diff --git a/devstack/plugin.sh b/devstack/plugin.sh index ff6a91de..f0db4c1b 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -28,6 +28,8 @@ if is_service_enabled horizon && is_service_enabled manila && is_service_enabled echo_summary "Configuring Manila UI" cp -a ${MANILA_UI_DIR}/manila_ui/local/enabled/* ${DEST}/horizon/openstack_dashboard/local/enabled/ cp -a ${MANILA_UI_DIR}/manila_ui/local/local_settings.d/* ${DEST}/horizon/openstack_dashboard/local/local_settings.d/ + cp -a ${MANILA_UI_DIR}/manila_ui/conf/manila_policy.yaml ${DEST}/horizon/openstack_dashboard/conf/ + cp -a ${MANILA_UI_DIR}/manila_ui/conf/default_policies/manila.yaml ${DEST}/horizon/openstack_dashboard/conf/default_policies/ elif [[ "$1" == "stack" && "$2" == "extra" ]]; then # no-op : diff --git a/manila_ui/conf/default_policies/manila.yaml b/manila_ui/conf/default_policies/manila.yaml new file mode 100644 index 00000000..157009bd --- /dev/null +++ b/manila_ui/conf/default_policies/manila.yaml @@ -0,0 +1,2360 @@ +- check_str: role:admin and system_scope:all + description: null + name: system-admin + operations: [] + scope_types: + - system +- check_str: role:member and system_scope:all + description: null + name: system-member + operations: [] + scope_types: + - system +- check_str: role:reader and system_scope:all + description: null + name: system-reader + operations: [] + scope_types: + - system +- check_str: role:admin and project_id:%(project_id)s + description: null + name: project-admin + operations: [] + scope_types: + - project +- check_str: role:member and project_id:%(project_id)s + description: null + name: project-member + operations: [] + scope_types: + - project +- check_str: role:reader and project_id:%(project_id)s + description: null + name: project-reader + operations: [] + scope_types: + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: role:admin + name: context_is_admin + deprecated_since: null + description: null + name: context_is_admin + operations: [] + scope_types: + - system +- check_str: is_admin:True or project_id:%(project_id)s + description: null + name: admin_or_owner + operations: [] + scope_types: null +- check_str: rule:admin_or_owner + description: null + name: default + operations: [] + scope_types: null +- check_str: is_admin:True + description: null + name: admin_api + operations: [] + scope_types: null +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: availability_zone:index + deprecated_since: null + description: Get all storage availability zones. + name: availability_zone:index + operations: + - method: GET + path: /os-availability-zone + - method: GET + path: /availability-zone + scope_types: + - system + - project +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: scheduler_stats:pools:index + deprecated_since: null + description: Get information regarding backends (and storage pools) known to the + scheduler. + name: scheduler_stats:pools:index + operations: + - method: GET + path: /scheduler-stats/pools + - method: GET + path: /scheduler-stats/pools?{query} + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: scheduler_stats:pools:detail + deprecated_since: null + description: Get detailed information regarding backends (and storage pools) known + to the scheduler. + name: scheduler_stats:pools:detail + operations: + - method: GET + path: /scheduler-stats/pools/detail?{query} + - method: GET + path: /scheduler-stats/pools/detail + scope_types: + - system +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: '' + name: share:create + deprecated_since: null + description: Create share. + name: share:create + operations: + - method: POST + path: /shares + scope_types: + - system + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:create_public_share + deprecated_since: null + description: Create shares visible across all projects in the cloud. + name: share:create_public_share + operations: + - method: POST + path: /shares + scope_types: + - system +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:get + deprecated_since: null + description: Get share. + name: share:get + operations: + - method: GET + path: /shares/{share_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:get_all + deprecated_since: null + description: List shares. + name: share:get_all + operations: + - method: GET + path: /shares + - method: GET + path: /shares/detail + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:update + deprecated_since: null + description: Update share. + name: share:update + operations: + - method: PUT + path: /shares + scope_types: + - system + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:set_public_share + deprecated_since: null + description: Update shares to be visible across all projects in the cloud. + name: share:set_public_share + operations: + - method: PUT + path: /shares + scope_types: + - system +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:delete + deprecated_since: null + description: Delete share. + name: share:delete + operations: + - method: DELETE + path: /shares/{share_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:force_delete + deprecated_since: null + description: Force Delete a share. + name: share:force_delete + operations: + - method: DELETE + path: /shares/{share_id} + scope_types: + - system + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:manage + deprecated_since: null + description: Manage share. + name: share:manage + operations: + - method: POST + path: /shares/manage + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:unmanage + deprecated_since: null + description: Unmanage share. + name: share:unmanage + operations: + - method: POST + path: /shares/unmanage + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:list_by_host + deprecated_since: null + description: List share by host. + name: share:list_by_host + operations: + - method: GET + path: /shares + - method: GET + path: /shares/detail + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:list_by_share_server_id + deprecated_since: null + description: List share by server id. + name: share:list_by_share_server_id + operations: + - method: GET + path: /shares + - method: GET + path: /shares/detail + scope_types: + - system +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:access_get + deprecated_since: null + description: Get share access rule, it under deny access operation. + name: share:access_get + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:access_get_all + deprecated_since: null + description: List share access rules. + name: share:access_get_all + operations: + - method: GET + path: /shares/{share_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:extend + deprecated_since: null + description: Extend share. + name: share:extend + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:shrink + deprecated_since: null + description: Shrink share. + name: share:shrink + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:migration_start + deprecated_since: null + description: Migrate a share to the specified host. + name: share:migration_start + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:migration_complete + deprecated_since: null + description: Invokes 2nd phase of share migration. + name: share:migration_complete + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:migration_cancel + deprecated_since: null + description: Attempts to cancel share migration. + name: share:migration_cancel + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:migration_get_progress + deprecated_since: null + description: Retrieve share migration progress for a given share. + name: share:migration_get_progress + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:reset_task_state + deprecated_since: null + description: Reset task state. + name: share:reset_task_state + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share:reset_status + deprecated_since: null + description: Reset status. + name: share:reset_status + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:revert_to_snapshot + deprecated_since: null + description: Revert a share to a snapshot. + name: share:revert_to_snapshot + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:allow_access + deprecated_since: null + description: Add share access rule. + name: share:allow_access + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:deny_access + deprecated_since: null + description: Remove share access rule. + name: share:deny_access + operations: + - method: POST + path: /shares/{share_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:update_share_metadata + deprecated_since: null + description: Update share metadata. + name: share:update_share_metadata + operations: + - method: PUT + path: /shares/{share_id}/metadata + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:delete_share_metadata + deprecated_since: null + description: Delete share metadata. + name: share:delete_share_metadata + operations: + - method: DELETE + path: /shares/{share_id}/metadata/{key} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:get_share_metadata + deprecated_since: null + description: Get share metadata. + name: share:get_share_metadata + operations: + - method: GET + path: /shares/{share_id}/metadata + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:create_snapshot + deprecated_since: null + description: Create share snapshot. + name: share:create_snapshot + operations: + - method: POST + path: /snapshots + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:delete_snapshot + deprecated_since: null + description: Delete share snapshot. + name: share:delete_snapshot + operations: + - method: DELETE + path: /snapshots/{snapshot_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share:snapshot_update + deprecated_since: null + description: Update share snapshot. + name: share:snapshot_update + operations: + - method: PUT + path: /snapshots/{snapshot_id}/action + scope_types: + - system + - project +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_instance_export_location:index + deprecated_since: null + description: Return data about the requested export location. + name: share_instance_export_location:index + operations: + - method: POST + path: /share_instances/{share_instance_id}/export_locations + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_instance_export_location:show + deprecated_since: null + description: Return data about the requested export location. + name: share_instance_export_location:show + operations: + - method: GET + path: /share_instances/{share_instance_id}/export_locations/{export_location_id} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_type:create + deprecated_since: null + description: Create share type. + name: share_type:create + operations: + - method: POST + path: /types + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_type:update + deprecated_since: null + description: Update share type. + name: share_type:update + operations: + - method: PUT + path: /types/{share_type_id} + scope_types: + - system +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_type:show + deprecated_since: null + description: Get share type. + name: share_type:show + operations: + - method: GET + path: /types/{share_type_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_type:index + deprecated_since: null + description: List share types. + name: share_type:index + operations: + - method: GET + path: /types + - method: GET + path: /types?is_public=all + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_type:default + deprecated_since: null + description: Get default share type. + name: share_type:default + operations: + - method: GET + path: /types/default + scope_types: + - system + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_type:delete + deprecated_since: null + description: Delete share type. + name: share_type:delete + operations: + - method: DELETE + path: /types/{share_type_id} + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_type:list_project_access + deprecated_since: null + description: List share type project access. + name: share_type:list_project_access + operations: + - method: GET + path: /types/{share_type_id} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_type:add_project_access + deprecated_since: null + description: Add share type to project. + name: share_type:add_project_access + operations: + - method: POST + path: /types/{share_type_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_type:remove_project_access + deprecated_since: null + description: Remove share type from project. + name: share_type:remove_project_access + operations: + - method: POST + path: /types/{share_type_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_types_extra_spec:create + deprecated_since: null + description: Create share type extra spec. + name: share_types_extra_spec:create + operations: + - method: POST + path: /types/{share_type_id}/extra_specs + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_types_extra_spec:show + deprecated_since: null + description: Get share type extra specs of a given share type. + name: share_types_extra_spec:show + operations: + - method: GET + path: /types/{share_type_id}/extra_specs + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_types_extra_spec:index + deprecated_since: null + description: Get details of a share type extra spec. + name: share_types_extra_spec:index + operations: + - method: GET + path: /types/{share_type_id}/extra_specs/{extra_spec_id} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_types_extra_spec:update + deprecated_since: null + description: Update share type extra spec. + name: share_types_extra_spec:update + operations: + - method: PUT + path: /types/{share_type_id}/extra_specs + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_types_extra_spec:delete + deprecated_since: null + description: Delete share type extra spec. + name: share_types_extra_spec:delete + operations: + - method: DELETE + path: /types/{share_type_id}/extra_specs/{key} + scope_types: + - system +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_snapshot:get_snapshot + deprecated_since: null + description: Get share snapshot. + name: share_snapshot:get_snapshot + operations: + - method: GET + path: /snapshots/{snapshot_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_snapshot:get_all_snapshots + deprecated_since: null + description: Get all share snapshots. + name: share_snapshot:get_all_snapshots + operations: + - method: GET + path: /snapshots + - method: GET + path: /snapshots/detail + - method: GET + path: /snapshots?{query} + - method: GET + path: /snapshots/detail?{query} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot:force_delete + deprecated_since: null + description: Force Delete a share snapshot. + name: share_snapshot:force_delete + operations: + - method: DELETE + path: /snapshots/{snapshot_id} + scope_types: + - system + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot:manage_snapshot + deprecated_since: null + description: Manage share snapshot. + name: share_snapshot:manage_snapshot + operations: + - method: POST + path: /snapshots/manage + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot:unmanage_snapshot + deprecated_since: null + description: Unmanage share snapshot. + name: share_snapshot:unmanage_snapshot + operations: + - method: POST + path: /snapshots/{snapshot_id}/action + scope_types: + - system +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot:reset_status + deprecated_since: null + description: Reset status. + name: share_snapshot:reset_status + operations: + - method: POST + path: /snapshots/{snapshot_id}/action + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_snapshot:access_list + deprecated_since: null + description: List access rules of a share snapshot. + name: share_snapshot:access_list + operations: + - method: GET + path: /snapshots/{snapshot_id}/access-list + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_snapshot:allow_access + deprecated_since: null + description: Allow access to a share snapshot. + name: share_snapshot:allow_access + operations: + - method: POST + path: /snapshots/{snapshot_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_snapshot:deny_access + deprecated_since: null + description: Deny access to a share snapshot. + name: share_snapshot:deny_access + operations: + - method: POST + path: /snapshots/{snapshot_id}/action + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_snapshot_export_location:index + deprecated_since: null + description: List export locations of a share snapshot. + name: share_snapshot_export_location:index + operations: + - method: GET + path: /snapshots/{snapshot_id}/export-locations/ + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_snapshot_export_location:show + deprecated_since: null + description: Get details of a specified export location of a share snapshot. + name: share_snapshot_export_location:show + operations: + - method: GET + path: /snapshots/{snapshot_id}/export-locations/{export_location_id} + scope_types: + - system + - project +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot_instance:show + deprecated_since: null + description: Get share snapshot instance. + name: share_snapshot_instance:show + operations: + - method: GET + path: /snapshot-instances/{snapshot_instance_id} + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot_instance:index + deprecated_since: null + description: Get all share snapshot instances. + name: share_snapshot_instance:index + operations: + - method: GET + path: /snapshot-instances + - method: GET + path: /snapshot-instances?{query} + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot_instance:detail + deprecated_since: null + description: Get details of share snapshot instances. + name: share_snapshot_instance:detail + operations: + - method: GET + path: /snapshot-instances/detail + - method: GET + path: /snapshot-instances/detail?{query} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot_instance:reset_status + deprecated_since: null + description: Reset share snapshot instance's status. + name: share_snapshot_instance:reset_status + operations: + - method: POST + path: /snapshot-instances/{snapshot_instance_id}/action + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot_instance_export_location:index + deprecated_since: null + description: List export locations of a share snapshot instance. + name: share_snapshot_instance_export_location:index + operations: + - method: GET + path: /snapshot-instances/{snapshot_instance_id}/export-locations + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_snapshot_instance_export_location:show + deprecated_since: null + description: Show details of a specified export location of a share snapshot instance. + name: share_snapshot_instance_export_location:show + operations: + - method: GET + path: /snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id} + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:index + deprecated_since: null + description: Get share servers. + name: share_server:index + operations: + - method: GET + path: /share-servers + - method: GET + path: /share-servers?{query} + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:show + deprecated_since: null + description: Show share server. + name: share_server:show + operations: + - method: GET + path: /share-servers/{server_id} + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:details + deprecated_since: null + description: Get share server details. + name: share_server:details + operations: + - method: GET + path: /share-servers/{server_id}/details + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:delete + deprecated_since: null + description: Delete share server. + name: share_server:delete + operations: + - method: DELETE + path: /share-servers/{server_id} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:manage_share_server + deprecated_since: null + description: Manage share server. + name: share_server:manage_share_server + operations: + - method: POST + path: /share-servers/manage + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:unmanage_share_server + deprecated_since: null + description: Unmanage share server. + name: share_server:unmanage_share_server + operations: + - method: POST + path: /share-servers/{share_server_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:reset_status + deprecated_since: null + description: Reset the status of a share server. + name: share_server:reset_status + operations: + - method: POST + path: /share-servers/{share_server_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:share_server_migration_start + deprecated_since: null + description: Migrates a share server to the specified host. + name: share_server:share_server_migration_start + operations: + - method: POST + path: /share-servers/{share_server_id}/action + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:share_server_migration_check + deprecated_since: null + description: Check if can migrates a share server to the specified host. + name: share_server:share_server_migration_check + operations: + - method: POST + path: /share-servers/{share_server_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:share_server_migration_complete + deprecated_since: null + description: Invokes the 2nd phase of share server migration. + name: share_server:share_server_migration_complete + operations: + - method: POST + path: /share-servers/{share_server_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:share_server_migration_cancel + deprecated_since: null + description: Attempts to cancel share server migration. + name: share_server:share_server_migration_cancel + operations: + - method: POST + path: /share-servers/{share_server_id}/action + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:share_server_migration_get_progress + deprecated_since: null + description: Retrieves the share server migration progress for a given share server. + name: share_server:share_server_migration_get_progress + operations: + - method: POST + path: /share-servers/{share_server_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_server:share_server_reset_task_state + deprecated_since: null + description: Resets task state. + name: share_server:share_server_reset_task_state + operations: + - method: POST + path: /share-servers/{share_server_id}/action + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: service:index + deprecated_since: null + description: Return a list of all running services. + name: service:index + operations: + - method: GET + path: /os-services + - method: GET + path: /os-services?{query} + - method: GET + path: /services + - method: GET + path: /services?{query} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: service:update + deprecated_since: null + description: Enable/Disable scheduling for a service. + name: service:update + operations: + - method: PUT + path: /os-services/disable + - method: PUT + path: /os-services/enable + - method: PUT + path: /services/disable + - method: PUT + path: /services/enable + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: quota_set:update + deprecated_since: null + description: Update the quotas for a project/user and/or share type. + name: quota_set:update + operations: + - method: PUT + path: /quota-sets/{tenant_id} + - method: PUT + path: /quota-sets/{tenant_id}?user_id={user_id} + - method: PUT + path: /quota-sets/{tenant_id}?share_type={share_type_id} + - method: PUT + path: /os-quota-sets/{tenant_id} + - method: PUT + path: /os-quota-sets/{tenant_id}?user_id={user_id} + scope_types: + - system +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: quota_set:show + deprecated_since: null + description: List the quotas for a tenant/user. + name: quota_set:show + operations: + - method: GET + path: /quota-sets/{tenant_id}/defaults + - method: GET + path: /os-quota-sets/{tenant_id}/defaults + scope_types: + - system + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: quota_set:delete + deprecated_since: null + description: Delete quota for a tenant/user or tenant/share-type. The quota will + revert back to default (Admin only). + name: quota_set:delete + operations: + - method: DELETE + path: /quota-sets/{tenant_id} + - method: DELETE + path: /quota-sets/{tenant_id}?user_id={user_id} + - method: DELETE + path: /quota-sets/{tenant_id}?share_type={share_type_id} + - method: DELETE + path: /os-quota-sets/{tenant_id} + - method: DELETE + path: /os-quota-sets/{tenant_id}?user_id={user_id} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: quota_class_set:update + deprecated_since: null + description: Update quota class. + name: quota_class_set:update + operations: + - method: PUT + path: /quota-class-sets/{class_name} + - method: PUT + path: /os-quota-class-sets/{class_name} + scope_types: + - system +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: quota_class_set:show + deprecated_since: null + description: Get quota class. + name: quota_class_set:show + operations: + - method: GET + path: /quota-class-sets/{class_name} + - method: GET + path: /os-quota-class-sets/{class_name} + scope_types: + - system + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_types_spec:create + deprecated_since: null + description: Create share group type specs. + name: share_group_types_spec:create + operations: + - method: POST + path: /share-group-types/{share_group_type_id}/group-specs + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_types_spec:index + deprecated_since: null + description: Get share group type specs. + name: share_group_types_spec:index + operations: + - method: GET + path: /share-group-types/{share_group_type_id}/group-specs + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_types_spec:show + deprecated_since: null + description: Get details of a share group type spec. + name: share_group_types_spec:show + operations: + - method: GET + path: /share-group-types/{share_group_type_id}/group-specs/{key} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_types_spec:update + deprecated_since: null + description: Update a share group type spec. + name: share_group_types_spec:update + operations: + - method: PUT + path: /share-group-types/{share_group_type_id}/group-specs/{key} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_types_spec:delete + deprecated_since: null + description: Delete a share group type spec. + name: share_group_types_spec:delete + operations: + - method: DELETE + path: /share-group-types/{share_group_type_id}/group-specs/{key} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_type:create + deprecated_since: null + description: Create a new share group type. + name: share_group_type:create + operations: + - method: POST + path: /share-group-types + scope_types: + - system +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group_type:index + deprecated_since: null + description: Get the list of share group types. + name: share_group_type:index + operations: + - method: GET + path: /share-group-types + - method: GET + path: /share-group-types?is_public=all + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group_type:show + deprecated_since: null + description: Get details regarding the specified share group type. + name: share_group_type:show + operations: + - method: GET + path: /share-group-types/{share_group_type_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group_type:default + deprecated_since: null + description: Get the default share group type. + name: share_group_type:default + operations: + - method: GET + path: /share-group-types/default + scope_types: + - system + - project +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_type:delete + deprecated_since: null + description: Delete an existing group type. + name: share_group_type:delete + operations: + - method: DELETE + path: /share-group-types/{share_group_type_id} + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_type:list_project_access + deprecated_since: null + description: Get project access by share group type. + name: share_group_type:list_project_access + operations: + - method: GET + path: /share-group-types/{share_group_type_id}/access + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_type:add_project_access + deprecated_since: null + description: Allow project to use the share group type. + name: share_group_type:add_project_access + operations: + - method: POST + path: /share-group-types/{share_group_type_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_type:remove_project_access + deprecated_since: null + description: Deny project access to use the share group type. + name: share_group_type:remove_project_access + operations: + - method: POST + path: /share-group-types/{share_group_type_id}/action + scope_types: + - system +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group_snapshot:create + deprecated_since: null + description: Create a new share group snapshot. + name: share_group_snapshot:create + operations: + - method: POST + path: /share-group-snapshots + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group_snapshot:get + deprecated_since: null + description: Get details of a share group snapshot. + name: share_group_snapshot:get + operations: + - method: GET + path: /share-group-snapshots/{share_group_snapshot_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group_snapshot:get_all + deprecated_since: null + description: Get all share group snapshots. + name: share_group_snapshot:get_all + operations: + - method: GET + path: /share-group-snapshots + - method: GET + path: /share-group-snapshots/detail + - method: GET + path: /share-group-snapshots/{query} + - method: GET + path: /share-group-snapshots/detail?{query} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group_snapshot:update + deprecated_since: null + description: Update a share group snapshot. + name: share_group_snapshot:update + operations: + - method: PUT + path: /share-group-snapshots/{share_group_snapshot_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group_snapshot:delete + deprecated_since: null + description: Delete a share group snapshot. + name: share_group_snapshot:delete + operations: + - method: DELETE + path: /share-group-snapshots/{share_group_snapshot_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_snapshot:force_delete + deprecated_since: null + description: Force delete a share group snapshot. + name: share_group_snapshot:force_delete + operations: + - method: POST + path: /share-group-snapshots/{share_group_snapshot_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group_snapshot:reset_status + deprecated_since: null + description: Reset a share group snapshot's status. + name: share_group_snapshot:reset_status + operations: + - method: POST + path: /share-group-snapshots/{share_group_snapshot_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group:create + deprecated_since: null + description: Create share group. + name: share_group:create + operations: + - method: POST + path: /share-groups + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group:get + deprecated_since: null + description: Get details of a share group. + name: share_group:get + operations: + - method: GET + path: /share-groups/{share_group_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group:get_all + deprecated_since: null + description: Get all share groups. + name: share_group:get_all + operations: + - method: GET + path: /share-groups + - method: GET + path: /share-groups/detail + - method: GET + path: /share-groups?{query} + - method: GET + path: /share-groups/detail?{query} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group:update + deprecated_since: null + description: Update share group. + name: share_group:update + operations: + - method: PUT + path: /share-groups/{share_group_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_group:delete + deprecated_since: null + description: Delete share group. + name: share_group:delete + operations: + - method: DELETE + path: /share-groups/{share_group_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group:force_delete + deprecated_since: null + description: Force delete a share group. + name: share_group:force_delete + operations: + - method: POST + path: /share-groups/{share_group_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_group:reset_status + deprecated_since: null + description: Reset share group's status. + name: share_group:reset_status + operations: + - method: POST + path: /share-groups/{share_group_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_replica:create + deprecated_since: null + description: Create share replica. + name: share_replica:create + operations: + - method: POST + path: /share-replicas + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_replica:get_all + deprecated_since: null + description: Get all share replicas. + name: share_replica:get_all + operations: + - method: GET + path: /share-replicas + - method: GET + path: /share-replicas/detail + - method: GET + path: /share-replicas/detail?share_id={share_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_replica:show + deprecated_since: null + description: Get details of a share replica. + name: share_replica:show + operations: + - method: GET + path: /share-replicas/{share_replica_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_replica:delete + deprecated_since: null + description: Delete a share replica. + name: share_replica:delete + operations: + - method: DELETE + path: /share-replicas/{share_replica_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_replica:force_delete + deprecated_since: null + description: Force delete a share replica. + name: share_replica:force_delete + operations: + - method: POST + path: /share-replicas/{share_replica_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_replica:promote + deprecated_since: null + description: Promote a non-active share replica to active. + name: share_replica:promote + operations: + - method: POST + path: /share-replicas/{share_replica_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_replica:resync + deprecated_since: null + description: Resync a share replica that is out of sync. + name: share_replica:resync + operations: + - method: POST + path: /share-replicas/{share_replica_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_replica:reset_replica_state + deprecated_since: null + description: Reset share replica's replica_state attribute. + name: share_replica:reset_replica_state + operations: + - method: POST + path: /share-replicas/{share_replica_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_replica:reset_status + deprecated_since: null + description: Reset share replica's status. + name: share_replica:reset_status + operations: + - method: POST + path: /share-replicas/{share_replica_id}/action + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_replica_export_location:index + deprecated_since: null + description: Get all export locations of a given share replica. + name: share_replica_export_location:index + operations: + - method: GET + path: /share-replicas/{share_replica_id}/export-locations + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_replica_export_location:show + deprecated_since: null + description: Get details about the requested share replica export location. + name: share_replica_export_location:show + operations: + - method: GET + path: /share-replicas/{share_replica_id}/export-locations/{export_location_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:create + deprecated_since: null + description: Create share network. + name: share_network:create + operations: + - method: POST + path: /share-networks + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:show + deprecated_since: null + description: Get details of a share network. + name: share_network:show + operations: + - method: GET + path: /share-networks/{share_network_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:index + deprecated_since: null + description: Get all share networks. + name: share_network:index + operations: + - method: GET + path: /share-networks + - method: GET + path: /share-networks?{query} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:detail + deprecated_since: null + description: Get details of share networks . + name: share_network:detail + operations: + - method: GET + path: /share-networks/detail?{query} + - method: GET + path: /share-networks/detail + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:update + deprecated_since: null + description: Update a share network. + name: share_network:update + operations: + - method: PUT + path: /share-networks/{share_network_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:delete + deprecated_since: null + description: Delete a share network. + name: share_network:delete + operations: + - method: DELETE + path: /share-networks/{share_network_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:add_security_service + deprecated_since: null + description: Add security service to share network. + name: share_network:add_security_service + operations: + - method: POST + path: /share-networks/{share_network_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:add_security_service_check + deprecated_since: null + description: Check the feasibility of add security service to a share network. + name: share_network:add_security_service_check + operations: + - method: POST + path: /share-networks/{share_network_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:remove_security_service + deprecated_since: null + description: Remove security service from share network. + name: share_network:remove_security_service + operations: + - method: POST + path: /share-networks/{share_network_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:update_security_service + deprecated_since: null + description: Update security service from share network. + name: share_network:update_security_service + operations: + - method: POST + path: /share-networks/{share_network_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network:update_security_service_check + deprecated_since: null + description: Check the feasibility of update a security service from share network. + name: share_network:update_security_service_check + operations: + - method: POST + path: /share-networks/{share_network_id}/action + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-admin) + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_network:reset_status + deprecated_since: null + description: Reset share network`s status. + name: share_network:reset_status + operations: + - method: POST + path: /share-networks/{share_network_id}/action + scope_types: + - system + - project +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_network:get_all_share_networks + deprecated_since: null + description: Get share networks belonging to all projects. + name: share_network:get_all_share_networks + operations: + - method: GET + path: /share-networks?all_tenants=1 + - method: GET + path: /share-networks/detail?all_tenants=1 + scope_types: + - system +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network_subnet:create + deprecated_since: null + description: Create a new share network subnet. + name: share_network_subnet:create + operations: + - method: POST + path: /share-networks/{share_network_id}/subnets + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network_subnet:delete + deprecated_since: null + description: Delete a share network subnet. + name: share_network_subnet:delete + operations: + - method: DELETE + path: /share-networks/{share_network_id}/subnets/{share_network_subnet_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network_subnet:show + deprecated_since: null + description: Shows a share network subnet. + name: share_network_subnet:show + operations: + - method: GET + path: /share-networks/{share_network_id}/subnets/{share_network_subnet_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_network_subnet:index + deprecated_since: null + description: Get all share network subnets. + name: share_network_subnet:index + operations: + - method: GET + path: /share-networks/{share_network_id}/subnets + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: security_service:create + deprecated_since: null + description: Create security service. + name: security_service:create + operations: + - method: POST + path: /security-services + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: security_service:show + deprecated_since: null + description: Get details of a security service. + name: security_service:show + operations: + - method: GET + path: /security-services/{security_service_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: security_service:detail + deprecated_since: null + description: Get details of all security services. + name: security_service:detail + operations: + - method: GET + path: /security-services/detail?{query} + - method: GET + path: /security-services/detail + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: security_service:index + deprecated_since: null + description: Get all security services. + name: security_service:index + operations: + - method: GET + path: /security-services + - method: GET + path: /security-services?{query} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: security_service:update + deprecated_since: null + description: Update a security service. + name: security_service:update + operations: + - method: PUT + path: /security-services/{security_service_id} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: security_service:delete + deprecated_since: null + description: Delete a security service. + name: security_service:delete + operations: + - method: DELETE + path: /security-services/{security_service_id} + scope_types: + - system + - project +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: security_service:get_all_security_services + deprecated_since: null + description: Get security services of all projects. + name: security_service:get_all_security_services + operations: + - method: GET + path: /security-services?all_tenants=1 + - method: GET + path: /security-services/detail?all_tenants=1 + scope_types: + - system +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_export_location:index + deprecated_since: null + description: Get all export locations of a given share. + name: share_export_location:index + operations: + - method: GET + path: /shares/{share_id}/export_locations + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_export_location:show + deprecated_since: null + description: Get details about the requested export location. + name: share_export_location:show + operations: + - method: GET + path: /shares/{share_id}/export_locations/{export_location_id} + scope_types: + - system + - project +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_instance:index + deprecated_since: null + description: Get all share instances. + name: share_instance:index + operations: + - method: GET + path: /share_instances + - method: GET + path: /share_instances?{query} + scope_types: + - system +- check_str: rule:system-reader + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_instance:show + deprecated_since: null + description: Get details of a share instance. + name: share_instance:show + operations: + - method: GET + path: /share_instances/{share_instance_id} + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_instance:force_delete + deprecated_since: null + description: Force delete a share instance. + name: share_instance:force_delete + operations: + - method: POST + path: /share_instances/{share_instance_id}/action + scope_types: + - system +- check_str: rule:system-admin + deprecated_reason: null + deprecated_rule: + check_str: rule:admin_api + name: share_instance:reset_status + deprecated_since: null + description: Reset share instance's status. + name: share_instance:reset_status + operations: + - method: POST + path: /share_instances/{share_instance_id}/action + scope_types: + - system +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: message:get + deprecated_since: null + description: Get details of a given message. + name: message:get + operations: + - method: GET + path: /messages/{message_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: message:get_all + deprecated_since: null + description: Get all messages. + name: message:get_all + operations: + - method: GET + path: /messages + - method: GET + path: /messages?{query} + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: message:delete + deprecated_since: null + description: Delete a message. + name: message:delete + operations: + - method: DELETE + path: /messages/{message_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_access_rule:get + deprecated_since: null + description: Get details of a share access rule. + name: share_access_rule:get + operations: + - method: GET + path: /share-access-rules/{share_access_id} + scope_types: + - system + - project +- check_str: (rule:system-reader) or (rule:project-reader) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_access_rule:index + deprecated_since: null + description: List access rules of a given share. + name: share_access_rule:index + operations: + - method: GET + path: /share-access-rules?share_id={share_id}&key1=value1&key2=value2 + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_access_metadata:update + deprecated_since: null + description: Set metadata for a share access rule. + name: share_access_metadata:update + operations: + - method: PUT + path: /share-access-rules/{share_access_id}/metadata + scope_types: + - system + - project +- check_str: (rule:system-admin) or (rule:project-member) + deprecated_reason: null + deprecated_rule: + check_str: rule:default + name: share_access_metadata:delete + deprecated_since: null + description: Delete metadata for a share access rule. + name: share_access_metadata:delete + operations: + - method: DELETE + path: /share-access-rules/{share_access_id}/metadata/{key} + scope_types: + - system + - project diff --git a/manila_ui/conf/manila_policy.yaml b/manila_ui/conf/manila_policy.yaml new file mode 100644 index 00000000..9e795881 --- /dev/null +++ b/manila_ui/conf/manila_policy.yaml @@ -0,0 +1,1906 @@ +# Intended scope(s): system +#"system-admin": "role:admin and system_scope:all" + +# Intended scope(s): system +#"system-member": "role:member and system_scope:all" + +# Intended scope(s): system +#"system-reader": "role:reader and system_scope:all" + +# Intended scope(s): project +#"project-admin": "role:admin and project_id:%(project_id)s" + +# Intended scope(s): project +#"project-member": "role:member and project_id:%(project_id)s" + +# Intended scope(s): project +#"project-reader": "role:reader and project_id:%(project_id)s" + +# Intended scope(s): system +#"context_is_admin": "rule:system-admin" + +# DEPRECATED +# "context_is_admin":"role:admin" has been deprecated since W in favor +# of "context_is_admin":"rule:system-admin". +# The `context_is_admin` check is superseded by more specific check +# strings that consume system and project scope attributes from +# keystone tokens. + +#"admin_or_owner": "is_admin:True or project_id:%(project_id)s" + +#"default": "rule:admin_or_owner" + +#"admin_api": "is_admin:True" + +# Get all storage availability zones. +# GET /os-availability-zone +# GET /availability-zone +# Intended scope(s): system, project +#"availability_zone:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "availability_zone:index":"rule:default" has been deprecated since W +# in favor of "availability_zone:index":"(rule:system-reader) or +# (rule:project-reader)". +# The availability zone API now supports system scope and default +# roles. + +# Get information regarding backends (and storage pools) known to the +# scheduler. +# GET /scheduler-stats/pools +# GET /scheduler-stats/pools?{query} +# Intended scope(s): system +#"scheduler_stats:pools:index": "rule:system-reader" + +# DEPRECATED +# "scheduler_stats:pools:index":"rule:admin_api" has been deprecated +# since W in favor of "scheduler_stats:pools:index":"rule:system- +# reader". +# The storage pool statistics API now support system scope and default +# roles. + +# Get detailed information regarding backends (and storage pools) +# known to the scheduler. +# GET /scheduler-stats/pools/detail?{query} +# GET /scheduler-stats/pools/detail +# Intended scope(s): system +#"scheduler_stats:pools:detail": "rule:system-reader" + +# DEPRECATED +# "scheduler_stats:pools:detail":"rule:admin_api" has been deprecated +# since W in favor of "scheduler_stats:pools:detail":"rule:system- +# reader". +# The storage pool statistics API now support system scope and default +# roles. + +# Create share. +# POST /shares +# Intended scope(s): system, project +#"share:create": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:create":"" has been deprecated since W in favor of +# "share:create":"(rule:system-admin) or (rule:project-member)". +# The share API now supports system scope and default roles. + +# Create shares visible across all projects in the cloud. +# POST /shares +# Intended scope(s): system +#"share:create_public_share": "rule:system-admin" + +# DEPRECATED +# "share:create_public_share":"rule:admin_api" has been deprecated +# since W in favor of "share:create_public_share":"rule:system-admin". +# The share API now supports system scope and default roles. + +# Get share. +# GET /shares/{share_id} +# Intended scope(s): system, project +#"share:get": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share:get":"rule:default" has been deprecated since W in favor of +# "share:get":"(rule:system-reader) or (rule:project-reader)". +# The share API now supports system scope and default roles. + +# List shares. +# GET /shares +# GET /shares/detail +# Intended scope(s): system, project +#"share:get_all": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share:get_all":"rule:default" has been deprecated since W in favor +# of "share:get_all":"(rule:system-reader) or (rule:project-reader)". +# The share API now supports system scope and default roles. + +# Update share. +# PUT /shares +# Intended scope(s): system, project +#"share:update": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:update":"rule:default" has been deprecated since W in favor +# of "share:update":"(rule:system-admin) or (rule:project-member)". +# The share API now supports system scope and default roles. + +# Update shares to be visible across all projects in the cloud. +# PUT /shares +# Intended scope(s): system +#"share:set_public_share": "rule:system-admin" + +# DEPRECATED +# "share:set_public_share":"rule:admin_api" has been deprecated since +# W in favor of "share:set_public_share":"rule:system-admin". +# The share API now supports system scope and default roles. + +# Delete share. +# DELETE /shares/{share_id} +# Intended scope(s): system, project +#"share:delete": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:delete":"rule:default" has been deprecated since W in favor +# of "share:delete":"(rule:system-admin) or (rule:project-member)". +# The share API now supports system scope and default roles. + +# Force Delete a share. +# DELETE /shares/{share_id} +# Intended scope(s): system, project +#"share:force_delete": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share:force_delete":"rule:admin_api" has been deprecated since W in +# favor of "share:force_delete":"(rule:system-admin) or (rule:project- +# admin)". +# The share API now supports system scope and default roles. + +# Manage share. +# POST /shares/manage +# Intended scope(s): system +#"share:manage": "rule:system-admin" + +# DEPRECATED +# "share:manage":"rule:admin_api" has been deprecated since W in favor +# of "share:manage":"rule:system-admin". +# The share API now supports system scope and default roles. + +# Unmanage share. +# POST /shares/unmanage +# Intended scope(s): system +#"share:unmanage": "rule:system-admin" + +# DEPRECATED +# "share:unmanage":"rule:admin_api" has been deprecated since W in +# favor of "share:unmanage":"rule:system-admin". +# The share API now supports system scope and default roles. + +# List share by host. +# GET /shares +# GET /shares/detail +# Intended scope(s): system +#"share:list_by_host": "rule:system-reader" + +# DEPRECATED +# "share:list_by_host":"rule:admin_api" has been deprecated since W in +# favor of "share:list_by_host":"rule:system-reader". +# The share API now supports system scope and default roles. + +# List share by server id. +# GET /shares +# GET /shares/detail +# Intended scope(s): system +#"share:list_by_share_server_id": "rule:system-reader" + +# DEPRECATED +# "share:list_by_share_server_id":"rule:admin_api" has been deprecated +# since W in favor of "share:list_by_share_server_id":"rule:system- +# reader". +# The share API now supports system scope and default roles. + +# Get share access rule, it under deny access operation. +# POST /shares/{share_id}/action +# Intended scope(s): system, project +#"share:access_get": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share:access_get":"rule:default" has been deprecated since W in +# favor of "share:access_get":"(rule:system-reader) or (rule:project- +# reader)". +# The share API now supports system scope and default roles. + +# List share access rules. +# GET /shares/{share_id}/action +# Intended scope(s): system, project +#"share:access_get_all": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share:access_get_all":"rule:default" has been deprecated since W in +# favor of "share:access_get_all":"(rule:system-reader) or +# (rule:project-reader)". +# The share API now supports system scope and default roles. + +# Extend share. +# POST /shares/{share_id}/action +# Intended scope(s): system, project +#"share:extend": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:extend":"rule:default" has been deprecated since W in favor +# of "share:extend":"(rule:system-admin) or (rule:project-member)". +# The share API now supports system scope and default roles. + +# Shrink share. +# POST /shares/{share_id}/action +# Intended scope(s): system, project +#"share:shrink": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:shrink":"rule:default" has been deprecated since W in favor +# of "share:shrink":"(rule:system-admin) or (rule:project-member)". +# The share API now supports system scope and default roles. + +# Migrate a share to the specified host. +# POST /shares/{share_id}/action +# Intended scope(s): system +#"share:migration_start": "rule:system-admin" + +# DEPRECATED +# "share:migration_start":"rule:admin_api" has been deprecated since W +# in favor of "share:migration_start":"rule:system-admin". +# The share API now supports system scope and default roles. + +# Invokes 2nd phase of share migration. +# POST /shares/{share_id}/action +# Intended scope(s): system +#"share:migration_complete": "rule:system-admin" + +# DEPRECATED +# "share:migration_complete":"rule:admin_api" has been deprecated +# since W in favor of "share:migration_complete":"rule:system-admin". +# The share API now supports system scope and default roles. + +# Attempts to cancel share migration. +# POST /shares/{share_id}/action +# Intended scope(s): system +#"share:migration_cancel": "rule:system-admin" + +# DEPRECATED +# "share:migration_cancel":"rule:admin_api" has been deprecated since +# W in favor of "share:migration_cancel":"rule:system-admin". +# The share API now supports system scope and default roles. + +# Retrieve share migration progress for a given share. +# POST /shares/{share_id}/action +# Intended scope(s): system +#"share:migration_get_progress": "rule:system-reader" + +# DEPRECATED +# "share:migration_get_progress":"rule:admin_api" has been deprecated +# since W in favor of "share:migration_get_progress":"rule:system- +# reader". +# The share API now supports system scope and default roles. + +# Reset task state. +# POST /shares/{share_id}/action +# Intended scope(s): system, project +#"share:reset_task_state": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share:reset_task_state":"rule:admin_api" has been deprecated since +# W in favor of "share:reset_task_state":"(rule:system-admin) or +# (rule:project-admin)". +# The share API now supports system scope and default roles. + +# Reset status. +# POST /shares/{share_id}/action +# Intended scope(s): system, project +#"share:reset_status": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share:reset_status":"rule:admin_api" has been deprecated since W in +# favor of "share:reset_status":"(rule:system-admin) or (rule:project- +# admin)". +# The share API now supports system scope and default roles. + +# Revert a share to a snapshot. +# POST /shares/{share_id}/action +# Intended scope(s): system, project +#"share:revert_to_snapshot": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:revert_to_snapshot":"rule:default" has been deprecated since +# W in favor of "share:revert_to_snapshot":"(rule:system-admin) or +# (rule:project-member)". +# The share API now supports system scope and default roles. + +# Add share access rule. +# POST /shares/{share_id}/action +# Intended scope(s): system, project +#"share:allow_access": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:allow_access":"rule:default" has been deprecated since W in +# favor of "share:allow_access":"(rule:system-admin) or (rule:project- +# member)". +# The share API now supports system scope and default roles. + +# Remove share access rule. +# POST /shares/{share_id}/action +# Intended scope(s): system, project +#"share:deny_access": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:deny_access":"rule:default" has been deprecated since W in +# favor of "share:deny_access":"(rule:system-admin) or (rule:project- +# member)". +# The share API now supports system scope and default roles. + +# Update share metadata. +# PUT /shares/{share_id}/metadata +# Intended scope(s): system, project +#"share:update_share_metadata": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:update_share_metadata":"rule:default" has been deprecated +# since W in favor of "share:update_share_metadata":"(rule:system- +# admin) or (rule:project-member)". +# The share API now supports system scope and default roles. + +# Delete share metadata. +# DELETE /shares/{share_id}/metadata/{key} +# Intended scope(s): system, project +#"share:delete_share_metadata": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:delete_share_metadata":"rule:default" has been deprecated +# since W in favor of "share:delete_share_metadata":"(rule:system- +# admin) or (rule:project-member)". +# The share API now supports system scope and default roles. + +# Get share metadata. +# GET /shares/{share_id}/metadata +# Intended scope(s): system, project +#"share:get_share_metadata": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share:get_share_metadata":"rule:default" has been deprecated since +# W in favor of "share:get_share_metadata":"(rule:system-reader) or +# (rule:project-reader)". +# The share API now supports system scope and default roles. + +# Create share snapshot. +# POST /snapshots +# Intended scope(s): system, project +#"share:create_snapshot": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:create_snapshot":"rule:default" has been deprecated since W +# in favor of "share:create_snapshot":"(rule:system-admin) or +# (rule:project-member)". +# The share API now supports system scope and default roles. + +# Delete share snapshot. +# DELETE /snapshots/{snapshot_id} +# Intended scope(s): system, project +#"share:delete_snapshot": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:delete_snapshot":"rule:default" has been deprecated since W +# in favor of "share:delete_snapshot":"(rule:system-admin) or +# (rule:project-member)". +# The share API now supports system scope and default roles. + +# Update share snapshot. +# PUT /snapshots/{snapshot_id}/action +# Intended scope(s): system, project +#"share:snapshot_update": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share:snapshot_update":"rule:default" has been deprecated since W +# in favor of "share:snapshot_update":"(rule:system-admin) or +# (rule:project-member)". +# The share API now supports system scope and default roles. + +# Return data about the requested export location. +# POST /share_instances/{share_instance_id}/export_locations +# Intended scope(s): system +#"share_instance_export_location:index": "rule:system-reader" + +# DEPRECATED +# "share_instance_export_location:index":"rule:admin_api" has been +# deprecated since W in favor of +# "share_instance_export_location:index":"rule:system-reader". +# The share instance export location API now supports system scope and +# default roles. + +# Return data about the requested export location. +# GET /share_instances/{share_instance_id}/export_locations/{export_location_id} +# Intended scope(s): system +#"share_instance_export_location:show": "rule:system-reader" + +# DEPRECATED +# "share_instance_export_location:show":"rule:admin_api" has been +# deprecated since W in favor of +# "share_instance_export_location:show":"rule:system-reader". +# The share instance export location API now supports system scope and +# default roles. + +# Create share type. +# POST /types +# Intended scope(s): system +#"share_type:create": "rule:system-admin" + +# DEPRECATED +# "share_type:create":"rule:admin_api" has been deprecated since W in +# favor of "share_type:create":"rule:system-admin". +# The share type API now supports system scope and default roles. + +# Update share type. +# PUT /types/{share_type_id} +# Intended scope(s): system +#"share_type:update": "rule:system-admin" + +# DEPRECATED +# "share_type:update":"rule:admin_api" has been deprecated since W in +# favor of "share_type:update":"rule:system-admin". +# The share type API now supports system scope and default roles. + +# Get share type. +# GET /types/{share_type_id} +# Intended scope(s): system, project +#"share_type:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_type:show":"rule:default" has been deprecated since W in +# favor of "share_type:show":"(rule:system-reader) or (rule:project- +# reader)". +# The share type API now supports system scope and default roles. + +# List share types. +# GET /types +# GET /types?is_public=all +# Intended scope(s): system, project +#"share_type:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_type:index":"rule:default" has been deprecated since W in +# favor of "share_type:index":"(rule:system-reader) or (rule:project- +# reader)". +# The share type API now supports system scope and default roles. + +# Get default share type. +# GET /types/default +# Intended scope(s): system, project +#"share_type:default": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_type:default":"rule:default" has been deprecated since W in +# favor of "share_type:default":"(rule:system-reader) or +# (rule:project-reader)". +# The share type API now supports system scope and default roles. + +# Delete share type. +# DELETE /types/{share_type_id} +# Intended scope(s): system +#"share_type:delete": "rule:system-admin" + +# DEPRECATED +# "share_type:delete":"rule:admin_api" has been deprecated since W in +# favor of "share_type:delete":"rule:system-admin". +# The share type API now supports system scope and default roles. + +# List share type project access. +# GET /types/{share_type_id} +# Intended scope(s): system +#"share_type:list_project_access": "rule:system-reader" + +# DEPRECATED +# "share_type:list_project_access":"rule:admin_api" has been +# deprecated since W in favor of +# "share_type:list_project_access":"rule:system-reader". +# The share type API now supports system scope and default roles. + +# Add share type to project. +# POST /types/{share_type_id}/action +# Intended scope(s): system +#"share_type:add_project_access": "rule:system-admin" + +# DEPRECATED +# "share_type:add_project_access":"rule:admin_api" has been deprecated +# since W in favor of "share_type:add_project_access":"rule:system- +# admin". +# The share type API now supports system scope and default roles. + +# Remove share type from project. +# POST /types/{share_type_id}/action +# Intended scope(s): system +#"share_type:remove_project_access": "rule:system-admin" + +# DEPRECATED +# "share_type:remove_project_access":"rule:admin_api" has been +# deprecated since W in favor of +# "share_type:remove_project_access":"rule:system-admin". +# The share type API now supports system scope and default roles. + +# Create share type extra spec. +# POST /types/{share_type_id}/extra_specs +# Intended scope(s): system +#"share_types_extra_spec:create": "rule:system-admin" + +# DEPRECATED +# "share_types_extra_spec:create":"rule:admin_api" has been deprecated +# since W in favor of "share_types_extra_spec:create":"rule:system- +# admin". +# The share types extra specs API now supports system scope and +# default roles. + +# Get share type extra specs of a given share type. +# GET /types/{share_type_id}/extra_specs +# Intended scope(s): system +#"share_types_extra_spec:show": "rule:system-reader" + +# DEPRECATED +# "share_types_extra_spec:show":"rule:admin_api" has been deprecated +# since W in favor of "share_types_extra_spec:show":"rule:system- +# reader". +# The share types extra specs API now supports system scope and +# default roles. + +# Get details of a share type extra spec. +# GET /types/{share_type_id}/extra_specs/{extra_spec_id} +# Intended scope(s): system +#"share_types_extra_spec:index": "rule:system-reader" + +# DEPRECATED +# "share_types_extra_spec:index":"rule:admin_api" has been deprecated +# since W in favor of "share_types_extra_spec:index":"rule:system- +# reader". +# The share types extra specs API now supports system scope and +# default roles. + +# Update share type extra spec. +# PUT /types/{share_type_id}/extra_specs +# Intended scope(s): system +#"share_types_extra_spec:update": "rule:system-admin" + +# DEPRECATED +# "share_types_extra_spec:update":"rule:admin_api" has been deprecated +# since W in favor of "share_types_extra_spec:update":"rule:system- +# admin". +# The share types extra specs API now supports system scope and +# default roles. + +# Delete share type extra spec. +# DELETE /types/{share_type_id}/extra_specs/{key} +# Intended scope(s): system +#"share_types_extra_spec:delete": "rule:system-admin" + +# DEPRECATED +# "share_types_extra_spec:delete":"rule:admin_api" has been deprecated +# since W in favor of "share_types_extra_spec:delete":"rule:system- +# admin". +# The share types extra specs API now supports system scope and +# default roles. + +# Get share snapshot. +# GET /snapshots/{snapshot_id} +# Intended scope(s): system, project +#"share_snapshot:get_snapshot": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_snapshot:get_snapshot":"rule:default" has been deprecated +# since W in favor of "share_snapshot:get_snapshot":"(rule:system- +# reader) or (rule:project-reader)". +# The share snapshot API now supports system scope and default roles. + +# Get all share snapshots. +# GET /snapshots +# GET /snapshots/detail +# GET /snapshots?{query} +# GET /snapshots/detail?{query} +# Intended scope(s): system, project +#"share_snapshot:get_all_snapshots": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_snapshot:get_all_snapshots":"rule:default" has been +# deprecated since W in favor of +# "share_snapshot:get_all_snapshots":"(rule:system-reader) or +# (rule:project-reader)". +# The share snapshot API now supports system scope and default roles. + +# Force Delete a share snapshot. +# DELETE /snapshots/{snapshot_id} +# Intended scope(s): system, project +#"share_snapshot:force_delete": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_snapshot:force_delete":"rule:admin_api" has been deprecated +# since W in favor of "share_snapshot:force_delete":"(rule:system- +# admin) or (rule:project-admin)". +# The share snapshot API now supports system scope and default roles. + +# Manage share snapshot. +# POST /snapshots/manage +# Intended scope(s): system +#"share_snapshot:manage_snapshot": "rule:system-admin" + +# DEPRECATED +# "share_snapshot:manage_snapshot":"rule:admin_api" has been +# deprecated since W in favor of +# "share_snapshot:manage_snapshot":"rule:system-admin". +# The share snapshot API now supports system scope and default roles. + +# Unmanage share snapshot. +# POST /snapshots/{snapshot_id}/action +# Intended scope(s): system +#"share_snapshot:unmanage_snapshot": "rule:system-admin" + +# DEPRECATED +# "share_snapshot:unmanage_snapshot":"rule:admin_api" has been +# deprecated since W in favor of +# "share_snapshot:unmanage_snapshot":"rule:system-admin". +# The share snapshot API now supports system scope and default roles. + +# Reset status. +# POST /snapshots/{snapshot_id}/action +# Intended scope(s): system, project +#"share_snapshot:reset_status": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_snapshot:reset_status":"rule:admin_api" has been deprecated +# since W in favor of "share_snapshot:reset_status":"(rule:system- +# admin) or (rule:project-admin)". +# The share snapshot API now supports system scope and default roles. + +# List access rules of a share snapshot. +# GET /snapshots/{snapshot_id}/access-list +# Intended scope(s): system, project +#"share_snapshot:access_list": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_snapshot:access_list":"rule:default" has been deprecated +# since W in favor of "share_snapshot:access_list":"(rule:system- +# reader) or (rule:project-reader)". +# The share snapshot API now supports system scope and default roles. + +# Allow access to a share snapshot. +# POST /snapshots/{snapshot_id}/action +# Intended scope(s): system, project +#"share_snapshot:allow_access": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_snapshot:allow_access":"rule:default" has been deprecated +# since W in favor of "share_snapshot:allow_access":"(rule:system- +# admin) or (rule:project-member)". +# The share snapshot API now supports system scope and default roles. + +# Deny access to a share snapshot. +# POST /snapshots/{snapshot_id}/action +# Intended scope(s): system, project +#"share_snapshot:deny_access": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_snapshot:deny_access":"rule:default" has been deprecated +# since W in favor of "share_snapshot:deny_access":"(rule:system- +# admin) or (rule:project-member)". +# The share snapshot API now supports system scope and default roles. + +# List export locations of a share snapshot. +# GET /snapshots/{snapshot_id}/export-locations/ +# Intended scope(s): system, project +#"share_snapshot_export_location:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_snapshot_export_location:index":"rule:default" has been +# deprecated since W in favor of +# "share_snapshot_export_location:index":"(rule:system-reader) or +# (rule:project-reader)". +# The share snapshot location API now supports system scope and +# default roles. + +# Get details of a specified export location of a share snapshot. +# GET /snapshots/{snapshot_id}/export-locations/{export_location_id} +# Intended scope(s): system, project +#"share_snapshot_export_location:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_snapshot_export_location:show":"rule:default" has been +# deprecated since W in favor of +# "share_snapshot_export_location:show":"(rule:system-reader) or +# (rule:project-reader)". +# The share snapshot location API now supports system scope and +# default roles. + +# Get share snapshot instance. +# GET /snapshot-instances/{snapshot_instance_id} +# Intended scope(s): system +#"share_snapshot_instance:show": "rule:system-reader" + +# DEPRECATED +# "share_snapshot_instance:show":"rule:admin_api" has been deprecated +# since W in favor of "share_snapshot_instance:show":"rule:system- +# reader". +# The share snapshot instance API now supports system scope and +# default roles. + +# Get all share snapshot instances. +# GET /snapshot-instances +# GET /snapshot-instances?{query} +# Intended scope(s): system +#"share_snapshot_instance:index": "rule:system-reader" + +# DEPRECATED +# "share_snapshot_instance:index":"rule:admin_api" has been deprecated +# since W in favor of "share_snapshot_instance:index":"rule:system- +# reader". +# The share snapshot instance API now supports system scope and +# default roles. + +# Get details of share snapshot instances. +# GET /snapshot-instances/detail +# GET /snapshot-instances/detail?{query} +# Intended scope(s): system +#"share_snapshot_instance:detail": "rule:system-reader" + +# DEPRECATED +# "share_snapshot_instance:detail":"rule:admin_api" has been +# deprecated since W in favor of +# "share_snapshot_instance:detail":"rule:system-reader". +# The share snapshot instance API now supports system scope and +# default roles. + +# Reset share snapshot instance's status. +# POST /snapshot-instances/{snapshot_instance_id}/action +# Intended scope(s): system +#"share_snapshot_instance:reset_status": "rule:system-admin" + +# DEPRECATED +# "share_snapshot_instance:reset_status":"rule:admin_api" has been +# deprecated since W in favor of +# "share_snapshot_instance:reset_status":"rule:system-admin". +# The share snapshot instance API now supports system scope and +# default roles. + +# List export locations of a share snapshot instance. +# GET /snapshot-instances/{snapshot_instance_id}/export-locations +# Intended scope(s): system +#"share_snapshot_instance_export_location:index": "rule:system-reader" + +# DEPRECATED +# "share_snapshot_instance_export_location:index":"rule:admin_api" has +# been deprecated since W in favor of +# "share_snapshot_instance_export_location:index":"rule:system- +# reader". +# The share snapshot instance export location API now supports system +# scope and default roles. + +# Show details of a specified export location of a share snapshot +# instance. +# GET /snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id} +# Intended scope(s): system +#"share_snapshot_instance_export_location:show": "rule:system-reader" + +# DEPRECATED +# "share_snapshot_instance_export_location:show":"rule:admin_api" has +# been deprecated since W in favor of +# "share_snapshot_instance_export_location:show":"rule:system-reader". +# The share snapshot instance export location API now supports system +# scope and default roles. + +# Get share servers. +# GET /share-servers +# GET /share-servers?{query} +# Intended scope(s): system +#"share_server:index": "rule:system-reader" + +# DEPRECATED +# "share_server:index":"rule:admin_api" has been deprecated since W in +# favor of "share_server:index":"rule:system-reader". +# The share server API now supports system scope and default roles. + +# Show share server. +# GET /share-servers/{server_id} +# Intended scope(s): system +#"share_server:show": "rule:system-reader" + +# DEPRECATED +# "share_server:show":"rule:admin_api" has been deprecated since W in +# favor of "share_server:show":"rule:system-reader". +# The share server API now supports system scope and default roles. + +# Get share server details. +# GET /share-servers/{server_id}/details +# Intended scope(s): system +#"share_server:details": "rule:system-reader" + +# DEPRECATED +# "share_server:details":"rule:admin_api" has been deprecated since W +# in favor of "share_server:details":"rule:system-reader". +# The share server API now supports system scope and default roles. + +# Delete share server. +# DELETE /share-servers/{server_id} +# Intended scope(s): system +#"share_server:delete": "rule:system-admin" + +# DEPRECATED +# "share_server:delete":"rule:admin_api" has been deprecated since W +# in favor of "share_server:delete":"rule:system-admin". +# The share server API now supports system scope and default roles. + +# Manage share server. +# POST /share-servers/manage +# Intended scope(s): system +#"share_server:manage_share_server": "rule:system-admin" + +# DEPRECATED +# "share_server:manage_share_server":"rule:admin_api" has been +# deprecated since W in favor of +# "share_server:manage_share_server":"rule:system-admin". +# The share server API now supports system scope and default roles. + +# Unmanage share server. +# POST /share-servers/{share_server_id}/action +# Intended scope(s): system +#"share_server:unmanage_share_server": "rule:system-admin" + +# DEPRECATED +# "share_server:unmanage_share_server":"rule:admin_api" has been +# deprecated since W in favor of +# "share_server:unmanage_share_server":"rule:system-admin". +# The share server API now supports system scope and default roles. + +# Reset the status of a share server. +# POST /share-servers/{share_server_id}/action +# Intended scope(s): system +#"share_server:reset_status": "rule:system-admin" + +# DEPRECATED +# "share_server:reset_status":"rule:admin_api" has been deprecated +# since W in favor of "share_server:reset_status":"rule:system-admin". +# The share server API now supports system scope and default roles. + +# Migrates a share server to the specified host. +# POST /share-servers/{share_server_id}/action +# Intended scope(s): system +#"share_server:share_server_migration_start": "rule:system-admin" + +# DEPRECATED +# "share_server:share_server_migration_start":"rule:admin_api" has +# been deprecated since W in favor of +# "share_server:share_server_migration_start":"rule:system-admin". +# The share server API now supports system scope and default roles. + +# Check if can migrates a share server to the specified host. +# POST /share-servers/{share_server_id}/action +# Intended scope(s): system +#"share_server:share_server_migration_check": "rule:system-reader" + +# DEPRECATED +# "share_server:share_server_migration_check":"rule:admin_api" has +# been deprecated since W in favor of +# "share_server:share_server_migration_check":"rule:system-reader". +# The share server API now supports system scope and default roles. + +# Invokes the 2nd phase of share server migration. +# POST /share-servers/{share_server_id}/action +# Intended scope(s): system +#"share_server:share_server_migration_complete": "rule:system-admin" + +# DEPRECATED +# "share_server:share_server_migration_complete":"rule:admin_api" has +# been deprecated since W in favor of +# "share_server:share_server_migration_complete":"rule:system-admin". +# The share server API now supports system scope and default roles. + +# Attempts to cancel share server migration. +# POST /share-servers/{share_server_id}/action +# Intended scope(s): system +#"share_server:share_server_migration_cancel": "rule:system-admin" + +# DEPRECATED +# "share_server:share_server_migration_cancel":"rule:admin_api" has +# been deprecated since W in favor of +# "share_server:share_server_migration_cancel":"rule:system-admin". +# The share server API now supports system scope and default roles. + +# Retrieves the share server migration progress for a given share +# server. +# POST /share-servers/{share_server_id}/action +# Intended scope(s): system +#"share_server:share_server_migration_get_progress": "rule:system-reader" + +# DEPRECATED +# "share_server:share_server_migration_get_progress":"rule:admin_api" +# has been deprecated since W in favor of +# "share_server:share_server_migration_get_progress":"rule:system- +# reader". +# The share server API now supports system scope and default roles. + +# Resets task state. +# POST /share-servers/{share_server_id}/action +# Intended scope(s): system +#"share_server:share_server_reset_task_state": "rule:system-admin" + +# DEPRECATED +# "share_server:share_server_reset_task_state":"rule:admin_api" has +# been deprecated since W in favor of +# "share_server:share_server_reset_task_state":"rule:system-admin". +# The share server API now supports system scope and default roles. + +# Return a list of all running services. +# GET /os-services +# GET /os-services?{query} +# GET /services +# GET /services?{query} +# Intended scope(s): system +#"service:index": "rule:system-reader" + +# DEPRECATED +# "service:index":"rule:admin_api" has been deprecated since W in +# favor of "service:index":"rule:system-reader". +# The service API now supports system scope and default roles. + +# Enable/Disable scheduling for a service. +# PUT /os-services/disable +# PUT /os-services/enable +# PUT /services/disable +# PUT /services/enable +# Intended scope(s): system +#"service:update": "rule:system-admin" + +# DEPRECATED +# "service:update":"rule:admin_api" has been deprecated since W in +# favor of "service:update":"rule:system-admin". +# The service API now supports system scope and default roles. + +# Update the quotas for a project/user and/or share type. +# PUT /quota-sets/{tenant_id} +# PUT /quota-sets/{tenant_id}?user_id={user_id} +# PUT /quota-sets/{tenant_id}?share_type={share_type_id} +# PUT /os-quota-sets/{tenant_id} +# PUT /os-quota-sets/{tenant_id}?user_id={user_id} +# Intended scope(s): system +#"quota_set:update": "rule:system-admin" + +# DEPRECATED +# "quota_set:update":"rule:admin_api" has been deprecated since W in +# favor of "quota_set:update":"rule:system-admin". +# The quota API now supports system scope and default roles. + +# List the quotas for a tenant/user. +# GET /quota-sets/{tenant_id}/defaults +# GET /os-quota-sets/{tenant_id}/defaults +# Intended scope(s): system, project +#"quota_set:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "quota_set:show":"rule:default" has been deprecated since W in favor +# of "quota_set:show":"(rule:system-reader) or (rule:project-reader)". +# The quota API now supports system scope and default roles. + +# Delete quota for a tenant/user or tenant/share-type. The quota will +# revert back to default (Admin only). +# DELETE /quota-sets/{tenant_id} +# DELETE /quota-sets/{tenant_id}?user_id={user_id} +# DELETE /quota-sets/{tenant_id}?share_type={share_type_id} +# DELETE /os-quota-sets/{tenant_id} +# DELETE /os-quota-sets/{tenant_id}?user_id={user_id} +# Intended scope(s): system +#"quota_set:delete": "rule:system-admin" + +# DEPRECATED +# "quota_set:delete":"rule:admin_api" has been deprecated since W in +# favor of "quota_set:delete":"rule:system-admin". +# The quota API now supports system scope and default roles. + +# Update quota class. +# PUT /quota-class-sets/{class_name} +# PUT /os-quota-class-sets/{class_name} +# Intended scope(s): system +#"quota_class_set:update": "rule:system-admin" + +# DEPRECATED +# "quota_class_set:update":"rule:admin_api" has been deprecated since +# W in favor of "quota_class_set:update":"rule:system-admin". +# The quota class API now supports system scope and default roles. + +# Get quota class. +# GET /quota-class-sets/{class_name} +# GET /os-quota-class-sets/{class_name} +# Intended scope(s): system, project +#"quota_class_set:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "quota_class_set:show":"rule:default" has been deprecated since W in +# favor of "quota_class_set:show":"(rule:system-reader) or +# (rule:project-reader)". +# The quota class API now supports system scope and default roles. + +# Create share group type specs. +# POST /share-group-types/{share_group_type_id}/group-specs +# Intended scope(s): system +#"share_group_types_spec:create": "rule:system-admin" + +# DEPRECATED +# "share_group_types_spec:create":"rule:admin_api" has been deprecated +# since W in favor of "share_group_types_spec:create":"rule:system- +# admin". +# The share group type specs API now support system scope and default +# roles. + +# Get share group type specs. +# GET /share-group-types/{share_group_type_id}/group-specs +# Intended scope(s): system +#"share_group_types_spec:index": "rule:system-reader" + +# DEPRECATED +# "share_group_types_spec:index":"rule:admin_api" has been deprecated +# since W in favor of "share_group_types_spec:index":"rule:system- +# reader". +# The share group type specs API now support system scope and default +# roles. + +# Get details of a share group type spec. +# GET /share-group-types/{share_group_type_id}/group-specs/{key} +# Intended scope(s): system +#"share_group_types_spec:show": "rule:system-reader" + +# DEPRECATED +# "share_group_types_spec:show":"rule:admin_api" has been deprecated +# since W in favor of "share_group_types_spec:show":"rule:system- +# reader". +# The share group type specs API now support system scope and default +# roles. + +# Update a share group type spec. +# PUT /share-group-types/{share_group_type_id}/group-specs/{key} +# Intended scope(s): system +#"share_group_types_spec:update": "rule:system-admin" + +# DEPRECATED +# "share_group_types_spec:update":"rule:admin_api" has been deprecated +# since W in favor of "share_group_types_spec:update":"rule:system- +# admin". +# The share group type specs API now support system scope and default +# roles. + +# Delete a share group type spec. +# DELETE /share-group-types/{share_group_type_id}/group-specs/{key} +# Intended scope(s): system +#"share_group_types_spec:delete": "rule:system-admin" + +# DEPRECATED +# "share_group_types_spec:delete":"rule:admin_api" has been deprecated +# since W in favor of "share_group_types_spec:delete":"rule:system- +# admin". +# The share group type specs API now support system scope and default +# roles. + +# Create a new share group type. +# POST /share-group-types +# Intended scope(s): system +#"share_group_type:create": "rule:system-admin" + +# DEPRECATED +# "share_group_type:create":"rule:admin_api" has been deprecated since +# W in favor of "share_group_type:create":"rule:system-admin". +# The share group type API now supports system scope and default +# roles. + +# Get the list of share group types. +# GET /share-group-types +# GET /share-group-types?is_public=all +# Intended scope(s): system, project +#"share_group_type:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_group_type:index":"rule:default" has been deprecated since W +# in favor of "share_group_type:index":"(rule:system-reader) or +# (rule:project-reader)". +# The share group type API now supports system scope and default +# roles. + +# Get details regarding the specified share group type. +# GET /share-group-types/{share_group_type_id} +# Intended scope(s): system, project +#"share_group_type:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_group_type:show":"rule:default" has been deprecated since W +# in favor of "share_group_type:show":"(rule:system-reader) or +# (rule:project-reader)". +# The share group type API now supports system scope and default +# roles. + +# Get the default share group type. +# GET /share-group-types/default +# Intended scope(s): system, project +#"share_group_type:default": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_group_type:default":"rule:default" has been deprecated since +# W in favor of "share_group_type:default":"(rule:system-reader) or +# (rule:project-reader)". +# The share group type API now supports system scope and default +# roles. + +# Delete an existing group type. +# DELETE /share-group-types/{share_group_type_id} +# Intended scope(s): system +#"share_group_type:delete": "rule:system-admin" + +# DEPRECATED +# "share_group_type:delete":"rule:admin_api" has been deprecated since +# W in favor of "share_group_type:delete":"rule:system-admin". +# The share group type API now supports system scope and default +# roles. + +# Get project access by share group type. +# GET /share-group-types/{share_group_type_id}/access +# Intended scope(s): system +#"share_group_type:list_project_access": "rule:system-reader" + +# DEPRECATED +# "share_group_type:list_project_access":"rule:admin_api" has been +# deprecated since W in favor of +# "share_group_type:list_project_access":"rule:system-reader". +# The share group type API now supports system scope and default +# roles. + +# Allow project to use the share group type. +# POST /share-group-types/{share_group_type_id}/action +# Intended scope(s): system +#"share_group_type:add_project_access": "rule:system-admin" + +# DEPRECATED +# "share_group_type:add_project_access":"rule:admin_api" has been +# deprecated since W in favor of +# "share_group_type:add_project_access":"rule:system-admin". +# The share group type API now supports system scope and default +# roles. + +# Deny project access to use the share group type. +# POST /share-group-types/{share_group_type_id}/action +# Intended scope(s): system +#"share_group_type:remove_project_access": "rule:system-admin" + +# DEPRECATED +# "share_group_type:remove_project_access":"rule:admin_api" has been +# deprecated since W in favor of +# "share_group_type:remove_project_access":"rule:system-admin". +# The share group type API now supports system scope and default +# roles. + +# Create a new share group snapshot. +# POST /share-group-snapshots +# Intended scope(s): system, project +#"share_group_snapshot:create": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_group_snapshot:create":"rule:default" has been deprecated +# since W in favor of "share_group_snapshot:create":"(rule:system- +# admin) or (rule:project-member)". +# The share group snapshots API now supports system scope and default +# roles. + +# Get details of a share group snapshot. +# GET /share-group-snapshots/{share_group_snapshot_id} +# Intended scope(s): system, project +#"share_group_snapshot:get": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_group_snapshot:get":"rule:default" has been deprecated since +# W in favor of "share_group_snapshot:get":"(rule:system-reader) or +# (rule:project-reader)". +# The share group snapshots API now supports system scope and default +# roles. + +# Get all share group snapshots. +# GET /share-group-snapshots +# GET /share-group-snapshots/detail +# GET /share-group-snapshots/{query} +# GET /share-group-snapshots/detail?{query} +# Intended scope(s): system, project +#"share_group_snapshot:get_all": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_group_snapshot:get_all":"rule:default" has been deprecated +# since W in favor of "share_group_snapshot:get_all":"(rule:system- +# reader) or (rule:project-reader)". +# The share group snapshots API now supports system scope and default +# roles. + +# Update a share group snapshot. +# PUT /share-group-snapshots/{share_group_snapshot_id} +# Intended scope(s): system, project +#"share_group_snapshot:update": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_group_snapshot:update":"rule:default" has been deprecated +# since W in favor of "share_group_snapshot:update":"(rule:system- +# admin) or (rule:project-member)". +# The share group snapshots API now supports system scope and default +# roles. + +# Delete a share group snapshot. +# DELETE /share-group-snapshots/{share_group_snapshot_id} +# Intended scope(s): system, project +#"share_group_snapshot:delete": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_group_snapshot:delete":"rule:default" has been deprecated +# since W in favor of "share_group_snapshot:delete":"(rule:system- +# admin) or (rule:project-member)". +# The share group snapshots API now supports system scope and default +# roles. + +# Force delete a share group snapshot. +# POST /share-group-snapshots/{share_group_snapshot_id}/action +# Intended scope(s): system, project +#"share_group_snapshot:force_delete": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_group_snapshot:force_delete":"rule:admin_api" has been +# deprecated since W in favor of +# "share_group_snapshot:force_delete":"(rule:system-admin) or +# (rule:project-admin)". +# The share group snapshots API now supports system scope and default +# roles. + +# Reset a share group snapshot's status. +# POST /share-group-snapshots/{share_group_snapshot_id}/action +# Intended scope(s): system, project +#"share_group_snapshot:reset_status": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_group_snapshot:reset_status":"rule:admin_api" has been +# deprecated since W in favor of +# "share_group_snapshot:reset_status":"(rule:system-admin) or +# (rule:project-admin)". +# The share group snapshots API now supports system scope and default +# roles. + +# Create share group. +# POST /share-groups +# Intended scope(s): system, project +#"share_group:create": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_group:create":"rule:default" has been deprecated since W in +# favor of "share_group:create":"(rule:system-admin) or (rule:project- +# member)". +# The share group API now supports system scope and default roles. + +# Get details of a share group. +# GET /share-groups/{share_group_id} +# Intended scope(s): system, project +#"share_group:get": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_group:get":"rule:default" has been deprecated since W in +# favor of "share_group:get":"(rule:system-reader) or (rule:project- +# reader)". +# The share group API now supports system scope and default roles. + +# Get all share groups. +# GET /share-groups +# GET /share-groups/detail +# GET /share-groups?{query} +# GET /share-groups/detail?{query} +# Intended scope(s): system, project +#"share_group:get_all": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_group:get_all":"rule:default" has been deprecated since W in +# favor of "share_group:get_all":"(rule:system-reader) or +# (rule:project-reader)". +# The share group API now supports system scope and default roles. + +# Update share group. +# PUT /share-groups/{share_group_id} +# Intended scope(s): system, project +#"share_group:update": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_group:update":"rule:default" has been deprecated since W in +# favor of "share_group:update":"(rule:system-admin) or (rule:project- +# member)". +# The share group API now supports system scope and default roles. + +# Delete share group. +# DELETE /share-groups/{share_group_id} +# Intended scope(s): system, project +#"share_group:delete": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_group:delete":"rule:default" has been deprecated since W in +# favor of "share_group:delete":"(rule:system-admin) or (rule:project- +# member)". +# The share group API now supports system scope and default roles. + +# Force delete a share group. +# POST /share-groups/{share_group_id}/action +# Intended scope(s): system, project +#"share_group:force_delete": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_group:force_delete":"rule:admin_api" has been deprecated +# since W in favor of "share_group:force_delete":"(rule:system-admin) +# or (rule:project-admin)". +# The share group API now supports system scope and default roles. + +# Reset share group's status. +# POST /share-groups/{share_group_id}/action +# Intended scope(s): system, project +#"share_group:reset_status": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_group:reset_status":"rule:admin_api" has been deprecated +# since W in favor of "share_group:reset_status":"(rule:system-admin) +# or (rule:project-admin)". +# The share group API now supports system scope and default roles. + +# Create share replica. +# POST /share-replicas +# Intended scope(s): system, project +#"share_replica:create": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_replica:create":"rule:default" has been deprecated since W in +# favor of "share_replica:create":"(rule:system-admin) or +# (rule:project-member)". +# The share replica API now supports system scope and default roles. + +# Get all share replicas. +# GET /share-replicas +# GET /share-replicas/detail +# GET /share-replicas/detail?share_id={share_id} +# Intended scope(s): system, project +#"share_replica:get_all": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_replica:get_all":"rule:default" has been deprecated since W +# in favor of "share_replica:get_all":"(rule:system-reader) or +# (rule:project-reader)". +# The share replica API now supports system scope and default roles. + +# Get details of a share replica. +# GET /share-replicas/{share_replica_id} +# Intended scope(s): system, project +#"share_replica:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_replica:show":"rule:default" has been deprecated since W in +# favor of "share_replica:show":"(rule:system-reader) or +# (rule:project-reader)". +# The share replica API now supports system scope and default roles. + +# Delete a share replica. +# DELETE /share-replicas/{share_replica_id} +# Intended scope(s): system, project +#"share_replica:delete": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_replica:delete":"rule:default" has been deprecated since W in +# favor of "share_replica:delete":"(rule:system-admin) or +# (rule:project-member)". +# The share replica API now supports system scope and default roles. + +# Force delete a share replica. +# POST /share-replicas/{share_replica_id}/action +# Intended scope(s): system, project +#"share_replica:force_delete": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_replica:force_delete":"rule:admin_api" has been deprecated +# since W in favor of "share_replica:force_delete":"(rule:system- +# admin) or (rule:project-admin)". +# The share replica API now supports system scope and default roles. + +# Promote a non-active share replica to active. +# POST /share-replicas/{share_replica_id}/action +# Intended scope(s): system, project +#"share_replica:promote": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_replica:promote":"rule:default" has been deprecated since W +# in favor of "share_replica:promote":"(rule:system-admin) or +# (rule:project-member)". +# The share replica API now supports system scope and default roles. + +# Resync a share replica that is out of sync. +# POST /share-replicas/{share_replica_id}/action +# Intended scope(s): system, project +#"share_replica:resync": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_replica:resync":"rule:admin_api" has been deprecated since W +# in favor of "share_replica:resync":"(rule:system-admin) or +# (rule:project-admin)". +# The share replica API now supports system scope and default roles. + +# Reset share replica's replica_state attribute. +# POST /share-replicas/{share_replica_id}/action +# Intended scope(s): system, project +#"share_replica:reset_replica_state": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_replica:reset_replica_state":"rule:admin_api" has been +# deprecated since W in favor of +# "share_replica:reset_replica_state":"(rule:system-admin) or +# (rule:project-admin)". +# The share replica API now supports system scope and default roles. + +# Reset share replica's status. +# POST /share-replicas/{share_replica_id}/action +# Intended scope(s): system, project +#"share_replica:reset_status": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_replica:reset_status":"rule:admin_api" has been deprecated +# since W in favor of "share_replica:reset_status":"(rule:system- +# admin) or (rule:project-admin)". +# The share replica API now supports system scope and default roles. + +# Get all export locations of a given share replica. +# GET /share-replicas/{share_replica_id}/export-locations +# Intended scope(s): system, project +#"share_replica_export_location:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_replica_export_location:index":"rule:default" has been +# deprecated since W in favor of +# "share_replica_export_location:index":"(rule:system-reader) or +# (rule:project-reader)". +# The share replica export location API now supports system scope and +# default roles. + +# Get details about the requested share replica export location. +# GET /share-replicas/{share_replica_id}/export-locations/{export_location_id} +# Intended scope(s): system, project +#"share_replica_export_location:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_replica_export_location:show":"rule:default" has been +# deprecated since W in favor of +# "share_replica_export_location:show":"(rule:system-reader) or +# (rule:project-reader)". +# The share replica export location API now supports system scope and +# default roles. + +# Create share network. +# POST /share-networks +# Intended scope(s): system, project +#"share_network:create": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network:create":"rule:default" has been deprecated since W in +# favor of "share_network:create":"(rule:system-admin) or +# (rule:project-member)". +# The share network API now support system scope and default roles. + +# Get details of a share network. +# GET /share-networks/{share_network_id} +# Intended scope(s): system, project +#"share_network:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_network:show":"rule:default" has been deprecated since W in +# favor of "share_network:show":"(rule:system-reader) or +# (rule:project-reader)". +# The share network API now support system scope and default roles. + +# Get all share networks. +# GET /share-networks +# GET /share-networks?{query} +# Intended scope(s): system, project +#"share_network:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_network:index":"rule:default" has been deprecated since W in +# favor of "share_network:index":"(rule:system-reader) or +# (rule:project-reader)". +# The share network API now support system scope and default roles. + +# Get details of share networks . +# GET /share-networks/detail?{query} +# GET /share-networks/detail +# Intended scope(s): system, project +#"share_network:detail": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_network:detail":"rule:default" has been deprecated since W in +# favor of "share_network:detail":"(rule:system-reader) or +# (rule:project-reader)". +# The share network API now support system scope and default roles. + +# Update a share network. +# PUT /share-networks/{share_network_id} +# Intended scope(s): system, project +#"share_network:update": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network:update":"rule:default" has been deprecated since W in +# favor of "share_network:update":"(rule:system-admin) or +# (rule:project-member)". +# The share network API now support system scope and default roles. + +# Delete a share network. +# DELETE /share-networks/{share_network_id} +# Intended scope(s): system, project +#"share_network:delete": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network:delete":"rule:default" has been deprecated since W in +# favor of "share_network:delete":"(rule:system-admin) or +# (rule:project-member)". +# The share network API now support system scope and default roles. + +# Add security service to share network. +# POST /share-networks/{share_network_id}/action +# Intended scope(s): system, project +#"share_network:add_security_service": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network:add_security_service":"rule:default" has been +# deprecated since W in favor of +# "share_network:add_security_service":"(rule:system-admin) or +# (rule:project-member)". +# The share network API now support system scope and default roles. + +# Check the feasibility of add security service to a share network. +# POST /share-networks/{share_network_id}/action +# Intended scope(s): system, project +#"share_network:add_security_service_check": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network:add_security_service_check":"rule:default" has been +# deprecated since W in favor of +# "share_network:add_security_service_check":"(rule:system-admin) or +# (rule:project-member)". +# The share network API now support system scope and default roles. + +# Remove security service from share network. +# POST /share-networks/{share_network_id}/action +# Intended scope(s): system, project +#"share_network:remove_security_service": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network:remove_security_service":"rule:default" has been +# deprecated since W in favor of +# "share_network:remove_security_service":"(rule:system-admin) or +# (rule:project-member)". +# The share network API now support system scope and default roles. + +# Update security service from share network. +# POST /share-networks/{share_network_id}/action +# Intended scope(s): system, project +#"share_network:update_security_service": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network:update_security_service":"rule:default" has been +# deprecated since W in favor of +# "share_network:update_security_service":"(rule:system-admin) or +# (rule:project-member)". +# The share network API now support system scope and default roles. + +# Check the feasibility of update a security service from share +# network. +# POST /share-networks/{share_network_id}/action +# Intended scope(s): system, project +#"share_network:update_security_service_check": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network:update_security_service_check":"rule:default" has +# been deprecated since W in favor of +# "share_network:update_security_service_check":"(rule:system-admin) +# or (rule:project-member)". +# The share network API now support system scope and default roles. + +# Reset share network`s status. +# POST /share-networks/{share_network_id}/action +# Intended scope(s): system, project +#"share_network:reset_status": "(rule:system-admin) or (rule:project-admin)" + +# DEPRECATED +# "share_network:reset_status":"rule:admin_api" has been deprecated +# since W in favor of "share_network:reset_status":"(rule:system- +# admin) or (rule:project-admin)". +# The share network API now support system scope and default roles. + +# Get share networks belonging to all projects. +# GET /share-networks?all_tenants=1 +# GET /share-networks/detail?all_tenants=1 +# Intended scope(s): system +#"share_network:get_all_share_networks": "rule:system-reader" + +# DEPRECATED +# "share_network:get_all_share_networks":"rule:admin_api" has been +# deprecated since W in favor of +# "share_network:get_all_share_networks":"rule:system-reader". +# The share network API now support system scope and default roles. + +# Create a new share network subnet. +# POST /share-networks/{share_network_id}/subnets +# Intended scope(s): system, project +#"share_network_subnet:create": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network_subnet:create":"rule:default" has been deprecated +# since W in favor of "share_network_subnet:create":"(rule:system- +# admin) or (rule:project-member)". +# The share network subnet API now supports system scope and default +# roles. + +# Delete a share network subnet. +# DELETE /share-networks/{share_network_id}/subnets/{share_network_subnet_id} +# Intended scope(s): system, project +#"share_network_subnet:delete": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_network_subnet:delete":"rule:default" has been deprecated +# since W in favor of "share_network_subnet:delete":"(rule:system- +# admin) or (rule:project-member)". +# The share network subnet API now supports system scope and default +# roles. + +# Shows a share network subnet. +# GET /share-networks/{share_network_id}/subnets/{share_network_subnet_id} +# Intended scope(s): system, project +#"share_network_subnet:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_network_subnet:show":"rule:default" has been deprecated since +# W in favor of "share_network_subnet:show":"(rule:system-reader) or +# (rule:project-reader)". +# The share network subnet API now supports system scope and default +# roles. + +# Get all share network subnets. +# GET /share-networks/{share_network_id}/subnets +# Intended scope(s): system, project +#"share_network_subnet:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_network_subnet:index":"rule:default" has been deprecated +# since W in favor of "share_network_subnet:index":"(rule:system- +# reader) or (rule:project-reader)". +# The share network subnet API now supports system scope and default +# roles. + +# Create security service. +# POST /security-services +# Intended scope(s): system, project +#"security_service:create": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "security_service:create":"rule:default" has been deprecated since W +# in favor of "security_service:create":"(rule:system-admin) or +# (rule:project-member)". +# The security service API now supports system scope and default +# roles. + +# Get details of a security service. +# GET /security-services/{security_service_id} +# Intended scope(s): system, project +#"security_service:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "security_service:show":"rule:default" has been deprecated since W +# in favor of "security_service:show":"(rule:system-reader) or +# (rule:project-reader)". +# The security service API now supports system scope and default +# roles. + +# Get details of all security services. +# GET /security-services/detail?{query} +# GET /security-services/detail +# Intended scope(s): system, project +#"security_service:detail": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "security_service:detail":"rule:default" has been deprecated since W +# in favor of "security_service:detail":"(rule:system-reader) or +# (rule:project-reader)". +# The security service API now supports system scope and default +# roles. + +# Get all security services. +# GET /security-services +# GET /security-services?{query} +# Intended scope(s): system, project +#"security_service:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "security_service:index":"rule:default" has been deprecated since W +# in favor of "security_service:index":"(rule:system-reader) or +# (rule:project-reader)". +# The security service API now supports system scope and default +# roles. + +# Update a security service. +# PUT /security-services/{security_service_id} +# Intended scope(s): system, project +#"security_service:update": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "security_service:update":"rule:default" has been deprecated since W +# in favor of "security_service:update":"(rule:system-admin) or +# (rule:project-member)". +# The security service API now supports system scope and default +# roles. + +# Delete a security service. +# DELETE /security-services/{security_service_id} +# Intended scope(s): system, project +#"security_service:delete": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "security_service:delete":"rule:default" has been deprecated since W +# in favor of "security_service:delete":"(rule:system-admin) or +# (rule:project-member)". +# The security service API now supports system scope and default +# roles. + +# Get security services of all projects. +# GET /security-services?all_tenants=1 +# GET /security-services/detail?all_tenants=1 +# Intended scope(s): system +#"security_service:get_all_security_services": "rule:system-reader" + +# DEPRECATED +# "security_service:get_all_security_services":"rule:admin_api" has +# been deprecated since W in favor of +# "security_service:get_all_security_services":"rule:system-reader". +# The security service API now supports system scope and default +# roles. + +# Get all export locations of a given share. +# GET /shares/{share_id}/export_locations +# Intended scope(s): system, project +#"share_export_location:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_export_location:index":"rule:default" has been deprecated +# since W in favor of "share_export_location:index":"(rule:system- +# reader) or (rule:project-reader)". +# The share export location API now support system scope and default +# roles. + +# Get details about the requested export location. +# GET /shares/{share_id}/export_locations/{export_location_id} +# Intended scope(s): system, project +#"share_export_location:show": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_export_location:show":"rule:default" has been deprecated +# since W in favor of "share_export_location:show":"(rule:system- +# reader) or (rule:project-reader)". +# The share export location API now support system scope and default +# roles. + +# Get all share instances. +# GET /share_instances +# GET /share_instances?{query} +# Intended scope(s): system +#"share_instance:index": "rule:system-reader" + +# DEPRECATED +# "share_instance:index":"rule:admin_api" has been deprecated since W +# in favor of "share_instance:index":"rule:system-reader". +# The share instances API now supports system scope and default roles. + +# Get details of a share instance. +# GET /share_instances/{share_instance_id} +# Intended scope(s): system +#"share_instance:show": "rule:system-reader" + +# DEPRECATED +# "share_instance:show":"rule:admin_api" has been deprecated since W +# in favor of "share_instance:show":"rule:system-reader". +# The share instances API now supports system scope and default roles. + +# Force delete a share instance. +# POST /share_instances/{share_instance_id}/action +# Intended scope(s): system +#"share_instance:force_delete": "rule:system-admin" + +# DEPRECATED +# "share_instance:force_delete":"rule:admin_api" has been deprecated +# since W in favor of "share_instance:force_delete":"rule:system- +# admin". +# The share instances API now supports system scope and default roles. + +# Reset share instance's status. +# POST /share_instances/{share_instance_id}/action +# Intended scope(s): system +#"share_instance:reset_status": "rule:system-admin" + +# DEPRECATED +# "share_instance:reset_status":"rule:admin_api" has been deprecated +# since W in favor of "share_instance:reset_status":"rule:system- +# admin". +# The share instances API now supports system scope and default roles. + +# Get details of a given message. +# GET /messages/{message_id} +# Intended scope(s): system, project +#"message:get": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "message:get":"rule:default" has been deprecated since W in favor of +# "message:get":"(rule:system-reader) or (rule:project-reader)". +# The messages API now supports system scope and default roles. + +# Get all messages. +# GET /messages +# GET /messages?{query} +# Intended scope(s): system, project +#"message:get_all": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "message:get_all":"rule:default" has been deprecated since W in +# favor of "message:get_all":"(rule:system-reader) or (rule:project- +# reader)". +# The messages API now supports system scope and default roles. + +# Delete a message. +# DELETE /messages/{message_id} +# Intended scope(s): system, project +#"message:delete": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "message:delete":"rule:default" has been deprecated since W in favor +# of "message:delete":"(rule:system-admin) or (rule:project-member)". +# The messages API now supports system scope and default roles. + +# Get details of a share access rule. +# GET /share-access-rules/{share_access_id} +# Intended scope(s): system, project +#"share_access_rule:get": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_access_rule:get":"rule:default" has been deprecated since W +# in favor of "share_access_rule:get":"(rule:system-reader) or +# (rule:project-reader)". +# The share access rule API now supports system scope and default +# roles. + +# List access rules of a given share. +# GET /share-access-rules?share_id={share_id}&key1=value1&key2=value2 +# Intended scope(s): system, project +#"share_access_rule:index": "(rule:system-reader) or (rule:project-reader)" + +# DEPRECATED +# "share_access_rule:index":"rule:default" has been deprecated since W +# in favor of "share_access_rule:index":"(rule:system-reader) or +# (rule:project-reader)". +# The share access rule API now supports system scope and default +# roles. + +# Set metadata for a share access rule. +# PUT /share-access-rules/{share_access_id}/metadata +# Intended scope(s): system, project +#"share_access_metadata:update": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_access_metadata:update":"rule:default" has been deprecated +# since W in favor of "share_access_metadata:update":"(rule:system- +# admin) or (rule:project-member)". +# The share access metadata API now support system scope and default +# roles. + +# Delete metadata for a share access rule. +# DELETE /share-access-rules/{share_access_id}/metadata/{key} +# Intended scope(s): system, project +#"share_access_metadata:delete": "(rule:system-admin) or (rule:project-member)" + +# DEPRECATED +# "share_access_metadata:delete":"rule:default" has been deprecated +# since W in favor of "share_access_metadata:delete":"(rule:system- +# admin) or (rule:project-member)". +# The share access metadata API now support system scope and default +# roles. + diff --git a/manila_ui/local/local_settings.d/_90_manila_shares.py b/manila_ui/local/local_settings.d/_90_manila_shares.py index d83e2407..1d9ad6e2 100644 --- a/manila_ui/local/local_settings.d/_90_manila_shares.py +++ b/manila_ui/local/local_settings.d/_90_manila_shares.py @@ -15,7 +15,11 @@ from django.conf import settings settings.POLICY_FILES.update({ - 'share': 'manila_policy.json', + 'share': 'manila_policy.yaml', +}) + +settings.DEFAULT_POLICY_FILES.update({ + 'share': 'default_policies/manila.yaml' }) # Sample diff --git a/releasenotes/notes/policy-in-code-support-23744e26a7f6e284.yaml b/releasenotes/notes/policy-in-code-support-23744e26a7f6e284.yaml new file mode 100644 index 00000000..071c3436 --- /dev/null +++ b/releasenotes/notes/policy-in-code-support-23744e26a7f6e284.yaml @@ -0,0 +1,7 @@ +--- +upgrade: + - | + The default configuration file has been updated and now includes + the required parameters to use the new policy-in-code feature in Horizon. + Please refer to the release note and documentation of Horizon to find + details about this feature.