Support policy-in-code and deprecated policy
This change adds support for policy-in-code and deprecated policy following the change in horizon. Depends-on: https://review.opendev.org/750134 Change-Id: I904c0a8b17d99245bf2f27058752b4b2d4f1b518
This commit is contained in:
parent
cd1f06ace4
commit
edcd40d313
|
@ -65,6 +65,3 @@ ChangeLog
|
|||
|
||||
# IntelliJ editors
|
||||
.idea
|
||||
|
||||
# Conf
|
||||
octavia_dashboard/conf
|
||||
|
|
23
README.rst
23
README.rst
|
@ -46,31 +46,30 @@ Howto
|
|||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/enabled/_1482_*.py \
|
||||
${HORIZON_DIR}/openstack_dashboard/local/enabled/
|
||||
|
||||
3. (Optional) Generate the policy file and copy into horizon's policy files
|
||||
folder, and copy ``_1499_load_balancer_settings.py`` in
|
||||
4. (Optional) Copy ``_1499_load_balancer_settings.py`` in
|
||||
``octavia_dashboard/local_settings.d`` directory
|
||||
to ``openstack_dashboard/local/local_settings.d``::
|
||||
to ``openstack_dashboard/local/local_settings.d``
|
||||
and policy files in ``octavia_dashboard/conf`` directory to
|
||||
``openstack_dashboard/local/conf`` directory::
|
||||
|
||||
$ oslopolicy-policy-generator \
|
||||
--config-file \
|
||||
${OCTAVIA_DIR}/etc/policy/octavia-policy-generator.conf \
|
||||
--output-file \
|
||||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml
|
||||
$ cp -a \
|
||||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/local_settings.d/_1499_*.py \
|
||||
${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/
|
||||
$ cp -a \
|
||||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml \
|
||||
${HORIZON_DIR}/openstack_dashboard/conf/
|
||||
$ cp -a \
|
||||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/local_settings.d/_1499_*.py \
|
||||
${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/
|
||||
${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/default_policies/octavia.yaml \
|
||||
${HORIZON_DIR}/openstack_dashboard/conf/default_policies/
|
||||
|
||||
4. Django has a compressor feature that performs many enhancements for the
|
||||
5. Django has a compressor feature that performs many enhancements for the
|
||||
delivery of static files. If the compressor feature is enabled in your
|
||||
environment (``COMPRESS_OFFLINE = True``), run the following commands::
|
||||
|
||||
$ ./manage.py collectstatic
|
||||
$ ./manage.py compress
|
||||
|
||||
5. Finally restart your web server to enable octavia-dashboard
|
||||
6. Finally restart your web server to enable octavia-dashboard
|
||||
in your Horizon::
|
||||
|
||||
$ sudo service apache2 restart
|
||||
|
|
|
@ -5,8 +5,8 @@ function octavia_dashboard_install {
|
|||
function octavia_dashboard_configure {
|
||||
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/enabled/_1482_project_load_balancer_panel.py ${HORIZON_DIR}/openstack_dashboard/local/enabled/
|
||||
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/local_settings.d/_1499_load_balancer_settings.py ${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/
|
||||
oslopolicy-policy-generator --config-file ${OCTAVIA_DIR}/etc/policy/octavia-policy-generator.conf --output-file ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml
|
||||
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/octavia_policy.yaml ${HORIZON_DIR}/openstack_dashboard/conf/
|
||||
cp -a ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/conf/default_policies/octavia.yaml ${HORIZON_DIR}/openstack_dashboard/conf/default_policies
|
||||
if [[ -d ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard/locale ]]; then
|
||||
(cd ${OCTAVIA_DASHBOARD_DIR}/octavia_dashboard; DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $PYTHON ../manage.py compilemessages)
|
||||
fi
|
||||
|
@ -34,5 +34,6 @@ if is_service_enabled horizon && is_service_enabled o-api; then
|
|||
rm -f ${HORIZON_DIR}/openstack_dashboard/local/enabled/_1482_project_load_balancer_panel.py*
|
||||
rm -f ${HORIZON_DIR}/openstack_dashboard/local/local_settings.d/_1499_load_balancer_settings.py*
|
||||
rm -f ${HORIZON_DIR}/openstack_dashboard/conf/octavia_policy.yaml
|
||||
rm -f ${HORIZON_DIR}/openstack_dashboard/conf/default_policies/octavia.yaml
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -17,7 +17,7 @@ octavia_dashboard/enabled directory to openstack_dashboard/local/enabled
|
|||
(Optional) To enable policy enforcement at the Horizon level, copy the policy
|
||||
file into horizon's policy files folder, and add this config ``POLICY_FILES``::
|
||||
|
||||
'octavia': 'octavia_policy.json',
|
||||
'octavia': 'octavia_policy.yaml',
|
||||
|
||||
Django has a compressor feature that performs many enhancements for the
|
||||
delivery of static files. If the compressor feature is enabled in your
|
||||
|
|
|
@ -0,0 +1,679 @@
|
|||
- check_str: role:admin and system_scope:all
|
||||
description: null
|
||||
name: system-admin
|
||||
operations: []
|
||||
scope_types:
|
||||
- system
|
||||
- check_str: role:reader and system_scope:all
|
||||
description: null
|
||||
name: system-reader
|
||||
operations: []
|
||||
scope_types:
|
||||
- system
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
description: null
|
||||
name: project-member
|
||||
operations: []
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s
|
||||
description: null
|
||||
name: project-reader
|
||||
operations: []
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:load-balancer_admin or rule:system-admin
|
||||
deprecated_reason: The Octavia API now requires the OpenStack default roles and
|
||||
scoped tokens. See https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||
and https://docs.openstack.org/keystone/latest/contributor/services.html#reusable-default-roles
|
||||
for more information.
|
||||
deprecated_rule:
|
||||
check_str: role:admin or role:load-balancer_admin
|
||||
name: context_is_admin
|
||||
deprecated_since: W
|
||||
description: null
|
||||
name: context_is_admin
|
||||
operations: []
|
||||
scope_types:
|
||||
- system
|
||||
- check_str: project_id:%(project_id)s
|
||||
description: null
|
||||
name: load-balancer:owner
|
||||
operations: []
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:load-balancer_observer and rule:project-reader
|
||||
deprecated_reason: The Octavia API now requires the OpenStack default roles and
|
||||
scoped tokens. See https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||
and https://docs.openstack.org/keystone/latest/contributor/services.html#reusable-default-roles
|
||||
for more information.
|
||||
deprecated_rule:
|
||||
check_str: role:load-balancer_observer and rule:load-balancer:owner
|
||||
name: load-balancer:observer_and_owner
|
||||
deprecated_since: W
|
||||
description: null
|
||||
name: load-balancer:observer_and_owner
|
||||
operations: []
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:load-balancer_global_observer or rule:system-reader
|
||||
description: null
|
||||
name: load-balancer:global_observer
|
||||
operations: []
|
||||
scope_types:
|
||||
- system
|
||||
- check_str: role:load-balancer_member and rule:project-member
|
||||
deprecated_reason: The Octavia API now requires the OpenStack default roles and
|
||||
scoped tokens. See https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||
and https://docs.openstack.org/keystone/latest/contributor/services.html#reusable-default-roles
|
||||
for more information.
|
||||
deprecated_rule:
|
||||
check_str: role:load-balancer_member and rule:load-balancer:owner
|
||||
name: load-balancer:member_and_owner
|
||||
deprecated_since: W
|
||||
description: null
|
||||
name: load-balancer:member_and_owner
|
||||
operations: []
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: is_admin:True or role:load-balancer_admin or rule:system-admin
|
||||
description: null
|
||||
name: load-balancer:admin
|
||||
operations: []
|
||||
scope_types:
|
||||
- system
|
||||
- check_str: rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer
|
||||
or rule:load-balancer:member_and_owner or rule:load-balancer:admin
|
||||
description: null
|
||||
name: load-balancer:read
|
||||
operations: []
|
||||
scope_types:
|
||||
- project
|
||||
- system
|
||||
- check_str: rule:load-balancer:global_observer or rule:load-balancer:admin
|
||||
description: null
|
||||
name: load-balancer:read-global
|
||||
operations: []
|
||||
scope_types:
|
||||
- system
|
||||
- check_str: rule:load-balancer:member_and_owner or rule:load-balancer:admin
|
||||
description: null
|
||||
name: load-balancer:write
|
||||
operations: []
|
||||
scope_types:
|
||||
- project
|
||||
- system
|
||||
- check_str: rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer
|
||||
or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin
|
||||
description: null
|
||||
name: load-balancer:read-quota
|
||||
operations: []
|
||||
scope_types:
|
||||
- project
|
||||
- system
|
||||
- check_str: rule:load-balancer:global_observer or role:load-balancer_quota_admin
|
||||
or rule:load-balancer:admin
|
||||
description: null
|
||||
name: load-balancer:read-quota-global
|
||||
operations: []
|
||||
scope_types:
|
||||
- system
|
||||
- check_str: role:load-balancer_quota_admin or rule:load-balancer:admin
|
||||
description: null
|
||||
name: load-balancer:write-quota
|
||||
operations: []
|
||||
scope_types:
|
||||
- system
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List Flavors
|
||||
name: os_load-balancer_api:flavor:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2.0/lbaas/flavors
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Create a Flavor
|
||||
name: os_load-balancer_api:flavor:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2.0/lbaas/flavors
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Update a Flavor
|
||||
name: os_load-balancer_api:flavor:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2.0/lbaas/flavors/{flavor_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Flavor details
|
||||
name: os_load-balancer_api:flavor:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2.0/lbaas/flavors/{flavor_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Remove a Flavor
|
||||
name: os_load-balancer_api:flavor:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2.0/lbaas/flavors/{flavor_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: List Flavor Profiles
|
||||
name: os_load-balancer_api:flavor-profile:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2.0/lbaas/flavorprofiles
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Create a Flavor Profile
|
||||
name: os_load-balancer_api:flavor-profile:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2.0/lbaas/flavorprofiles
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Update a Flavor Profile
|
||||
name: os_load-balancer_api:flavor-profile:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Show Flavor Profile details
|
||||
name: os_load-balancer_api:flavor-profile:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Remove a Flavor Profile
|
||||
name: os_load-balancer_api:flavor-profile:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List Availability Zones
|
||||
name: os_load-balancer_api:availability-zone:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2.0/lbaas/availabilityzones
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Create an Availability Zone
|
||||
name: os_load-balancer_api:availability-zone:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2.0/lbaas/availabilityzones
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Update an Availability Zone
|
||||
name: os_load-balancer_api:availability-zone:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Availability Zone details
|
||||
name: os_load-balancer_api:availability-zone:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Remove an Availability Zone
|
||||
name: os_load-balancer_api:availability-zone:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: List Availability Zones
|
||||
name: os_load-balancer_api:availability-zone-profile:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2.0/lbaas/availabilityzoneprofiles
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Create an Availability Zone
|
||||
name: os_load-balancer_api:availability-zone-profile:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2.0/lbaas/availabilityzoneprofiles
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Update an Availability Zone
|
||||
name: os_load-balancer_api:availability-zone-profile:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Show Availability Zone details
|
||||
name: os_load-balancer_api:availability-zone-profile:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Remove an Availability Zone
|
||||
name: os_load-balancer_api:availability-zone-profile:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List Health Monitors of a Pool
|
||||
name: os_load-balancer_api:healthmonitor:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/healthmonitors
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read-global
|
||||
description: List Health Monitors including resources owned by others
|
||||
name: os_load-balancer_api:healthmonitor:get_all-global
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/healthmonitors
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Create a Health Monitor
|
||||
name: os_load-balancer_api:healthmonitor:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/lbaas/healthmonitors
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Health Monitor details
|
||||
name: os_load-balancer_api:healthmonitor:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Update a Health Monitor
|
||||
name: os_load-balancer_api:healthmonitor:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Remove a Health Monitor
|
||||
name: os_load-balancer_api:healthmonitor:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List L7 Policys
|
||||
name: os_load-balancer_api:l7policy:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/l7policies
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read-global
|
||||
description: List L7 Policys including resources owned by others
|
||||
name: os_load-balancer_api:l7policy:get_all-global
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/l7policies
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Create a L7 Policy
|
||||
name: os_load-balancer_api:l7policy:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/lbaas/l7policies
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show L7 Policy details
|
||||
name: os_load-balancer_api:l7policy:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/l7policies/{l7policy_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Update a L7 Policy
|
||||
name: os_load-balancer_api:l7policy:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/lbaas/l7policies/{l7policy_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Remove a L7 Policy
|
||||
name: os_load-balancer_api:l7policy:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/lbaas/l7policies/{l7policy_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List L7 Rules
|
||||
name: os_load-balancer_api:l7rule:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/l7policies/{l7policy_id}/rules
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Create a L7 Rule
|
||||
name: os_load-balancer_api:l7rule:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/lbaas/l7policies/{l7policy_id}/rules
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show L7 Rule details
|
||||
name: os_load-balancer_api:l7rule:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Update a L7 Rule
|
||||
name: os_load-balancer_api:l7rule:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Remove a L7 Rule
|
||||
name: os_load-balancer_api:l7rule:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List Listeners
|
||||
name: os_load-balancer_api:listener:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/listeners
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read-global
|
||||
description: List Listeners including resources owned by others
|
||||
name: os_load-balancer_api:listener:get_all-global
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/listeners
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Create a Listener
|
||||
name: os_load-balancer_api:listener:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/lbaas/listeners
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Listener details
|
||||
name: os_load-balancer_api:listener:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/listeners/{listener_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Update a Listener
|
||||
name: os_load-balancer_api:listener:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/lbaas/listeners/{listener_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Remove a Listener
|
||||
name: os_load-balancer_api:listener:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/lbaas/listeners/{listener_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Listener statistics
|
||||
name: os_load-balancer_api:listener:get_stats
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/listeners/{listener_id}/stats
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List Load Balancers
|
||||
name: os_load-balancer_api:loadbalancer:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/loadbalancers
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read-global
|
||||
description: List Load Balancers including resources owned by others
|
||||
name: os_load-balancer_api:loadbalancer:get_all-global
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/loadbalancers
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Create a Load Balancer
|
||||
name: os_load-balancer_api:loadbalancer:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/lbaas/loadbalancers
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Load Balancer details
|
||||
name: os_load-balancer_api:loadbalancer:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Update a Load Balancer
|
||||
name: os_load-balancer_api:loadbalancer:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Remove a Load Balancer
|
||||
name: os_load-balancer_api:loadbalancer:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Load Balancer statistics
|
||||
name: os_load-balancer_api:loadbalancer:get_stats
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/loadbalancers/{loadbalancer_id}/stats
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Load Balancer status
|
||||
name: os_load-balancer_api:loadbalancer:get_status
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/loadbalancers/{loadbalancer_id}/status
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Failover a Load Balancer
|
||||
name: os_load-balancer_api:loadbalancer:put_failover
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/lbaas/loadbalancers/{loadbalancer_id}/failover
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List Members of a Pool
|
||||
name: os_load-balancer_api:member:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/pools/{pool_id}/members
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Create a Member
|
||||
name: os_load-balancer_api:member:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/lbaas/pools/{pool_id}/members
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Member details
|
||||
name: os_load-balancer_api:member:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Update a Member
|
||||
name: os_load-balancer_api:member:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Remove a Member
|
||||
name: os_load-balancer_api:member:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List Pools
|
||||
name: os_load-balancer_api:pool:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/pools
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read-global
|
||||
description: List Pools including resources owned by others
|
||||
name: os_load-balancer_api:pool:get_all-global
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/pools
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Create a Pool
|
||||
name: os_load-balancer_api:pool:post
|
||||
operations:
|
||||
- method: POST
|
||||
path: /v2/lbaas/pools
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: Show Pool details
|
||||
name: os_load-balancer_api:pool:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/pools/{pool_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Update a Pool
|
||||
name: os_load-balancer_api:pool:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/lbaas/pools/{pool_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write
|
||||
description: Remove a Pool
|
||||
name: os_load-balancer_api:pool:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/lbaas/pools/{pool_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read
|
||||
description: List enabled providers
|
||||
name: os_load-balancer_api:provider:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/providers
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read-quota
|
||||
description: List Quotas
|
||||
name: os_load-balancer_api:quota:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/quotas
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read-quota-global
|
||||
description: List Quotas including resources owned by others
|
||||
name: os_load-balancer_api:quota:get_all-global
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/quotas
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read-quota
|
||||
description: Show Quota details
|
||||
name: os_load-balancer_api:quota:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/quotas/{project_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write-quota
|
||||
description: Update a Quota
|
||||
name: os_load-balancer_api:quota:put
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/lbaas/quotas/{project_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:write-quota
|
||||
description: Reset a Quota
|
||||
name: os_load-balancer_api:quota:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/lbaas/quotas/{project_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:read-quota
|
||||
description: Show Default Quota for a Project
|
||||
name: os_load-balancer_api:quota:get_defaults
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/quotas/{project_id}/default
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: List Amphorae
|
||||
name: os_load-balancer_api:amphora:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/octavia/amphorae
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Show Amphora details
|
||||
name: os_load-balancer_api:amphora:get_one
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/octavia/amphorae/{amphora_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Delete an Amphora
|
||||
name: os_load-balancer_api:amphora:delete
|
||||
operations:
|
||||
- method: DELETE
|
||||
path: /v2/octavia/amphorae/{amphora_id}
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Update Amphora Agent Configuration
|
||||
name: os_load-balancer_api:amphora:put_config
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/octavia/amphorae/{amphora_id}/config
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Failover Amphora
|
||||
name: os_load-balancer_api:amphora:put_failover
|
||||
operations:
|
||||
- method: PUT
|
||||
path: /v2/octavia/amphorae/{amphora_id}/failover
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: Show Amphora statistics
|
||||
name: os_load-balancer_api:amphora:get_stats
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/octavia/amphorae/{amphora_id}/stats
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: List the provider flavor capabilities.
|
||||
name: os_load-balancer_api:provider-flavor:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/providers/{provider}/flavor_capabilities
|
||||
scope_types: null
|
||||
- check_str: rule:load-balancer:admin
|
||||
description: List the provider availability zone capabilities.
|
||||
name: os_load-balancer_api:provider-availability-zone:get_all
|
||||
operations:
|
||||
- method: GET
|
||||
path: /v2/lbaas/providers/{provider}/availability_zone_capabilities
|
||||
scope_types: null
|
|
@ -0,0 +1,396 @@
|
|||
# Intended scope(s): system
|
||||
#"system-admin": "role:admin and system_scope:all"
|
||||
|
||||
# Intended scope(s): system
|
||||
#"system-reader": "role:reader and system_scope:all"
|
||||
|
||||
# Intended scope(s): project
|
||||
#"project-member": "role:member and project_id:%(project_id)s"
|
||||
|
||||
# Intended scope(s): project
|
||||
#"project-reader": "role:reader and project_id:%(project_id)s"
|
||||
|
||||
# Intended scope(s): system
|
||||
#"context_is_admin": "role:load-balancer_admin or rule:system-admin"
|
||||
|
||||
# DEPRECATED
|
||||
# "context_is_admin":"role:admin or role:load-balancer_admin" has been
|
||||
# deprecated since W in favor of "context_is_admin":"role:load-
|
||||
# balancer_admin or rule:system-admin".
|
||||
# The Octavia API now requires the OpenStack default roles and scoped
|
||||
# tokens. See
|
||||
# https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||
# and https://docs.openstack.org/keystone/latest/contributor/services.
|
||||
# html#reusable-default-roles for more information.
|
||||
|
||||
# Intended scope(s): project
|
||||
#"load-balancer:owner": "project_id:%(project_id)s"
|
||||
|
||||
# Intended scope(s): project
|
||||
#"load-balancer:observer_and_owner": "role:load-balancer_observer and rule:project-reader"
|
||||
|
||||
# DEPRECATED
|
||||
# "load-balancer:observer_and_owner":"role:load-balancer_observer and
|
||||
# rule:load-balancer:owner" has been deprecated since W in favor of
|
||||
# "load-balancer:observer_and_owner":"role:load-balancer_observer and
|
||||
# rule:project-reader".
|
||||
# The Octavia API now requires the OpenStack default roles and scoped
|
||||
# tokens. See
|
||||
# https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||
# and https://docs.openstack.org/keystone/latest/contributor/services.
|
||||
# html#reusable-default-roles for more information.
|
||||
|
||||
# Intended scope(s): system
|
||||
#"load-balancer:global_observer": "role:load-balancer_global_observer or rule:system-reader"
|
||||
|
||||
# Intended scope(s): project
|
||||
#"load-balancer:member_and_owner": "role:load-balancer_member and rule:project-member"
|
||||
|
||||
# DEPRECATED
|
||||
# "load-balancer:member_and_owner":"role:load-balancer_member and
|
||||
# rule:load-balancer:owner" has been deprecated since W in favor of
|
||||
# "load-balancer:member_and_owner":"role:load-balancer_member and
|
||||
# rule:project-member".
|
||||
# The Octavia API now requires the OpenStack default roles and scoped
|
||||
# tokens. See
|
||||
# https://docs.openstack.org/octavia/latest/configuration/policy.html
|
||||
# and https://docs.openstack.org/keystone/latest/contributor/services.
|
||||
# html#reusable-default-roles for more information.
|
||||
|
||||
# Intended scope(s): system
|
||||
#"load-balancer:admin": "is_admin:True or role:load-balancer_admin or rule:system-admin"
|
||||
|
||||
# Intended scope(s): project, system
|
||||
#"load-balancer:read": "rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or rule:load-balancer:admin"
|
||||
|
||||
# Intended scope(s): system
|
||||
#"load-balancer:read-global": "rule:load-balancer:global_observer or rule:load-balancer:admin"
|
||||
|
||||
# Intended scope(s): project, system
|
||||
#"load-balancer:write": "rule:load-balancer:member_and_owner or rule:load-balancer:admin"
|
||||
|
||||
# Intended scope(s): project, system
|
||||
#"load-balancer:read-quota": "rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin"
|
||||
|
||||
# Intended scope(s): system
|
||||
#"load-balancer:read-quota-global": "rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"
|
||||
|
||||
# Intended scope(s): system
|
||||
#"load-balancer:write-quota": "role:load-balancer_quota_admin or rule:load-balancer:admin"
|
||||
|
||||
# List Flavors
|
||||
# GET /v2.0/lbaas/flavors
|
||||
#"os_load-balancer_api:flavor:get_all": "rule:load-balancer:read"
|
||||
|
||||
# Create a Flavor
|
||||
# POST /v2.0/lbaas/flavors
|
||||
#"os_load-balancer_api:flavor:post": "rule:load-balancer:admin"
|
||||
|
||||
# Update a Flavor
|
||||
# PUT /v2.0/lbaas/flavors/{flavor_id}
|
||||
#"os_load-balancer_api:flavor:put": "rule:load-balancer:admin"
|
||||
|
||||
# Show Flavor details
|
||||
# GET /v2.0/lbaas/flavors/{flavor_id}
|
||||
#"os_load-balancer_api:flavor:get_one": "rule:load-balancer:read"
|
||||
|
||||
# Remove a Flavor
|
||||
# DELETE /v2.0/lbaas/flavors/{flavor_id}
|
||||
#"os_load-balancer_api:flavor:delete": "rule:load-balancer:admin"
|
||||
|
||||
# List Flavor Profiles
|
||||
# GET /v2.0/lbaas/flavorprofiles
|
||||
#"os_load-balancer_api:flavor-profile:get_all": "rule:load-balancer:admin"
|
||||
|
||||
# Create a Flavor Profile
|
||||
# POST /v2.0/lbaas/flavorprofiles
|
||||
#"os_load-balancer_api:flavor-profile:post": "rule:load-balancer:admin"
|
||||
|
||||
# Update a Flavor Profile
|
||||
# PUT /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||
#"os_load-balancer_api:flavor-profile:put": "rule:load-balancer:admin"
|
||||
|
||||
# Show Flavor Profile details
|
||||
# GET /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||
#"os_load-balancer_api:flavor-profile:get_one": "rule:load-balancer:admin"
|
||||
|
||||
# Remove a Flavor Profile
|
||||
# DELETE /v2.0/lbaas/flavorprofiles/{flavor_profile_id}
|
||||
#"os_load-balancer_api:flavor-profile:delete": "rule:load-balancer:admin"
|
||||
|
||||
# List Availability Zones
|
||||
# GET /v2.0/lbaas/availabilityzones
|
||||
#"os_load-balancer_api:availability-zone:get_all": "rule:load-balancer:read"
|
||||
|
||||
# Create an Availability Zone
|
||||
# POST /v2.0/lbaas/availabilityzones
|
||||
#"os_load-balancer_api:availability-zone:post": "rule:load-balancer:admin"
|
||||
|
||||
# Update an Availability Zone
|
||||
# PUT /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||
#"os_load-balancer_api:availability-zone:put": "rule:load-balancer:admin"
|
||||
|
||||
# Show Availability Zone details
|
||||
# GET /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||
#"os_load-balancer_api:availability-zone:get_one": "rule:load-balancer:read"
|
||||
|
||||
# Remove an Availability Zone
|
||||
# DELETE /v2.0/lbaas/availabilityzones/{availability_zone_id}
|
||||
#"os_load-balancer_api:availability-zone:delete": "rule:load-balancer:admin"
|
||||
|
||||
# List Availability Zones
|
||||
# GET /v2.0/lbaas/availabilityzoneprofiles
|
||||
#"os_load-balancer_api:availability-zone-profile:get_all": "rule:load-balancer:admin"
|
||||
|
||||
# Create an Availability Zone
|
||||
# POST /v2.0/lbaas/availabilityzoneprofiles
|
||||
#"os_load-balancer_api:availability-zone-profile:post": "rule:load-balancer:admin"
|
||||
|
||||
# Update an Availability Zone
|
||||
# PUT /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||
#"os_load-balancer_api:availability-zone-profile:put": "rule:load-balancer:admin"
|
||||
|
||||
# Show Availability Zone details
|
||||
# GET /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||
#"os_load-balancer_api:availability-zone-profile:get_one": "rule:load-balancer:admin"
|
||||
|
||||
# Remove an Availability Zone
|
||||
# DELETE /v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}
|
||||
#"os_load-balancer_api:availability-zone-profile:delete": "rule:load-balancer:admin"
|
||||
|
||||
# List Health Monitors of a Pool
|
||||
# GET /v2/lbaas/healthmonitors
|
||||
#"os_load-balancer_api:healthmonitor:get_all": "rule:load-balancer:read"
|
||||
|
||||
# List Health Monitors including resources owned by others
|
||||
# GET /v2/lbaas/healthmonitors
|
||||
#"os_load-balancer_api:healthmonitor:get_all-global": "rule:load-balancer:read-global"
|
||||
|
||||
# Create a Health Monitor
|
||||
# POST /v2/lbaas/healthmonitors
|
||||
#"os_load-balancer_api:healthmonitor:post": "rule:load-balancer:write"
|
||||
|
||||
# Show Health Monitor details
|
||||
# GET /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||
#"os_load-balancer_api:healthmonitor:get_one": "rule:load-balancer:read"
|
||||
|
||||
# Update a Health Monitor
|
||||
# PUT /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||
#"os_load-balancer_api:healthmonitor:put": "rule:load-balancer:write"
|
||||
|
||||
# Remove a Health Monitor
|
||||
# DELETE /v2/lbaas/healthmonitors/{healthmonitor_id}
|
||||
#"os_load-balancer_api:healthmonitor:delete": "rule:load-balancer:write"
|
||||
|
||||
# List L7 Policys
|
||||
# GET /v2/lbaas/l7policies
|
||||
#"os_load-balancer_api:l7policy:get_all": "rule:load-balancer:read"
|
||||
|
||||
# List L7 Policys including resources owned by others
|
||||
# GET /v2/lbaas/l7policies
|
||||
#"os_load-balancer_api:l7policy:get_all-global": "rule:load-balancer:read-global"
|
||||
|
||||
# Create a L7 Policy
|
||||
# POST /v2/lbaas/l7policies
|
||||
#"os_load-balancer_api:l7policy:post": "rule:load-balancer:write"
|
||||
|
||||
# Show L7 Policy details
|
||||
# GET /v2/lbaas/l7policies/{l7policy_id}
|
||||
#"os_load-balancer_api:l7policy:get_one": "rule:load-balancer:read"
|
||||
|
||||
# Update a L7 Policy
|
||||
# PUT /v2/lbaas/l7policies/{l7policy_id}
|
||||
#"os_load-balancer_api:l7policy:put": "rule:load-balancer:write"
|
||||
|
||||
# Remove a L7 Policy
|
||||
# DELETE /v2/lbaas/l7policies/{l7policy_id}
|
||||
#"os_load-balancer_api:l7policy:delete": "rule:load-balancer:write"
|
||||
|
||||
# List L7 Rules
|
||||
# GET /v2/lbaas/l7policies/{l7policy_id}/rules
|
||||
#"os_load-balancer_api:l7rule:get_all": "rule:load-balancer:read"
|
||||
|
||||
# Create a L7 Rule
|
||||
# POST /v2/lbaas/l7policies/{l7policy_id}/rules
|
||||
#"os_load-balancer_api:l7rule:post": "rule:load-balancer:write"
|
||||
|
||||
# Show L7 Rule details
|
||||
# GET /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||
#"os_load-balancer_api:l7rule:get_one": "rule:load-balancer:read"
|
||||
|
||||
# Update a L7 Rule
|
||||
# PUT /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||
#"os_load-balancer_api:l7rule:put": "rule:load-balancer:write"
|
||||
|
||||
# Remove a L7 Rule
|
||||
# DELETE /v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}
|
||||
#"os_load-balancer_api:l7rule:delete": "rule:load-balancer:write"
|
||||
|
||||
# List Listeners
|
||||
# GET /v2/lbaas/listeners
|
||||
#"os_load-balancer_api:listener:get_all": "rule:load-balancer:read"
|
||||
|
||||
# List Listeners including resources owned by others
|
||||
# GET /v2/lbaas/listeners
|
||||
#"os_load-balancer_api:listener:get_all-global": "rule:load-balancer:read-global"
|
||||
|
||||
# Create a Listener
|
||||
# POST /v2/lbaas/listeners
|
||||
#"os_load-balancer_api:listener:post": "rule:load-balancer:write"
|
||||
|
||||
# Show Listener details
|
||||
# GET /v2/lbaas/listeners/{listener_id}
|
||||
#"os_load-balancer_api:listener:get_one": "rule:load-balancer:read"
|
||||
|
||||
# Update a Listener
|
||||
# PUT /v2/lbaas/listeners/{listener_id}
|
||||
#"os_load-balancer_api:listener:put": "rule:load-balancer:write"
|
||||
|
||||
# Remove a Listener
|
||||
# DELETE /v2/lbaas/listeners/{listener_id}
|
||||
#"os_load-balancer_api:listener:delete": "rule:load-balancer:write"
|
||||
|
||||
# Show Listener statistics
|
||||
# GET /v2/lbaas/listeners/{listener_id}/stats
|
||||
#"os_load-balancer_api:listener:get_stats": "rule:load-balancer:read"
|
||||
|
||||
# List Load Balancers
|
||||
# GET /v2/lbaas/loadbalancers
|
||||
#"os_load-balancer_api:loadbalancer:get_all": "rule:load-balancer:read"
|
||||
|
||||
# List Load Balancers including resources owned by others
|
||||
# GET /v2/lbaas/loadbalancers
|
||||
#"os_load-balancer_api:loadbalancer:get_all-global": "rule:load-balancer:read-global"
|
||||
|
||||
# Create a Load Balancer
|
||||
# POST /v2/lbaas/loadbalancers
|
||||
#"os_load-balancer_api:loadbalancer:post": "rule:load-balancer:write"
|
||||
|
||||
# Show Load Balancer details
|
||||
# GET /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||
#"os_load-balancer_api:loadbalancer:get_one": "rule:load-balancer:read"
|
||||
|
||||
# Update a Load Balancer
|
||||
# PUT /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||
#"os_load-balancer_api:loadbalancer:put": "rule:load-balancer:write"
|
||||
|
||||
# Remove a Load Balancer
|
||||
# DELETE /v2/lbaas/loadbalancers/{loadbalancer_id}
|
||||
#"os_load-balancer_api:loadbalancer:delete": "rule:load-balancer:write"
|
||||
|
||||
# Show Load Balancer statistics
|
||||
# GET /v2/lbaas/loadbalancers/{loadbalancer_id}/stats
|
||||
#"os_load-balancer_api:loadbalancer:get_stats": "rule:load-balancer:read"
|
||||
|
||||
# Show Load Balancer status
|
||||
# GET /v2/lbaas/loadbalancers/{loadbalancer_id}/status
|
||||
#"os_load-balancer_api:loadbalancer:get_status": "rule:load-balancer:read"
|
||||
|
||||
# Failover a Load Balancer
|
||||
# PUT /v2/lbaas/loadbalancers/{loadbalancer_id}/failover
|
||||
#"os_load-balancer_api:loadbalancer:put_failover": "rule:load-balancer:admin"
|
||||
|
||||
# List Members of a Pool
|
||||
# GET /v2/lbaas/pools/{pool_id}/members
|
||||
#"os_load-balancer_api:member:get_all": "rule:load-balancer:read"
|
||||
|
||||
# Create a Member
|
||||
# POST /v2/lbaas/pools/{pool_id}/members
|
||||
#"os_load-balancer_api:member:post": "rule:load-balancer:write"
|
||||
|
||||
# Show Member details
|
||||
# GET /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||
#"os_load-balancer_api:member:get_one": "rule:load-balancer:read"
|
||||
|
||||
# Update a Member
|
||||
# PUT /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||
#"os_load-balancer_api:member:put": "rule:load-balancer:write"
|
||||
|
||||
# Remove a Member
|
||||
# DELETE /v2/lbaas/pools/{pool_id}/members/{member_id}
|
||||
#"os_load-balancer_api:member:delete": "rule:load-balancer:write"
|
||||
|
||||
# List Pools
|
||||
# GET /v2/lbaas/pools
|
||||
#"os_load-balancer_api:pool:get_all": "rule:load-balancer:read"
|
||||
|
||||
# List Pools including resources owned by others
|
||||
# GET /v2/lbaas/pools
|
||||
#"os_load-balancer_api:pool:get_all-global": "rule:load-balancer:read-global"
|
||||
|
||||
# Create a Pool
|
||||
# POST /v2/lbaas/pools
|
||||
#"os_load-balancer_api:pool:post": "rule:load-balancer:write"
|
||||
|
||||
# Show Pool details
|
||||
# GET /v2/lbaas/pools/{pool_id}
|
||||
#"os_load-balancer_api:pool:get_one": "rule:load-balancer:read"
|
||||
|
||||
# Update a Pool
|
||||
# PUT /v2/lbaas/pools/{pool_id}
|
||||
#"os_load-balancer_api:pool:put": "rule:load-balancer:write"
|
||||
|
||||
# Remove a Pool
|
||||
# DELETE /v2/lbaas/pools/{pool_id}
|
||||
#"os_load-balancer_api:pool:delete": "rule:load-balancer:write"
|
||||
|
||||
# List enabled providers
|
||||
# GET /v2/lbaas/providers
|
||||
#"os_load-balancer_api:provider:get_all": "rule:load-balancer:read"
|
||||
|
||||
# List Quotas
|
||||
# GET /v2/lbaas/quotas
|
||||
#"os_load-balancer_api:quota:get_all": "rule:load-balancer:read-quota"
|
||||
|
||||
# List Quotas including resources owned by others
|
||||
# GET /v2/lbaas/quotas
|
||||
#"os_load-balancer_api:quota:get_all-global": "rule:load-balancer:read-quota-global"
|
||||
|
||||
# Show Quota details
|
||||
# GET /v2/lbaas/quotas/{project_id}
|
||||
#"os_load-balancer_api:quota:get_one": "rule:load-balancer:read-quota"
|
||||
|
||||
# Update a Quota
|
||||
# PUT /v2/lbaas/quotas/{project_id}
|
||||
#"os_load-balancer_api:quota:put": "rule:load-balancer:write-quota"
|
||||
|
||||
# Reset a Quota
|
||||
# DELETE /v2/lbaas/quotas/{project_id}
|
||||
#"os_load-balancer_api:quota:delete": "rule:load-balancer:write-quota"
|
||||
|
||||
# Show Default Quota for a Project
|
||||
# GET /v2/lbaas/quotas/{project_id}/default
|
||||
#"os_load-balancer_api:quota:get_defaults": "rule:load-balancer:read-quota"
|
||||
|
||||
# List Amphorae
|
||||
# GET /v2/octavia/amphorae
|
||||
#"os_load-balancer_api:amphora:get_all": "rule:load-balancer:admin"
|
||||
|
||||
# Show Amphora details
|
||||
# GET /v2/octavia/amphorae/{amphora_id}
|
||||
#"os_load-balancer_api:amphora:get_one": "rule:load-balancer:admin"
|
||||
|
||||
# Delete an Amphora
|
||||
# DELETE /v2/octavia/amphorae/{amphora_id}
|
||||
#"os_load-balancer_api:amphora:delete": "rule:load-balancer:admin"
|
||||
|
||||
# Update Amphora Agent Configuration
|
||||
# PUT /v2/octavia/amphorae/{amphora_id}/config
|
||||
#"os_load-balancer_api:amphora:put_config": "rule:load-balancer:admin"
|
||||
|
||||
# Failover Amphora
|
||||
# PUT /v2/octavia/amphorae/{amphora_id}/failover
|
||||
#"os_load-balancer_api:amphora:put_failover": "rule:load-balancer:admin"
|
||||
|
||||
# Show Amphora statistics
|
||||
# GET /v2/octavia/amphorae/{amphora_id}/stats
|
||||
#"os_load-balancer_api:amphora:get_stats": "rule:load-balancer:admin"
|
||||
|
||||
# List the provider flavor capabilities.
|
||||
# GET /v2/lbaas/providers/{provider}/flavor_capabilities
|
||||
#"os_load-balancer_api:provider-flavor:get_all": "rule:load-balancer:admin"
|
||||
|
||||
# List the provider availability zone capabilities.
|
||||
# GET /v2/lbaas/providers/{provider}/availability_zone_capabilities
|
||||
#"os_load-balancer_api:provider-availability-zone:get_all": "rule:load-balancer:admin"
|
||||
|
|
@ -21,6 +21,10 @@ settings.POLICY_FILES.update({
|
|||
'load-balancer': 'octavia_policy.yaml',
|
||||
})
|
||||
|
||||
settings.iDEFAULT_POLICY_FILES.update({
|
||||
'load-balancer': 'default_policies/octavia.yaml',
|
||||
})
|
||||
|
||||
# Sample
|
||||
# settings.LOGGING['loggers'].update({
|
||||
# 'openstack': {
|
||||
|
|
Loading…
Reference in New Issue