diff options
| author | Sean Pryor <spryor@redhat.com> | 2017-06-05 15:35:25 -0400 |
|---|---|---|
| committer | Sean Pryor <spryor@redhat.com> | 2017-06-05 15:35:25 -0400 |
| commit | ab91ff350034a186fe7f1400c2ffece96efaeacf (patch) | |
| tree | bb078096a7fd7f78b76028e2d037034a0e88780d /etc/mistral | |
| parent | 8da390dc08f48fbfaf3d35c0576d65b5085a0b8c (diff) | |
| download | openstack-access-policy-ab91ff350034a186fe7f1400c2ffece96efaeacf.tar.gz openstack-access-policy-ab91ff350034a186fe7f1400c2ffece96efaeacf.tar.xz openstack-access-policy-ab91ff350034a186fe7f1400c2ffece96efaeacf.zip | |
Created branch 'original' with unmodified policies
Change-Id: Ia0b0ae2786caabf70b16020bfdfe26c4b02fa0ea
Diffstat (limited to 'etc/mistral')
| -rw-r--r-- | etc/mistral/policy.json | 98 |
1 files changed, 49 insertions, 49 deletions
diff --git a/etc/mistral/policy.json b/etc/mistral/policy.json index a5787af..3278023 100644 --- a/etc/mistral/policy.json +++ b/etc/mistral/policy.json @@ -1,64 +1,64 @@ { "admin_only": "is_admin:True", "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner and rule:deny_readonly", + "default": "rule:admin_or_owner", - "action_executions:delete": "rule:admin_or_owner and rule:deny_readonly", - "action_execution:create": "rule:admin_or_owner and rule:deny_readonly", - "action_executions:get": "rule:admin_or_owner and rule:deny_readonly", - "action_executions:list": "rule:admin_or_owner and rule:deny_readonly", - "action_executions:update": "rule:admin_or_owner and rule:deny_readonly", + "action_executions:delete": "rule:admin_or_owner", + "action_execution:create": "rule:admin_or_owner", + "action_executions:get": "rule:admin_or_owner", + "action_executions:list": "rule:admin_or_owner", + "action_executions:update": "rule:admin_or_owner", - "actions:create": "rule:admin_or_owner and rule:deny_readonly", - "actions:delete": "rule:admin_or_owner and rule:deny_readonly", - "actions:get": "rule:admin_or_owner and rule:deny_readonly", - "actions:list": "rule:admin_or_owner and rule:deny_readonly", - "actions:update": "rule:admin_or_owner and rule:deny_readonly", + "actions:create": "rule:admin_or_owner", + "actions:delete": "rule:admin_or_owner", + "actions:get": "rule:admin_or_owner", + "actions:list": "rule:admin_or_owner", + "actions:update": "rule:admin_or_owner", - "cron_triggers:create": "rule:admin_or_owner and rule:deny_readonly", - "cron_triggers:delete": "rule:admin_or_owner and rule:deny_readonly", - "cron_triggers:get": "rule:admin_or_owner and rule:deny_readonly", - "cron_triggers:list": "rule:admin_or_owner and rule:deny_readonly", + "cron_triggers:create": "rule:admin_or_owner", + "cron_triggers:delete": "rule:admin_or_owner", + "cron_triggers:get": "rule:admin_or_owner", + "cron_triggers:list": "rule:admin_or_owner", - "environments:create": "rule:admin_or_owner and rule:deny_readonly", - "environments:delete": "rule:admin_or_owner and rule:deny_readonly", - "environments:get": "rule:admin_or_owner and rule:deny_readonly", - "environments:list": "rule:admin_or_owner and rule:deny_readonly", - "environments:update": "rule:admin_or_owner and rule:deny_readonly", + "environments:create": "rule:admin_or_owner", + "environments:delete": "rule:admin_or_owner", + "environments:get": "rule:admin_or_owner", + "environments:list": "rule:admin_or_owner", + "environments:update": "rule:admin_or_owner", - "executions:create": "rule:admin_or_owner and rule:deny_readonly", - "executions:delete": "rule:admin_or_owner and rule:deny_readonly", - "executions:get": "rule:admin_or_owner and rule:deny_readonly", - "executions:list": "rule:admin_or_owner and rule:deny_readonly", - "executions:update": "rule:admin_or_owner and rule:deny_readonly", + "executions:create": "rule:admin_or_owner", + "executions:delete": "rule:admin_or_owner", + "executions:get": "rule:admin_or_owner", + "executions:list": "rule:admin_or_owner", + "executions:update": "rule:admin_or_owner", - "members:create": "rule:admin_or_owner and rule:deny_readonly", - "members:delete": "rule:admin_or_owner and rule:deny_readonly", - "members:get": "rule:admin_or_owner and rule:deny_readonly", - "members:list": "rule:admin_or_owner and rule:deny_readonly", - "members:update": "rule:admin_or_owner and rule:deny_readonly", + "members:create": "rule:admin_or_owner", + "members:delete": "rule:admin_or_owner", + "members:get": "rule:admin_or_owner", + "members:list": "rule:admin_or_owner", + "members:update": "rule:admin_or_owner", - "services:list": "rule:admin_or_owner and rule:deny_readonly", + "services:list": "rule:admin_or_owner", - "tasks:get": "rule:admin_or_owner and rule:deny_readonly", - "tasks:list": "rule:admin_or_owner and rule:deny_readonly", - "tasks:update": "rule:admin_or_owner and rule:deny_readonly", + "tasks:get": "rule:admin_or_owner", + "tasks:list": "rule:admin_or_owner", + "tasks:update": "rule:admin_or_owner", - "workbooks:create": "rule:admin_or_owner and rule:deny_readonly", - "workbooks:delete": "rule:admin_or_owner and rule:deny_readonly", - "workbooks:get": "rule:admin_or_owner and rule:deny_readonly", - "workbooks:list": "rule:admin_or_owner and rule:deny_readonly", - "workbooks:update": "rule:admin_or_owner and rule:deny_readonly", + "workbooks:create": "rule:admin_or_owner", + "workbooks:delete": "rule:admin_or_owner", + "workbooks:get": "rule:admin_or_owner", + "workbooks:list": "rule:admin_or_owner", + "workbooks:update": "rule:admin_or_owner", - "workflows:create": "rule:admin_or_owner and rule:deny_readonly", - "workflows:delete": "rule:admin_or_owner and rule:deny_readonly", - "workflows:get": "rule:admin_or_owner and rule:deny_readonly", - "workflows:list": "rule:admin_or_owner and rule:deny_readonly", - "workflows:update": "rule:admin_or_owner and rule:deny_readonly", + "workflows:create": "rule:admin_or_owner", + "workflows:delete": "rule:admin_or_owner", + "workflows:get": "rule:admin_or_owner", + "workflows:list": "rule:admin_or_owner", + "workflows:update": "rule:admin_or_owner", - "event_triggers:create": "rule:admin_or_owner and rule:deny_readonly", - "event_triggers:delete": "rule:admin_or_owner and rule:deny_readonly", - "event_triggers:get": "rule:admin_or_owner and rule:deny_readonly", - "event_triggers:list": "rule:admin_or_owner and rule:deny_readonly", - "event_triggers:update": "rule:admin_or_owner and rule:deny_readonly" + "event_triggers:create": "rule:admin_or_owner", + "event_triggers:delete": "rule:admin_or_owner", + "event_triggers:get": "rule:admin_or_owner", + "event_triggers:list": "rule:admin_or_owner", + "event_triggers:update": "rule:admin_or_owner" } |