Support policy-in-code and deprecated policy
This change adds support for policy-in-code and deprecated policy following the change in horizon. Depends-on: https://review.opendev.org/750134 Change-Id: I904c0a8b17d99245bf2f27058752b4b2d4f1b518
This commit is contained in:
parent
7fb4bac2e8
commit
87779cb5b4
|
@ -65,6 +65,3 @@ ChangeLog
|
||||||
|
|
||||||
# IntelliJ editors
|
# IntelliJ editors
|
||||||
.idea
|
.idea
|
||||||
|
|
||||||
# Conf
|
|
||||||
octavia_dashboard/conf
|
|
||||||
|
|
23
README.rst
23
README.rst
|
@ -46,31 +46,30 @@ Howto
|
||||||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/enabled/_1482_*.py \
|
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/enabled/_1482_*.py \
|
||||||
${HORIZON_DIR}/openstack_dashboard/local/enabled/
|
${HORIZON_DIR}/openstack_dashboard/local/enabled/
|
||||||
|
|
||||||
3. (Optional) Generate the policy file and copy into horizon's policy files
|
4. (Optional) Copy ``_1499_load_balancer_settings.py`` in
|
||||||
folder, and copy ``_1499_load_balancer_settings.py`` in
|
|
||||||
``octavia_dashboard/local_settings.d`` directory
|
``octavia_dashboard/local_settings.d`` directory
|
||||||
to ``openstack_dashboard/local/local_settings.d``::
|
to ``openstack_dashboard/local/local_settings.d``
|
||||||
|
and policy files in ``octavia_dashboard/conf`` directory to
|
||||||
|
``openstack_dashboard/local/conf`` directory::
|
||||||
|
|
||||||
$ oslopolicy-policy-generator \
|
$ cp -a \
|
||||||
--config-file \
|
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/local_settings.d/_1499_*.py \
|
||||||
${OCTAVIA_DIR}/etc/policy/octavia-policy-generator.conf \
|
${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/
|
||||||
--output-file \
|
|
||||||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml
|
|
||||||
$ cp -a \
|
$ cp -a \
|
||||||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml \
|
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml \
|
||||||
${HORIZON_DIR}/openstack_dashboard/conf/
|
${HORIZON_DIR}/openstack_dashboard/conf/
|
||||||
$ cp -a \
|
$ cp -a \
|
||||||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/local_settings.d/_1499_*.py \
|
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/default_policies/octavia.yaml \
|
||||||
${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/
|
${HORIZON_DIR}/openstack_dashboard/conf/default_policies/
|
||||||
|
|
||||||
4. Django has a compressor feature that performs many enhancements for the
|
5. Django has a compressor feature that performs many enhancements for the
|
||||||
delivery of static files. If the compressor feature is enabled in your
|
delivery of static files. If the compressor feature is enabled in your
|
||||||
environment (``COMPRESS_OFFLINE = True``), run the following commands::
|
environment (``COMPRESS_OFFLINE = True``), run the following commands::
|
||||||
|
|
||||||
$ ./manage.py collectstatic
|
$ ./manage.py collectstatic
|
||||||
$ ./manage.py compress
|
$ ./manage.py compress
|
||||||
|
|
||||||
5. Finally restart your web server to enable octavia-dashboard
|
6. Finally restart your web server to enable octavia-dashboard
|
||||||
in your Horizon::
|
in your Horizon::
|
||||||
|
|
||||||
$ sudo service apache2 restart
|
$ sudo service apache2 restart
|
||||||
|
|
|
@ -5,8 +5,8 @@ function octavia_dashboard_install {
|
||||||
function octavia_dashboard_configure {
|
function octavia_dashboard_configure {
|
||||||
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/enabled/_1482_project_load_balancer_panel.py ${HORIZON_DIR}/openstack_dashboard/local/enabled/
|
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/enabled/_1482_project_load_balancer_panel.py ${HORIZON_DIR}/openstack_dashboard/local/enabled/
|
||||||
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/local_settings.d/_1499_load_balancer_settings.py ${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/
|
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/local_settings.d/_1499_load_balancer_settings.py ${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/
|
||||||
oslopolicy-policy-generator --config-file ${OCTAVIA_DIR}/etc/policy/octavia-policy-generator.conf --output-file ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml
|
|
||||||
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml ${HORIZON_DIR}/openstack_dashboard/conf/
|
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml ${HORIZON_DIR}/openstack_dashboard/conf/
|
||||||
|
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/default_policies/octavia.yaml ${HORIZON_DIR}/openstack_dashboard/conf/default_policies
|
||||||
if [[ -d ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/locale ]]; then
|
if [[ -d ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/locale ]]; then
|
||||||
(cd ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard; DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $PYTHON ../manage.py compilemessages)
|
(cd ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard; DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $PYTHON ../manage.py compilemessages)
|
||||||
fi
|
fi
|
||||||
|
@ -34,5 +34,6 @@ if is_service_enabled horizon && is_service_enabled o-api; then
|
||||||
rm -f ${HORIZON_DIR}/openstack_dashboard/local/enabled/_1482_project_load_balancer_panel.py*
|
rm -f ${HORIZON_DIR}/openstack_dashboard/local/enabled/_1482_project_load_balancer_panel.py*
|
||||||
rm -f ${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/_1499_load_balancer_settings.py*
|
rm -f ${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/_1499_load_balancer_settings.py*
|
||||||
rm -f ${HORIZON_DIR}/openstack_dashboard/conf/octavia_policy.yaml
|
rm -f ${HORIZON_DIR}/openstack_dashboard/conf/octavia_policy.yaml
|
||||||
|
rm -f ${HORIZON_DIR}/openstack_dashboard/conf/default_policies/octavia.yaml
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -17,7 +17,7 @@ octavia_dashboard/enabled directory to openstack_dashboard/local/enabled
|
||||||
(Optional) To enable policy enforcement at the Horizon level, copy the policy
|
(Optional) To enable policy enforcement at the Horizon level, copy the policy
|
||||||
file into horizon's policy files folder, and add this config ``POLICY_FILES``::
|
file into horizon's policy files folder, and add this config ``POLICY_FILES``::
|
||||||
|
|
||||||
'octavia': 'octavia_policy.json',
|
'octavia': 'octavia_policy.yaml',
|
||||||
|
|
||||||
Django has a compressor feature that performs many enhancements for the
|
Django has a compressor feature that performs many enhancements for the
|
||||||
delivery of static files. If the compressor feature is enabled in your
|
delivery of static files. If the compressor feature is enabled in your
|
||||||
|
|
|
@ -0,0 +1,679 @@
|
||||||
|
- check_str: role:admin and system_scope:all
|
||||||
|
description: null
|
||||||
|
name: system-admin
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- check_str: role:reader and system_scope:all
|
||||||
|
description: null
|
||||||
|
name: system-reader
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- check_str: role:member and project_id:%(project_id)s
|
||||||
|
description: null
|
||||||
|
name: project-member
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: role:reader and project_id:%(project_id)s
|
||||||
|
description: null
|
||||||
|
name: project-reader
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: role:load-balancer_admin or rule:system-admin
|
||||||
|
deprecated_reason: The Octavia API now requires the OpenStack default roles and
|
||||||
|
scoped tokens. See https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||||
|
and https://docs.openstack.org/keystone/latest/contributor/services.html#reusable-default-roles
|
||||||
|
for more information.
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: role:admin or role:load-balancer_admin
|
||||||
|
name: context_is_admin
|
||||||
|
deprecated_since: W
|
||||||
|
description: null
|
||||||
|
name: context_is_admin
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- check_str: project_id:%(project_id)s
|
||||||
|
description: null
|
||||||
|
name: load-balancer:owner
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: role:load-balancer_observer and rule:project-reader
|
||||||
|
deprecated_reason: The Octavia API now requires the OpenStack default roles and
|
||||||
|
scoped tokens. See https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||||
|
and https://docs.openstack.org/keystone/latest/contributor/services.html#reusable-default-roles
|
||||||
|
for more information.
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: role:load-balancer_observer and rule:load-balancer:owner
|
||||||
|
name: load-balancer:observer_and_owner
|
||||||
|
deprecated_since: W
|
||||||
|
description: null
|
||||||
|
name: load-balancer:observer_and_owner
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: role:load-balancer_global_observer or rule:system-reader
|
||||||
|
description: null
|
||||||
|
name: load-balancer:global_observer
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- check_str: role:load-balancer_member and rule:project-member
|
||||||
|
deprecated_reason: The Octavia API now requires the OpenStack default roles and
|
||||||
|
scoped tokens. See https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||||
|
and https://docs.openstack.org/keystone/latest/contributor/services.html#reusable-default-roles
|
||||||
|
for more information.
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: role:load-balancer_member and rule:load-balancer:owner
|
||||||
|
name: load-balancer:member_and_owner
|
||||||
|
deprecated_since: W
|
||||||
|
description: null
|
||||||
|
name: load-balancer:member_and_owner
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: is_admin:True or role:load-balancer_admin or rule:system-admin
|
||||||
|
description: null
|
||||||
|
name: load-balancer:admin
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- check_str: rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer
|
||||||
|
or rule:load-balancer:member_and_owner or rule:load-balancer:admin
|
||||||
|
description: null
|
||||||
|
name: load-balancer:read
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- system
|
||||||
|
- check_str: rule:load-balancer:global_observer or rule:load-balancer:admin
|
||||||
|
description: null
|
||||||
|
name: load-balancer:read-global
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- check_str: rule:load-balancer:member_and_owner or rule:load-balancer:admin
|
||||||
|
description: null
|
||||||
|
name: load-balancer:write
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- system
|
||||||
|
- check_str: rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer
|
||||||
|
or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin
|
||||||
|
description: null
|
||||||
|
name: load-balancer:read-quota
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- system
|
||||||
|
- check_str: rule:load-balancer:global_observer or role:load-balancer_quota_admin
|
||||||
|
or rule:load-balancer:admin
|
||||||
|
description: null
|
||||||
|
name: load-balancer:read-quota-global
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- check_str: role:load-balancer_quota_admin or rule:load-balancer:admin
|
||||||
|
description: null
|
||||||
|
name: load-balancer:write-quota
|
||||||
|
operations: []
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List Flavors
|
||||||
|
name: os_load-balancer_api:flavor:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2.0/lbaas/flavors
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Create a Flavor
|
||||||
|
name: os_load-balancer_api:flavor:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2.0/lbaas/flavors
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Update a Flavor
|
||||||
|
name: os_load-balancer_api:flavor:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2.0/lbaas/flavors/{flavor_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Flavor details
|
||||||
|
name: os_load-balancer_api:flavor:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2.0/lbaas/flavors/{flavor_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Remove a Flavor
|
||||||
|
name: os_load-balancer_api:flavor:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2.0/lbaas/flavors/{flavor_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: List Flavor Profiles
|
||||||
|
name: os_load-balancer_api:flavor-profile:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2.0/lbaas/flavorprofiles
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Create a Flavor Profile
|
||||||
|
name: os_load-balancer_api:flavor-profile:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2.0/lbaas/flavorprofiles
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Update a Flavor Profile
|
||||||
|
name: os_load-balancer_api:flavor-profile:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Show Flavor Profile details
|
||||||
|
name: os_load-balancer_api:flavor-profile:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Remove a Flavor Profile
|
||||||
|
name: os_load-balancer_api:flavor-profile:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List Availability Zones
|
||||||
|
name: os_load-balancer_api:availability-zone:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2.0/lbaas/availabilityzones
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Create an Availability Zone
|
||||||
|
name: os_load-balancer_api:availability-zone:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2.0/lbaas/availabilityzones
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Update an Availability Zone
|
||||||
|
name: os_load-balancer_api:availability-zone:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Availability Zone details
|
||||||
|
name: os_load-balancer_api:availability-zone:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Remove an Availability Zone
|
||||||
|
name: os_load-balancer_api:availability-zone:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: List Availability Zones
|
||||||
|
name: os_load-balancer_api:availability-zone-profile:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2.0/lbaas/availabilityzoneprofiles
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Create an Availability Zone
|
||||||
|
name: os_load-balancer_api:availability-zone-profile:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2.0/lbaas/availabilityzoneprofiles
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Update an Availability Zone
|
||||||
|
name: os_load-balancer_api:availability-zone-profile:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Show Availability Zone details
|
||||||
|
name: os_load-balancer_api:availability-zone-profile:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Remove an Availability Zone
|
||||||
|
name: os_load-balancer_api:availability-zone-profile:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List Health Monitors of a Pool
|
||||||
|
name: os_load-balancer_api:healthmonitor:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/healthmonitors
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read-global
|
||||||
|
description: List Health Monitors including resources owned by others
|
||||||
|
name: os_load-balancer_api:healthmonitor:get_all-global
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/healthmonitors
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Create a Health Monitor
|
||||||
|
name: os_load-balancer_api:healthmonitor:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2/lbaas/healthmonitors
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Health Monitor details
|
||||||
|
name: os_load-balancer_api:healthmonitor:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Update a Health Monitor
|
||||||
|
name: os_load-balancer_api:healthmonitor:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Remove a Health Monitor
|
||||||
|
name: os_load-balancer_api:healthmonitor:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List L7 Policys
|
||||||
|
name: os_load-balancer_api:l7policy:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/l7policies
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read-global
|
||||||
|
description: List L7 Policys including resources owned by others
|
||||||
|
name: os_load-balancer_api:l7policy:get_all-global
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/l7policies
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Create a L7 Policy
|
||||||
|
name: os_load-balancer_api:l7policy:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2/lbaas/l7policies
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show L7 Policy details
|
||||||
|
name: os_load-balancer_api:l7policy:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/l7policies/{l7policy_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Update a L7 Policy
|
||||||
|
name: os_load-balancer_api:l7policy:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/lbaas/l7policies/{l7policy_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Remove a L7 Policy
|
||||||
|
name: os_load-balancer_api:l7policy:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/lbaas/l7policies/{l7policy_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List L7 Rules
|
||||||
|
name: os_load-balancer_api:l7rule:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/l7policies/{l7policy_id}/rules
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Create a L7 Rule
|
||||||
|
name: os_load-balancer_api:l7rule:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2/lbaas/l7policies/{l7policy_id}/rules
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show L7 Rule details
|
||||||
|
name: os_load-balancer_api:l7rule:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Update a L7 Rule
|
||||||
|
name: os_load-balancer_api:l7rule:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Remove a L7 Rule
|
||||||
|
name: os_load-balancer_api:l7rule:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List Listeners
|
||||||
|
name: os_load-balancer_api:listener:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/listeners
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read-global
|
||||||
|
description: List Listeners including resources owned by others
|
||||||
|
name: os_load-balancer_api:listener:get_all-global
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/listeners
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Create a Listener
|
||||||
|
name: os_load-balancer_api:listener:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2/lbaas/listeners
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Listener details
|
||||||
|
name: os_load-balancer_api:listener:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/listeners/{listener_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Update a Listener
|
||||||
|
name: os_load-balancer_api:listener:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/lbaas/listeners/{listener_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Remove a Listener
|
||||||
|
name: os_load-balancer_api:listener:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/lbaas/listeners/{listener_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Listener statistics
|
||||||
|
name: os_load-balancer_api:listener:get_stats
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/listeners/{listener_id}/stats
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List Load Balancers
|
||||||
|
name: os_load-balancer_api:loadbalancer:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/loadbalancers
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read-global
|
||||||
|
description: List Load Balancers including resources owned by others
|
||||||
|
name: os_load-balancer_api:loadbalancer:get_all-global
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/loadbalancers
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Create a Load Balancer
|
||||||
|
name: os_load-balancer_api:loadbalancer:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2/lbaas/loadbalancers
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Load Balancer details
|
||||||
|
name: os_load-balancer_api:loadbalancer:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Update a Load Balancer
|
||||||
|
name: os_load-balancer_api:loadbalancer:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Remove a Load Balancer
|
||||||
|
name: os_load-balancer_api:loadbalancer:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Load Balancer statistics
|
||||||
|
name: os_load-balancer_api:loadbalancer:get_stats
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/loadbalancers/{loadbalancer_id}/stats
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Load Balancer status
|
||||||
|
name: os_load-balancer_api:loadbalancer:get_status
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/loadbalancers/{loadbalancer_id}/status
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Failover a Load Balancer
|
||||||
|
name: os_load-balancer_api:loadbalancer:put_failover
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/lbaas/loadbalancers/{loadbalancer_id}/failover
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List Members of a Pool
|
||||||
|
name: os_load-balancer_api:member:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/pools/{pool_id}/members
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Create a Member
|
||||||
|
name: os_load-balancer_api:member:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2/lbaas/pools/{pool_id}/members
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Member details
|
||||||
|
name: os_load-balancer_api:member:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Update a Member
|
||||||
|
name: os_load-balancer_api:member:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Remove a Member
|
||||||
|
name: os_load-balancer_api:member:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List Pools
|
||||||
|
name: os_load-balancer_api:pool:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/pools
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read-global
|
||||||
|
description: List Pools including resources owned by others
|
||||||
|
name: os_load-balancer_api:pool:get_all-global
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/pools
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Create a Pool
|
||||||
|
name: os_load-balancer_api:pool:post
|
||||||
|
operations:
|
||||||
|
- method: POST
|
||||||
|
path: /v2/lbaas/pools
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: Show Pool details
|
||||||
|
name: os_load-balancer_api:pool:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/pools/{pool_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Update a Pool
|
||||||
|
name: os_load-balancer_api:pool:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/lbaas/pools/{pool_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write
|
||||||
|
description: Remove a Pool
|
||||||
|
name: os_load-balancer_api:pool:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/lbaas/pools/{pool_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read
|
||||||
|
description: List enabled providers
|
||||||
|
name: os_load-balancer_api:provider:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/providers
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read-quota
|
||||||
|
description: List Quotas
|
||||||
|
name: os_load-balancer_api:quota:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/quotas
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read-quota-global
|
||||||
|
description: List Quotas including resources owned by others
|
||||||
|
name: os_load-balancer_api:quota:get_all-global
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/quotas
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read-quota
|
||||||
|
description: Show Quota details
|
||||||
|
name: os_load-balancer_api:quota:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/quotas/{project_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write-quota
|
||||||
|
description: Update a Quota
|
||||||
|
name: os_load-balancer_api:quota:put
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/lbaas/quotas/{project_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:write-quota
|
||||||
|
description: Reset a Quota
|
||||||
|
name: os_load-balancer_api:quota:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/lbaas/quotas/{project_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:read-quota
|
||||||
|
description: Show Default Quota for a Project
|
||||||
|
name: os_load-balancer_api:quota:get_defaults
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/quotas/{project_id}/default
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: List Amphorae
|
||||||
|
name: os_load-balancer_api:amphora:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/octavia/amphorae
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Show Amphora details
|
||||||
|
name: os_load-balancer_api:amphora:get_one
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/octavia/amphorae/{amphora_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Delete an Amphora
|
||||||
|
name: os_load-balancer_api:amphora:delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/octavia/amphorae/{amphora_id}
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Update Amphora Agent Configuration
|
||||||
|
name: os_load-balancer_api:amphora:put_config
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/octavia/amphorae/{amphora_id}/config
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Failover Amphora
|
||||||
|
name: os_load-balancer_api:amphora:put_failover
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/octavia/amphorae/{amphora_id}/failover
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: Show Amphora statistics
|
||||||
|
name: os_load-balancer_api:amphora:get_stats
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/octavia/amphorae/{amphora_id}/stats
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: List the provider flavor capabilities.
|
||||||
|
name: os_load-balancer_api:provider-flavor:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/providers/{provider}/flavor_capabilities
|
||||||
|
scope_types: null
|
||||||
|
- check_str: rule:load-balancer:admin
|
||||||
|
description: List the provider availability zone capabilities.
|
||||||
|
name: os_load-balancer_api:provider-availability-zone:get_all
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/lbaas/providers/{provider}/availability_zone_capabilities
|
||||||
|
scope_types: null
|
|
@ -0,0 +1,396 @@
|
||||||
|
# Intended scope(s): system
|
||||||
|
#"system-admin": "role:admin and system_scope:all"
|
||||||
|
|
||||||
|
# Intended scope(s): system
|
||||||
|
#"system-reader": "role:reader and system_scope:all"
|
||||||
|
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"project-member": "role:member and project_id:%(project_id)s"
|
||||||
|
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"project-reader": "role:reader and project_id:%(project_id)s"
|
||||||
|
|
||||||
|
# Intended scope(s): system
|
||||||
|
#"context_is_admin": "role:load-balancer_admin or rule:system-admin"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "context_is_admin":"role:admin or role:load-balancer_admin" has been
|
||||||
|
# deprecated since W in favor of "context_is_admin":"role:load-
|
||||||
|
# balancer_admin or rule:system-admin".
|
||||||
|
# The Octavia API now requires the OpenStack default roles and scoped
|
||||||
|
# tokens. See
|
||||||
|
# https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||||
|
# and https://docs.openstack.org/keystone/latest/contributor/services.
|
||||||
|
# html#reusable-default-roles for more information.
|
||||||
|
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"load-balancer:owner": "project_id:%(project_id)s"
|
||||||
|
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"load-balancer:observer_and_owner": "role:load-balancer_observer and rule:project-reader"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "load-balancer:observer_and_owner":"role:load-balancer_observer and
|
||||||
|
# rule:load-balancer:owner" has been deprecated since W in favor of
|
||||||
|
# "load-balancer:observer_and_owner":"role:load-balancer_observer and
|
||||||
|
# rule:project-reader".
|
||||||
|
# The Octavia API now requires the OpenStack default roles and scoped
|
||||||
|
# tokens. See
|
||||||
|
# https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||||
|
# and https://docs.openstack.org/keystone/latest/contributor/services.
|
||||||
|
# html#reusable-default-roles for more information.
|
||||||
|
|
||||||
|
# Intended scope(s): system
|
||||||
|
#"load-balancer:global_observer": "role:load-balancer_global_observer or rule:system-reader"
|
||||||
|
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"load-balancer:member_and_owner": "role:load-balancer_member and rule:project-member"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "load-balancer:member_and_owner":"role:load-balancer_member and
|
||||||
|
# rule:load-balancer:owner" has been deprecated since W in favor of
|
||||||
|
# "load-balancer:member_and_owner":"role:load-balancer_member and
|
||||||
|
# rule:project-member".
|
||||||
|
# The Octavia API now requires the OpenStack default roles and scoped
|
||||||
|
# tokens. See
|
||||||
|
# https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||||
|
# and https://docs.openstack.org/keystone/latest/contributor/services.
|
||||||
|
# html#reusable-default-roles for more information.
|
||||||
|
|
||||||
|
# Intended scope(s): system
|
||||||
|
#"load-balancer:admin": "is_admin:True or role:load-balancer_admin or rule:system-admin"
|
||||||
|
|
||||||
|
# Intended scope(s): project, system
|
||||||
|
#"load-balancer:read": "rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Intended scope(s): system
|
||||||
|
#"load-balancer:read-global": "rule:load-balancer:global_observer or rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Intended scope(s): project, system
|
||||||
|
#"load-balancer:write": "rule:load-balancer:member_and_owner or rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Intended scope(s): project, system
|
||||||
|
#"load-balancer:read-quota": "rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Intended scope(s): system
|
||||||
|
#"load-balancer:read-quota-global": "rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Intended scope(s): system
|
||||||
|
#"load-balancer:write-quota": "role:load-balancer_quota_admin or rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# List Flavors
|
||||||
|
# GET /v2.0/lbaas/flavors
|
||||||
|
#"os_load-balancer_api:flavor:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Create a Flavor
|
||||||
|
# POST /v2.0/lbaas/flavors
|
||||||
|
#"os_load-balancer_api:flavor:post": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Update a Flavor
|
||||||
|
# PUT /v2.0/lbaas/flavors/{flavor_id}
|
||||||
|
#"os_load-balancer_api:flavor:put": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Show Flavor details
|
||||||
|
# GET /v2.0/lbaas/flavors/{flavor_id}
|
||||||
|
#"os_load-balancer_api:flavor:get_one": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Remove a Flavor
|
||||||
|
# DELETE /v2.0/lbaas/flavors/{flavor_id}
|
||||||
|
#"os_load-balancer_api:flavor:delete": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# List Flavor Profiles
|
||||||
|
# GET /v2.0/lbaas/flavorprofiles
|
||||||
|
#"os_load-balancer_api:flavor-profile:get_all": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Create a Flavor Profile
|
||||||
|
# POST /v2.0/lbaas/flavorprofiles
|
||||||
|
#"os_load-balancer_api:flavor-profile:post": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Update a Flavor Profile
|
||||||
|
# PUT /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||||
|
#"os_load-balancer_api:flavor-profile:put": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Show Flavor Profile details
|
||||||
|
# GET /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||||
|
#"os_load-balancer_api:flavor-profile:get_one": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Remove a Flavor Profile
|
||||||
|
# DELETE /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||||
|
#"os_load-balancer_api:flavor-profile:delete": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# List Availability Zones
|
||||||
|
# GET /v2.0/lbaas/availabilityzones
|
||||||
|
#"os_load-balancer_api:availability-zone:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Create an Availability Zone
|
||||||
|
# POST /v2.0/lbaas/availabilityzones
|
||||||
|
#"os_load-balancer_api:availability-zone:post": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Update an Availability Zone
|
||||||
|
# PUT /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||||
|
#"os_load-balancer_api:availability-zone:put": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Show Availability Zone details
|
||||||
|
# GET /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||||
|
#"os_load-balancer_api:availability-zone:get_one": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Remove an Availability Zone
|
||||||
|
# DELETE /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||||
|
#"os_load-balancer_api:availability-zone:delete": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# List Availability Zones
|
||||||
|
# GET /v2.0/lbaas/availabilityzoneprofiles
|
||||||
|
#"os_load-balancer_api:availability-zone-profile:get_all": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Create an Availability Zone
|
||||||
|
# POST /v2.0/lbaas/availabilityzoneprofiles
|
||||||
|
#"os_load-balancer_api:availability-zone-profile:post": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Update an Availability Zone
|
||||||
|
# PUT /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||||
|
#"os_load-balancer_api:availability-zone-profile:put": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Show Availability Zone details
|
||||||
|
# GET /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||||
|
#"os_load-balancer_api:availability-zone-profile:get_one": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Remove an Availability Zone
|
||||||
|
# DELETE /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||||
|
#"os_load-balancer_api:availability-zone-profile:delete": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# List Health Monitors of a Pool
|
||||||
|
# GET /v2/lbaas/healthmonitors
|
||||||
|
#"os_load-balancer_api:healthmonitor:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# List Health Monitors including resources owned by others
|
||||||
|
# GET /v2/lbaas/healthmonitors
|
||||||
|
#"os_load-balancer_api:healthmonitor:get_all-global": "rule:load-balancer:read-global"
|
||||||
|
|
||||||
|
# Create a Health Monitor
|
||||||
|
# POST /v2/lbaas/healthmonitors
|
||||||
|
#"os_load-balancer_api:healthmonitor:post": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Show Health Monitor details
|
||||||
|
# GET /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||||
|
#"os_load-balancer_api:healthmonitor:get_one": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Update a Health Monitor
|
||||||
|
# PUT /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||||
|
#"os_load-balancer_api:healthmonitor:put": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Remove a Health Monitor
|
||||||
|
# DELETE /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||||
|
#"os_load-balancer_api:healthmonitor:delete": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# List L7 Policys
|
||||||
|
# GET /v2/lbaas/l7policies
|
||||||
|
#"os_load-balancer_api:l7policy:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# List L7 Policys including resources owned by others
|
||||||
|
# GET /v2/lbaas/l7policies
|
||||||
|
#"os_load-balancer_api:l7policy:get_all-global": "rule:load-balancer:read-global"
|
||||||
|
|
||||||
|
# Create a L7 Policy
|
||||||
|
# POST /v2/lbaas/l7policies
|
||||||
|
#"os_load-balancer_api:l7policy:post": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Show L7 Policy details
|
||||||
|
# GET /v2/lbaas/l7policies/{l7policy_id}
|
||||||
|
#"os_load-balancer_api:l7policy:get_one": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Update a L7 Policy
|
||||||
|
# PUT /v2/lbaas/l7policies/{l7policy_id}
|
||||||
|
#"os_load-balancer_api:l7policy:put": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Remove a L7 Policy
|
||||||
|
# DELETE /v2/lbaas/l7policies/{l7policy_id}
|
||||||
|
#"os_load-balancer_api:l7policy:delete": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# List L7 Rules
|
||||||
|
# GET /v2/lbaas/l7policies/{l7policy_id}/rules
|
||||||
|
#"os_load-balancer_api:l7rule:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Create a L7 Rule
|
||||||
|
# POST /v2/lbaas/l7policies/{l7policy_id}/rules
|
||||||
|
#"os_load-balancer_api:l7rule:post": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Show L7 Rule details
|
||||||
|
# GET /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||||
|
#"os_load-balancer_api:l7rule:get_one": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Update a L7 Rule
|
||||||
|
# PUT /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||||
|
#"os_load-balancer_api:l7rule:put": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Remove a L7 Rule
|
||||||
|
# DELETE /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||||
|
#"os_load-balancer_api:l7rule:delete": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# List Listeners
|
||||||
|
# GET /v2/lbaas/listeners
|
||||||
|
#"os_load-balancer_api:listener:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# List Listeners including resources owned by others
|
||||||
|
# GET /v2/lbaas/listeners
|
||||||
|
#"os_load-balancer_api:listener:get_all-global": "rule:load-balancer:read-global"
|
||||||
|
|
||||||
|
# Create a Listener
|
||||||
|
# POST /v2/lbaas/listeners
|
||||||
|
#"os_load-balancer_api:listener:post": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Show Listener details
|
||||||
|
# GET /v2/lbaas/listeners/{listener_id}
|
||||||
|
#"os_load-balancer_api:listener:get_one": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Update a Listener
|
||||||
|
# PUT /v2/lbaas/listeners/{listener_id}
|
||||||
|
#"os_load-balancer_api:listener:put": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Remove a Listener
|
||||||
|
# DELETE /v2/lbaas/listeners/{listener_id}
|
||||||
|
#"os_load-balancer_api:listener:delete": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Show Listener statistics
|
||||||
|
# GET /v2/lbaas/listeners/{listener_id}/stats
|
||||||
|
#"os_load-balancer_api:listener:get_stats": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# List Load Balancers
|
||||||
|
# GET /v2/lbaas/loadbalancers
|
||||||
|
#"os_load-balancer_api:loadbalancer:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# List Load Balancers including resources owned by others
|
||||||
|
# GET /v2/lbaas/loadbalancers
|
||||||
|
#"os_load-balancer_api:loadbalancer:get_all-global": "rule:load-balancer:read-global"
|
||||||
|
|
||||||
|
# Create a Load Balancer
|
||||||
|
# POST /v2/lbaas/loadbalancers
|
||||||
|
#"os_load-balancer_api:loadbalancer:post": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Show Load Balancer details
|
||||||
|
# GET /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||||
|
#"os_load-balancer_api:loadbalancer:get_one": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Update a Load Balancer
|
||||||
|
# PUT /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||||
|
#"os_load-balancer_api:loadbalancer:put": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Remove a Load Balancer
|
||||||
|
# DELETE /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||||
|
#"os_load-balancer_api:loadbalancer:delete": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Show Load Balancer statistics
|
||||||
|
# GET /v2/lbaas/loadbalancers/{loadbalancer_id}/stats
|
||||||
|
#"os_load-balancer_api:loadbalancer:get_stats": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Show Load Balancer status
|
||||||
|
# GET /v2/lbaas/loadbalancers/{loadbalancer_id}/status
|
||||||
|
#"os_load-balancer_api:loadbalancer:get_status": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Failover a Load Balancer
|
||||||
|
# PUT /v2/lbaas/loadbalancers/{loadbalancer_id}/failover
|
||||||
|
#"os_load-balancer_api:loadbalancer:put_failover": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# List Members of a Pool
|
||||||
|
# GET /v2/lbaas/pools/{pool_id}/members
|
||||||
|
#"os_load-balancer_api:member:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Create a Member
|
||||||
|
# POST /v2/lbaas/pools/{pool_id}/members
|
||||||
|
#"os_load-balancer_api:member:post": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Show Member details
|
||||||
|
# GET /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||||
|
#"os_load-balancer_api:member:get_one": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Update a Member
|
||||||
|
# PUT /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||||
|
#"os_load-balancer_api:member:put": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Remove a Member
|
||||||
|
# DELETE /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||||
|
#"os_load-balancer_api:member:delete": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# List Pools
|
||||||
|
# GET /v2/lbaas/pools
|
||||||
|
#"os_load-balancer_api:pool:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# List Pools including resources owned by others
|
||||||
|
# GET /v2/lbaas/pools
|
||||||
|
#"os_load-balancer_api:pool:get_all-global": "rule:load-balancer:read-global"
|
||||||
|
|
||||||
|
# Create a Pool
|
||||||
|
# POST /v2/lbaas/pools
|
||||||
|
#"os_load-balancer_api:pool:post": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Show Pool details
|
||||||
|
# GET /v2/lbaas/pools/{pool_id}
|
||||||
|
#"os_load-balancer_api:pool:get_one": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# Update a Pool
|
||||||
|
# PUT /v2/lbaas/pools/{pool_id}
|
||||||
|
#"os_load-balancer_api:pool:put": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# Remove a Pool
|
||||||
|
# DELETE /v2/lbaas/pools/{pool_id}
|
||||||
|
#"os_load-balancer_api:pool:delete": "rule:load-balancer:write"
|
||||||
|
|
||||||
|
# List enabled providers
|
||||||
|
# GET /v2/lbaas/providers
|
||||||
|
#"os_load-balancer_api:provider:get_all": "rule:load-balancer:read"
|
||||||
|
|
||||||
|
# List Quotas
|
||||||
|
# GET /v2/lbaas/quotas
|
||||||
|
#"os_load-balancer_api:quota:get_all": "rule:load-balancer:read-quota"
|
||||||
|
|
||||||
|
# List Quotas including resources owned by others
|
||||||
|
# GET /v2/lbaas/quotas
|
||||||
|
#"os_load-balancer_api:quota:get_all-global": "rule:load-balancer:read-quota-global"
|
||||||
|
|
||||||
|
# Show Quota details
|
||||||
|
# GET /v2/lbaas/quotas/{project_id}
|
||||||
|
#"os_load-balancer_api:quota:get_one": "rule:load-balancer:read-quota"
|
||||||
|
|
||||||
|
# Update a Quota
|
||||||
|
# PUT /v2/lbaas/quotas/{project_id}
|
||||||
|
#"os_load-balancer_api:quota:put": "rule:load-balancer:write-quota"
|
||||||
|
|
||||||
|
# Reset a Quota
|
||||||
|
# DELETE /v2/lbaas/quotas/{project_id}
|
||||||
|
#"os_load-balancer_api:quota:delete": "rule:load-balancer:write-quota"
|
||||||
|
|
||||||
|
# Show Default Quota for a Project
|
||||||
|
# GET /v2/lbaas/quotas/{project_id}/default
|
||||||
|
#"os_load-balancer_api:quota:get_defaults": "rule:load-balancer:read-quota"
|
||||||
|
|
||||||
|
# List Amphorae
|
||||||
|
# GET /v2/octavia/amphorae
|
||||||
|
#"os_load-balancer_api:amphora:get_all": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Show Amphora details
|
||||||
|
# GET /v2/octavia/amphorae/{amphora_id}
|
||||||
|
#"os_load-balancer_api:amphora:get_one": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Delete an Amphora
|
||||||
|
# DELETE /v2/octavia/amphorae/{amphora_id}
|
||||||
|
#"os_load-balancer_api:amphora:delete": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Update Amphora Agent Configuration
|
||||||
|
# PUT /v2/octavia/amphorae/{amphora_id}/config
|
||||||
|
#"os_load-balancer_api:amphora:put_config": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Failover Amphora
|
||||||
|
# PUT /v2/octavia/amphorae/{amphora_id}/failover
|
||||||
|
#"os_load-balancer_api:amphora:put_failover": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# Show Amphora statistics
|
||||||
|
# GET /v2/octavia/amphorae/{amphora_id}/stats
|
||||||
|
#"os_load-balancer_api:amphora:get_stats": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# List the provider flavor capabilities.
|
||||||
|
# GET /v2/lbaas/providers/{provider}/flavor_capabilities
|
||||||
|
#"os_load-balancer_api:provider-flavor:get_all": "rule:load-balancer:admin"
|
||||||
|
|
||||||
|
# List the provider availability zone capabilities.
|
||||||
|
# GET /v2/lbaas/providers/{provider}/availability_zone_capabilities
|
||||||
|
#"os_load-balancer_api:provider-availability-zone:get_all": "rule:load-balancer:admin"
|
||||||
|
|
|
@ -20,3 +20,7 @@ from django.conf import settings
|
||||||
settings.POLICY_FILES.update({
|
settings.POLICY_FILES.update({
|
||||||
'load-balancer': 'octavia_policy.yaml',
|
'load-balancer': 'octavia_policy.yaml',
|
||||||
})
|
})
|
||||||
|
|
||||||
|
settings.iDEFAULT_POLICY_FILES.update({
|
||||||
|
'load-balancer': 'default_policies/octavia.yaml',
|
||||||
|
})
|
||||||
|
|
Loading…
Reference in New Issue