- check_str: is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s description: 'DEPRECATED: This rule will be removed in the Yoga release. Default rule for most non-Admin APIs.' name: admin_or_owner operations: [] scope_types: null - check_str: (role:admin and system_scope:all) or (role:admin and domain_id:%(domain_id)s) or (role:admin and project_id:%(project_id)s) description: 'DEPRECATED: This rule will be removed in the Yoga release. Default rule for admins of cloud, domain or a project.' name: system_or_domain_or_project_admin operations: [] scope_types: null - check_str: role:admin description: Decides what is required for the 'is_admin:True' check to succeed. name: context_is_admin operations: [] scope_types: null - check_str: is_admin:True or (role:admin and is_admin_project:True) description: Default rule for most Admin APIs. name: admin_api operations: [] scope_types: null - check_str: (role:admin) or (role:reader and project_id:%(project_id)s) description: 'NOTE: this purely role-based rule recognizes only project scope' name: xena_system_admin_or_project_reader operations: [] scope_types: null - check_str: (role:admin) or (role:member and project_id:%(project_id)s) description: 'NOTE: this purely role-based rule recognizes only project scope' name: xena_system_admin_or_project_member operations: [] scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: '' name: volume:attachment_create deprecated_since: null description: Create attachment. name: volume:attachment_create operations: - method: POST path: /attachments scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:attachment_update deprecated_since: null description: Update attachment. name: volume:attachment_update operations: - method: PUT path: /attachments/{attachment_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:attachment_delete deprecated_since: null description: Delete attachment. name: volume:attachment_delete operations: - method: DELETE path: /attachments/{attachment_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:attachment_complete deprecated_since: null description: Mark a volume attachment process as completed (in-use) name: volume:attachment_complete operations: - method: POST path: /attachments/{attachment_id}/action (os-complete) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:multiattach_bootable_volume deprecated_since: null description: Allow multiattach of bootable volumes. name: volume:multiattach_bootable_volume operations: - method: POST path: /attachments scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: message:get_all deprecated_since: null description: List messages. name: message:get_all operations: - method: GET path: /messages scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: message:get deprecated_since: null description: Show message. name: message:get operations: - method: GET path: /messages/{message_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: message:delete deprecated_since: null description: Delete message. name: message:delete operations: - method: DELETE path: /messages/{message_id} scope_types: null - check_str: rule:admin_api description: List clusters. name: clusters:get_all operations: - method: GET path: /clusters - method: GET path: /clusters/detail scope_types: null - check_str: rule:admin_api description: Show cluster. name: clusters:get operations: - method: GET path: /clusters/{cluster_id} scope_types: null - check_str: rule:admin_api description: Update cluster. name: clusters:update operations: - method: PUT path: /clusters/{cluster_id} scope_types: null - check_str: rule:admin_api description: Clean up workers. name: workers:cleanup operations: - method: POST path: /workers/cleanup scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:get_snapshot_metadata deprecated_since: null description: Show snapshot's metadata or one specified metadata with a given key. name: volume:get_snapshot_metadata operations: - method: GET path: /snapshots/{snapshot_id}/metadata - method: GET path: /snapshots/{snapshot_id}/metadata/{key} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:update_snapshot_metadata deprecated_since: null description: Update snapshot's metadata or one specified metadata with a given key. name: volume:update_snapshot_metadata operations: - method: POST path: /snapshots/{snapshot_id}/metadata - method: PUT path: /snapshots/{snapshot_id}/metadata/{key} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:delete_snapshot_metadata deprecated_since: null description: Delete snapshot's specified metadata with a given key. name: volume:delete_snapshot_metadata operations: - method: DELETE path: /snapshots/{snapshot_id}/metadata/{key} scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:get_all_snapshots deprecated_since: null description: List snapshots. name: volume:get_all_snapshots operations: - method: GET path: /snapshots - method: GET path: /snapshots/detail scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:extended_snapshot_attributes deprecated_since: null description: List or show snapshots with extended attributes. name: volume_extension:extended_snapshot_attributes operations: - method: GET path: /snapshots/{snapshot_id} - method: GET path: /snapshots/detail scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:create_snapshot deprecated_since: null description: Create snapshot. name: volume:create_snapshot operations: - method: POST path: /snapshots scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:get_snapshot deprecated_since: null description: Show snapshot. name: volume:get_snapshot operations: - method: GET path: /snapshots/{snapshot_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:update_snapshot deprecated_since: null description: Update snapshot. name: volume:update_snapshot operations: - method: PUT path: /snapshots/{snapshot_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:delete_snapshot deprecated_since: null description: Delete snapshot. name: volume:delete_snapshot operations: - method: DELETE path: /snapshots/{snapshot_id} scope_types: null - check_str: rule:admin_api description: Reset status of a snapshot. name: volume_extension:snapshot_admin_actions:reset_status operations: - method: POST path: /snapshots/{snapshot_id}/action (os-reset_status) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: '' name: snapshot_extension:snapshot_actions:update_snapshot_status deprecated_since: null description: Update database fields of snapshot. name: snapshot_extension:snapshot_actions:update_snapshot_status operations: - method: POST path: /snapshots/{snapshot_id}/action (update_snapshot_status) scope_types: null - check_str: rule:admin_api description: Force delete a snapshot. name: volume_extension:snapshot_admin_actions:force_delete operations: - method: POST path: /snapshots/{snapshot_id}/action (os-force_delete) scope_types: null - check_str: rule:admin_api description: List (in detail) of snapshots which are available to manage. name: snapshot_extension:list_manageable operations: - method: GET path: /manageable_snapshots - method: GET path: /manageable_snapshots/detail scope_types: null - check_str: rule:admin_api description: Manage an existing snapshot. name: snapshot_extension:snapshot_manage operations: - method: POST path: /manageable_snapshots scope_types: null - check_str: rule:admin_api description: Stop managing a snapshot. name: snapshot_extension:snapshot_unmanage operations: - method: POST path: /snapshots/{snapshot_id}/action (os-unmanage) scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: backup:get_all deprecated_since: null description: List backups. name: backup:get_all operations: - method: GET path: /backups - method: GET path: /backups/detail scope_types: null - check_str: rule:admin_api description: List backups or show backup with project attributes. name: backup:backup_project_attribute operations: - method: GET path: /backups/{backup_id} - method: GET path: /backups/detail scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: '' name: backup:create deprecated_since: null description: Create backup. name: backup:create operations: - method: POST path: /backups scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: backup:get deprecated_since: null description: Show backup. name: backup:get operations: - method: GET path: /backups/{backup_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: backup:update deprecated_since: null description: Update backup. name: backup:update operations: - method: PUT path: /backups/{backup_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: backup:delete deprecated_since: null description: Delete backup. name: backup:delete operations: - method: DELETE path: /backups/{backup_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: backup:restore deprecated_since: null description: Restore backup. name: backup:restore operations: - method: POST path: /backups/{backup_id}/restore scope_types: null - check_str: rule:admin_api description: Import backup. name: backup:backup-import operations: - method: POST path: /backups/{backup_id}/import_record scope_types: null - check_str: rule:admin_api description: Export backup. name: backup:export-import operations: - method: POST path: /backups/{backup_id}/export_record scope_types: null - check_str: rule:admin_api description: Reset status of a backup. name: volume_extension:backup_admin_actions:reset_status operations: - method: POST path: /backups/{backup_id}/action (os-reset_status) scope_types: null - check_str: rule:admin_api description: Force delete a backup. name: volume_extension:backup_admin_actions:force_delete operations: - method: POST path: /backups/{backup_id}/action (os-force_delete) scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:get_all deprecated_since: null description: List groups. name: group:get_all operations: - method: GET path: /groups - method: GET path: /groups/detail scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: '' name: group:create deprecated_since: null description: Create group. name: group:create operations: - method: POST path: /groups scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:get deprecated_since: null description: Show group. name: group:get operations: - method: GET path: /groups/{group_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:update deprecated_since: null description: Update group. name: group:update operations: - method: PUT path: /groups/{group_id} scope_types: null - check_str: rule:admin_api description: List groups or show group with project attributes. name: group:group_project_attribute operations: - method: GET path: /groups/{group_id} - method: GET path: /groups/detail scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: group:group_types_manage deprecated_since: null description: Create a group type. name: group:group_types:create operations: - method: POST path: /group_types/ scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: group:group_types_manage deprecated_since: null description: Update a group type. name: group:group_types:update operations: - method: PUT path: /group_types/{group_type_id} scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: group:group_types_manage deprecated_since: null description: Delete a group type. name: group:group_types:delete operations: - method: DELETE path: /group_types/{group_type_id} scope_types: null - check_str: rule:admin_api description: Show group type with type specs attributes. name: group:access_group_types_specs operations: - method: GET path: /group_types/{group_type_id} scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: group:group_types_specs deprecated_since: null description: Show a group type spec. name: group:group_types_specs:get operations: - method: GET path: /group_types/{group_type_id}/group_specs/{g_spec_id} scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: group:group_types_specs deprecated_since: null description: List group type specs. name: group:group_types_specs:get_all operations: - method: GET path: /group_types/{group_type_id}/group_specs scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: group:group_types_specs deprecated_since: null description: Create a group type spec. name: group:group_types_specs:create operations: - method: POST path: /group_types/{group_type_id}/group_specs scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: group:group_types_specs deprecated_since: null description: Update a group type spec. name: group:group_types_specs:update operations: - method: PUT path: /group_types/{group_type_id}/group_specs/{g_spec_id} scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: group:group_types_specs deprecated_since: null description: Delete a group type spec. name: group:group_types_specs:delete operations: - method: DELETE path: /group_types/{group_type_id}/group_specs/{g_spec_id} scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:get_all_group_snapshots deprecated_since: null description: List group snapshots. name: group:get_all_group_snapshots operations: - method: GET path: /group_snapshots - method: GET path: /group_snapshots/detail scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: '' name: group:create_group_snapshot deprecated_since: null description: Create group snapshot. name: group:create_group_snapshot operations: - method: POST path: /group_snapshots scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:get_group_snapshot deprecated_since: null description: Show group snapshot. name: group:get_group_snapshot operations: - method: GET path: /group_snapshots/{group_snapshot_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:delete_group_snapshot deprecated_since: null description: Delete group snapshot. name: group:delete_group_snapshot operations: - method: DELETE path: /group_snapshots/{group_snapshot_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:update_group_snapshot deprecated_since: null description: Update group snapshot. name: group:update_group_snapshot operations: - method: PUT path: /group_snapshots/{group_snapshot_id} scope_types: null - check_str: rule:admin_api description: List group snapshots or show group snapshot with project attributes. name: group:group_snapshot_project_attribute operations: - method: GET path: /group_snapshots/{group_snapshot_id} - method: GET path: /group_snapshots/detail scope_types: null - check_str: rule:admin_api description: Reset status of group snapshot. name: group:reset_group_snapshot_status operations: - method: POST path: /group_snapshots/{g_snapshot_id}/action (reset_status) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:delete deprecated_since: null description: Delete group. name: group:delete operations: - method: POST path: /groups/{group_id}/action (delete) scope_types: null - check_str: rule:admin_api description: Reset status of group. name: group:reset_status operations: - method: POST path: /groups/{group_id}/action (reset_status) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:enable_replication deprecated_since: null description: Enable replication. name: group:enable_replication operations: - method: POST path: /groups/{group_id}/action (enable_replication) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:disable_replication deprecated_since: null description: Disable replication. name: group:disable_replication operations: - method: POST path: /groups/{group_id}/action (disable_replication) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:failover_replication deprecated_since: null description: Fail over replication. name: group:failover_replication operations: - method: POST path: /groups/{group_id}/action (failover_replication) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: group:list_replication_targets deprecated_since: null description: List failover replication. name: group:list_replication_targets operations: - method: POST path: /groups/{group_id}/action (list_replication_targets) scope_types: null - check_str: rule:admin_api description: List qos specs or list all associations. name: volume_extension:qos_specs_manage:get_all operations: - method: GET path: /qos-specs - method: GET path: /qos-specs/{qos_id}/associations scope_types: null - check_str: rule:admin_api description: Show qos specs. name: volume_extension:qos_specs_manage:get operations: - method: GET path: /qos-specs/{qos_id} scope_types: null - check_str: rule:admin_api description: Create qos specs. name: volume_extension:qos_specs_manage:create operations: - method: POST path: /qos-specs scope_types: null - check_str: rule:admin_api description: Update qos specs (including updating association). name: volume_extension:qos_specs_manage:update operations: - method: PUT path: /qos-specs/{qos_id} - method: GET path: /qos-specs/{qos_id}/disassociate_all - method: GET path: /qos-specs/{qos_id}/associate - method: GET path: /qos-specs/{qos_id}/disassociate scope_types: null - check_str: rule:admin_api description: delete qos specs or unset one specified qos key. name: volume_extension:qos_specs_manage:delete operations: - method: DELETE path: /qos-specs/{qos_id} - method: PUT path: /qos-specs/{qos_id}/delete_keys scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: volume_extension:quota_classes deprecated_since: null description: Show project quota class. name: volume_extension:quota_classes:get operations: - method: GET path: /os-quota-class-sets/{project_id} scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: volume_extension:quota_classes deprecated_since: null description: Update project quota class. name: volume_extension:quota_classes:update operations: - method: PUT path: /os-quota-class-sets/{project_id} scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:quotas:show deprecated_since: null description: Show project quota (including usage and default). name: volume_extension:quotas:show operations: - method: GET path: /os-quota-sets/{project_id} - method: GET path: /os-quota-sets/{project_id}/default - method: GET path: /os-quota-sets/{project_id}?usage=True scope_types: null - check_str: rule:admin_api description: Update project quota. name: volume_extension:quotas:update operations: - method: PUT path: /os-quota-sets/{project_id} scope_types: null - check_str: rule:admin_api description: Delete project quota. name: volume_extension:quotas:delete operations: - method: DELETE path: /os-quota-sets/{project_id} scope_types: null - check_str: rule:admin_api description: Show backend capabilities. name: volume_extension:capabilities operations: - method: GET path: /capabilities/{host_name} scope_types: null - check_str: rule:admin_api description: List all services. name: volume_extension:services:index operations: - method: GET path: /os-services scope_types: null - check_str: rule:admin_api description: Update service, including failover_host, thaw, freeze, disable, enable, set-log and get-log actions. name: volume_extension:services:update operations: - method: PUT path: /os-services/{action} scope_types: null - check_str: rule:admin_api description: Freeze a backend host. name: volume:freeze_host operations: - method: PUT path: /os-services/freeze scope_types: null - check_str: rule:admin_api description: Thaw a backend host. name: volume:thaw_host operations: - method: PUT path: /os-services/thaw scope_types: null - check_str: rule:admin_api description: Failover a backend host. name: volume:failover_host operations: - method: PUT path: /os-services/failover_host scope_types: null - check_str: rule:admin_api description: List all backend pools. name: scheduler_extension:scheduler_stats:get_pools operations: - method: GET path: /scheduler-stats/get_pools scope_types: null - check_str: rule:admin_api description: List, update or show hosts for a project. name: volume_extension:hosts operations: - method: GET path: /os-hosts - method: PUT path: /os-hosts/{host_name} - method: GET path: /os-hosts/{host_id} scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: limits_extension:used_limits deprecated_since: null description: Show limits with used limit attributes. name: limits_extension:used_limits operations: - method: GET path: /limits scope_types: null - check_str: rule:admin_api description: List (in detail) of volumes which are available to manage. name: volume_extension:list_manageable operations: - method: GET path: /manageable_volumes - method: GET path: /manageable_volumes/detail scope_types: null - check_str: rule:admin_api description: Manage existing volumes. name: volume_extension:volume_manage operations: - method: POST path: /manageable_volumes scope_types: null - check_str: rule:admin_api description: Stop managing a volume. name: volume_extension:volume_unmanage operations: - method: POST path: /volumes/{volume_id}/action (os-unmanage) scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: volume_extension:types_manage deprecated_since: null description: Create volume type. name: volume_extension:type_create operations: - method: POST path: /types scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: volume_extension:types_manage deprecated_since: null description: Update volume type. name: volume_extension:type_update operations: - method: PUT path: /types scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: volume_extension:types_manage deprecated_since: null description: Delete volume type. name: volume_extension:type_delete operations: - method: DELETE path: /types scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: '' name: volume_extension:type_get deprecated_since: null description: Get one specific volume type. name: volume_extension:type_get operations: - method: GET path: /types/{type_id} scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: '' name: volume_extension:type_get_all deprecated_since: null description: List volume types. name: volume_extension:type_get_all operations: - method: GET path: /types/ scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_api name: volume_extension:access_types_extra_specs deprecated_since: null description: Include the volume type's extra_specs attribute in the volume type list or show requests. The ability to make these calls is governed by other policies. name: volume_extension:access_types_extra_specs operations: - method: GET path: /types/{type_id} - method: GET path: /types scope_types: null - check_str: rule:admin_api description: Include the volume type's QoS specifications ID attribute in the volume type list or show requests. The ability to make these calls is governed by other policies. name: volume_extension:access_types_qos_specs_id operations: - method: GET path: /types/{type_id} - method: GET path: /types scope_types: null - check_str: rule:admin_api description: 'DEPRECATED: This rule will be removed in the Yoga release.' name: volume_extension:volume_type_encryption operations: [] scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:volume_extension:volume_type_encryption name: volume_extension:volume_type_encryption:create deprecated_since: null description: Create volume type encryption. name: volume_extension:volume_type_encryption:create operations: - method: POST path: /types/{type_id}/encryption scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:volume_extension:volume_type_encryption name: volume_extension:volume_type_encryption:get deprecated_since: null description: Show a volume type's encryption type, show an encryption specs item. name: volume_extension:volume_type_encryption:get operations: - method: GET path: /types/{type_id}/encryption - method: GET path: /types/{type_id}/encryption/{key} scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:volume_extension:volume_type_encryption name: volume_extension:volume_type_encryption:update deprecated_since: null description: Update volume type encryption. name: volume_extension:volume_type_encryption:update operations: - method: PUT path: /types/{type_id}/encryption/{encryption_id} scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:volume_extension:volume_type_encryption name: volume_extension:volume_type_encryption:delete deprecated_since: null description: Delete volume type encryption. name: volume_extension:volume_type_encryption:delete operations: - method: DELETE path: /types/{type_id}/encryption/{encryption_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_type_access deprecated_since: null description: Adds the boolean field 'os-volume-type-access:is_public' to the responses for these API calls. The ability to make these calls is governed by other policies. name: volume_extension:volume_type_access operations: - method: GET path: /types - method: GET path: /types/{type_id} - method: POST path: /types scope_types: null - check_str: rule:admin_api description: Add volume type access for project. name: volume_extension:volume_type_access:addProjectAccess operations: - method: POST path: /types/{type_id}/action (addProjectAccess) scope_types: null - check_str: rule:admin_api description: Remove volume type access for project. name: volume_extension:volume_type_access:removeProjectAccess operations: - method: POST path: /types/{type_id}/action (removeProjectAccess) scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: volume_extension:volume_type_access name: volume_extension:volume_type_access:get_all_for_type deprecated_since: null description: List private volume type access detail, that is, list the projects that have access to this volume type. name: volume_extension:volume_type_access:get_all_for_type operations: - method: GET path: /types/{type_id}/os-volume-type-access scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:extend deprecated_since: null description: Extend a volume. name: volume:extend operations: - method: POST path: /volumes/{volume_id}/action (os-extend) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:extend_attached_volume deprecated_since: null description: Extend a attached volume. name: volume:extend_attached_volume operations: - method: POST path: /volumes/{volume_id}/action (os-extend) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:revert_to_snapshot deprecated_since: null description: Revert a volume to a snapshot. name: volume:revert_to_snapshot operations: - method: POST path: /volumes/{volume_id}/action (revert) scope_types: null - check_str: rule:admin_api description: Reset status of a volume. name: volume_extension:volume_admin_actions:reset_status operations: - method: POST path: /volumes/{volume_id}/action (os-reset_status) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:retype deprecated_since: null description: Retype a volume. name: volume:retype operations: - method: POST path: /volumes/{volume_id}/action (os-retype) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:update_readonly_flag deprecated_since: null description: Update a volume's readonly flag. name: volume:update_readonly_flag operations: - method: POST path: /volumes/{volume_id}/action (os-update_readonly_flag) scope_types: null - check_str: rule:admin_api description: Force delete a volume. name: volume_extension:volume_admin_actions:force_delete operations: - method: POST path: /volumes/{volume_id}/action (os-force_delete) scope_types: null - check_str: rule:admin_api description: Upload a volume to image with public visibility. name: volume_extension:volume_actions:upload_public operations: - method: POST path: /volumes/{volume_id}/action (os-volume_upload_image) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_actions:upload_image deprecated_since: null description: Upload a volume to image. name: volume_extension:volume_actions:upload_image operations: - method: POST path: /volumes/{volume_id}/action (os-volume_upload_image) scope_types: null - check_str: rule:admin_api description: Force detach a volume. name: volume_extension:volume_admin_actions:force_detach operations: - method: POST path: /volumes/{volume_id}/action (os-force_detach) scope_types: null - check_str: rule:admin_api description: migrate a volume to a specified host. name: volume_extension:volume_admin_actions:migrate_volume operations: - method: POST path: /volumes/{volume_id}/action (os-migrate_volume) scope_types: null - check_str: rule:admin_api description: Complete a volume migration. name: volume_extension:volume_admin_actions:migrate_volume_completion operations: - method: POST path: /volumes/{volume_id}/action (os-migrate_volume_completion) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_actions:initialize_connection deprecated_since: null description: Initialize volume attachment. name: volume_extension:volume_actions:initialize_connection operations: - method: POST path: /volumes/{volume_id}/action (os-initialize_connection) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_actions:terminate_connection deprecated_since: null description: Terminate volume attachment. name: volume_extension:volume_actions:terminate_connection operations: - method: POST path: /volumes/{volume_id}/action (os-terminate_connection) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_actions:roll_detaching deprecated_since: null description: Roll back volume status to 'in-use'. name: volume_extension:volume_actions:roll_detaching operations: - method: POST path: /volumes/{volume_id}/action (os-roll_detaching) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_actions:reserve deprecated_since: null description: Mark volume as reserved. name: volume_extension:volume_actions:reserve operations: - method: POST path: /volumes/{volume_id}/action (os-reserve) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_actions:unreserve deprecated_since: null description: Unmark volume as reserved. name: volume_extension:volume_actions:unreserve operations: - method: POST path: /volumes/{volume_id}/action (os-unreserve) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_actions:begin_detaching deprecated_since: null description: Begin detach volumes. name: volume_extension:volume_actions:begin_detaching operations: - method: POST path: /volumes/{volume_id}/action (os-begin_detaching) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_actions:attach deprecated_since: null description: Add attachment metadata. name: volume_extension:volume_actions:attach operations: - method: POST path: /volumes/{volume_id}/action (os-attach) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_actions:detach deprecated_since: null description: Clear attachment metadata. name: volume_extension:volume_actions:detach operations: - method: POST path: /volumes/{volume_id}/action (os-detach) scope_types: null - check_str: rule:xena_system_admin_or_project_member description: Reimage a volume in 'available' or 'error' status. name: volume:reimage operations: - method: POST path: /volumes/{volume_id}/action (os-reimage) scope_types: null - check_str: rule:xena_system_admin_or_project_member description: Reimage a volume in 'reserved' status. name: volume:reimage_reserved operations: - method: POST path: /volumes/{volume_id}/action (os-reimage) scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:get_all_transfers deprecated_since: null description: List volume transfer. name: volume:get_all_transfers operations: - method: GET path: /os-volume-transfer - method: GET path: /os-volume-transfer/detail - method: GET path: /volume_transfers - method: GET path: /volume-transfers/detail scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:create_transfer deprecated_since: null description: Create a volume transfer. name: volume:create_transfer operations: - method: POST path: /os-volume-transfer - method: POST path: /volume_transfers scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:get_transfer deprecated_since: null description: Show one specified volume transfer. name: volume:get_transfer operations: - method: GET path: /os-volume-transfer/{transfer_id} - method: GET path: /volume-transfers/{transfer_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: '' name: volume:accept_transfer deprecated_since: null description: Accept a volume transfer. name: volume:accept_transfer operations: - method: POST path: /os-volume-transfer/{transfer_id}/accept - method: POST path: /volume-transfers/{transfer_id}/accept scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:delete_transfer deprecated_since: null description: Delete volume transfer. name: volume:delete_transfer operations: - method: DELETE path: /os-volume-transfer/{transfer_id} - method: DELETE path: /volume-transfers/{transfer_id} scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:get_volume_metadata deprecated_since: null description: Show volume's metadata or one specified metadata with a given key. name: volume:get_volume_metadata operations: - method: GET path: /volumes/{volume_id}/metadata - method: GET path: /volumes/{volume_id}/metadata/{key} - method: POST path: /volumes/{volume_id}/action (os-show_image_metadata) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:create_volume_metadata deprecated_since: null description: Create volume metadata. name: volume:create_volume_metadata operations: - method: POST path: /volumes/{volume_id}/metadata scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:update_volume_metadata deprecated_since: null description: Replace a volume's metadata dictionary or update a single metadatum with a given key. name: volume:update_volume_metadata operations: - method: PUT path: /volumes/{volume_id}/metadata - method: PUT path: /volumes/{volume_id}/metadata/{key} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:delete_volume_metadata deprecated_since: null description: Delete a volume's metadatum with the given key. name: volume:delete_volume_metadata operations: - method: DELETE path: /volumes/{volume_id}/metadata/{key} scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_image_metadata deprecated_since: null description: Include a volume's image metadata in volume detail responses. The ability to make these calls is governed by other policies. name: volume_extension:volume_image_metadata:show operations: - method: GET path: /volumes/detail - method: GET path: /volumes/{volume_id} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_image_metadata deprecated_since: null description: Set image metadata for a volume name: volume_extension:volume_image_metadata:set operations: - method: POST path: /volumes/{volume_id}/action (os-set_image_metadata) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_image_metadata deprecated_since: null description: Remove specific image metadata from a volume name: volume_extension:volume_image_metadata:remove operations: - method: POST path: /volumes/{volume_id}/action (os-unset_image_metadata) scope_types: null - check_str: rule:admin_api description: Update volume admin metadata. This permission is required to complete these API calls, though the ability to make these calls is governed by other policies. name: volume:update_volume_admin_metadata operations: - method: POST path: /volumes/{volume_id}/action (os-update_readonly_flag) - method: POST path: /volumes/{volume_id}/action (os-attach) scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: '' name: volume_extension:types_extra_specs:index deprecated_since: null description: List type extra specs. name: volume_extension:types_extra_specs:index operations: - method: GET path: /types/{type_id}/extra_specs scope_types: null - check_str: rule:admin_api description: Create type extra specs. name: volume_extension:types_extra_specs:create operations: - method: POST path: /types/{type_id}/extra_specs scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: '' name: volume_extension:types_extra_specs:show deprecated_since: null description: Show one specified type extra specs. name: volume_extension:types_extra_specs:show operations: - method: GET path: /types/{type_id}/extra_specs/{extra_spec_key} scope_types: null - check_str: rule:admin_api description: Include extra_specs fields that may reveal sensitive information about the deployment that should not be exposed to end users in various volume-type responses that show extra_specs. The ability to make these calls is governed by other policies. name: volume_extension:types_extra_specs:read_sensitive operations: - method: GET path: /types - method: GET path: /types/{type_id} - method: GET path: /types/{type_id}/extra_specs - method: GET path: /types/{type_id}/extra_specs/{extra_spec_key} scope_types: null - check_str: rule:admin_api description: Update type extra specs. name: volume_extension:types_extra_specs:update operations: - method: PUT path: /types/{type_id}/extra_specs/{extra_spec_key} scope_types: null - check_str: rule:admin_api description: Delete type extra specs. name: volume_extension:types_extra_specs:delete operations: - method: DELETE path: /types/{type_id}/extra_specs/{extra_spec_key} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: '' name: volume:create deprecated_since: null description: Create volume. name: volume:create operations: - method: POST path: /volumes scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: '' name: volume:create_from_image deprecated_since: null description: Create volume from image. name: volume:create_from_image operations: - method: POST path: /volumes scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:get deprecated_since: null description: Show volume. name: volume:get operations: - method: GET path: /volumes/{volume_id} scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:get_all deprecated_since: null description: List volumes or get summary of volumes. name: volume:get_all operations: - method: GET path: /volumes - method: GET path: /volumes/detail - method: GET path: /volumes/summary scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:update deprecated_since: null description: Update volume or update a volume's bootable status. name: volume:update operations: - method: PUT path: /volumes - method: POST path: /volumes/{volume_id}/action (os-set_bootable) scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:delete deprecated_since: null description: Delete volume. name: volume:delete operations: - method: DELETE path: /volumes/{volume_id} scope_types: null - check_str: rule:admin_api description: Force Delete a volume. name: volume:force_delete operations: - method: DELETE path: /volumes/{volume_id} scope_types: null - check_str: rule:admin_api description: List or show volume with host attribute. name: volume_extension:volume_host_attribute operations: - method: GET path: /volumes/{volume_id} - method: GET path: /volumes/detail scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_tenant_attribute deprecated_since: null description: List or show volume with tenant attribute. name: volume_extension:volume_tenant_attribute operations: - method: GET path: /volumes/{volume_id} - method: GET path: /volumes/detail scope_types: null - check_str: rule:admin_api description: List or show volume with migration status attribute. name: volume_extension:volume_mig_status_attribute operations: - method: GET path: /volumes/{volume_id} - method: GET path: /volumes/detail scope_types: null - check_str: rule:xena_system_admin_or_project_reader deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume_extension:volume_encryption_metadata deprecated_since: null description: Show volume's encryption metadata. name: volume_extension:volume_encryption_metadata operations: - method: GET path: /volumes/{volume_id}/encryption - method: GET path: /volumes/{volume_id}/encryption/{encryption_key} scope_types: null - check_str: rule:xena_system_admin_or_project_member deprecated_reason: null deprecated_rule: check_str: rule:admin_or_owner name: volume:multiattach deprecated_since: null description: Create multiattach capable volume. name: volume:multiattach operations: - method: POST path: /volumes scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:system_or_domain_or_project_admin name: volume_extension:default_set_or_update deprecated_since: null description: Set or update default volume type. name: volume_extension:default_set_or_update operations: - method: PUT path: /default-types scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:system_or_domain_or_project_admin name: volume_extension:default_get deprecated_since: null description: Get default types. name: volume_extension:default_get operations: - method: GET path: /default-types/{project-id} scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: role:admin and system_scope:all name: volume_extension:default_get_all deprecated_since: null description: 'Get all default types. WARNING: Changing this might open up too much information regarding cloud deployment.' name: volume_extension:default_get_all operations: - method: GET path: /default-types/ scope_types: null - check_str: rule:admin_api deprecated_reason: null deprecated_rule: check_str: rule:system_or_domain_or_project_admin name: volume_extension:default_unset deprecated_since: null description: Unset default type. name: volume_extension:default_unset operations: - method: DELETE path: /default-types/{project-id} scope_types: null