diff options
author | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-08 16:42:22 -0500 |
---|---|---|
committer | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-08 16:42:22 -0500 |
commit | 76707f93fc6e67c6905b0f79c47130eb32d7ee14 (patch) | |
tree | fe24acb8c05f1e7f9f8a4c1f770a36765fdc8daf /etc/manila/policy.json | |
download | openstack-access-policy-76707f93fc6e67c6905b0f79c47130eb32d7ee14.tar.gz openstack-access-policy-76707f93fc6e67c6905b0f79c47130eb32d7ee14.tar.xz openstack-access-policy-76707f93fc6e67c6905b0f79c47130eb32d7ee14.zip |
Initial commit
Diffstat (limited to 'etc/manila/policy.json')
-rw-r--r-- | etc/manila/policy.json | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/etc/manila/policy.json b/etc/manila/policy.json new file mode 100644 index 0000000..c9c7c51 --- /dev/null +++ b/etc/manila/policy.json @@ -0,0 +1,136 @@ +{ + "deny_readonly": "not role:readonly", + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "admin_api": "is_admin:True", + + "availability_zone:index": "rule:default", + + "quota_set:update": "rule:admin_api", + "quota_set:show": "rule:default", + "quota_set:delete": "rule:admin_api", + + "quota_class_set:show": "rule:default", + "quota_class_set:update": "rule:admin_api", + + "service:index": "rule:admin_api", + "service:update": "rule:admin_api", + + "share:create": "rule:deny_readonly", + "share:delete": "rule:default", + "share:get": "rule:default", + "share:get_all": "rule:default", + "share:list_by_share_server_id": "rule:admin_api", + "share:update": "rule:default", + "share:access_get": "rule:default", + "share:access_get_all": "rule:default", + "share:allow_access": "rule:default", + "share:deny_access": "rule:default", + "share:extend": "rule:default", + "share:shrink": "rule:default", + "share:get_share_metadata": "rule:default", + "share:delete_share_metadata": "rule:default", + "share:update_share_metadata": "rule:default", + "share:migration_start": "rule:admin_api", + "share:migration_complete": "rule:admin_api", + "share:migration_cancel": "rule:admin_api", + "share:migration_get_progress": "rule:admin_api", + "share:reset_task_state": "rule:admin_api", + "share:manage": "rule:admin_api", + "share:unmanage": "rule:admin_api", + "share:force_delete": "rule:admin_api", + "share:reset_status": "rule:admin_api", + "share_export_location:index": "rule:default", + "share_export_location:show": "rule:default", + + "share_instance:index": "rule:admin_api", + "share_instance:show": "rule:admin_api", + "share_instance:force_delete": "rule:admin_api", + "share_instance:reset_status": "rule:admin_api", + "share_instance_export_location:index": "rule:admin_api", + "share_instance_export_location:show": "rule:admin_api", + + "share_snapshot:create_snapshot": "rule:default", + "share_snapshot:delete_snapshot": "rule:default", + "share_snapshot:get_snapshot": "rule:default", + "share_snapshot:get_all_snapshots": "rule:default", + "share_snapshot:snapshot_update": "rule:default", + "share_snapshot:manage_snapshot": "rule:admin_api", + "share_snapshot:unmanage_snapshot": "rule:admin_api", + "share_snapshot:force_delete": "rule:admin_api", + "share_snapshot:reset_status": "rule:admin_api", + + "share_snapshot_instance:detail": "rule:admin_api", + "share_snapshot_instance:index": "rule:admin_api", + "share_snapshot_instance:show": "rule:admin_api", + "share_snapshot_instance:reset_status": "rule:admin_api", + + "share_type:index": "rule:default", + "share_type:show": "rule:default", + "share_type:default": "rule:default", + "share_type:create": "rule:admin_api", + "share_type:delete": "rule:admin_api", + "share_type:add_project_access": "rule:admin_api", + "share_type:list_project_access": "rule:admin_api", + "share_type:remove_project_access": "rule:admin_api", + + "share_types_extra_spec:create": "rule:admin_api", + "share_types_extra_spec:update": "rule:admin_api", + "share_types_extra_spec:show": "rule:admin_api", + "share_types_extra_spec:index": "rule:admin_api", + "share_types_extra_spec:delete": "rule:admin_api", + + "security_service:create": "rule:default", + "security_service:delete": "rule:default", + "security_service:update": "rule:default", + "security_service:show": "rule:default", + "security_service:index": "rule:default", + "security_service:detail": "rule:default", + "security_service:get_all_security_services": "rule:admin_api", + + "share_server:index": "rule:admin_api", + "share_server:show": "rule:admin_api", + "share_server:details": "rule:admin_api", + "share_server:delete": "rule:admin_api", + + "share_network:create": "rule:default", + "share_network:delete": "rule:default", + "share_network:update": "rule:default", + "share_network:index": "rule:default", + "share_network:detail": "rule:default", + "share_network:show": "rule:default", + "share_network:add_security_service": "rule:default", + "share_network:remove_security_service": "rule:default", + "share_network:get_all_share_networks": "rule:admin_api", + + "scheduler_stats:pools:index": "rule:admin_api", + "scheduler_stats:pools:detail": "rule:admin_api", + + "consistency_group:create" : "rule:default", + "consistency_group:delete": "rule:default", + "consistency_group:update": "rule:default", + "consistency_group:get": "rule:default", + "consistency_group:get_all": "rule:default", + "consistency_group:force_delete": "rule:admin_api", + "consistency_group:reset_status": "rule:admin_api", + + "cgsnapshot:force_delete": "rule:admin_api", + "cgsnapshot:reset_status": "rule:admin_api", + "cgsnapshot:create" : "rule:default", + "cgsnapshot:update" : "rule:default", + "cgsnapshot:delete": "rule:default", + "cgsnapshot:get_cgsnapshot": "rule:default", + "cgsnapshot:get_all": "rule:default", + + "share_replica:get_all": "rule:default", + "share_replica:show": "rule:default", + "share_replica:create" : "rule:default", + "share_replica:delete": "rule:default", + "share_replica:promote": "rule:default", + "share_replica:resync": "rule:admin_api", + "share_replica:reset_status": "rule:admin_api", + "share_replica:force_delete": "rule:admin_api", + "share_replica:reset_replica_state": "rule:admin_api" +} |