fafabad042
Oslo.policy is moving away from using json format policy files[1]. This patch updates the Octavia documentation, policy configuration file, and legacy admin-or-owner policy file to be in yaml format. Octavia will continue to honor and support the json format file as long as oslo.policy does, but this patch will encourage new deployments to use the yaml format. [1] https://docs.openstack.org/oslo.policy/latest/admin/policy-json-file.html Change-Id: I925cc05981e677c0552b18f845fdbc512d2af22c
19 lines
769 B
YAML
19 lines
769 B
YAML
# This policy.yaml will revert the Octavia API to follow the legacy
|
|
# admin-or-owner RBAC policies.
|
|
# It provides a similar policy to legacy OpenStack policies where any
|
|
# user or admin has access to load-balancer resources that they own.
|
|
# Users with the admin role has access to all load-balancer resources,
|
|
# whether they own them or not.
|
|
|
|
# Role Rules
|
|
"context_is_admin": "role:admin or role:load-balancer_admin"
|
|
"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
|
|
|
|
# Rules
|
|
"load-balancer:read": "rule:admin_or_owner"
|
|
"load-balancer:read-global": "is_admin:True"
|
|
"load-balancer:write": "rule:admin_or_owner"
|
|
"load-balancer:read-quota": "rule:admin_or_owner"
|
|
"load-balancer:read-quota-global": "is_admin:True"
|
|
"load-balancer:write-quota": "is_admin:True"
|