diff --git a/environments/enable-secure-rbac.yaml b/environments/enable-secure-rbac.yaml index f17532b05d..ebe32e86d6 100644 --- a/environments/enable-secure-rbac.yaml +++ b/environments/enable-secure-rbac.yaml @@ -659,123 +659,105 @@ parameter_defaults: key: "os_compute_api:os-volumes-attachments:delete" value: "rule:admin_api or rule:project_member_api" PlacementPolicies: - placement-admin_api: - key: "admin_api" - value: "role:admin" - placement-system_admin_api: - key: "system_admin_api" - value: "role:admin and system_scope:all" - placement-rule_admin_api: - key: "rule:admin_api" - value: "rule:system_admin_api" - placement-system_reader_api: - key: "system_reader_api" - value: "role:reader and system_scope:all" - placement-project_reader_api: - key: "project_reader_api" - value: "role:reader and project_id:%(project_id)s" - placement-system_or_project_reader: - key: "system_or_project_reader" - value: "rule:system_reader_api or rule:project_reader_api" placement-placement_resource_providers_list: key: "placement:resource_providers:list" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_resource_providers_create: key: "placement:resource_providers:create" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_show: key: "placement:resource_providers:show" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_resource_providers_update: key: "placement:resource_providers:update" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_delete: key: "placement:resource_providers:delete" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_classes_list: key: "placement:resource_classes:list" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_resource_classes_create: key: "placement:resource_classes:create" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_classes_show: key: "placement:resource_classes:show" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_resource_classes_update: key: "placement:resource_classes:update" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_classes_delete: key: "placement:resource_classes:delete" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_inventories_list: key: "placement:resource_providers:inventories:list" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_resource_providers_inventories_create: key: "placement:resource_providers:inventories:create" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_inventories_show: key: "placement:resource_providers:inventories:show" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_resource_providers_inventories_update: key: "placement:resource_providers:inventories:update" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_inventories_delete: key: "placement:resource_providers:inventories:delete" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_aggregates_list: key: "placement:resource_providers:aggregates:list" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_resource_providers_aggregates_update: key: "placement:resource_providers:aggregates:update" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_usages: key: "placement:resource_providers:usages" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_usages: key: "placement:usages" - value: "rule:system_or_project_reader" + value: "rule:admin_api or rule:project_reader_api" placement-placement_traits_list: key: "placement:traits:list" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_traits_show: key: "placement:traits:show" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_traits_update: key: "placement:traits:update" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_traits_delete: key: "placement:traits:delete" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_traits_list: key: "placement:resource_providers:traits:list" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_resource_providers_traits_update: key: "placement:resource_providers:traits:update" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_traits_delete: key: "placement:resource_providers:traits:delete" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_allocations_manage: key: "placement:allocations:manage" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_allocations_list: key: "placement:allocations:list" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_allocations_update: key: "placement:allocations:update" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_allocations_delete: key: "placement:allocations:delete" - value: "rule:system_admin_api" + value: "rule:admin_api" placement-placement_resource_providers_allocations_list: key: "placement:resource_providers:allocations:list" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_allocation_candidates_list: key: "placement:allocation_candidates:list" - value: "rule:system_reader_api" + value: "rule:admin_api" placement-placement_reshaper_reshape: key: "placement:reshaper:reshape" - value: "rule:system_admin_api" + value: "rule:admin_api" NeutronApiPolicies: neutron-context_is_admin: key: "context_is_admin"