77 lines
3.1 KiB
JSON
77 lines
3.1 KiB
JSON
{
|
|
"context_is_admin": "role:admin or user_name:neutron",
|
|
"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
|
|
"context_is_advsvc": "role:advsvc",
|
|
"admin_only": "rule:context_is_admin",
|
|
"regular_user": "",
|
|
"default": "rule:admin_or_owner",
|
|
"shared_ptg": "field:policy_target_groups:shared=True",
|
|
"shared_pt": "field:policy_targets:shared=True",
|
|
"shared_prs": "field:policy_rule_sets:shared=True",
|
|
"shared_l3p": "field:l3_policies:shared=True",
|
|
"shared_l2p": "field:l2_policies:shared=True",
|
|
"shared_es": "field:external_segments:shared=True",
|
|
"shared_ep": "field:external_policies:shared=True",
|
|
"shared_pc": "field:policy_classifiers:shared=True",
|
|
"shared_pa": "field:policy_actions:shared=True",
|
|
"shared_pr": "field:policy_rules:shared=True",
|
|
"shared_np": "field:nat_pools:shared=True",
|
|
"shared_nsp": "field:network_service_policies:shared=True",
|
|
"shared_scn": "field:servicechain_nodes:shared=True",
|
|
"shared_scs": "field:servicechain_specs:shared=True",
|
|
"shared_sp": "field:service_profiles:shared=True",
|
|
"auto_ptg": "field:policy_target_groups:is_auto_ptg=True",
|
|
"non_auto_ptg_shared": "rule:admin_or_owner or rule:shared_ptg",
|
|
"non_auto_ptg": "rule:non_auto_ptg_shared and not rule:auto_ptg",
|
|
"admin_auto_ptg_shared": "rule:admin_only or rule:shared_ptg",
|
|
"admin_auto_ptg": "rule:admin_auto_ptg_shared and rule:auto_ptg",
|
|
|
|
"create_policy_target_group": "",
|
|
"create_policy_target_group:enforce_service_chains": "rule:admin_only",
|
|
"get_policy_target_group": "rule:admin_auto_ptg or rule:non_auto_ptg",
|
|
"update_policy_target_group": "rule:admin_auto_ptg or rule:non_auto_ptg",
|
|
"create_policy_target_group:service_management": "rule:admin_only",
|
|
|
|
"create_l2_policy": "",
|
|
"get_l2_policy": "rule:admin_or_owner or rule:shared_l2p",
|
|
|
|
"create_l3_policy": "",
|
|
"get_l3_policy": "rule:admin_or_owner or rule:shared_l3p",
|
|
|
|
"create_policy_classifier": "",
|
|
"get_policy_classifier": "rule:admin_or_owner or rule:shared_pc",
|
|
|
|
"create_policy_action": "",
|
|
"get_policy_action": "rule:admin_or_owner or rule:shared_pa",
|
|
|
|
"create_policy_rule": "",
|
|
"get_policy_rule": "rule:admin_or_owner or rule:shared_pr",
|
|
|
|
"create_policy_rule_set": "",
|
|
"get_policy_rule_set": "rule:admin_or_owner or rule:shared_prs",
|
|
|
|
"create_network_service_policy": "",
|
|
"get_network_service_policy": "rule:admin_or_owner or rule:shared_nsp",
|
|
|
|
"create_external_segment": "",
|
|
"get_external_segment": "rule:admin_or_owner or rule:shared_es",
|
|
|
|
"create_external_policy": "",
|
|
"get_external_policy": "rule:admin_or_owner or rule:shared_ep",
|
|
|
|
"create_nat_pool": "",
|
|
"get_nat_pool": "rule:admin_or_owner or rule:shared_np",
|
|
|
|
"create_servicechain_node": "",
|
|
"get_servicechain_node": "rule:admin_or_owner or rule:shared_scn",
|
|
|
|
"create_servicechain_spec": "",
|
|
"get_servicechain_spec": "rule:admin_or_owner or rule:shared_scs",
|
|
|
|
"create_servicechain_instance": "",
|
|
"get_servicechain_instance": "rule:admin_or_owner",
|
|
|
|
"create_service_profile": "",
|
|
"get_service_profile": "rule:admin_or_owner or rule:shared_sp"
|
|
}
|