0cc7cbc36d
As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also convert manila/tests/policy.json to manila/tests/policy.yaml using oslopolicy-convert-json-to-yaml tool and replace policy.json to policy.yaml ref from doc and tests. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I3748313912b2527c43c9b16a6ba3e3ccd4cf5221
118 lines
4.6 KiB
YAML
118 lines
4.6 KiB
YAML
# WARNING: Below rules are either deprecated rules
|
|
# or extra rules in policy file, it is strongly
|
|
# recommended to switch to new rules.
|
|
"context_is_admin": "role:admin"
|
|
"admin_api": "is_admin:True"
|
|
"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
|
|
"default": "rule:admin_or_owner"
|
|
"availability_zone:index": "rule:default"
|
|
"quota_set:update": "rule:admin_api"
|
|
"quota_set:show": "rule:default"
|
|
"quota_set:delete": "rule:admin_api"
|
|
"quota_class_set:show": "rule:default"
|
|
"quota_class_set:update": "rule:admin_api"
|
|
"service:index": "rule:admin_api"
|
|
"service:update": "rule:admin_api"
|
|
"share:create": ""
|
|
"share:list_by_share_server_id": "rule:admin_api"
|
|
"share:get": ""
|
|
"share:get_all": ""
|
|
"share:delete": "rule:default"
|
|
"share:update": "rule:default"
|
|
"share:snapshot_update": ""
|
|
"share:create_snapshot": ""
|
|
"share:delete_snapshot": ""
|
|
"share:get_snapshot": ""
|
|
"share:get_all_snapshots": ""
|
|
"share:extend": ""
|
|
"share:shrink": ""
|
|
"share:manage": "rule:admin_api"
|
|
"share:unmanage": "rule:admin_api"
|
|
"share:force_delete": "rule:admin_api"
|
|
"share:reset_status": "rule:admin_api"
|
|
"share:migration_start": "rule:admin_api"
|
|
"share:migration_complete": "rule:admin_api"
|
|
"share:migration_cancel": "rule:admin_api"
|
|
"share:migration_get_progress": "rule:admin_api"
|
|
"share_export_location:index": "rule:default"
|
|
"share_export_location:show": "rule:default"
|
|
"share_type:index": "rule:default"
|
|
"share_type:show": "rule:default"
|
|
"share_type:default": "rule:default"
|
|
"share_type:create": "rule:default"
|
|
"share_type:delete": "rule:default"
|
|
"share_type:add_project_access": "rule:admin_api"
|
|
"share_type:list_project_access": "rule:admin_api"
|
|
"share_type:remove_project_access": "rule:admin_api"
|
|
"share_types_extra_spec:create": "rule:default"
|
|
"share_types_extra_spec:update": "rule:default"
|
|
"share_types_extra_spec:show": "rule:default"
|
|
"share_types_extra_spec:index": "rule:default"
|
|
"share_types_extra_spec:delete": "rule:default"
|
|
"share_instance:index": "rule:admin_api"
|
|
"share_instance:show": "rule:admin_api"
|
|
"share_instance:force_delete": "rule:admin_api"
|
|
"share_instance:reset_status": "rule:admin_api"
|
|
"share_snapshot:force_delete": "rule:admin_api"
|
|
"share_snapshot:reset_status": "rule:admin_api"
|
|
"share_snapshot:manage_snapshot": "rule:admin_api"
|
|
"share_snapshot:unmanage_snapshot": "rule:admin_api"
|
|
"share_network:create": ""
|
|
"share_network:index": ""
|
|
"share_network:detail": ""
|
|
"share_network:show": ""
|
|
"share_network:update": ""
|
|
"share_network:delete": ""
|
|
"share_network:get_all_share_networks": "rule:admin_api"
|
|
"share_server:index": "rule:admin_api"
|
|
"share_server:show": "rule:admin_api"
|
|
"share_server:details": "rule:admin_api"
|
|
"share_server:delete": "rule:admin_api"
|
|
"share:get_share_metadata": ""
|
|
"share:delete_share_metadata": ""
|
|
"share:update_share_metadata": ""
|
|
"share_extension:availability_zones": ""
|
|
"security_service:index": ""
|
|
"security_service:get_all_security_services": "rule:admin_api"
|
|
"scheduler_stats:pools:index": "rule:admin_api"
|
|
"scheduler_stats:pools:detail": "rule:admin_api"
|
|
"share_group:create": "rule:default"
|
|
"share_group:delete": "rule:default"
|
|
"share_group:update": "rule:default"
|
|
"share_group:get": "rule:default"
|
|
"share_group:get_all": "rule:default"
|
|
"share_group:force_delete": "rule:admin_api"
|
|
"share_group:reset_status": "rule:admin_api"
|
|
"share_group_snapshot:create": "rule:default"
|
|
"share_group_snapshot:delete": "rule:default"
|
|
"share_group_snapshot:update": "rule:default"
|
|
"share_group_snapshot:get": "rule:default"
|
|
"share_group_snapshot:get_all": "rule:default"
|
|
"share_group_snapshot:force_delete": "rule:admin_api"
|
|
"share_group_snapshot:reset_status": "rule:admin_api"
|
|
"share_replica:get_all": "rule:default"
|
|
"share_replica:show": "rule:default"
|
|
"share_replica:create": "rule:default"
|
|
"share_replica:delete": "rule:default"
|
|
"share_replica:promote": "rule:default"
|
|
"share_replica:resync": "rule:admin_api"
|
|
"share_replica:reset_status": "rule:admin_api"
|
|
"share_replica:force_delete": "rule:admin_api"
|
|
"share_replica:reset_replica_state": "rule:admin_api"
|
|
"share_group_type:index": "rule:default"
|
|
"share_group_type:show": "rule:default"
|
|
"share_group_type:default": "rule:default"
|
|
"share_group_type:create": "rule:admin_api"
|
|
"share_group_type:delete": "rule:admin_api"
|
|
"share_group_type:add_project_access": "rule:admin_api"
|
|
"share_group_type:list_project_access": "rule:admin_api"
|
|
"share_group_type:remove_project_access": "rule:admin_api"
|
|
"share_group_types_spec:create": "rule:admin_api"
|
|
"share_group_types_spec:update": "rule:admin_api"
|
|
"share_group_types_spec:show": "rule:admin_api"
|
|
"share_group_types_spec:index": "rule:admin_api"
|
|
"share_group_types_spec:delete": "rule:admin_api"
|
|
"message:delete": "rule:default"
|
|
"message:get": "rule:default"
|
|
"message:get_all": "rule:default"
|