ip_address":"rule:context_is_advsvc or
|
||||||
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
||||||
# "update_port:fixed_ips:ip_address":"rule:context_is_advsvc or
|
# "update_port:fixed_ips:ip_address":"rule:context_is_advsvc or
|
||||||
# rule:network_owner or rule:admin_only".
|
# (rule:admin_only) or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Specify subnet ID in ``fixed_ips`` information when updating a port
|
# Specify subnet ID in ``fixed_ips`` information when updating a port
|
||||||
# PUT /ports/{id}
|
# PUT /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:network_owner or rule:admin_only or rule:shared"
|
#"update_port:fixed_ips:subnet_id": "rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner) or rule:shared"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_port:fixed_ips:subnet_id":"rule:context_is_advsvc or
|
# "update_port:fixed_ips:subnet_id":"rule:context_is_advsvc or
|
||||||
# rule:admin_or_network_owner or rule:shared" has been deprecated
|
# rule:admin_or_network_owner or rule:shared" has been deprecated
|
||||||
# since W in favor of
|
# since W in favor of
|
||||||
# "update_port:fixed_ips:subnet_id":"rule:context_is_advsvc or
|
# "update_port:fixed_ips:subnet_id":"rule:context_is_advsvc or
|
||||||
# rule:network_owner or rule:admin_only or rule:shared".
|
# (rule:admin_only) or (role:member and rule:network_owner) or
|
||||||
|
# rule:shared".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update ``port_security_enabled`` attribute of a port
|
# Update ``port_security_enabled`` attribute of a port
|
||||||
# PUT /ports/{id}
|
# PUT /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_port:port_security_enabled": "rule:context_is_advsvc or rule:network_owner or rule:admin_only"
|
#"update_port:port_security_enabled": "rule:context_is_advsvc or (rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_port:port_security_enabled":"rule:context_is_advsvc or
|
# "update_port:port_security_enabled":"rule:context_is_advsvc or
|
||||||
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
# rule:admin_or_network_owner" has been deprecated since W in favor of
|
||||||
# "update_port:port_security_enabled":"rule:context_is_advsvc or
|
# "update_port:port_security_enabled":"rule:context_is_advsvc or
|
||||||
# rule:network_owner or rule:admin_only".
|
# (rule:admin_only) or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update ``binding:host_id`` attribute of a port
|
# Update ``binding:host_id`` attribute of a port
|
||||||
@ -1490,39 +1559,39 @@
|
|||||||
# Update ``allowed_address_pairs`` attribute of a port
|
# Update ``allowed_address_pairs`` attribute of a port
|
||||||
# PUT /ports/{id}
|
# PUT /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_port:allowed_address_pairs": "rule:admin_only or rule:network_owner"
|
#"update_port:allowed_address_pairs": "(rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_port:allowed_address_pairs":"rule:admin_or_network_owner"
|
# "update_port:allowed_address_pairs":"rule:admin_or_network_owner"
|
||||||
# has been deprecated since W in favor of
|
# has been deprecated since W in favor of
|
||||||
# "update_port:allowed_address_pairs":"rule:admin_only or
|
# "update_port:allowed_address_pairs":"(rule:admin_only) or
|
||||||
# rule:network_owner".
|
# (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update ``mac_address`` of ``allowed_address_pairs`` attribute of a
|
# Update ``mac_address`` of ``allowed_address_pairs`` attribute of a
|
||||||
# port
|
# port
|
||||||
# PUT /ports/{id}
|
# PUT /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_port:allowed_address_pairs:mac_address": "rule:admin_only or rule:network_owner"
|
#"update_port:allowed_address_pairs:mac_address": "(rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_port:allowed_address_pairs:mac_address":"rule:admin_or_netwo
|
# "update_port:allowed_address_pairs:mac_address":"rule:admin_or_netwo
|
||||||
# rk_owner" has been deprecated since W in favor of
|
# rk_owner" has been deprecated since W in favor of
|
||||||
# "update_port:allowed_address_pairs:mac_address":"rule:admin_only or
|
# "update_port:allowed_address_pairs:mac_address":"(rule:admin_only)
|
||||||
# rule:network_owner".
|
# or (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update ``ip_address`` of ``allowed_address_pairs`` attribute of a
|
# Update ``ip_address`` of ``allowed_address_pairs`` attribute of a
|
||||||
# port
|
# port
|
||||||
# PUT /ports/{id}
|
# PUT /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_port:allowed_address_pairs:ip_address": "rule:admin_only or rule:network_owner"
|
#"update_port:allowed_address_pairs:ip_address": "(rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_port:allowed_address_pairs:ip_address":"rule:admin_or_networ
|
# "update_port:allowed_address_pairs:ip_address":"rule:admin_or_networ
|
||||||
# k_owner" has been deprecated since W in favor of
|
# k_owner" has been deprecated since W in favor of
|
||||||
# "update_port:allowed_address_pairs:ip_address":"rule:admin_only or
|
# "update_port:allowed_address_pairs:ip_address":"(rule:admin_only) or
|
||||||
# rule:network_owner".
|
# (role:member and rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update ``data_plane_status`` attribute of a port
|
# Update ``data_plane_status`` attribute of a port
|
||||||
@ -1537,16 +1606,22 @@
|
|||||||
# role:data_plane_integrator".
|
# role:data_plane_integrator".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Update ``hints`` attribute of a port
|
||||||
|
# PUT /ports/{id}
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"update_port:hints": "rule:admin_only"
|
||||||
|
|
||||||
# Delete a port
|
# Delete a port
|
||||||
# DELETE /ports/{id}
|
# DELETE /ports/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"delete_port": "rule:admin_only or rule:context_is_advsvc or role:member and project_id:%(project_id)s or rule:network_owner"
|
#"delete_port": "rule:context_is_advsvc or role:member and project_id:%(project_id)s or (rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "delete_port":"rule:context_is_advsvc or
|
# "delete_port":"rule:context_is_advsvc or
|
||||||
# rule:admin_owner_or_network_owner" has been deprecated since W in
|
# rule:admin_owner_or_network_owner" has been deprecated since W in
|
||||||
# favor of "delete_port":"rule:admin_only or rule:context_is_advsvc or
|
# favor of "delete_port":"rule:context_is_advsvc or role:member and
|
||||||
# role:member and project_id:%(project_id)s or rule:network_owner".
|
# project_id:%(project_id)s or (rule:admin_only) or (role:member and
|
||||||
|
# rule:network_owner)".
|
||||||
# The port API now supports project scope and default roles.
|
# The port API now supports project scope and default roles.
|
||||||
|
|
||||||
# Rule of shared qos policy
|
# Rule of shared qos policy
|
||||||
@ -1598,24 +1673,24 @@
|
|||||||
# GET /qos/rule-types
|
# GET /qos/rule-types
|
||||||
# GET /qos/rule-types/{rule_type}
|
# GET /qos/rule-types/{rule_type}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_rule_type": "rule:admin_only"
|
#"get_rule_type": "role:reader"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_rule_type":"rule:regular_user" has been deprecated since W in
|
# "get_rule_type":"rule:regular_user" has been deprecated since W in
|
||||||
# favor of "get_rule_type":"rule:admin_only".
|
# favor of "get_rule_type":"role:reader".
|
||||||
# The QoS API now supports project scope and default roles.
|
# The QoS API now supports project scope and default roles.
|
||||||
|
|
||||||
# Get a QoS bandwidth limit rule
|
# Get a QoS bandwidth limit rule
|
||||||
# GET /qos/policies/{policy_id}/bandwidth_limit_rules
|
# GET /qos/policies/{policy_id}/bandwidth_limit_rules
|
||||||
# GET /qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}
|
# GET /qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_policy_bandwidth_limit_rule": "(rule:admin_only) or (role:reader and project_id:%(project_id)s)"
|
#"get_policy_bandwidth_limit_rule": "(rule:admin_only) or (role:reader and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_policy_bandwidth_limit_rule":"rule:regular_user" has been
|
# "get_policy_bandwidth_limit_rule":"rule:regular_user" has been
|
||||||
# deprecated since W in favor of
|
# deprecated since W in favor of
|
||||||
# "get_policy_bandwidth_limit_rule":"(rule:admin_only) or (role:reader
|
# "get_policy_bandwidth_limit_rule":"(rule:admin_only) or (role:reader
|
||||||
# and project_id:%(project_id)s)".
|
# and rule:ext_parent_owner)".
|
||||||
# The QoS API now supports project scope and default roles.
|
# The QoS API now supports project scope and default roles.
|
||||||
|
|
||||||
# Create a QoS bandwidth limit rule
|
# Create a QoS bandwidth limit rule
|
||||||
@ -1655,7 +1730,7 @@
|
|||||||
# GET /qos/policies/{policy_id}/packet_rate_limit_rules
|
# GET /qos/policies/{policy_id}/packet_rate_limit_rules
|
||||||
# GET /qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}
|
# GET /qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_policy_packet_rate_limit_rule": "(rule:admin_only) or (role:reader and project_id:%(project_id)s)"
|
#"get_policy_packet_rate_limit_rule": "(rule:admin_only) or (role:reader and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# Create a QoS packet rate limit rule
|
# Create a QoS packet rate limit rule
|
||||||
# POST /qos/policies/{policy_id}/packet_rate_limit_rules
|
# POST /qos/policies/{policy_id}/packet_rate_limit_rules
|
||||||
@ -1676,13 +1751,13 @@
|
|||||||
# GET /qos/policies/{policy_id}/dscp_marking_rules
|
# GET /qos/policies/{policy_id}/dscp_marking_rules
|
||||||
# GET /qos/policies/{policy_id}/dscp_marking_rules/{rule_id}
|
# GET /qos/policies/{policy_id}/dscp_marking_rules/{rule_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_policy_dscp_marking_rule": "(rule:admin_only) or (role:reader and project_id:%(project_id)s)"
|
#"get_policy_dscp_marking_rule": "(rule:admin_only) or (role:reader and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_policy_dscp_marking_rule":"rule:regular_user" has been
|
# "get_policy_dscp_marking_rule":"rule:regular_user" has been
|
||||||
# deprecated since W in favor of
|
# deprecated since W in favor of
|
||||||
# "get_policy_dscp_marking_rule":"(rule:admin_only) or (role:reader
|
# "get_policy_dscp_marking_rule":"(rule:admin_only) or (role:reader
|
||||||
# and project_id:%(project_id)s)".
|
# and rule:ext_parent_owner)".
|
||||||
# The QoS API now supports project scope and default roles.
|
# The QoS API now supports project scope and default roles.
|
||||||
|
|
||||||
# Create a QoS DSCP marking rule
|
# Create a QoS DSCP marking rule
|
||||||
@ -1722,13 +1797,13 @@
|
|||||||
# GET /qos/policies/{policy_id}/minimum_bandwidth_rules
|
# GET /qos/policies/{policy_id}/minimum_bandwidth_rules
|
||||||
# GET /qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}
|
# GET /qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_policy_minimum_bandwidth_rule": "(rule:admin_only) or (role:reader and project_id:%(project_id)s)"
|
#"get_policy_minimum_bandwidth_rule": "(rule:admin_only) or (role:reader and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_policy_minimum_bandwidth_rule":"rule:regular_user" has been
|
# "get_policy_minimum_bandwidth_rule":"rule:regular_user" has been
|
||||||
# deprecated since W in favor of
|
# deprecated since W in favor of
|
||||||
# "get_policy_minimum_bandwidth_rule":"(rule:admin_only) or
|
# "get_policy_minimum_bandwidth_rule":"(rule:admin_only) or
|
||||||
# (role:reader and project_id:%(project_id)s)".
|
# (role:reader and rule:ext_parent_owner)".
|
||||||
# The QoS API now supports project scope and default roles.
|
# The QoS API now supports project scope and default roles.
|
||||||
|
|
||||||
# Create a QoS minimum bandwidth rule
|
# Create a QoS minimum bandwidth rule
|
||||||
@ -1768,7 +1843,7 @@
|
|||||||
# GET /qos/policies/{policy_id}/minimum_packet_rate_rules
|
# GET /qos/policies/{policy_id}/minimum_packet_rate_rules
|
||||||
# GET /qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}
|
# GET /qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_policy_minimum_packet_rate_rule": "(rule:admin_only) or (role:reader and project_id:%(project_id)s)"
|
#"get_policy_minimum_packet_rate_rule": "(rule:admin_only) or (role:reader and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# Create a QoS minimum packet rate rule
|
# Create a QoS minimum packet rate rule
|
||||||
# POST /qos/policies/{policy_id}/minimum_packet_rate_rules
|
# POST /qos/policies/{policy_id}/minimum_packet_rate_rules
|
||||||
@ -1788,13 +1863,13 @@
|
|||||||
# Get a QoS bandwidth limit rule through alias
|
# Get a QoS bandwidth limit rule through alias
|
||||||
# GET /qos/alias_bandwidth_limit_rules/{rule_id}/
|
# GET /qos/alias_bandwidth_limit_rules/{rule_id}/
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_alias_bandwidth_limit_rule": "(rule:admin_only) or (role:reader and project_id:%(project_id)s)"
|
#"get_alias_bandwidth_limit_rule": "(rule:admin_only) or (role:reader and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_alias_bandwidth_limit_rule":"rule:regular_user" has been
|
# "get_alias_bandwidth_limit_rule":"rule:regular_user" has been
|
||||||
# deprecated since W in favor of
|
# deprecated since W in favor of
|
||||||
# "get_alias_bandwidth_limit_rule":"(rule:admin_only) or (role:reader
|
# "get_alias_bandwidth_limit_rule":"(rule:admin_only) or (role:reader
|
||||||
# and project_id:%(project_id)s)".
|
# and rule:ext_parent_owner)".
|
||||||
# The QoS API now supports project scope and default roles.
|
# The QoS API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update a QoS bandwidth limit rule through alias
|
# Update a QoS bandwidth limit rule through alias
|
||||||
@ -1822,13 +1897,13 @@
|
|||||||
# Get a QoS DSCP marking rule through alias
|
# Get a QoS DSCP marking rule through alias
|
||||||
# GET /qos/alias_dscp_marking_rules/{rule_id}/
|
# GET /qos/alias_dscp_marking_rules/{rule_id}/
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_alias_dscp_marking_rule": "(rule:admin_only) or (role:reader and project_id:%(project_id)s)"
|
#"get_alias_dscp_marking_rule": "(rule:admin_only) or (role:reader and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_alias_dscp_marking_rule":"rule:regular_user" has been
|
# "get_alias_dscp_marking_rule":"rule:regular_user" has been
|
||||||
# deprecated since W in favor of
|
# deprecated since W in favor of
|
||||||
# "get_alias_dscp_marking_rule":"(rule:admin_only) or (role:reader and
|
# "get_alias_dscp_marking_rule":"(rule:admin_only) or (role:reader and
|
||||||
# project_id:%(project_id)s)".
|
# rule:ext_parent_owner)".
|
||||||
# The QoS API now supports project scope and default roles.
|
# The QoS API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update a QoS DSCP marking rule through alias
|
# Update a QoS DSCP marking rule through alias
|
||||||
@ -1856,13 +1931,13 @@
|
|||||||
# Get a QoS minimum bandwidth rule through alias
|
# Get a QoS minimum bandwidth rule through alias
|
||||||
# GET /qos/alias_minimum_bandwidth_rules/{rule_id}/
|
# GET /qos/alias_minimum_bandwidth_rules/{rule_id}/
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"get_alias_minimum_bandwidth_rule": "(rule:admin_only) or (role:reader and project_id:%(project_id)s)"
|
#"get_alias_minimum_bandwidth_rule": "(rule:admin_only) or (role:reader and rule:ext_parent_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_alias_minimum_bandwidth_rule":"rule:regular_user" has been
|
# "get_alias_minimum_bandwidth_rule":"rule:regular_user" has been
|
||||||
# deprecated since W in favor of
|
# deprecated since W in favor of
|
||||||
# "get_alias_minimum_bandwidth_rule":"(rule:admin_only) or
|
# "get_alias_minimum_bandwidth_rule":"(rule:admin_only) or
|
||||||
# (role:reader and project_id:%(project_id)s)".
|
# (role:reader and rule:ext_parent_owner)".
|
||||||
# The QoS API now supports project scope and default roles.
|
# The QoS API now supports project scope and default roles.
|
||||||
|
|
||||||
# Update a QoS minimum bandwidth rule through alias
|
# Update a QoS minimum bandwidth rule through alias
|
||||||
@ -2087,6 +2162,18 @@
|
|||||||
# al_gateway_info:external_fixed_ips":"rule:admin_only".
|
# al_gateway_info:external_fixed_ips":"rule:admin_only".
|
||||||
# The router API now supports system scope and default roles.
|
# The router API now supports system scope and default roles.
|
||||||
|
|
||||||
|
# Specify ``enable_default_route_bfd`` attribute when creating a
|
||||||
|
# router
|
||||||
|
# POST /routers
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"create_router:enable_default_route_bfd": "rule:admin_only"
|
||||||
|
|
||||||
|
# Specify ``enable_default_route_ecmp`` attribute when creating a
|
||||||
|
# router
|
||||||
|
# POST /routers
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"create_router:enable_default_route_ecmp": "rule:admin_only"
|
||||||
|
|
||||||
# Get a router
|
# Get a router
|
||||||
# GET /routers
|
# GET /routers
|
||||||
# GET /routers/{id}
|
# GET /routers/{id}
|
||||||
@ -2201,6 +2288,18 @@
|
|||||||
# al_gateway_info:external_fixed_ips":"rule:admin_only".
|
# al_gateway_info:external_fixed_ips":"rule:admin_only".
|
||||||
# The router API now supports system scope and default roles.
|
# The router API now supports system scope and default roles.
|
||||||
|
|
||||||
|
# Specify ``enable_default_route_bfd`` attribute when updating a
|
||||||
|
# router
|
||||||
|
# POST /routers
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"update_router:enable_default_route_bfd": "rule:admin_only"
|
||||||
|
|
||||||
|
# Specify ``enable_default_route_ecmp`` attribute when updating a
|
||||||
|
# router
|
||||||
|
# POST /routers
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"update_router:enable_default_route_ecmp": "rule:admin_only"
|
||||||
|
|
||||||
# Delete a router
|
# Delete a router
|
||||||
# DELETE /routers/{id}
|
# DELETE /routers/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
@ -2402,12 +2501,12 @@
|
|||||||
# Create a subnet
|
# Create a subnet
|
||||||
# POST /subnets
|
# POST /subnets
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"create_subnet": "(rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:network_owner"
|
#"create_subnet": "(rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "create_subnet":"rule:admin_or_network_owner" has been deprecated
|
# "create_subnet":"rule:admin_or_network_owner" has been deprecated
|
||||||
# since W in favor of "create_subnet":"(rule:admin_only) or
|
# since W in favor of "create_subnet":"(rule:admin_only) or
|
||||||
# (role:member and project_id:%(project_id)s) or rule:network_owner".
|
# (role:member and rule:network_owner)".
|
||||||
# The subnet API now supports system scope and default roles.
|
# The subnet API now supports system scope and default roles.
|
||||||
|
|
||||||
# Specify ``segment_id`` attribute when creating a subnet
|
# Specify ``segment_id`` attribute when creating a subnet
|
||||||
@ -2456,12 +2555,12 @@
|
|||||||
# Update a subnet
|
# Update a subnet
|
||||||
# PUT /subnets/{id}
|
# PUT /subnets/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"update_subnet": "(rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:network_owner"
|
#"update_subnet": "(rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "update_subnet":"rule:admin_or_network_owner" has been deprecated
|
# "update_subnet":"rule:admin_or_network_owner" has been deprecated
|
||||||
# since W in favor of "update_subnet":"(rule:admin_only) or
|
# since W in favor of "update_subnet":"(rule:admin_only) or
|
||||||
# (role:member and project_id:%(project_id)s) or rule:network_owner".
|
# (role:member and rule:network_owner)".
|
||||||
# The subnet API now supports system scope and default roles.
|
# The subnet API now supports system scope and default roles.
|
||||||
|
|
||||||
# Update ``segment_id`` attribute of a subnet
|
# Update ``segment_id`` attribute of a subnet
|
||||||
@ -2487,12 +2586,12 @@
|
|||||||
# Delete a subnet
|
# Delete a subnet
|
||||||
# DELETE /subnets/{id}
|
# DELETE /subnets/{id}
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"delete_subnet": "(rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:network_owner"
|
#"delete_subnet": "(rule:admin_only) or (role:member and rule:network_owner)"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "delete_subnet":"rule:admin_or_network_owner" has been deprecated
|
# "delete_subnet":"rule:admin_or_network_owner" has been deprecated
|
||||||
# since W in favor of "delete_subnet":"(rule:admin_only) or
|
# since W in favor of "delete_subnet":"(rule:admin_only) or
|
||||||
# (role:member and project_id:%(project_id)s) or rule:network_owner".
|
# (role:member and rule:network_owner)".
|
||||||
# The subnet API now supports system scope and default roles.
|
# The subnet API now supports system scope and default roles.
|
||||||
|
|
||||||
# Definition of a shared subnetpool
|
# Definition of a shared subnetpool
|
||||||
|
@ -1169,11 +1169,16 @@
|
|||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"os_compute_api:os-lock-server:unlock:unlock_override": "rule:context_is_admin"
|
#"os_compute_api:os-lock-server:unlock:unlock_override": "rule:context_is_admin"
|
||||||
|
|
||||||
# Cold migrate a server to a host
|
# Cold migrate a server without specifying a host
|
||||||
# POST /servers/{server_id}/action (migrate)
|
# POST /servers/{server_id}/action (migrate)
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
#"os_compute_api:os-migrate-server:migrate": "rule:context_is_admin"
|
#"os_compute_api:os-migrate-server:migrate": "rule:context_is_admin"
|
||||||
|
|
||||||
|
# Cold migrate a server to a specified host
|
||||||
|
# POST /servers/{server_id}/action (migrate)
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"os_compute_api:os-migrate-server:migrate:host": "rule:context_is_admin"
|
||||||
|
|
||||||
# Live migrate a server to a new host without a reboot
|
# Live migrate a server to a new host without a reboot
|
||||||
# POST /servers/{server_id}/action (os-migrateLive)
|
# POST /servers/{server_id}/action (os-migrateLive)
|
||||||
# Intended scope(s): project
|
# Intended scope(s): project
|
||||||
|
Loading…
Reference in New Issue
Block a user