92e305c256
This PR replaces the copy_update module with a proper Ansible action plugin. This change allows for dynamic updates to configuration files that are ini, json, and yaml. All of the policy files have been moved to the role templates directories and the task syntax has been updated to facilitate the new action plugin. An entry has been added to the ansible.cfg file to inform Ansible to look into the new directory. In order for the action plugin to work as a "module" a virtual module was added to the library directory. Change-Id: I80331628b2c3d426a95c89d9c1b766e2e3f70e6d Partially implements: blueprint tunable-openstack-configuration
155 lines
7.0 KiB
JSON
155 lines
7.0 KiB
JSON
{
|
|
"context_is_admin": "role:admin",
|
|
"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
|
|
"context_is_advsvc": "role:advsvc",
|
|
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
|
|
"admin_only": "rule:context_is_admin",
|
|
"regular_user": "",
|
|
"shared": "field:networks:shared=True",
|
|
"shared_firewalls": "field:firewalls:shared=True",
|
|
"shared_firewall_policies": "field:firewall_policies:shared=True",
|
|
"shared_subnetpools": "field:subnetpools:shared=True",
|
|
"external": "field:networks:router:external=True",
|
|
"default": "rule:admin_or_owner",
|
|
|
|
"create_subnet": "rule:admin_or_network_owner",
|
|
"get_subnet": "rule:admin_or_owner or rule:shared",
|
|
"update_subnet": "rule:admin_or_network_owner",
|
|
"delete_subnet": "rule:admin_or_network_owner",
|
|
|
|
"create_subnetpool": "",
|
|
"create_subnetpool:shared": "rule:admin_only",
|
|
"get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools",
|
|
"update_subnetpool": "rule:admin_or_owner",
|
|
"delete_subnetpool": "rule:admin_or_owner",
|
|
|
|
"create_network": "",
|
|
"get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
|
|
"get_network:router:external": "rule:regular_user",
|
|
"get_network:segments": "rule:admin_only",
|
|
"get_network:provider:network_type": "rule:admin_only",
|
|
"get_network:provider:physical_network": "rule:admin_only",
|
|
"get_network:provider:segmentation_id": "rule:admin_only",
|
|
"get_network:queue_id": "rule:admin_only",
|
|
"create_network:shared": "rule:admin_only",
|
|
"create_network:router:external": "rule:admin_only",
|
|
"create_network:segments": "rule:admin_only",
|
|
"create_network:provider:network_type": "rule:admin_only",
|
|
"create_network:provider:physical_network": "rule:admin_only",
|
|
"create_network:provider:segmentation_id": "rule:admin_only",
|
|
"update_network": "rule:admin_or_owner",
|
|
"update_network:segments": "rule:admin_only",
|
|
"update_network:shared": "rule:admin_only",
|
|
"update_network:provider:network_type": "rule:admin_only",
|
|
"update_network:provider:physical_network": "rule:admin_only",
|
|
"update_network:provider:segmentation_id": "rule:admin_only",
|
|
"update_network:router:external": "rule:admin_only",
|
|
"delete_network": "rule:admin_or_owner",
|
|
|
|
"create_port": "",
|
|
"create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"create_port:binding:host_id": "rule:admin_only",
|
|
"create_port:binding:profile": "rule:admin_only",
|
|
"create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"get_port": "rule:admin_or_owner or rule:context_is_advsvc",
|
|
"get_port:queue_id": "rule:admin_only",
|
|
"get_port:binding:vif_type": "rule:admin_only",
|
|
"get_port:binding:vif_details": "rule:admin_only",
|
|
"get_port:binding:host_id": "rule:admin_only",
|
|
"get_port:binding:profile": "rule:admin_only",
|
|
"update_port": "rule:admin_or_owner or rule:context_is_advsvc",
|
|
"update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
|
|
"update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"update_port:binding:host_id": "rule:admin_only",
|
|
"update_port:binding:profile": "rule:admin_only",
|
|
"update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
|
|
|
|
"get_router:ha": "rule:admin_only",
|
|
"create_router": "rule:regular_user",
|
|
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
|
|
"create_router:distributed": "rule:admin_only",
|
|
"create_router:ha": "rule:admin_only",
|
|
"get_router": "rule:admin_or_owner",
|
|
"get_router:distributed": "rule:admin_only",
|
|
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
|
|
"update_router:distributed": "rule:admin_only",
|
|
"update_router:ha": "rule:admin_only",
|
|
"delete_router": "rule:admin_or_owner",
|
|
|
|
"add_router_interface": "rule:admin_or_owner",
|
|
"remove_router_interface": "rule:admin_or_owner",
|
|
|
|
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
|
|
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
|
|
|
|
"create_firewall": "",
|
|
"get_firewall": "rule:admin_or_owner",
|
|
"create_firewall:shared": "rule:admin_only",
|
|
"get_firewall:shared": "rule:admin_only",
|
|
"update_firewall": "rule:admin_or_owner",
|
|
"update_firewall:shared": "rule:admin_only",
|
|
"delete_firewall": "rule:admin_or_owner",
|
|
|
|
"create_firewall_policy": "",
|
|
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies",
|
|
"create_firewall_policy:shared": "rule:admin_or_owner",
|
|
"update_firewall_policy": "rule:admin_or_owner",
|
|
"delete_firewall_policy": "rule:admin_or_owner",
|
|
|
|
"create_firewall_rule": "",
|
|
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
|
|
"update_firewall_rule": "rule:admin_or_owner",
|
|
"delete_firewall_rule": "rule:admin_or_owner",
|
|
|
|
"create_qos_queue": "rule:admin_only",
|
|
"get_qos_queue": "rule:admin_only",
|
|
|
|
"update_agent": "rule:admin_only",
|
|
"delete_agent": "rule:admin_only",
|
|
"get_agent": "rule:admin_only",
|
|
|
|
"create_dhcp-network": "rule:admin_only",
|
|
"delete_dhcp-network": "rule:admin_only",
|
|
"get_dhcp-networks": "rule:admin_only",
|
|
"create_l3-router": "rule:admin_only",
|
|
"delete_l3-router": "rule:admin_only",
|
|
"get_l3-routers": "rule:admin_only",
|
|
"get_dhcp-agents": "rule:admin_only",
|
|
"get_l3-agents": "rule:admin_only",
|
|
"get_loadbalancer-agent": "rule:admin_only",
|
|
"get_loadbalancer-pools": "rule:admin_only",
|
|
"get_agent-loadbalancers": "rule:admin_only",
|
|
"get_loadbalancer-hosting-agent": "rule:admin_only",
|
|
|
|
"create_floatingip": "rule:regular_user",
|
|
"create_floatingip:floating_ip_address": "rule:admin_only",
|
|
"update_floatingip": "rule:admin_or_owner",
|
|
"delete_floatingip": "rule:admin_or_owner",
|
|
"get_floatingip": "rule:admin_or_owner",
|
|
|
|
"create_network_profile": "rule:admin_only",
|
|
"update_network_profile": "rule:admin_only",
|
|
"delete_network_profile": "rule:admin_only",
|
|
"get_network_profiles": "",
|
|
"get_network_profile": "",
|
|
"update_policy_profiles": "rule:admin_only",
|
|
"get_policy_profiles": "",
|
|
"get_policy_profile": "",
|
|
|
|
"create_metering_label": "rule:admin_only",
|
|
"delete_metering_label": "rule:admin_only",
|
|
"get_metering_label": "rule:admin_only",
|
|
|
|
"create_metering_label_rule": "rule:admin_only",
|
|
"delete_metering_label_rule": "rule:admin_only",
|
|
"get_metering_label_rule": "rule:admin_only",
|
|
|
|
"get_service_provider": "rule:regular_user",
|
|
"get_lsn": "rule:admin_only",
|
|
"create_lsn": "rule:admin_only"
|
|
}
|