Merge "Implement project personas in custom placement policy file"

This commit is contained in:
Zuul 2021-10-12 23:15:47 +00:00 committed by Gerrit Code Review
commit 1d62ad289a
1 changed files with 33 additions and 51 deletions

View File

@ -659,123 +659,105 @@ parameter_defaults:
key: "os_compute_api:os-volumes-attachments:delete"
value: "rule:admin_api or rule:project_member_api"
PlacementPolicies:
placement-admin_api:
key: "admin_api"
value: "role:admin"
placement-system_admin_api:
key: "system_admin_api"
value: "role:admin and system_scope:all"
placement-rule_admin_api:
key: "rule:admin_api"
value: "rule:system_admin_api"
placement-system_reader_api:
key: "system_reader_api"
value: "role:reader and system_scope:all"
placement-project_reader_api:
key: "project_reader_api"
value: "role:reader and project_id:%(project_id)s"
placement-system_or_project_reader:
key: "system_or_project_reader"
value: "rule:system_reader_api or rule:project_reader_api"
placement-placement_resource_providers_list:
key: "placement:resource_providers:list"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_resource_providers_create:
key: "placement:resource_providers:create"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_show:
key: "placement:resource_providers:show"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_resource_providers_update:
key: "placement:resource_providers:update"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_delete:
key: "placement:resource_providers:delete"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_classes_list:
key: "placement:resource_classes:list"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_resource_classes_create:
key: "placement:resource_classes:create"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_classes_show:
key: "placement:resource_classes:show"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_resource_classes_update:
key: "placement:resource_classes:update"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_classes_delete:
key: "placement:resource_classes:delete"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_inventories_list:
key: "placement:resource_providers:inventories:list"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_resource_providers_inventories_create:
key: "placement:resource_providers:inventories:create"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_inventories_show:
key: "placement:resource_providers:inventories:show"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_resource_providers_inventories_update:
key: "placement:resource_providers:inventories:update"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_inventories_delete:
key: "placement:resource_providers:inventories:delete"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_aggregates_list:
key: "placement:resource_providers:aggregates:list"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_resource_providers_aggregates_update:
key: "placement:resource_providers:aggregates:update"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_usages:
key: "placement:resource_providers:usages"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_usages:
key: "placement:usages"
value: "rule:system_or_project_reader"
value: "rule:admin_api or rule:project_reader_api"
placement-placement_traits_list:
key: "placement:traits:list"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_traits_show:
key: "placement:traits:show"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_traits_update:
key: "placement:traits:update"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_traits_delete:
key: "placement:traits:delete"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_traits_list:
key: "placement:resource_providers:traits:list"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_resource_providers_traits_update:
key: "placement:resource_providers:traits:update"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_traits_delete:
key: "placement:resource_providers:traits:delete"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_allocations_manage:
key: "placement:allocations:manage"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_allocations_list:
key: "placement:allocations:list"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_allocations_update:
key: "placement:allocations:update"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_allocations_delete:
key: "placement:allocations:delete"
value: "rule:system_admin_api"
value: "rule:admin_api"
placement-placement_resource_providers_allocations_list:
key: "placement:resource_providers:allocations:list"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_allocation_candidates_list:
key: "placement:allocation_candidates:list"
value: "rule:system_reader_api"
value: "rule:admin_api"
placement-placement_reshaper_reshape:
key: "placement:reshaper:reshape"
value: "rule:system_admin_api"
value: "rule:admin_api"
NeutronApiPolicies:
neutron-context_is_admin:
key: "context_is_admin"