2021-09-21 21:40:05 +00:00
parameter_defaults :
EnforceSecureRbac : false
NovaApiPolicies :
nova-context_is_admin :
key : "context_is_admin"
value : "role:admin"
nova-admin_or_owner :
key : "admin_or_owner"
value : "is_admin:True or project_id:%(project_id)s"
nova-admin_api :
key : "admin_api"
2021-09-22 16:05:09 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
nova-system_admin_api :
key : "system_admin_api"
value : "role:admin and system_scope:all"
nova-system_reader_api :
key : "system_reader_api"
value : "role:reader and system_scope:all"
nova-project_admin_api :
key : "project_admin_api"
value : "role:admin and project_id:%(project_id)s"
nova-project_member_api :
key : "project_member_api"
value : "role:member and project_id:%(project_id)s"
nova-rule_admin_or_owner :
key : "rule:admin_or_owner"
value : "rule:project_member_api"
nova-project_reader_api :
key : "project_reader_api"
value : "role:reader and project_id:%(project_id)s"
nova-system_admin_or_owner :
key : "system_admin_or_owner"
value : "rule:system_admin_api or rule:project_member_api"
nova-system_or_project_reader :
key : "system_or_project_reader"
value : "rule:system_reader_api or rule:project_reader_api"
nova-os_compute_api_os-admin-actions_reset_state :
key : "os_compute_api:os-admin-actions:reset_state"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-admin-actions_inject_network_info :
key : "os_compute_api:os-admin-actions:inject_network_info"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-admin-password :
key : "os_compute_api:os-admin-password"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-aggregates_set_metadata :
key : "os_compute_api:os-aggregates:set_metadata"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-aggregates_add_host :
key : "os_compute_api:os-aggregates:add_host"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-aggregates_create :
key : "os_compute_api:os-aggregates:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-aggregates_remove_host :
key : "os_compute_api:os-aggregates:remove_host"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-aggregates_update :
key : "os_compute_api:os-aggregates:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-aggregates_index :
key : "os_compute_api:os-aggregates:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-aggregates_delete :
key : "os_compute_api:os-aggregates:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-aggregates_show :
key : "os_compute_api:os-aggregates:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-compute_aggregates_images :
key : "compute:aggregates:images"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-assisted-volume-snapshots_create :
key : "os_compute_api:os-assisted-volume-snapshots:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-assisted-volume-snapshots_delete :
key : "os_compute_api:os-assisted-volume-snapshots:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-attach-interfaces_list :
key : "os_compute_api:os-attach-interfaces:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-attach-interfaces :
key : "os_compute_api:os-attach-interfaces"
value : "rule:os_compute_api:os-attach-interfaces:list"
nova-os_compute_api_os-attach-interfaces_show :
key : "os_compute_api:os-attach-interfaces:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-attach-interfaces_create :
key : "os_compute_api:os-attach-interfaces:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-attach-interfaces_delete :
key : "os_compute_api:os-attach-interfaces:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-availability-zone_list :
key : "os_compute_api:os-availability-zone:list"
value : "@"
nova-os_compute_api_os-availability-zone_detail :
key : "os_compute_api:os-availability-zone:detail"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-baremetal-nodes_list :
key : "os_compute_api:os-baremetal-nodes:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-baremetal-nodes :
key : "os_compute_api:os-baremetal-nodes"
value : "rule:os_compute_api:os-baremetal-nodes:list"
nova-os_compute_api_os-baremetal-nodes_show :
key : "os_compute_api:os-baremetal-nodes:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-console-auth-tokens :
key : "os_compute_api:os-console-auth-tokens"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-console-output :
key : "os_compute_api:os-console-output"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-create-backup :
key : "os_compute_api:os-create-backup"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-deferred-delete_restore :
key : "os_compute_api:os-deferred-delete:restore"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-deferred-delete :
key : "os_compute_api:os-deferred-delete"
value : "rule:os_compute_api:os-deferred-delete:restore"
nova-os_compute_api_os-deferred-delete_force :
key : "os_compute_api:os-deferred-delete:force"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-evacuate :
key : "os_compute_api:os-evacuate"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-extended-server-attributes :
key : "os_compute_api:os-extended-server-attributes"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_extensions :
key : "os_compute_api:extensions"
value : "@"
nova-os_compute_api_os-flavor-access_add_tenant_access :
key : "os_compute_api:os-flavor-access:add_tenant_access"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-access_remove_tenant_access :
key : "os_compute_api:os-flavor-access:remove_tenant_access"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-access :
key : "os_compute_api:os-flavor-access"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-extra-specs_show :
key : "os_compute_api:os-flavor-extra-specs:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-extra-specs_create :
key : "os_compute_api:os-flavor-extra-specs:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-extra-specs_update :
key : "os_compute_api:os-flavor-extra-specs:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-extra-specs_delete :
key : "os_compute_api:os-flavor-extra-specs:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-extra-specs_index :
key : "os_compute_api:os-flavor-extra-specs:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-manage_create :
key : "os_compute_api:os-flavor-manage:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-manage_update :
key : "os_compute_api:os-flavor-manage:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-flavor-manage_delete :
key : "os_compute_api:os-flavor-manage:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-floating-ip-pools :
key : "os_compute_api:os-floating-ip-pools"
value : "@"
nova-os_compute_api_os-floating-ips_add :
key : "os_compute_api:os-floating-ips:add"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-floating-ips :
key : "os_compute_api:os-floating-ips"
value : "rule:os_compute_api:os-floating-ips:add"
nova-os_compute_api_os-floating-ips_remove :
key : "os_compute_api:os-floating-ips:remove"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-floating-ips_list :
key : "os_compute_api:os-floating-ips:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-floating-ips_create :
key : "os_compute_api:os-floating-ips:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-floating-ips_show :
key : "os_compute_api:os-floating-ips:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-floating-ips_delete :
key : "os_compute_api:os-floating-ips:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hosts_list :
key : "os_compute_api:os-hosts:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hosts :
key : "os_compute_api:os-hosts"
value : "rule:os_compute_api:os-hosts:list"
nova-os_compute_api_os-hosts_show :
key : "os_compute_api:os-hosts:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hosts_update :
key : "os_compute_api:os-hosts:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hosts_reboot :
key : "os_compute_api:os-hosts:reboot"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hosts_shutdown :
key : "os_compute_api:os-hosts:shutdown"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hosts_start :
key : "os_compute_api:os-hosts:start"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hypervisors_list :
key : "os_compute_api:os-hypervisors:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hypervisors :
key : "os_compute_api:os-hypervisors"
value : "rule:os_compute_api:os-hypervisors:list"
nova-os_compute_api_os-hypervisors_list-detail :
key : "os_compute_api:os-hypervisors:list-detail"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hypervisors_statistics :
key : "os_compute_api:os-hypervisors:statistics"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hypervisors_show :
key : "os_compute_api:os-hypervisors:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hypervisors_uptime :
key : "os_compute_api:os-hypervisors:uptime"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hypervisors_search :
key : "os_compute_api:os-hypervisors:search"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-hypervisors_servers :
key : "os_compute_api:os-hypervisors:servers"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-instance-actions_events_details :
key : "os_compute_api:os-instance-actions:events:details"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-instance-actions_events :
key : "os_compute_api:os-instance-actions:events"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-instance-actions_list :
key : "os_compute_api:os-instance-actions:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-instance-actions :
key : "os_compute_api:os-instance-actions"
value : "rule:os_compute_api:os-instance-actions:list"
nova-os_compute_api_os-instance-actions_show :
key : "os_compute_api:os-instance-actions:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-instance-usage-audit-log_list :
key : "os_compute_api:os-instance-usage-audit-log:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-instance-usage-audit-log :
key : "os_compute_api:os-instance-usage-audit-log"
value : "rule:os_compute_api:os-instance-usage-audit-log:list"
nova-os_compute_api_os-instance-usage-audit-log_show :
key : "os_compute_api:os-instance-usage-audit-log:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_ips_show :
key : "os_compute_api:ips:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_ips_index :
key : "os_compute_api:ips:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-keypairs_index :
key : "os_compute_api:os-keypairs:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or user_id:%(user_id)s"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-keypairs_create :
key : "os_compute_api:os-keypairs:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or user_id:%(user_id)s"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-keypairs_delete :
key : "os_compute_api:os-keypairs:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or user_id:%(user_id)s"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-keypairs_show :
key : "os_compute_api:os-keypairs:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or user_id:%(user_id)s"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_limits :
key : "os_compute_api:limits"
value : "@"
nova-os_compute_api_limits_other_project :
key : "os_compute_api:limits:other_project"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-used-limits :
key : "os_compute_api:os-used-limits"
value : "rule:os_compute_api:limits:other_project"
nova-os_compute_api_os-lock-server_lock :
key : "os_compute_api:os-lock-server:lock"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-lock-server_unlock :
key : "os_compute_api:os-lock-server:unlock"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-lock-server_unlock_unlock_override :
key : "os_compute_api:os-lock-server:unlock:unlock_override"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-migrate-server_migrate :
key : "os_compute_api:os-migrate-server:migrate"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-migrate-server_migrate_live :
key : "os_compute_api:os-migrate-server:migrate_live"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-migrations_index :
key : "os_compute_api:os-migrations:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-multinic_add :
key : "os_compute_api:os-multinic:add"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-multinic :
key : "os_compute_api:os-multinic"
value : "rule:os_compute_api:os-multinic:add"
nova-os_compute_api_os-multinic_remove :
key : "os_compute_api:os-multinic:remove"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-networks_list :
key : "os_compute_api:os-networks:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-networks_view :
key : "os_compute_api:os-networks:view"
value : "rule:os_compute_api:os-networks:list"
nova-os_compute_api_os-networks_show :
key : "os_compute_api:os-networks:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-pause-server_pause :
key : "os_compute_api:os-pause-server:pause"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-pause-server_unpause :
key : "os_compute_api:os-pause-server:unpause"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-quota-class-sets_show :
key : "os_compute_api:os-quota-class-sets:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-quota-class-sets_update :
key : "os_compute_api:os-quota-class-sets:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-quota-sets_update :
key : "os_compute_api:os-quota-sets:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-quota-sets_defaults :
key : "os_compute_api:os-quota-sets:defaults"
value : "@"
nova-os_compute_api_os-quota-sets_show :
key : "os_compute_api:os-quota-sets:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-quota-sets_delete :
key : "os_compute_api:os-quota-sets:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-quota-sets_detail :
key : "os_compute_api:os-quota-sets:detail"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-remote-consoles :
key : "os_compute_api:os-remote-consoles"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-rescue :
key : "os_compute_api:os-rescue"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-unrescue :
key : "os_compute_api:os-unrescue"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups_get :
key : "os_compute_api:os-security-groups:get"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups :
key : "os_compute_api:os-security-groups"
value : "rule:os_compute_api:os-security-groups:get"
nova-os_compute_api_os-security-groups_show :
key : "os_compute_api:os-security-groups:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups_create :
key : "os_compute_api:os-security-groups:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups_update :
key : "os_compute_api:os-security-groups:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups_delete :
key : "os_compute_api:os-security-groups:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups_rule_create :
key : "os_compute_api:os-security-groups:rule:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups_rule_delete :
key : "os_compute_api:os-security-groups:rule:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups_list :
key : "os_compute_api:os-security-groups:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups_add :
key : "os_compute_api:os-security-groups:add"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-security-groups_remove :
key : "os_compute_api:os-security-groups:remove"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-diagnostics :
key : "os_compute_api:os-server-diagnostics"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-external-events_create :
key : "os_compute_api:os-server-external-events:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-groups_create :
key : "os_compute_api:os-server-groups:create"
value : "rule:project_member_api"
nova-os_compute_api_os-server-groups_delete :
key : "os_compute_api:os-server-groups:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-groups_index :
key : "os_compute_api:os-server-groups:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-groups_index_all_projects :
key : "os_compute_api:os-server-groups:index:all_projects"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-groups_show :
key : "os_compute_api:os-server-groups:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_server-metadata_index :
key : "os_compute_api:server-metadata:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_server-metadata_show :
key : "os_compute_api:server-metadata:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_server-metadata_create :
key : "os_compute_api:server-metadata:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_server-metadata_update_all :
key : "os_compute_api:server-metadata:update_all"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_server-metadata_update :
key : "os_compute_api:server-metadata:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_server-metadata_delete :
key : "os_compute_api:server-metadata:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-password_show :
key : "os_compute_api:os-server-password:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-password :
key : "os_compute_api:os-server-password"
value : "rule:os_compute_api:os-server-password:show"
nova-os_compute_api_os-server-password_clear :
key : "os_compute_api:os-server-password:clear"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-tags_delete_all :
key : "os_compute_api:os-server-tags:delete_all"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-tags_index :
key : "os_compute_api:os-server-tags:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-tags_update_all :
key : "os_compute_api:os-server-tags:update_all"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-tags_delete :
key : "os_compute_api:os-server-tags:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-tags_update :
key : "os_compute_api:os-server-tags:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-server-tags_show :
key : "os_compute_api:os-server-tags:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-compute_server_topology_index :
key : "compute:server:topology:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-compute_server_topology_host_index :
key : "compute:server:topology:host:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_index :
key : "os_compute_api:servers:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_detail :
key : "os_compute_api:servers:detail"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_index_get_all_tenants :
key : "os_compute_api:servers:index:get_all_tenants"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_detail_get_all_tenants :
key : "os_compute_api:servers:detail:get_all_tenants"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_allow_all_filters :
key : "os_compute_api:servers:allow_all_filters"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_show :
key : "os_compute_api:servers:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_show_host_status :
key : "os_compute_api:servers:show:host_status"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_show_host_status_unknown-only :
key : "os_compute_api:servers:show:host_status:unknown-only"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_create :
key : "os_compute_api:servers:create"
value : "rule:project_member_api"
nova-os_compute_api_servers_create_forced_host :
key : "os_compute_api:servers:create:forced_host"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-compute_servers_create_requested_destination :
key : "compute:servers:create:requested_destination"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_create_attach_volume :
key : "os_compute_api:servers:create:attach_volume"
value : "rule:project_member_api"
nova-os_compute_api_servers_create_attach_network :
key : "os_compute_api:servers:create:attach_network"
value : "rule:project_member_api"
nova-os_compute_api_servers_create_trusted_certs :
key : "os_compute_api:servers:create:trusted_certs"
value : "rule:project_member_api"
nova-os_compute_api_servers_create_zero_disk_flavor :
key : "os_compute_api:servers:create:zero_disk_flavor"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-network_attach_external_network :
key : "network:attach_external_network"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_delete :
key : "os_compute_api:servers:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_update :
key : "os_compute_api:servers:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_confirm_resize :
key : "os_compute_api:servers:confirm_resize"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_revert_resize :
key : "os_compute_api:servers:revert_resize"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_reboot :
key : "os_compute_api:servers:reboot"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_resize :
key : "os_compute_api:servers:resize"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-compute_servers_resize_cross_cell :
key : "compute:servers:resize:cross_cell"
value : "!"
nova-os_compute_api_servers_rebuild :
key : "os_compute_api:servers:rebuild"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_rebuild_trusted_certs :
key : "os_compute_api:servers:rebuild:trusted_certs"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_create_image :
key : "os_compute_api:servers:create_image"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_create_image_allow_volume_backed :
key : "os_compute_api:servers:create_image:allow_volume_backed"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_start :
key : "os_compute_api:servers:start"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_stop :
key : "os_compute_api:servers:stop"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_trigger_crash_dump :
key : "os_compute_api:servers:trigger_crash_dump"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_migrations_show :
key : "os_compute_api:servers:migrations:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_migrations_force_complete :
key : "os_compute_api:servers:migrations:force_complete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_migrations_delete :
key : "os_compute_api:servers:migrations:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_servers_migrations_index :
key : "os_compute_api:servers:migrations:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-services_list :
key : "os_compute_api:os-services:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-services :
key : "os_compute_api:os-services"
value : "rule:os_compute_api:os-services:list"
nova-os_compute_api_os-services_update :
key : "os_compute_api:os-services:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-services_delete :
key : "os_compute_api:os-services:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-shelve_shelve :
key : "os_compute_api:os-shelve:shelve"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-shelve_unshelve :
key : "os_compute_api:os-shelve:unshelve"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-shelve_shelve_offload :
key : "os_compute_api:os-shelve:shelve_offload"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-simple-tenant-usage_show :
key : "os_compute_api:os-simple-tenant-usage:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-simple-tenant-usage_list :
key : "os_compute_api:os-simple-tenant-usage:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-suspend-server_resume :
key : "os_compute_api:os-suspend-server:resume"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-suspend-server_suspend :
key : "os_compute_api:os-suspend-server:suspend"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-tenant-networks_list :
key : "os_compute_api:os-tenant-networks:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-tenant-networks :
key : "os_compute_api:os-tenant-networks"
value : "rule:os_compute_api:os-tenant-networks:list"
nova-os_compute_api_os-tenant-networks_show :
key : "os_compute_api:os-tenant-networks:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes_list :
key : "os_compute_api:os-volumes:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes :
key : "os_compute_api:os-volumes"
value : "rule:os_compute_api:os-volumes:list"
nova-os_compute_api_os-volumes_create :
key : "os_compute_api:os-volumes:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes_detail :
key : "os_compute_api:os-volumes:detail"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes_show :
key : "os_compute_api:os-volumes:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes_delete :
key : "os_compute_api:os-volumes:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes_snapshots_list :
key : "os_compute_api:os-volumes:snapshots:list"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes_snapshots_create :
key : "os_compute_api:os-volumes:snapshots:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes_snapshots_detail :
key : "os_compute_api:os-volumes:snapshots:detail"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes_snapshots_show :
key : "os_compute_api:os-volumes:snapshots:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes_snapshots_delete :
key : "os_compute_api:os-volumes:snapshots:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes-attachments_index :
key : "os_compute_api:os-volumes-attachments:index"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes-attachments_create :
key : "os_compute_api:os-volumes-attachments:create"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes-attachments_show :
key : "os_compute_api:os-volumes-attachments:show"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes-attachments_update :
key : "os_compute_api:os-volumes-attachments:update"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes-attachments_swap :
key : "os_compute_api:os-volumes-attachments:swap"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
nova-os_compute_api_os-volumes-attachments_delete :
key : "os_compute_api:os-volumes-attachments:delete"
2021-09-22 16:05:09 +00:00
value : "rule:admin_api or rule:project_member_api"
2021-09-21 21:40:05 +00:00
PlacementPolicies :
placement-placement_resource_providers_list :
key : "placement:resource_providers:list"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_create :
key : "placement:resource_providers:create"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_show :
key : "placement:resource_providers:show"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_update :
key : "placement:resource_providers:update"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_delete :
key : "placement:resource_providers:delete"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_classes_list :
key : "placement:resource_classes:list"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_classes_create :
key : "placement:resource_classes:create"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_classes_show :
key : "placement:resource_classes:show"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_classes_update :
key : "placement:resource_classes:update"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_classes_delete :
key : "placement:resource_classes:delete"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_inventories_list :
key : "placement:resource_providers:inventories:list"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_inventories_create :
key : "placement:resource_providers:inventories:create"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_inventories_show :
key : "placement:resource_providers:inventories:show"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_inventories_update :
key : "placement:resource_providers:inventories:update"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_inventories_delete :
key : "placement:resource_providers:inventories:delete"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_aggregates_list :
key : "placement:resource_providers:aggregates:list"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_aggregates_update :
key : "placement:resource_providers:aggregates:update"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_usages :
key : "placement:resource_providers:usages"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_usages :
key : "placement:usages"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api or rule:project_reader_api"
2021-09-21 21:40:05 +00:00
placement-placement_traits_list :
key : "placement:traits:list"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_traits_show :
key : "placement:traits:show"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_traits_update :
key : "placement:traits:update"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_traits_delete :
key : "placement:traits:delete"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_traits_list :
key : "placement:resource_providers:traits:list"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_traits_update :
key : "placement:resource_providers:traits:update"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_traits_delete :
key : "placement:resource_providers:traits:delete"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_allocations_manage :
key : "placement:allocations:manage"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_allocations_list :
key : "placement:allocations:list"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_allocations_update :
key : "placement:allocations:update"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_allocations_delete :
key : "placement:allocations:delete"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_resource_providers_allocations_list :
key : "placement:resource_providers:allocations:list"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_allocation_candidates_list :
key : "placement:allocation_candidates:list"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
placement-placement_reshaper_reshape :
key : "placement:reshaper:reshape"
2021-09-22 13:29:09 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
NeutronApiPolicies :
neutron-context_is_admin :
key : "context_is_admin"
value : "role:admin"
neutron-owner :
key : "owner"
value : "tenant_id:%(tenant_id)s"
neutron-admin_or_owner :
key : "admin_or_owner"
value : "rule:context_is_admin or rule:owner"
neutron-context_is_advsvc :
key : "context_is_advsvc"
value : "role:advsvc"
neutron-admin_or_network_owner :
key : "admin_or_network_owner"
value : "rule:context_is_admin or tenant_id:%(network:tenant_id)s"
neutron-admin_owner_or_network_owner :
key : "admin_owner_or_network_owner"
value : "rule:owner or rule:admin_or_network_owner"
neutron-network_owner :
key : "network_owner"
value : "tenant_id:%(network:tenant_id)s"
neutron-admin_only :
key : "admin_only"
value : "rule:context_is_admin"
2021-09-22 17:29:50 +00:00
neutron-admin_api :
key : "admin_api"
value : "role:admin"
2021-09-21 21:40:05 +00:00
neutron-regular_user :
key : "regular_user"
value : ""
neutron-shared :
key : "shared"
value : "field:networks:shared=True"
neutron-default :
key : "default"
value : "rule:admin_or_owner"
neutron-admin_or_ext_parent_owner :
key : "admin_or_ext_parent_owner"
value : "rule:context_is_admin or tenant_id:%(ext_parent:tenant_id)s"
neutron-ext_parent_owner :
key : "ext_parent_owner"
value : "tenant_id:%(ext_parent:tenant_id)s"
neutron-sg_owner :
key : "sg_owner"
value : "tenant_id:%(security_group:tenant_id)s"
neutron-shared_address_groups :
key : "shared_address_groups"
value : "field:address_groups:shared=True"
neutron-get_address_group :
key : "get_address_group"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s) or rule:shared_address_groups"
2021-09-21 21:40:05 +00:00
neutron-shared_address_scopes :
key : "shared_address_scopes"
value : "field:address_scopes:shared=True"
neutron-create_address_scope :
key : "create_address_scope"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_address_scope_shared :
key : "create_address_scope:shared"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_address_scope :
key : "get_address_scope"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s) or rule:shared_address_scopes"
2021-09-21 21:40:05 +00:00
neutron-update_address_scope :
key : "update_address_scope"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_address_scope_shared :
key : "update_address_scope:shared"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_address_scope :
key : "delete_address_scope"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_agent :
key : "get_agent"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_agent :
key : "update_agent"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_agent :
key : "delete_agent"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_dhcp-network :
key : "create_dhcp-network"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_dhcp-networks :
key : "get_dhcp-networks"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_dhcp-network :
key : "delete_dhcp-network"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_l3-router :
key : "create_l3-router"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_l3-routers :
key : "get_l3-routers"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_l3-router :
key : "delete_l3-router"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_dhcp-agents :
key : "get_dhcp-agents"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_l3-agents :
key : "get_l3-agents"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_auto_allocated_topology :
key : "get_auto_allocated_topology"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-delete_auto_allocated_topology :
key : "delete_auto_allocated_topology"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_availability_zone :
key : "get_availability_zone"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_flavor :
key : "create_flavor"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_flavor :
key : "get_flavor"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_flavor :
key : "update_flavor"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_flavor :
key : "delete_flavor"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_service_profile :
key : "create_service_profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_service_profile :
key : "get_service_profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_service_profile :
key : "update_service_profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_service_profile :
key : "delete_service_profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_flavor_service_profile :
key : "get_flavor_service_profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_flavor_service_profile :
key : "create_flavor_service_profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_flavor_service_profile :
key : "delete_flavor_service_profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_floatingip :
key : "create_floatingip"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_floatingip_floating_ip_address :
key : "create_floatingip:floating_ip_address"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_floatingip :
key : "get_floatingip"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_floatingip :
key : "update_floatingip"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-delete_floatingip :
key : "delete_floatingip"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_floatingip_pool :
key : "get_floatingip_pool"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_floatingip_port_forwarding :
key : "create_floatingip_port_forwarding"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner"
2021-09-21 21:40:05 +00:00
neutron-get_floatingip_port_forwarding :
key : "get_floatingip_port_forwarding"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s) or rule:ext_parent_owner"
2021-09-21 21:40:05 +00:00
neutron-update_floatingip_port_forwarding :
key : "update_floatingip_port_forwarding"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner"
2021-09-21 21:40:05 +00:00
neutron-delete_floatingip_port_forwarding :
key : "delete_floatingip_port_forwarding"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner"
2021-09-21 21:40:05 +00:00
neutron-create_router_conntrack_helper :
key : "create_router_conntrack_helper"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner"
2021-09-21 21:40:05 +00:00
neutron-get_router_conntrack_helper :
key : "get_router_conntrack_helper"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s) or rule:ext_parent_owner"
2021-09-21 21:40:05 +00:00
neutron-update_router_conntrack_helper :
key : "update_router_conntrack_helper"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner"
2021-09-21 21:40:05 +00:00
neutron-delete_router_conntrack_helper :
key : "delete_router_conntrack_helper"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner"
2021-09-21 21:40:05 +00:00
neutron-get_loggable_resource :
key : "get_loggable_resource"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_log :
key : "create_log"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_log :
key : "get_log"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_log :
key : "update_log"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_log :
key : "delete_log"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_metering_label :
key : "create_metering_label"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_metering_label :
key : "get_metering_label"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_metering_label :
key : "delete_metering_label"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_metering_label_rule :
key : "create_metering_label_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_metering_label_rule :
key : "get_metering_label_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_metering_label_rule :
key : "delete_metering_label_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-external :
key : "external"
value : "field:networks:router:external=True"
neutron-create_network :
key : "create_network"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_network_shared :
key : "create_network:shared"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_network_router_external :
key : "create_network:router:external"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_network_is_default :
key : "create_network:is_default"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_network_port_security_enabled :
key : "create_network:port_security_enabled"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_network_segments :
key : "create_network:segments"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_network_provider_network_type :
key : "create_network:provider:network_type"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_network_provider_physical_network :
key : "create_network:provider:physical_network"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_network_provider_segmentation_id :
key : "create_network:provider:segmentation_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_network :
key : "get_network"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s) or rule:shared or rule:external or rule:context_is_advsvc"
2021-09-21 21:40:05 +00:00
neutron-get_network_router_external :
key : "get_network:router:external"
2021-11-12 13:36:44 +01:00
value : "role:reader"
2021-09-21 21:40:05 +00:00
neutron-get_network_segments :
key : "get_network:segments"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_network_provider_network_type :
key : "get_network:provider:network_type"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_network_provider_physical_network :
key : "get_network:provider:physical_network"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_network_provider_segmentation_id :
key : "get_network:provider:segmentation_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_network :
key : "update_network"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_network_segments :
key : "update_network:segments"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_network_shared :
key : "update_network:shared"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_network_provider_network_type :
key : "update_network:provider:network_type"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_network_provider_physical_network :
key : "update_network:provider:physical_network"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_network_provider_segmentation_id :
key : "update_network:provider:segmentation_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_network_router_external :
key : "update_network:router:external"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_network_is_default :
key : "update_network:is_default"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_network_port_security_enabled :
key : "update_network:port_security_enabled"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-delete_network :
key : "delete_network"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_network_ip_availability :
key : "get_network_ip_availability"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_network_segment_range :
key : "create_network_segment_range"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_network_segment_range :
key : "get_network_segment_range"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_network_segment_range :
key : "update_network_segment_range"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_network_segment_range :
key : "delete_network_segment_range"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-network_device :
key : "network_device"
value : "field:port:device_owner=~^network:"
neutron-admin_or_data_plane_int :
key : "admin_or_data_plane_int"
value : "rule:context_is_admin or role:data_plane_integrator"
neutron-create_port :
key : "create_port"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_port_device_owner :
key : "create_port:device_owner"
2021-09-22 17:29:50 +00:00
value : "not rule:network_device or rule:admin_api or rule:context_is_advsvc or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-create_port_mac_address :
key : "create_port:mac_address"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:network_owner or rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_port_fixed_ips :
key : "create_port:fixed_ips"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:network_owner or rule:admin_api or rule:shared"
2021-09-21 21:40:05 +00:00
neutron-create_port_fixed_ips_ip_address :
key : "create_port:fixed_ips:ip_address"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:network_owner or rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_port_fixed_ips_subnet_id :
key : "create_port:fixed_ips:subnet_id"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:network_owner or rule:admin_api or rule:shared"
2021-09-21 21:40:05 +00:00
neutron-create_port_port_security_enabled :
key : "create_port:port_security_enabled"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:network_owner or rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_port_binding_host_id :
key : "create_port:binding:host_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_port_binding_profile :
key : "create_port:binding:profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_port_binding_vnic_type :
key : "create_port:binding:vnic_type"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_port_allowed_address_pairs :
key : "create_port:allowed_address_pairs"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-create_port_allowed_address_pairs_mac_address :
key : "create_port:allowed_address_pairs:mac_address"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-create_port_allowed_address_pairs_ip_address :
key : "create_port:allowed_address_pairs:ip_address"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-get_port :
key : "get_port"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_port_binding_vif_type :
key : "get_port:binding:vif_type"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_port_binding_vif_details :
key : "get_port:binding:vif_details"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_port_binding_host_id :
key : "get_port:binding:host_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_port_binding_profile :
key : "get_port:binding:profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_port_resource_request :
key : "get_port:resource_request"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_port :
key : "update_port"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:context_is_advsvc"
2021-09-21 21:40:05 +00:00
neutron-update_port_device_owner :
key : "update_port:device_owner"
2021-09-22 17:29:50 +00:00
value : "not rule:network_device or rule:context_is_advsvc or rule:network_owner or rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_port_mac_address :
key : "update_port:mac_address"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or rule:context_is_advsvc"
2021-09-21 21:40:05 +00:00
neutron-update_port_fixed_ips :
key : "update_port:fixed_ips"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:network_owner or rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_port_fixed_ips_ip_address :
key : "update_port:fixed_ips:ip_address"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:network_owner or rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_port_fixed_ips_subnet_id :
key : "update_port:fixed_ips:subnet_id"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:network_owner or rule:admin_api or rule:shared"
2021-09-21 21:40:05 +00:00
neutron-update_port_port_security_enabled :
key : "update_port:port_security_enabled"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:network_owner or rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_port_binding_host_id :
key : "update_port:binding:host_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_port_binding_profile :
key : "update_port:binding:profile"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_port_binding_vnic_type :
key : "update_port:binding:vnic_type"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:context_is_advsvc"
2021-09-21 21:40:05 +00:00
neutron-update_port_allowed_address_pairs :
key : "update_port:allowed_address_pairs"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-update_port_allowed_address_pairs_mac_address :
key : "update_port:allowed_address_pairs:mac_address"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-update_port_allowed_address_pairs_ip_address :
key : "update_port:allowed_address_pairs:ip_address"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-update_port_data_plane_status :
key : "update_port:data_plane_status"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or role:data_plane_integrator"
2021-09-21 21:40:05 +00:00
neutron-delete_port :
key : "delete_port"
2021-09-22 17:29:50 +00:00
value : "rule:context_is_advsvc or rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_policy :
key : "get_policy"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_policy :
key : "create_policy"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_policy :
key : "update_policy"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_policy :
key : "delete_policy"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_rule_type :
key : "get_rule_type"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_policy_bandwidth_limit_rule :
key : "get_policy_bandwidth_limit_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_policy_bandwidth_limit_rule :
key : "create_policy_bandwidth_limit_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_policy_bandwidth_limit_rule :
key : "update_policy_bandwidth_limit_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_policy_bandwidth_limit_rule :
key : "delete_policy_bandwidth_limit_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_policy_dscp_marking_rule :
key : "get_policy_dscp_marking_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_policy_dscp_marking_rule :
key : "create_policy_dscp_marking_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_policy_dscp_marking_rule :
key : "update_policy_dscp_marking_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_policy_dscp_marking_rule :
key : "delete_policy_dscp_marking_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_policy_minimum_bandwidth_rule :
key : "get_policy_minimum_bandwidth_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_policy_minimum_bandwidth_rule :
key : "create_policy_minimum_bandwidth_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_policy_minimum_bandwidth_rule :
key : "update_policy_minimum_bandwidth_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_policy_minimum_bandwidth_rule :
key : "delete_policy_minimum_bandwidth_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_alias_bandwidth_limit_rule :
key : "get_alias_bandwidth_limit_rule"
value : "rule:get_policy_bandwidth_limit_rule"
neutron-update_alias_bandwidth_limit_rule :
key : "update_alias_bandwidth_limit_rule"
value : "rule:update_policy_bandwidth_limit_rule"
neutron-delete_alias_bandwidth_limit_rule :
key : "delete_alias_bandwidth_limit_rule"
value : "rule:delete_policy_bandwidth_limit_rule"
neutron-get_alias_dscp_marking_rule :
key : "get_alias_dscp_marking_rule"
value : "rule:get_policy_dscp_marking_rule"
neutron-update_alias_dscp_marking_rule :
key : "update_alias_dscp_marking_rule"
value : "rule:update_policy_dscp_marking_rule"
neutron-delete_alias_dscp_marking_rule :
key : "delete_alias_dscp_marking_rule"
value : "rule:delete_policy_dscp_marking_rule"
neutron-get_alias_minimum_bandwidth_rule :
key : "get_alias_minimum_bandwidth_rule"
value : "rule:get_policy_minimum_bandwidth_rule"
neutron-update_alias_minimum_bandwidth_rule :
key : "update_alias_minimum_bandwidth_rule"
value : "rule:update_policy_minimum_bandwidth_rule"
neutron-delete_alias_minimum_bandwidth_rule :
key : "delete_alias_minimum_bandwidth_rule"
value : "rule:delete_policy_minimum_bandwidth_rule"
neutron-get_quota :
key : "get_quota"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_quota :
key : "update_quota"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_quota :
key : "delete_quota"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-restrict_wildcard :
key : "restrict_wildcard"
2021-09-22 17:29:50 +00:00
value : "(not field:rbac_policy:target_tenant=*) or rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_rbac_policy :
key : "create_rbac_policy"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_rbac_policy_target_tenant :
key : "create_rbac_policy:target_tenant"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (not field:rbac_policy:target_tenant=*)"
2021-09-21 21:40:05 +00:00
neutron-update_rbac_policy :
key : "update_rbac_policy"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_rbac_policy_target_tenant :
key : "update_rbac_policy:target_tenant"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (not field:rbac_policy:target_tenant=*)"
2021-09-21 21:40:05 +00:00
neutron-get_rbac_policy :
key : "get_rbac_policy"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-delete_rbac_policy :
key : "delete_rbac_policy"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_router :
key : "create_router"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_router_distributed :
key : "create_router:distributed"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_router_ha :
key : "create_router:ha"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_router_external_gateway_info :
key : "create_router:external_gateway_info"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_router_external_gateway_info_network_id :
key : "create_router:external_gateway_info:network_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_router_external_gateway_info_enable_snat :
key : "create_router:external_gateway_info:enable_snat"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_router_external_gateway_info_external_fixed_ips :
key : "create_router:external_gateway_info:external_fixed_ips"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_router :
key : "get_router"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_router_distributed :
key : "get_router:distributed"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_router_ha :
key : "get_router:ha"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_router :
key : "update_router"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_router_distributed :
key : "update_router:distributed"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_router_ha :
key : "update_router:ha"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_router_external_gateway_info :
key : "update_router:external_gateway_info"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_router_external_gateway_info_network_id :
key : "update_router:external_gateway_info:network_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_router_external_gateway_info_enable_snat :
key : "update_router:external_gateway_info:enable_snat"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_router_external_gateway_info_external_fixed_ips :
key : "update_router:external_gateway_info:external_fixed_ips"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_router :
key : "delete_router"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-add_router_interface :
key : "add_router_interface"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-remove_router_interface :
key : "remove_router_interface"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-add_extraroutes :
key : "add_extraroutes"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-remove_extraroutes :
key : "remove_extraroutes"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-admin_or_sg_owner :
key : "admin_or_sg_owner"
value : "rule:context_is_admin or tenant_id:%(security_group:tenant_id)s"
neutron-admin_owner_or_sg_owner :
key : "admin_owner_or_sg_owner"
value : "rule:owner or rule:admin_or_sg_owner"
neutron-create_security_group :
key : "create_security_group"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_security_group :
key : "get_security_group"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_security_group :
key : "update_security_group"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-delete_security_group :
key : "delete_security_group"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_security_group_rule :
key : "create_security_group_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_security_group_rule :
key : "get_security_group_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s) or rule:sg_owner"
2021-09-21 21:40:05 +00:00
neutron-delete_security_group_rule :
key : "delete_security_group_rule"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_segment :
key : "create_segment"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_segment :
key : "get_segment"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_segment :
key : "update_segment"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_segment :
key : "delete_segment"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_service_provider :
key : "get_service_provider"
value : "role:reader"
neutron-create_subnet :
key : "create_subnet"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-create_subnet_segment_id :
key : "create_subnet:segment_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_subnet_service_types :
key : "create_subnet:service_types"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_subnet :
key : "get_subnet"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s) or rule:shared"
2021-09-21 21:40:05 +00:00
neutron-get_subnet_segment_id :
key : "get_subnet:segment_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_subnet :
key : "update_subnet"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-update_subnet_segment_id :
key : "update_subnet:segment_id"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-update_subnet_service_types :
key : "update_subnet:service_types"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_subnet :
key : "delete_subnet"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s) or rule:network_owner"
2021-09-21 21:40:05 +00:00
neutron-shared_subnetpools :
key : "shared_subnetpools"
value : "field:subnetpools:shared=True"
neutron-create_subnetpool :
key : "create_subnetpool"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_subnetpool_shared :
key : "create_subnetpool:shared"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-create_subnetpool_is_default :
key : "create_subnetpool:is_default"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-get_subnetpool :
key : "get_subnetpool"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s) or rule:shared_subnetpools"
2021-09-21 21:40:05 +00:00
neutron-update_subnetpool :
key : "update_subnetpool"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_subnetpool_is_default :
key : "update_subnetpool:is_default"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
neutron-delete_subnetpool :
key : "delete_subnetpool"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-onboard_network_subnets :
key : "onboard_network_subnets"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-add_prefixes :
key : "add_prefixes"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-remove_prefixes :
key : "remove_prefixes"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-create_trunk :
key : "create_trunk"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_trunk :
key : "get_trunk"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-update_trunk :
key : "update_trunk"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-delete_trunk :
key : "delete_trunk"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-get_subports :
key : "get_subports"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-add_subports :
key : "add_subports"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
neutron-remove_subports :
key : "remove_subports"
2021-09-22 17:29:50 +00:00
value : "rule:admin_api or (role:member and project_id:%(project_id)s)"
2021-09-22 13:44:03 +00:00
# The glance policies in Xena implement project-personas by default, so these
# policies do not need to change. However, keeping them defined here with
# GlanceApiPolicies will put them in /etc/glance/policy.yaml which will be
# redundant with the defaults. This may change in the future as glance
# evolves it's policies in Yoga to consume system scope.
2021-09-21 21:40:05 +00:00
GlanceApiPolicies :
glance-default :
key : "default"
value : ""
glance-context_is_admin :
key : "context_is_admin"
value : "role:admin"
glance-add_image :
key : "add_image"
value : "role:admin or (role:member and project_id:%(project_id)s and project_id:%(owner)s)"
glance-delete_image :
key : "delete_image"
value : "role:admin or (role:member and project_id:%(project_id)s)"
glance-get_image :
key : "get_image"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-get_images :
key : "get_images"
value : "role:admin or (role:reader and project_id:%(project_id)s)"
glance-modify_image :
key : "modify_image"
value : "role:admin or (role:member and project_id:%(project_id)s)"
glance-publicize_image :
key : "publicize_image"
value : "role:admin"
glance-communitize_image :
key : "communitize_image"
value : "role:admin or (role:member and project_id:%(project_id)s)"
glance-download_image :
key : "download_image"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-upload_image :
key : "upload_image"
value : "role:admin or (role:member and project_id:%(project_id)s)"
glance-delete_image_location :
key : "delete_image_location"
value : "role:admin"
glance-get_image_location :
key : "get_image_location"
value : "role:admin or (role:reader and project_id:%(project_id)s)"
glance-set_image_location :
key : "set_image_location"
value : "role:admin or (role:member and project_id:%(project_id)s)"
glance-add_member :
key : "add_member"
value : "role:admin or (role:member and project_id:%(project_id)s)"
glance-delete_member :
key : "delete_member"
value : "role:admin or (role:member and project_id:%(project_id)s)"
glance-get_member :
key : "get_member"
value : "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
glance-get_members :
key : "get_members"
value : "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
glance-modify_member :
key : "modify_member"
value : "role:admin or (role:member and project_id:%(member_id)s)"
glance-manage_image_cache :
key : "manage_image_cache"
value : "role:admin"
glance-deactivate :
key : "deactivate"
value : "role:admin or (role:member and project_id:%(project_id)s)"
glance-reactivate :
key : "reactivate"
value : "role:admin or (role:member and project_id:%(project_id)s)"
glance-copy_image :
key : "copy_image"
value : "role:admin"
glance-get_task :
key : "get_task"
value : "rule:default"
glance-get_tasks :
key : "get_tasks"
value : "rule:default"
glance-add_task :
key : "add_task"
value : "rule:default"
glance-modify_task :
key : "modify_task"
value : "rule:default"
glance-tasks_api_access :
key : "tasks_api_access"
value : "role:admin"
glance-metadef_default :
key : "metadef_default"
value : ""
glance-metadef_admin :
key : "metadef_admin"
value : "role:admin"
glance-get_metadef_namespace :
key : "get_metadef_namespace"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-get_metadef_namespaces :
key : "get_metadef_namespaces"
value : "role:admin or (role:reader and project_id:%(project_id)s)"
glance-modify_metadef_namespace :
key : "modify_metadef_namespace"
value : "rule:metadef_admin"
glance-add_metadef_namespace :
key : "add_metadef_namespace"
value : "rule:metadef_admin"
glance-delete_metadef_namespace :
key : "delete_metadef_namespace"
value : "rule:metadef_admin"
glance-get_metadef_object :
key : "get_metadef_object"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-get_metadef_objects :
key : "get_metadef_objects"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-modify_metadef_object :
key : "modify_metadef_object"
value : "rule:metadef_admin"
glance-add_metadef_object :
key : "add_metadef_object"
value : "rule:metadef_admin"
glance-delete_metadef_object :
key : "delete_metadef_object"
value : "rule:metadef_admin"
glance-list_metadef_resource_types :
key : "list_metadef_resource_types"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-get_metadef_resource_type :
key : "get_metadef_resource_type"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-add_metadef_resource_type_association :
key : "add_metadef_resource_type_association"
value : "rule:metadef_admin"
glance-remove_metadef_resource_type_association :
key : "remove_metadef_resource_type_association"
value : "rule:metadef_admin"
glance-get_metadef_property :
key : "get_metadef_property"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-get_metadef_properties :
key : "get_metadef_properties"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-modify_metadef_property :
key : "modify_metadef_property"
value : "rule:metadef_admin"
glance-add_metadef_property :
key : "add_metadef_property"
value : "rule:metadef_admin"
glance-remove_metadef_property :
key : "remove_metadef_property"
value : "rule:metadef_admin"
glance-get_metadef_tag :
key : "get_metadef_tag"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-get_metadef_tags :
key : "get_metadef_tags"
2021-10-12 19:45:03 +00:00
value : 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
2021-09-21 21:40:05 +00:00
glance-modify_metadef_tag :
key : "modify_metadef_tag"
value : "rule:metadef_admin"
glance-add_metadef_tag :
key : "add_metadef_tag"
value : "rule:metadef_admin"
glance-add_metadef_tags :
key : "add_metadef_tags"
value : "rule:metadef_admin"
glance-delete_metadef_tag :
key : "delete_metadef_tag"
value : "rule:metadef_admin"
glance-delete_metadef_tags :
key : "delete_metadef_tags"
value : "rule:metadef_admin"
DesignateApiPolicies :
designate-default :
key : "default"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-create_blacklist :
key : "create_blacklist"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-find_blacklist :
key : "find_blacklist"
2021-09-22 15:43:47 +00:00
value : "role:reader"
2021-09-21 21:40:05 +00:00
designate-find_blacklists :
key : "find_blacklists"
2021-09-22 15:43:47 +00:00
value : "role:reader"
2021-09-21 21:40:05 +00:00
designate-get_blacklist :
key : "get_blacklist"
2021-09-22 15:43:47 +00:00
value : "role:reader"
2021-09-21 21:40:05 +00:00
designate-update_blacklist :
key : "update_blacklist"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-delete_blacklist :
key : "delete_blacklist"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-use_blacklisted_zone :
key : "use_blacklisted_zone"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-all_tenants :
key : "all_tenants"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-edit_managed_records :
key : "edit_managed_records"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-use_low_ttl :
key : "use_low_ttl"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-use_sudo :
key : "use_sudo"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-diagnostics_ping :
key : "diagnostics_ping"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-diagnostics_sync_zones :
key : "diagnostics_sync_zones"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-diagnostics_sync_zone :
key : "diagnostics_sync_zone"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-diagnostics_sync_record :
key : "diagnostics_sync_record"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-create_pool :
key : "create_pool"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-find_pools :
key : "find_pools"
2021-09-22 15:43:47 +00:00
value : "role:reader"
2021-09-21 21:40:05 +00:00
designate-find_pool :
key : "find_pool"
2021-09-22 15:43:47 +00:00
value : "role:reader"
2021-09-21 21:40:05 +00:00
designate-get_pool :
key : "get_pool"
2021-09-22 15:43:47 +00:00
value : "role:reader"
2021-09-21 21:40:05 +00:00
designate-update_pool :
key : "update_pool"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-delete_pool :
key : "delete_pool"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-zone_create_forced_pool :
key : "zone_create_forced_pool"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-get_quotas :
key : "get_quotas"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-get_quota :
key : "get_quota"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-set_quota :
key : "set_quota"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-reset_quotas :
key : "reset_quotas"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-find_records :
key : "find_records"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-count_records :
key : "count_records"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-create_recordset :
key : "create_recordset"
2021-09-22 15:43:47 +00:00
value : "(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin and ('PRIMARY':%(zone_type)s)) or (role:admin and ('SECONDARY':%(zone_type)s))"
2021-09-21 21:40:05 +00:00
designate-get_recordsets :
key : "get_recordsets"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-get_recordset :
key : "get_recordset"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
designate-find_recordset :
key : "find_recordset"
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
designate-find_recordsets :
key : "find_recordsets"
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-update_recordset :
key : "update_recordset"
2021-09-22 15:43:47 +00:00
value : "(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin and ('PRIMARY':%(zone_type)s)) or (role:admin and ('SECONDARY':%(zone_type)s))"
2021-09-21 21:40:05 +00:00
designate-delete_recordset :
key : "delete_recordset"
2021-09-22 15:43:47 +00:00
value : "(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin and ('PRIMARY':%(zone_type)s)) or (role:admin and ('SECONDARY':%(zone_type)s))"
2021-09-21 21:40:05 +00:00
designate-count_recordset :
key : "count_recordset"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-find_service_status :
key : "find_service_status"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-find_service_statuses :
key : "find_service_statuses"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-update_service_status :
key : "update_service_status"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-find_tenants :
key : "find_tenants"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-get_tenant :
key : "get_tenant"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-count_tenants :
key : "count_tenants"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-create_tld :
key : "create_tld"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-find_tlds :
key : "find_tlds"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-get_tld :
key : "get_tld"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-update_tld :
key : "update_tld"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-delete_tld :
key : "delete_tld"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-create_tsigkey :
key : "create_tsigkey"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-find_tsigkeys :
key : "find_tsigkeys"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-get_tsigkey :
key : "get_tsigkey"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-update_tsigkey :
key : "update_tsigkey"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-delete_tsigkey :
key : "delete_tsigkey"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-create_zone :
key : "create_zone"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-get_zones :
key : "get_zones"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-get_zone :
key : "get_zone"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-get_zone_servers :
key : "get_zone_servers"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
designate-get_zone_ns_records :
key : "get_zone_ns_records"
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-find_zones :
key : "find_zones"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-update_zone :
key : "update_zone"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-delete_zone :
key : "delete_zone"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-xfr_zone :
key : "xfr_zone"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-abandon_zone :
key : "abandon_zone"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-count_zones :
key : "count_zones"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-count_zones_pending_notify :
key : "count_zones_pending_notify"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-purge_zones :
key : "purge_zones"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-touch_zone :
key : "touch_zone"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-zone_export :
key : "zone_export"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-create_zone_export :
key : "create_zone_export"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-find_zone_exports :
key : "find_zone_exports"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-get_zone_export :
key : "get_zone_export"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-update_zone_export :
key : "update_zone_export"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
designate-delete_zone_export :
key : "delete_zone_export"
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-create_zone_import :
key : "create_zone_import"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-find_zone_imports :
key : "find_zone_imports"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-get_zone_import :
key : "get_zone_import"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-update_zone_import :
key : "update_zone_import"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-delete_zone_import :
key : "delete_zone_import"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-create_zone_transfer_accept :
key : "create_zone_transfer_accept"
2021-09-22 15:43:47 +00:00
value : "(role:admin or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"
2021-09-21 21:40:05 +00:00
designate-get_zone_transfer_accept :
key : "get_zone_transfer_accept"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-find_zone_transfer_accepts :
key : "find_zone_transfer_accepts"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-find_zone_transfer_accept :
key : "find_zone_transfer_accept"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-update_zone_transfer_accept :
key : "update_zone_transfer_accept"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-delete_zone_transfer_accept :
key : "delete_zone_transfer_accept"
2021-09-22 15:43:47 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
designate-create_zone_transfer_request :
key : "create_zone_transfer_request"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-get_zone_transfer_request :
key : "get_zone_transfer_request"
2021-09-22 15:43:47 +00:00
value : "(role:admin or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"
2021-09-21 21:40:05 +00:00
designate-get_zone_transfer_request_detailed :
key : "get_zone_transfer_request_detailed"
2021-09-22 15:43:47 +00:00
value : "(role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
2021-09-21 21:40:05 +00:00
designate-find_zone_transfer_requests :
key : "find_zone_transfer_requests"
value : "@"
designate-find_zone_transfer_request :
key : "find_zone_transfer_request"
value : "@"
designate-update_zone_transfer_request :
key : "update_zone_transfer_request"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
designate-delete_zone_transfer_request :
key : "delete_zone_transfer_request"
2021-09-22 15:43:47 +00:00
value : "role:admin or (role:member and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
CinderApiPolicies :
cinder-admin_or_owner :
key : "admin_or_owner"
value : "is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s"
cinder-system_or_domain_or_project_admin :
key : "system_or_domain_or_project_admin"
value : "(role:admin and system_scope:all) or (role:admin and domain_id:%(domain_id)s) or (role:admin and project_id:%(project_id)s)"
cinder-context_is_admin :
key : "context_is_admin"
value : "role:admin"
cinder-admin_api :
key : "admin_api"
value : "is_admin:True or (role:admin and is_admin_project:True)"
2021-09-22 15:52:20 +00:00
cinder-system_admin_or_project_member :
key : "system_admin_or_project_member"
value : "role:admin or (role:member and project_id:%(project_id)s)"
cinder-system_admin_or_project_reader :
key : "system_admin_or_project_reader"
value : "role:admin or (role:reader and project_id:%(project_id)s)"
2021-09-21 21:40:05 +00:00
cinder-volume_attachment_create :
key : "volume:attachment_create"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_attachment_update :
key : "volume:attachment_update"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_attachment_delete :
key : "volume:attachment_delete"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_attachment_complete :
key : "volume:attachment_complete"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_multiattach_bootable_volume :
key : "volume:multiattach_bootable_volume"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-message_get_all :
key : "message:get_all"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-message_get :
key : "message:get"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-message_delete :
key : "message:delete"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-clusters_get_all :
key : "clusters:get_all"
value : "rule:admin_api"
cinder-clusters_get :
key : "clusters:get"
value : "rule:admin_api"
cinder-clusters_update :
key : "clusters:update"
value : "rule:admin_api"
cinder-workers_cleanup :
key : "workers:cleanup"
value : "rule:admin_api"
cinder-volume_get_snapshot_metadata :
key : "volume:get_snapshot_metadata"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_update_snapshot_metadata :
key : "volume:update_snapshot_metadata"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_delete_snapshot_metadata :
key : "volume:delete_snapshot_metadata"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_get_all_snapshots :
key : "volume:get_all_snapshots"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_extended_snapshot_attributes :
key : "volume_extension:extended_snapshot_attributes"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_create_snapshot :
key : "volume:create_snapshot"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_get_snapshot :
key : "volume:get_snapshot"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_update_snapshot :
key : "volume:update_snapshot"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_delete_snapshot :
key : "volume:delete_snapshot"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_snapshot_admin_actions_reset_status :
key : "volume_extension:snapshot_admin_actions:reset_status"
value : "rule:admin_api"
cinder-snapshot_extension_snapshot_actions_update_snapshot_status :
key : "snapshot_extension:snapshot_actions:update_snapshot_status"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_snapshot_admin_actions_force_delete :
key : "volume_extension:snapshot_admin_actions:force_delete"
value : "rule:admin_api"
cinder-snapshot_extension_list_manageable :
key : "snapshot_extension:list_manageable"
value : "rule:admin_api"
cinder-snapshot_extension_snapshot_manage :
key : "snapshot_extension:snapshot_manage"
value : "rule:admin_api"
cinder-snapshot_extension_snapshot_unmanage :
key : "snapshot_extension:snapshot_unmanage"
value : "rule:admin_api"
cinder-backup_get_all :
key : "backup:get_all"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-backup_backup_project_attribute :
key : "backup:backup_project_attribute"
value : "rule:admin_api"
cinder-backup_create :
key : "backup:create"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-backup_get :
key : "backup:get"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-backup_update :
key : "backup:update"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-backup_delete :
key : "backup:delete"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-backup_restore :
key : "backup:restore"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-backup_backup-import :
key : "backup:backup-import"
value : "rule:admin_api"
cinder-backup_export-import :
key : "backup:export-import"
value : "rule:admin_api"
cinder-volume_extension_backup_admin_actions_reset_status :
key : "volume_extension:backup_admin_actions:reset_status"
value : "rule:admin_api"
cinder-volume_extension_backup_admin_actions_force_delete :
key : "volume_extension:backup_admin_actions:force_delete"
value : "rule:admin_api"
cinder-group_get_all :
key : "group:get_all"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-group_create :
key : "group:create"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-group_get :
key : "group:get"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-group_update :
key : "group:update"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-group_group_project_attribute :
key : "group:group_project_attribute"
value : "rule:admin_api"
cinder-group_group_types_create :
key : "group:group_types:create"
value : "rule:admin_api"
cinder-group_group_types_update :
key : "group:group_types:update"
value : "rule:admin_api"
cinder-group_group_types_delete :
key : "group:group_types:delete"
value : "rule:admin_api"
cinder-group_access_group_types_specs :
key : "group:access_group_types_specs"
value : "rule:admin_api"
cinder-group_group_types_specs_get :
key : "group:group_types_specs:get"
value : "rule:admin_api"
cinder-group_group_types_specs_get_all :
key : "group:group_types_specs:get_all"
value : "rule:admin_api"
cinder-group_group_types_specs_create :
key : "group:group_types_specs:create"
value : "rule:admin_api"
cinder-group_group_types_specs_update :
key : "group:group_types_specs:update"
value : "rule:admin_api"
cinder-group_group_types_specs_delete :
key : "group:group_types_specs:delete"
value : "rule:admin_api"
cinder-group_get_all_group_snapshots :
key : "group:get_all_group_snapshots"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-group_create_group_snapshot :
key : "group:create_group_snapshot"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-group_get_group_snapshot :
key : "group:get_group_snapshot"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-group_delete_group_snapshot :
key : "group:delete_group_snapshot"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-group_update_group_snapshot :
key : "group:update_group_snapshot"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-group_group_snapshot_project_attribute :
key : "group:group_snapshot_project_attribute"
value : "rule:admin_api"
cinder-group_reset_group_snapshot_status :
key : "group:reset_group_snapshot_status"
value : "rule:admin_api"
cinder-group_delete :
key : "group:delete"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-group_reset_status :
key : "group:reset_status"
value : "rule:admin_api"
cinder-group_enable_replication :
key : "group:enable_replication"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-group_disable_replication :
key : "group:disable_replication"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-group_failover_replication :
key : "group:failover_replication"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-group_list_replication_targets :
key : "group:list_replication_targets"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_qos_specs_manage_get_all :
key : "volume_extension:qos_specs_manage:get_all"
value : "rule:admin_api"
cinder-volume_extension_qos_specs_manage_get :
key : "volume_extension:qos_specs_manage:get"
value : "rule:admin_api"
cinder-volume_extension_qos_specs_manage_create :
key : "volume_extension:qos_specs_manage:create"
value : "rule:admin_api"
cinder-volume_extension_qos_specs_manage_update :
key : "volume_extension:qos_specs_manage:update"
value : "rule:admin_api"
cinder-volume_extension_qos_specs_manage_delete :
key : "volume_extension:qos_specs_manage:delete"
value : "rule:admin_api"
cinder-volume_extension_quota_classes_get :
key : "volume_extension:quota_classes:get"
value : "rule:admin_api"
cinder-volume_extension_quota_classes_update :
key : "volume_extension:quota_classes:update"
value : "rule:admin_api"
cinder-volume_extension_quotas_show :
key : "volume_extension:quotas:show"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_quotas_update :
key : "volume_extension:quotas:update"
value : "rule:admin_api"
cinder-volume_extension_quotas_delete :
key : "volume_extension:quotas:delete"
value : "rule:admin_api"
cinder-volume_extension_capabilities :
key : "volume_extension:capabilities"
value : "rule:admin_api"
cinder-volume_extension_services_index :
key : "volume_extension:services:index"
value : "rule:admin_api"
cinder-volume_extension_services_update :
key : "volume_extension:services:update"
value : "rule:admin_api"
cinder-volume_freeze_host :
key : "volume:freeze_host"
value : "rule:admin_api"
cinder-volume_thaw_host :
key : "volume:thaw_host"
value : "rule:admin_api"
cinder-volume_failover_host :
key : "volume:failover_host"
value : "rule:admin_api"
cinder-scheduler_extension_scheduler_stats_get_pools :
key : "scheduler_extension:scheduler_stats:get_pools"
value : "rule:admin_api"
cinder-volume_extension_hosts :
key : "volume_extension:hosts"
value : "rule:admin_api"
cinder-limits_extension_used_limits :
key : "limits_extension:used_limits"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_list_manageable :
key : "volume_extension:list_manageable"
value : "rule:admin_api"
cinder-volume_extension_volume_manage :
key : "volume_extension:volume_manage"
value : "rule:admin_api"
cinder-volume_extension_volume_unmanage :
key : "volume_extension:volume_unmanage"
value : "rule:admin_api"
cinder-volume_extension_type_create :
key : "volume_extension:type_create"
value : "rule:admin_api"
cinder-volume_extension_type_update :
key : "volume_extension:type_update"
value : "rule:admin_api"
cinder-volume_extension_type_delete :
key : "volume_extension:type_delete"
value : "rule:admin_api"
cinder-volume_extension_type_get :
key : "volume_extension:type_get"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_type_get_all :
key : "volume_extension:type_get_all"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_access_types_extra_specs :
key : "volume_extension:access_types_extra_specs"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_access_types_qos_specs_id :
key : "volume_extension:access_types_qos_specs_id"
value : "rule:admin_api"
cinder-volume_extension_volume_type_encryption :
key : "volume_extension:volume_type_encryption"
value : "rule:admin_api"
cinder-volume_extension_volume_type_encryption_create :
key : "volume_extension:volume_type_encryption:create"
value : "rule:admin_api"
cinder-volume_extension_volume_type_encryption_get :
key : "volume_extension:volume_type_encryption:get"
value : "rule:admin_api"
cinder-volume_extension_volume_type_encryption_update :
key : "volume_extension:volume_type_encryption:update"
value : "rule:admin_api"
cinder-volume_extension_volume_type_encryption_delete :
key : "volume_extension:volume_type_encryption:delete"
value : "rule:admin_api"
cinder-volume_extension_volume_type_access :
key : "volume_extension:volume_type_access"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_type_access_addProjectAccess :
key : "volume_extension:volume_type_access:addProjectAccess"
value : "rule:admin_api"
cinder-volume_extension_volume_type_access_removeProjectAccess :
key : "volume_extension:volume_type_access:removeProjectAccess"
value : "rule:admin_api"
cinder-volume_extension_volume_type_access_get_all_for_type :
key : "volume_extension:volume_type_access:get_all_for_type"
value : "rule:admin_api"
cinder-volume_extend :
key : "volume:extend"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extend_attached_volume :
key : "volume:extend_attached_volume"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_revert_to_snapshot :
key : "volume:revert_to_snapshot"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_admin_actions_reset_status :
key : "volume_extension:volume_admin_actions:reset_status"
value : "rule:admin_api"
cinder-volume_retype :
key : "volume:retype"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_update_readonly_flag :
key : "volume:update_readonly_flag"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_admin_actions_force_delete :
key : "volume_extension:volume_admin_actions:force_delete"
value : "rule:admin_api"
cinder-volume_extension_volume_actions_upload_public :
key : "volume_extension:volume_actions:upload_public"
value : "rule:admin_api"
cinder-volume_extension_volume_actions_upload_image :
key : "volume_extension:volume_actions:upload_image"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_admin_actions_force_detach :
key : "volume_extension:volume_admin_actions:force_detach"
value : "rule:admin_api"
cinder-volume_extension_volume_admin_actions_migrate_volume :
key : "volume_extension:volume_admin_actions:migrate_volume"
value : "rule:admin_api"
cinder-volume_extension_volume_admin_actions_migrate_volume_completion :
key : "volume_extension:volume_admin_actions:migrate_volume_completion"
value : "rule:admin_api"
cinder-volume_extension_volume_actions_initialize_connection :
key : "volume_extension:volume_actions:initialize_connection"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_actions_terminate_connection :
key : "volume_extension:volume_actions:terminate_connection"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_actions_roll_detaching :
key : "volume_extension:volume_actions:roll_detaching"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_actions_reserve :
key : "volume_extension:volume_actions:reserve"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_actions_unreserve :
key : "volume_extension:volume_actions:unreserve"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_actions_begin_detaching :
key : "volume_extension:volume_actions:begin_detaching"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_actions_attach :
key : "volume_extension:volume_actions:attach"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_actions_detach :
key : "volume_extension:volume_actions:detach"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_get_all_transfers :
key : "volume:get_all_transfers"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_create_transfer :
key : "volume:create_transfer"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_get_transfer :
key : "volume:get_transfer"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_accept_transfer :
key : "volume:accept_transfer"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_delete_transfer :
key : "volume:delete_transfer"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_get_volume_metadata :
key : "volume:get_volume_metadata"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_create_volume_metadata :
key : "volume:create_volume_metadata"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_update_volume_metadata :
key : "volume:update_volume_metadata"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_delete_volume_metadata :
key : "volume:delete_volume_metadata"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_image_metadata_show :
key : "volume_extension:volume_image_metadata:show"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_image_metadata_set :
key : "volume_extension:volume_image_metadata:set"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_image_metadata_remove :
key : "volume_extension:volume_image_metadata:remove"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_update_volume_admin_metadata :
key : "volume:update_volume_admin_metadata"
value : "rule:admin_api"
cinder-volume_extension_types_extra_specs_index :
key : "volume_extension:types_extra_specs:index"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_types_extra_specs_create :
key : "volume_extension:types_extra_specs:create"
value : "rule:admin_api"
cinder-volume_extension_types_extra_specs_show :
key : "volume_extension:types_extra_specs:show"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_types_extra_specs_read_sensitive :
key : "volume_extension:types_extra_specs:read_sensitive"
value : "rule:admin_api"
cinder-volume_extension_types_extra_specs_update :
key : "volume_extension:types_extra_specs:update"
value : "rule:admin_api"
cinder-volume_extension_types_extra_specs_delete :
key : "volume_extension:types_extra_specs:delete"
value : "rule:admin_api"
cinder-volume_create :
key : "volume:create"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_create_from_image :
key : "volume:create_from_image"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_get :
key : "volume:get"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_get_all :
key : "volume:get_all"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_update :
key : "volume:update"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_delete :
key : "volume:delete"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_force_delete :
key : "volume:force_delete"
value : "rule:admin_api"
cinder-volume_extension_volume_host_attribute :
key : "volume_extension:volume_host_attribute"
value : "rule:admin_api"
cinder-volume_extension_volume_tenant_attribute :
key : "volume_extension:volume_tenant_attribute"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_volume_mig_status_attribute :
key : "volume_extension:volume_mig_status_attribute"
value : "rule:admin_api"
cinder-volume_extension_volume_encryption_metadata :
key : "volume_extension:volume_encryption_metadata"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_reader"
2021-09-21 21:40:05 +00:00
cinder-volume_multiattach :
key : "volume:multiattach"
2021-09-22 15:52:20 +00:00
value : "rule:system_admin_or_project_member"
2021-09-21 21:40:05 +00:00
cinder-volume_extension_default_set_or_update :
key : "volume_extension:default_set_or_update"
value : "rule:admin_api"
cinder-volume_extension_default_get :
key : "volume_extension:default_get"
value : "rule:admin_api"
cinder-volume_extension_default_get_all :
key : "volume_extension:default_get_all"
value : "rule:admin_api"
cinder-volume_extension_default_unset :
key : "volume_extension:default_unset"
value : "rule:admin_api"
KeystonePolicies :
keystone-admin_required :
key : "admin_required"
2021-10-07 14:09:35 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
keystone-identity_get_access_rule :
key : "identity:get_access_rule"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.user.id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_list_access_rules :
key : "identity:list_access_rules"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.user.id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_access_rule :
key : "identity:delete_access_rule"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.user.id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_authorize_request_token :
key : "identity:authorize_request_token"
value : "rule:admin_required"
keystone-identity_get_access_token :
key : "identity:get_access_token"
value : "rule:admin_required"
keystone-identity_get_access_token_role :
key : "identity:get_access_token_role"
value : "rule:admin_required"
keystone-identity_list_access_tokens :
key : "identity:list_access_tokens"
value : "rule:admin_required"
keystone-identity_list_access_token_roles :
key : "identity:list_access_token_roles"
value : "rule:admin_required"
keystone-identity_delete_access_token :
key : "identity:delete_access_token"
value : "rule:admin_required"
keystone-identity_get_application_credential :
key : "identity:get_application_credential"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or rule:owner"
2021-09-21 21:40:05 +00:00
keystone-identity_list_application_credentials :
key : "identity:list_application_credentials"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or rule:owner"
2021-09-21 21:40:05 +00:00
keystone-identity_create_application_credential :
key : "identity:create_application_credential"
value : "user_id:%(user_id)s"
keystone-identity_delete_application_credential :
key : "identity:delete_application_credential"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or rule:owner"
2021-09-21 21:40:05 +00:00
keystone-identity_get_auth_catalog :
key : "identity:get_auth_catalog"
value : ""
keystone-identity_get_auth_projects :
key : "identity:get_auth_projects"
value : ""
keystone-identity_get_auth_domains :
key : "identity:get_auth_domains"
value : ""
keystone-identity_get_auth_system :
key : "identity:get_auth_system"
value : ""
keystone-identity_get_consumer :
key : "identity:get_consumer"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_consumers :
key : "identity:list_consumers"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_consumer :
key : "identity:create_consumer"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_consumer :
key : "identity:update_consumer"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_consumer :
key : "identity:delete_consumer"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_credential :
key : "identity:get_credential"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.credential.user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_list_credentials :
key : "identity:list_credentials"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.credential.user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_create_credential :
key : "identity:create_credential"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.credential.user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_update_credential :
key : "identity:update_credential"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.credential.user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_credential :
key : "identity:delete_credential"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.credential.user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_get_domain :
key : "identity:get_domain"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or token.domain.id:%(target.domain.id)s or token.project.domain.id:%(target.domain.id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_list_domains :
key : "identity:list_domains"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_domain :
key : "identity:create_domain"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_domain :
key : "identity:update_domain"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_domain :
key : "identity:delete_domain"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_domain_config :
key : "identity:create_domain_config"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_domain_config :
key : "identity:get_domain_config"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_security_compliance_domain_config :
key : "identity:get_security_compliance_domain_config"
value : ""
keystone-identity_update_domain_config :
key : "identity:update_domain_config"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_domain_config :
key : "identity:delete_domain_config"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_domain_config_default :
key : "identity:get_domain_config_default"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_ec2_get_credential :
key : "identity:ec2_get_credential"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.credential.user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_ec2_list_credentials :
key : "identity:ec2_list_credentials"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or rule:owner"
2021-09-21 21:40:05 +00:00
keystone-identity_ec2_create_credential :
key : "identity:ec2_create_credential"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or rule:owner"
2021-09-21 21:40:05 +00:00
keystone-identity_ec2_delete_credential :
key : "identity:ec2_delete_credential"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.credential.user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_get_endpoint :
key : "identity:get_endpoint"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_endpoints :
key : "identity:list_endpoints"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_endpoint :
key : "identity:create_endpoint"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_endpoint :
key : "identity:update_endpoint"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_endpoint :
key : "identity:delete_endpoint"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_endpoint_group :
key : "identity:create_endpoint_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_endpoint_groups :
key : "identity:list_endpoint_groups"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_endpoint_group :
key : "identity:get_endpoint_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_endpoint_group :
key : "identity:update_endpoint_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_endpoint_group :
key : "identity:delete_endpoint_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_projects_associated_with_endpoint_group :
key : "identity:list_projects_associated_with_endpoint_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_endpoints_associated_with_endpoint_group :
key : "identity:list_endpoints_associated_with_endpoint_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_endpoint_group_in_project :
key : "identity:get_endpoint_group_in_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_endpoint_groups_for_project :
key : "identity:list_endpoint_groups_for_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_add_endpoint_group_to_project :
key : "identity:add_endpoint_group_to_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_remove_endpoint_group_from_project :
key : "identity:remove_endpoint_group_from_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_check_grant :
key : "identity:check_grant"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or ((role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)) and (domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_grants :
key : "identity:list_grants"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_create_grant :
key : "identity:create_grant"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or ((role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)) and (domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_revoke_grant :
key : "identity:revoke_grant"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or ((role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)) and (domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_system_grants_for_user :
key : "identity:list_system_grants_for_user"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_check_system_grant_for_user :
key : "identity:check_system_grant_for_user"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_system_grant_for_user :
key : "identity:create_system_grant_for_user"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_revoke_system_grant_for_user :
key : "identity:revoke_system_grant_for_user"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_system_grants_for_group :
key : "identity:list_system_grants_for_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_check_system_grant_for_group :
key : "identity:check_system_grant_for_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_system_grant_for_group :
key : "identity:create_system_grant_for_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_revoke_system_grant_for_group :
key : "identity:revoke_system_grant_for_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_group :
key : "identity:get_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.group.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_groups :
key : "identity:list_groups"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.group.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_groups_for_user :
key : "identity:list_groups_for_user"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.user.domain_id)s) or user_id:%(user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_create_group :
key : "identity:create_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.group.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_update_group :
key : "identity:update_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.group.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_group :
key : "identity:delete_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.group.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_users_in_group :
key : "identity:list_users_in_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.group.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_remove_user_from_group :
key : "identity:remove_user_from_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.user.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_check_user_in_group :
key : "identity:check_user_in_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.user.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_add_user_to_group :
key : "identity:add_user_to_group"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.user.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_create_identity_provider :
key : "identity:create_identity_provider"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_identity_providers :
key : "identity:list_identity_providers"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_identity_provider :
key : "identity:get_identity_provider"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_identity_provider :
key : "identity:update_identity_provider"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_identity_provider :
key : "identity:delete_identity_provider"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_implied_role :
key : "identity:get_implied_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_implied_roles :
key : "identity:list_implied_roles"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_implied_role :
key : "identity:create_implied_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_implied_role :
key : "identity:delete_implied_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_role_inference_rules :
key : "identity:list_role_inference_rules"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_check_implied_role :
key : "identity:check_implied_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_limit_model :
key : "identity:get_limit_model"
value : ""
keystone-identity_get_limit :
key : "identity:get_limit"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (domain_id:%(target.limit.domain.id)s or domain_id:%(target.limit.project.domain_id)s) or (project_id:%(target.limit.project_id)s and not None:%(target.limit.project_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_limits :
key : "identity:list_limits"
value : ""
keystone-identity_create_limits :
key : "identity:create_limits"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_limit :
key : "identity:update_limit"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_limit :
key : "identity:delete_limit"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_mapping :
key : "identity:create_mapping"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_mapping :
key : "identity:get_mapping"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_mappings :
key : "identity:list_mappings"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_mapping :
key : "identity:delete_mapping"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_mapping :
key : "identity:update_mapping"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_policy :
key : "identity:get_policy"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_policies :
key : "identity:list_policies"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_policy :
key : "identity:create_policy"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_policy :
key : "identity:update_policy"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_policy :
key : "identity:delete_policy"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_policy_association_for_endpoint :
key : "identity:create_policy_association_for_endpoint"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_check_policy_association_for_endpoint :
key : "identity:check_policy_association_for_endpoint"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_policy_association_for_endpoint :
key : "identity:delete_policy_association_for_endpoint"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_policy_association_for_service :
key : "identity:create_policy_association_for_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_check_policy_association_for_service :
key : "identity:check_policy_association_for_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_policy_association_for_service :
key : "identity:delete_policy_association_for_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_policy_association_for_region_and_service :
key : "identity:create_policy_association_for_region_and_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_check_policy_association_for_region_and_service :
key : "identity:check_policy_association_for_region_and_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_policy_association_for_region_and_service :
key : "identity:delete_policy_association_for_region_and_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_policy_for_endpoint :
key : "identity:get_policy_for_endpoint"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_endpoints_for_policy :
key : "identity:list_endpoints_for_policy"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_project :
key : "identity:get_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.project.domain_id)s) or project_id:%(target.project.id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_list_projects :
key : "identity:list_projects"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_user_projects :
key : "identity:list_user_projects"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.user.domain_id)s) or user_id:%(target.user.id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_create_project :
key : "identity:create_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.project.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_update_project :
key : "identity:update_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.project.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_project :
key : "identity:delete_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.project.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_project_tags :
key : "identity:list_project_tags"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.project.domain_id)s) or project_id:%(target.project.id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_get_project_tag :
key : "identity:get_project_tag"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.project.domain_id)s) or project_id:%(target.project.id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_update_project_tags :
key : "identity:update_project_tags"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_create_project_tag :
key : "identity:create_project_tag"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_project_tags :
key : "identity:delete_project_tags"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_project_tag :
key : "identity:delete_project_tag"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_projects_for_endpoint :
key : "identity:list_projects_for_endpoint"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_add_endpoint_to_project :
key : "identity:add_endpoint_to_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_check_endpoint_in_project :
key : "identity:check_endpoint_in_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_endpoints_for_project :
key : "identity:list_endpoints_for_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_remove_endpoint_from_project :
key : "identity:remove_endpoint_from_project"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_protocol :
key : "identity:create_protocol"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_protocol :
key : "identity:update_protocol"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_protocol :
key : "identity:get_protocol"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_protocols :
key : "identity:list_protocols"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_protocol :
key : "identity:delete_protocol"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_region :
key : "identity:get_region"
value : ""
keystone-identity_list_regions :
key : "identity:list_regions"
value : ""
keystone-identity_create_region :
key : "identity:create_region"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_region :
key : "identity:update_region"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_region :
key : "identity:delete_region"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_registered_limit :
key : "identity:get_registered_limit"
value : ""
keystone-identity_list_registered_limits :
key : "identity:list_registered_limits"
value : ""
keystone-identity_create_registered_limits :
key : "identity:create_registered_limits"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_registered_limit :
key : "identity:update_registered_limit"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_registered_limit :
key : "identity:delete_registered_limit"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_revoke_events :
key : "identity:list_revoke_events"
value : "rule:service_or_admin"
keystone-identity_get_role :
key : "identity:get_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_roles :
key : "identity:list_roles"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_role :
key : "identity:create_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_role :
key : "identity:update_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_role :
key : "identity:delete_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_domain_role :
key : "identity:get_domain_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_domain_roles :
key : "identity:list_domain_roles"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_domain_role :
key : "identity:create_domain_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_domain_role :
key : "identity:update_domain_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_domain_role :
key : "identity:delete_domain_role"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_role_assignments :
key : "identity:list_role_assignments"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_role_assignments_for_tree :
key : "identity:list_role_assignments_for_tree"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_get_service :
key : "identity:get_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_services :
key : "identity:list_services"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_service :
key : "identity:create_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_service :
key : "identity:update_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_service :
key : "identity:delete_service"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_create_service_provider :
key : "identity:create_service_provider"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_service_providers :
key : "identity:list_service_providers"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_get_service_provider :
key : "identity:get_service_provider"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_update_service_provider :
key : "identity:update_service_provider"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_service_provider :
key : "identity:delete_service_provider"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_revocation_list :
key : "identity:revocation_list"
value : "rule:service_or_admin"
keystone-identity_check_token :
key : "identity:check_token"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or rule:token_subject"
2021-09-21 21:40:05 +00:00
keystone-identity_validate_token :
key : "identity:validate_token"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or rule:service_role or rule:token_subject"
2021-09-21 21:40:05 +00:00
keystone-identity_revoke_token :
key : "identity:revoke_token"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or rule:token_subject"
2021-09-21 21:40:05 +00:00
keystone-identity_create_trust :
key : "identity:create_trust"
value : "user_id:%(trust.trustor_user_id)s"
keystone-identity_list_trusts :
key : "identity:list_trusts"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required"
2021-09-21 21:40:05 +00:00
keystone-identity_list_trusts_for_trustor :
key : "identity:list_trusts_for_trustor"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.trust.trustor_user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_list_trusts_for_trustee :
key : "identity:list_trusts_for_trustee"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.trust.trustee_user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_list_roles_for_trust :
key : "identity:list_roles_for_trust"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.trust.trustor_user_id)s or user_id:%(target.trust.trustee_user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_get_role_for_trust :
key : "identity:get_role_for_trust"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.trust.trustor_user_id)s or user_id:%(target.trust.trustee_user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_trust :
key : "identity:delete_trust"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.trust.trustor_user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_get_trust :
key : "identity:get_trust"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or user_id:%(target.trust.trustor_user_id)s or user_id:%(target.trust.trustee_user_id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_get_user :
key : "identity:get_user"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and token.domain.id:%(target.user.domain_id)s) or user_id:%(target.user.id)s"
2021-09-21 21:40:05 +00:00
keystone-identity_list_users :
key : "identity:list_users"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:reader and domain_id:%(target.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_list_projects_for_user :
key : "identity:list_projects_for_user"
value : ""
keystone-identity_list_domains_for_user :
key : "identity:list_domains_for_user"
value : ""
keystone-identity_create_user :
key : "identity:create_user"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and token.domain.id:%(target.user.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_update_user :
key : "identity:update_user"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and token.domain.id:%(target.user.domain_id)s)"
2021-09-21 21:40:05 +00:00
keystone-identity_delete_user :
key : "identity:delete_user"
2021-10-07 14:09:35 +00:00
value : "rule:admin_required or (role:admin and token.domain.id:%(target.user.domain_id)s)"
2021-09-21 21:40:05 +00:00
BarbicanPolicies :
barbican-admin :
key : "admin"
value : "role:admin"
2021-09-22 17:44:27 +00:00
barbican-member :
key : "member"
value : "role:member"
barbican-reader :
key : "reader"
value : "role:reader"
barbican-secret_owner :
key : "secret_owner"
value : "user_id:%(target.secret.creator_id)s"
2021-09-21 21:40:05 +00:00
barbican-secret_acl_read :
key : "secret_acl_read"
value : "'read':%(target.secret.read)s"
2021-09-22 17:44:27 +00:00
barbican-secret_is_not_private_read :
key : "secret_is_not_private_read"
value : "'True':%(target.secret.read_project_access)s"
barbican-container_owner :
key : "container_owner"
value : "user_id:%(target.container.creator_id)s"
2021-09-21 21:40:05 +00:00
barbican-container_acl_read :
key : "container_acl_read"
value : "'read':%(target.container.read)s"
2021-09-22 17:44:27 +00:00
barbican-container_is_not_private_read :
key : "container_is_not_private_read"
value : "'True':%(target.container.read_project_access)s"
2021-09-21 21:40:05 +00:00
barbican-secret_project_admin :
key : "secret_project_admin"
2021-09-22 17:44:27 +00:00
value : "rule:admin and project_id:%(target.secret.project_id)s"
barbican-secret_project_member :
key : "secret_project_member"
value : "rule:member and project_id:%(target.secret.project_id)s"
2021-09-21 21:40:05 +00:00
barbican-container_project_admin :
key : "container_project_admin"
2021-09-22 17:44:27 +00:00
value : "rule:admin and project_id:%(target.container.project_id)s"
barbican-container_project_member :
key : "container_project_member"
value : "rule:member and project_id:%(target.container.project_id)s"
2021-09-21 21:40:05 +00:00
barbican-secret_acls_get :
key : "secret_acls:get"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secret_acls_delete :
key : "secret_acls:delete"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secret_acls_put_patch :
key : "secret_acls:put_patch"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-container_acls_get :
key : "container_acls:get"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-container_acls_delete :
key : "container_acls:delete"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-container_acls_put_patch :
key : "container_acls:put_patch"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-consumer_get :
key : "consumer:get"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-consumers_get :
key : "consumers:get"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-consumers_post :
key : "consumers:post"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-consumers_delete :
key : "consumers:delete"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-containers_post :
key : "containers:post"
2021-09-22 17:44:27 +00:00
value : "rule:member"
2021-09-21 21:40:05 +00:00
barbican-containers_get :
key : "containers:get"
2021-09-22 17:44:27 +00:00
value : "rule:member"
2021-09-21 21:40:05 +00:00
barbican-container_get :
key : "container:get"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_acl_read or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-container_delete :
key : "container:delete"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-container_secret_post :
key : "container_secret:post"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-container_secret_delete :
key : "container_secret:delete"
2021-09-22 17:44:27 +00:00
value : "rule:container_project_member and (rule:container_owner or rule:container_is_not_private_read) or rule:container_project_admin"
2021-09-21 21:40:05 +00:00
barbican-orders_get :
key : "orders:get"
2021-09-22 17:44:27 +00:00
value : "rule:member"
2021-09-21 21:40:05 +00:00
barbican-orders_post :
key : "orders:post"
2021-09-22 17:44:27 +00:00
value : "rule:member"
2021-09-21 21:40:05 +00:00
barbican-orders_put :
key : "orders:put"
2021-09-22 17:44:27 +00:00
value : "rule:member"
2021-09-21 21:40:05 +00:00
barbican-order_get :
key : "order:get"
2021-09-22 17:44:27 +00:00
value : "rule:member"
2021-09-21 21:40:05 +00:00
barbican-order_delete :
key : "order:delete"
2021-09-22 17:44:27 +00:00
value : "rule:member"
2021-09-21 21:40:05 +00:00
barbican-quotas_get :
key : "quotas:get"
2021-09-22 17:44:27 +00:00
value : "rule:reader"
2021-09-21 21:40:05 +00:00
barbican-project_quotas_get :
key : "project_quotas:get"
2021-09-22 17:44:27 +00:00
value : "rule:admin"
2021-09-21 21:40:05 +00:00
barbican-project_quotas_put :
key : "project_quotas:put"
2021-09-22 17:44:27 +00:00
value : "rule:admin"
2021-09-21 21:40:05 +00:00
barbican-project_quotas_delete :
key : "project_quotas:delete"
2021-09-22 17:44:27 +00:00
value : "rule:admin"
2021-09-21 21:40:05 +00:00
barbican-secret_meta_get :
key : "secret_meta:get"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_acl_read or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secret_meta_post :
key : "secret_meta:post"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secret_meta_put :
key : "secret_meta:put"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secret_meta_delete :
key : "secret_meta:delete"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secret_decrypt :
key : "secret:decrypt"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_acl_read or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secret_get :
key : "secret:get"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_acl_read or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secret_put :
key : "secret:put"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secret_delete :
key : "secret:delete"
2021-09-22 17:44:27 +00:00
value : "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_project_admin"
2021-09-21 21:40:05 +00:00
barbican-secrets_post :
key : "secrets:post"
2021-09-22 17:44:27 +00:00
value : "rule:member"
2021-09-21 21:40:05 +00:00
barbican-secrets_get :
key : "secrets:get"
2021-09-22 17:44:27 +00:00
value : "rule:member"
2021-09-21 21:40:05 +00:00
barbican-secretstores_get :
key : "secretstores:get"
2021-09-22 17:44:27 +00:00
value : "rule:reader"
2021-09-21 21:40:05 +00:00
barbican-secretstores_get_global_default :
key : "secretstores:get_global_default"
2021-09-22 17:44:27 +00:00
value : "rule:reader"
2021-09-21 21:40:05 +00:00
barbican-secretstores_get_preferred :
key : "secretstores:get_preferred"
2021-09-22 17:44:27 +00:00
value : "rule:reader"
2021-09-21 21:40:05 +00:00
barbican-secretstore_preferred_post :
key : "secretstore_preferred:post"
value : "rule:admin"
barbican-secretstore_preferred_delete :
key : "secretstore_preferred:delete"
value : "rule:admin"
barbican-secretstore_get :
key : "secretstore:get"
2021-09-22 17:44:27 +00:00
value : "rule:reader"
2021-09-21 21:40:05 +00:00
barbican-transport_key_get :
key : "transport_key:get"
2021-09-22 17:44:27 +00:00
value : "rule:reader"
2021-09-21 21:40:05 +00:00
barbican-transport_key_delete :
key : "transport_key:delete"
2021-09-22 17:44:27 +00:00
value : "rule:admin"
2021-09-21 21:40:05 +00:00
barbican-transport_keys_get :
key : "transport_keys:get"
2021-09-22 17:44:27 +00:00
value : "rule:reader"
2021-09-21 21:40:05 +00:00
barbican-transport_keys_post :
key : "transport_keys:post"
2021-09-22 17:44:27 +00:00
value : "rule:admin"
2021-09-21 21:40:05 +00:00
ManilaApiPolicies :
manila-system-admin :
key : "system-admin"
value : "role:admin and system_scope:all"
manila-system-member :
key : "system-member"
value : "role:member and system_scope:all"
manila-system-reader :
key : "system-reader"
value : "role:reader and system_scope:all"
manila-project-admin :
key : "project-admin"
value : "role:admin and project_id:%(project_id)s"
manila-project-member :
key : "project-member"
value : "role:member and project_id:%(project_id)s"
manila-project-reader :
key : "project-reader"
value : "role:reader and project_id:%(project_id)s"
manila-context_is_admin :
key : "context_is_admin"
value : "rule:system-admin"
manila-admin_or_owner :
key : "admin_or_owner"
value : "is_admin:True or project_id:%(project_id)s"
manila-default :
key : "default"
value : "rule:admin_or_owner"
manila-admin_api :
key : "admin_api"
2021-09-22 17:35:32 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
manila-availability_zone_index :
key : "availability_zone:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-scheduler_stats_pools_index :
key : "scheduler_stats:pools:index"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-scheduler_stats_pools_detail :
key : "scheduler_stats:pools:detail"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_create :
key : "share:create"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_create_public_share :
key : "share:create_public_share"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_get :
key : "share:get"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_get_all :
key : "share:get_all"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_update :
key : "share:update"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_set_public_share :
key : "share:set_public_share"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_delete :
key : "share:delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_force_delete :
key : "share:force_delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_manage :
key : "share:manage"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_unmanage :
key : "share:unmanage"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_list_by_host :
key : "share:list_by_host"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_list_by_share_server_id :
key : "share:list_by_share_server_id"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_access_get :
key : "share:access_get"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_access_get_all :
key : "share:access_get_all"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_extend :
key : "share:extend"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_force_extend :
key : "share:force_extend"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_shrink :
key : "share:shrink"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_migration_start :
key : "share:migration_start"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_migration_complete :
key : "share:migration_complete"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_migration_cancel :
key : "share:migration_cancel"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_migration_get_progress :
key : "share:migration_get_progress"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_reset_task_state :
key : "share:reset_task_state"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_reset_status :
key : "share:reset_status"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_revert_to_snapshot :
key : "share:revert_to_snapshot"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_allow_access :
key : "share:allow_access"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_deny_access :
key : "share:deny_access"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_update_share_metadata :
key : "share:update_share_metadata"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_delete_share_metadata :
key : "share:delete_share_metadata"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_get_share_metadata :
key : "share:get_share_metadata"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_create_snapshot :
key : "share:create_snapshot"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_delete_snapshot :
key : "share:delete_snapshot"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_update :
key : "share:snapshot_update"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_instance_export_location_index :
key : "share_instance_export_location:index"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_instance_export_location_show :
key : "share_instance_export_location:show"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_type_create :
key : "share_type:create"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_type_update :
key : "share_type:update"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_type_show :
key : "share_type:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_type_index :
key : "share_type:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_type_default :
key : "share_type:default"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_type_delete :
key : "share_type:delete"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_type_list_project_access :
key : "share_type:list_project_access"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_type_add_project_access :
key : "share_type:add_project_access"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_type_remove_project_access :
key : "share_type:remove_project_access"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_types_extra_spec_create :
key : "share_types_extra_spec:create"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_types_extra_spec_show :
key : "share_types_extra_spec:show"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_types_extra_spec_index :
key : "share_types_extra_spec:index"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_types_extra_spec_update :
key : "share_types_extra_spec:update"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_types_extra_spec_delete :
key : "share_types_extra_spec:delete"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_get_snapshot :
key : "share_snapshot:get_snapshot"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_get_all_snapshots :
key : "share_snapshot:get_all_snapshots"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_force_delete :
key : "share_snapshot:force_delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_manage_snapshot :
key : "share_snapshot:manage_snapshot"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_unmanage_snapshot :
key : "share_snapshot:unmanage_snapshot"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_reset_status :
key : "share_snapshot:reset_status"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_access_list :
key : "share_snapshot:access_list"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_allow_access :
key : "share_snapshot:allow_access"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_deny_access :
key : "share_snapshot:deny_access"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_export_location_index :
key : "share_snapshot_export_location:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_export_location_show :
key : "share_snapshot_export_location:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_instance_show :
key : "share_snapshot_instance:show"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_instance_index :
key : "share_snapshot_instance:index"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_instance_detail :
key : "share_snapshot_instance:detail"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_instance_reset_status :
key : "share_snapshot_instance:reset_status"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_instance_export_location_index :
key : "share_snapshot_instance_export_location:index"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_snapshot_instance_export_location_show :
key : "share_snapshot_instance_export_location:show"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_index :
key : "share_server:index"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_show :
key : "share_server:show"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_details :
key : "share_server:details"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_delete :
key : "share_server:delete"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_manage_share_server :
key : "share_server:manage_share_server"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_unmanage_share_server :
key : "share_server:unmanage_share_server"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_reset_status :
key : "share_server:reset_status"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_share_server_migration_start :
key : "share_server:share_server_migration_start"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_share_server_migration_check :
key : "share_server:share_server_migration_check"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_share_server_migration_complete :
key : "share_server:share_server_migration_complete"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_share_server_migration_cancel :
key : "share_server:share_server_migration_cancel"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_share_server_migration_get_progress :
key : "share_server:share_server_migration_get_progress"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_server_share_server_reset_task_state :
key : "share_server:share_server_reset_task_state"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-service_index :
key : "service:index"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-service_update :
key : "service:update"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-quota_set_update :
key : "quota_set:update"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-quota_set_show :
key : "quota_set:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-quota_set_delete :
key : "quota_set:delete"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-quota_class_set_update :
key : "quota_class_set:update"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-quota_class_set_show :
key : "quota_class_set:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_group_types_spec_create :
key : "share_group_types_spec:create"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_types_spec_index :
key : "share_group_types_spec:index"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_types_spec_show :
key : "share_group_types_spec:show"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_types_spec_update :
key : "share_group_types_spec:update"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_types_spec_delete :
key : "share_group_types_spec:delete"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_type_create :
key : "share_group_type:create"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_type_index :
key : "share_group_type:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_group_type_show :
key : "share_group_type:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_group_type_default :
key : "share_group_type:default"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_group_type_delete :
key : "share_group_type:delete"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_type_list_project_access :
key : "share_group_type:list_project_access"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_type_add_project_access :
key : "share_group_type:add_project_access"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_type_remove_project_access :
key : "share_group_type:remove_project_access"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_group_snapshot_create :
key : "share_group_snapshot:create"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_group_snapshot_get :
key : "share_group_snapshot:get"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_group_snapshot_get_all :
key : "share_group_snapshot:get_all"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_group_snapshot_update :
key : "share_group_snapshot:update"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_group_snapshot_delete :
key : "share_group_snapshot:delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_group_snapshot_force_delete :
key : "share_group_snapshot:force_delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_group_snapshot_reset_status :
key : "share_group_snapshot:reset_status"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_group_create :
key : "share_group:create"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_group_get :
key : "share_group:get"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_group_get_all :
key : "share_group:get_all"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_group_update :
key : "share_group:update"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_group_delete :
key : "share_group:delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_group_force_delete :
key : "share_group:force_delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_group_reset_status :
key : "share_group:reset_status"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_replica_create :
key : "share_replica:create"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_replica_get_all :
key : "share_replica:get_all"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_replica_show :
key : "share_replica:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_replica_delete :
key : "share_replica:delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_replica_force_delete :
key : "share_replica:force_delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_replica_promote :
key : "share_replica:promote"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_replica_resync :
key : "share_replica:resync"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_replica_reset_replica_state :
key : "share_replica:reset_replica_state"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_replica_reset_status :
key : "share_replica:reset_status"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_replica_export_location_index :
key : "share_replica_export_location:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_replica_export_location_show :
key : "share_replica_export_location:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_network_create :
key : "share_network:create"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_show :
key : "share_network:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_network_index :
key : "share_network:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_network_detail :
key : "share_network:detail"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_network_update :
key : "share_network:update"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_delete :
key : "share_network:delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_add_security_service :
key : "share_network:add_security_service"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_add_security_service_check :
key : "share_network:add_security_service_check"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_remove_security_service :
key : "share_network:remove_security_service"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_update_security_service :
key : "share_network:update_security_service"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_update_security_service_check :
key : "share_network:update_security_service_check"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_reset_status :
key : "share_network:reset_status"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-admin)"
2021-09-21 21:40:05 +00:00
manila-share_network_get_all_share_networks :
key : "share_network:get_all_share_networks"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_network_subnet_create :
key : "share_network_subnet:create"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_subnet_delete :
key : "share_network_subnet:delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_network_subnet_show :
key : "share_network_subnet:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_network_subnet_index :
key : "share_network_subnet:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-security_service_create :
key : "security_service:create"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-security_service_show :
key : "security_service:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-security_service_detail :
key : "security_service:detail"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-security_service_index :
key : "security_service:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-security_service_update :
key : "security_service:update"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-security_service_delete :
key : "security_service:delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-security_service_get_all_security_services :
key : "security_service:get_all_security_services"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_export_location_index :
key : "share_export_location:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_export_location_show :
key : "share_export_location:show"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_instance_index :
key : "share_instance:index"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_instance_show :
key : "share_instance:show"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_instance_force_delete :
key : "share_instance:force_delete"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-share_instance_reset_status :
key : "share_instance:reset_status"
2021-09-22 17:35:32 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
manila-message_get :
key : "message:get"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-message_get_all :
key : "message:get_all"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-message_delete :
key : "message:delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_access_rule_get :
key : "share_access_rule:get"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_access_rule_index :
key : "share_access_rule:index"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-reader)"
2021-09-21 21:40:05 +00:00
manila-share_access_metadata_update :
key : "share_access_metadata:update"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
manila-share_access_metadata_delete :
key : "share_access_metadata:delete"
2021-09-22 17:35:32 +00:00
value : "(rule:admin_api) or (rule:project-member)"
2021-09-21 21:40:05 +00:00
OctaviaApiPolicies :
octavia-load-balancer_admin :
key : "load-balancer:admin"
2021-09-22 15:13:59 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
octavia-load-balancer_read :
key : "load-balancer:read"
2021-09-22 15:13:59 +00:00
value : "role:admin or rule:project-reader"
2021-09-21 21:40:05 +00:00
octavia-load-balancer_read-global :
key : "load-balancer:read-global"
2021-09-22 15:13:59 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
octavia-load-balancer_write :
key : "load-balancer:write"
2021-09-22 15:13:59 +00:00
value : "role:admin or rule:project-member"
2021-09-21 21:40:05 +00:00
octavia-load-balancer_read-quota :
key : "load-balancer:read-quota"
2021-09-22 15:13:59 +00:00
value : "role:admin or rule:project-reader"
2021-09-21 21:40:05 +00:00
octavia-load-balancer_read-quota-global :
key : "load-balancer:read-quota-global"
2021-09-22 15:13:59 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
octavia-load-balancer_write-quota :
key : "load-balancer:write-quota"
2021-09-22 15:13:59 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
IronicApiPolicies :
ironic-admin_api :
key : "admin_api"
2021-09-22 15:29:59 +00:00
value : "role:admin"
2021-09-21 21:40:05 +00:00
ironic-public_api :
key : "public_api"
value : "is_public_api:True"
ironic-show_password :
key : "show_password"
value : "!"
ironic-show_instance_secrets :
key : "show_instance_secrets"
value : "!"
ironic-is_member :
key : "is_member"
value : "(project_domain_id:default or project_domain_id:None) and (project_name:demo or project_name:baremetal)"
ironic-is_observer :
key : "is_observer"
value : "rule:is_member and (role:observer or role:baremetal_observer)"
ironic-is_admin :
key : "is_admin"
value : "rule:admin_api or (rule:is_member and role:baremetal_admin)"
ironic-is_node_owner :
key : "is_node_owner"
value : "project_id:%(node.owner)s"
ironic-is_node_lessee :
key : "is_node_lessee"
value : "project_id:%(node.lessee)s"
ironic-is_allocation_owner :
key : "is_allocation_owner"
value : "project_id:%(allocation.owner)s"
ironic-baremetal_node_create :
key : "baremetal:node:create"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_list :
key : "baremetal:node:list"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_list_all :
key : "baremetal:node:list_all"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get :
key : "baremetal:node:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get_filter_threshold :
key : "baremetal:node:get:filter_threshold"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get_last_error :
key : "baremetal:node:get:last_error"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get_reservation :
key : "baremetal:node:get:reservation"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get_driver_internal_info :
key : "baremetal:node:get:driver_internal_info"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get_driver_info :
key : "baremetal:node:get:driver_info"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_driver_info :
key : "baremetal:node:update:driver_info"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update :
key : "baremetal:node:update"
value : "rule:baremetal:node:update:driver_info"
ironic-baremetal_node_update_properties :
key : "baremetal:node:update:properties"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_chassis_uuid :
key : "baremetal:node:update:chassis_uuid"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_instance_uuid :
key : "baremetal:node:update:instance_uuid"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_lessee :
key : "baremetal:node:update:lessee"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_owner :
key : "baremetal:node:update:owner"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_driver_interfaces :
key : "baremetal:node:update:driver_interfaces"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_network_data :
key : "baremetal:node:update:network_data"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_conductor_group :
key : "baremetal:node:update:conductor_group"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_name :
key : "baremetal:node:update:name"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_retired :
key : "baremetal:node:update:retired"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_extra :
key : "baremetal:node:update_extra"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_instance_info :
key : "baremetal:node:update_instance_info"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_update_owner_provisioned :
key : "baremetal:node:update_owner_provisioned"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_delete :
key : "baremetal:node:delete"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_validate :
key : "baremetal:node:validate"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_set_maintenance :
key : "baremetal:node:set_maintenance"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_clear_maintenance :
key : "baremetal:node:clear_maintenance"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get_boot_device :
key : "baremetal:node:get_boot_device"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_set_boot_device :
key : "baremetal:node:set_boot_device"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get_indicator_state :
key : "baremetal:node:get_indicator_state"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_set_indicator_state :
key : "baremetal:node:set_indicator_state"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_inject_nmi :
key : "baremetal:node:inject_nmi"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get_states :
key : "baremetal:node:get_states"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_set_power_state :
key : "baremetal:node:set_power_state"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_set_boot_mode :
key : "baremetal:node:set_boot_mode"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_set_secure_boot :
key : "baremetal:node:set_secure_boot"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_set_provision_state :
key : "baremetal:node:set_provision_state"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_set_raid_state :
key : "baremetal:node:set_raid_state"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_get_console :
key : "baremetal:node:get_console"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_set_console_state :
key : "baremetal:node:set_console_state"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_vif_list :
key : "baremetal:node:vif:list"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_vif_attach :
key : "baremetal:node:vif:attach"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_vif_detach :
key : "baremetal:node:vif:detach"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_traits_list :
key : "baremetal:node:traits:list"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_traits_set :
key : "baremetal:node:traits:set"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_traits_delete :
key : "baremetal:node:traits:delete"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_bios_get :
key : "baremetal:node:bios:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_disable_cleaning :
key : "baremetal:node:disable_cleaning"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_history_get :
key : "baremetal:node:history:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_port_get :
key : "baremetal:port:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_port_list :
key : "baremetal:port:list"
value : "role:reader"
ironic-baremetal_port_list_all :
key : "baremetal:port:list_all"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_port_create :
key : "baremetal:port:create"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_port_delete :
key : "baremetal:port:delete"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_port_update :
key : "baremetal:port:update"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_portgroup_get :
key : "baremetal:portgroup:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
2021-09-21 21:40:05 +00:00
ironic-baremetal_portgroup_create :
key : "baremetal:portgroup:create"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_portgroup_delete :
key : "baremetal:portgroup:delete"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_portgroup_update :
key : "baremetal:portgroup:update"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api "
2021-09-21 21:40:05 +00:00
ironic-baremetal_portgroup_list :
key : "baremetal:portgroup:list"
value : "role:reader"
ironic-baremetal_portgroup_list_all :
key : "baremetal:portgroup:list_all"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_chassis_get :
key : "baremetal:chassis:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_chassis_create :
key : "baremetal:chassis:create"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_chassis_delete :
key : "baremetal:chassis:delete"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_chassis_update :
key : "baremetal:chassis:update"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_driver_get :
key : "baremetal:driver:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_driver_get_properties :
key : "baremetal:driver:get_properties"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_driver_get_raid_logical_disk_properties :
key : "baremetal:driver:get_raid_logical_disk_properties"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_vendor_passthru :
key : "baremetal:node:vendor_passthru"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_driver_vendor_passthru :
key : "baremetal:driver:vendor_passthru"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_node_ipa_heartbeat :
key : "baremetal:node:ipa_heartbeat"
value : ""
ironic-baremetal_driver_ipa_lookup :
key : "baremetal:driver:ipa_lookup"
value : ""
ironic-baremetal_volume_list_all :
key : "baremetal:volume:list_all"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_volume_get :
key : "baremetal:volume:get"
value : "rule:baremetal:volume:list_all"
ironic-baremetal_volume_list :
key : "baremetal:volume:list"
value : "role:reader"
ironic-baremetal_volume_create :
key : "baremetal:volume:create"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_volume_delete :
key : "baremetal:volume:delete"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_volume_update :
key : "baremetal:volume:update"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(node.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_volume_view_target_properties :
key : "baremetal:volume:view_target_properties"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_conductor_get :
key : "baremetal:conductor:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_allocation_get :
key : "baremetal:allocation:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:reader and project_id:%(allocation.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_allocation_list :
key : "baremetal:allocation:list"
value : "role:reader"
ironic-baremetal_allocation_list_all :
key : "baremetal:allocation:list_all"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_allocation_create :
key : "baremetal:allocation:create"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(allocation.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_allocation_create_restricted :
key : "baremetal:allocation:create_restricted"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_allocation_delete :
key : "baremetal:allocation:delete"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(allocation.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_allocation_update :
key : "baremetal:allocation:update"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api or (role:member and project_id:%(allocation.owner)s)"
2021-09-21 21:40:05 +00:00
ironic-baremetal_allocation_create_pre_rbac :
key : "baremetal:allocation:create_pre_rbac"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_events_post :
key : "baremetal:events:post"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_deploy_template_get :
key : "baremetal:deploy_template:get"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_deploy_template_create :
key : "baremetal:deploy_template:create"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_deploy_template_delete :
key : "baremetal:deploy_template:delete"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00
ironic-baremetal_deploy_template_update :
key : "baremetal:deploy_template:update"
2021-09-22 15:29:59 +00:00
value : "rule:admin_api"
2021-09-21 21:40:05 +00:00