diff options
author | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-08 16:42:22 -0500 |
---|---|---|
committer | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-08 16:42:22 -0500 |
commit | 76707f93fc6e67c6905b0f79c47130eb32d7ee14 (patch) | |
tree | fe24acb8c05f1e7f9f8a4c1f770a36765fdc8daf /etc/sahara | |
download | openstack-access-policy-76707f93fc6e67c6905b0f79c47130eb32d7ee14.tar.gz openstack-access-policy-76707f93fc6e67c6905b0f79c47130eb32d7ee14.tar.xz openstack-access-policy-76707f93fc6e67c6905b0f79c47130eb32d7ee14.zip |
Initial commit
Diffstat (limited to 'etc/sahara')
-rw-r--r-- | etc/sahara/policy.json | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/etc/sahara/policy.json b/etc/sahara/policy.json new file mode 100644 index 0000000..06948c5 --- /dev/null +++ b/etc/sahara/policy.json @@ -0,0 +1,74 @@ +{ + "deny_readonly": "not role:readonly", + "context_is_admin": "role:admin", + "default": "", + + "data-processing:clusters:get_all": "", + "data-processing:clusters:create": "rule:deny_readonly", + "data-processing:clusters:scale": "rule:deny_readonly", + "data-processing:clusters:get": "", + "data-processing:clusters:delete": "rule:deny_readonly", + "data-processing:clusters:modify": "rule:deny_readonly", + + "data-processing:cluster-templates:get_all": "", + "data-processing:cluster-templates:create": "rule:deny_readonly", + "data-processing:cluster-templates:get": "", + "data-processing:cluster-templates:modify": "rule:deny_readonly", + "data-processing:cluster-templates:delete": "rule:deny_readonly", + + "data-processing:node-group-templates:get_all": "", + "data-processing:node-group-templates:create": "rule:deny_readonly", + "data-processing:node-group-templates:get": "", + "data-processing:node-group-templates:modify": "rule:deny_readonly", + "data-processing:node-group-templates:delete": "rule:deny_readonly", + + "data-processing:plugins:get_all": "", + "data-processing:plugins:get": "", + "data-processing:plugins:get_version": "", + "data-processing:plugins:convert_config": "rule:deny_readonly", + "data-processing:plugins:patch": "role:admin", + + "data-processing:images:get_all": "", + "data-processing:images:get": "", + "data-processing:images:register": "rule:deny_readonly", + "data-processing:images:unregister": "rule:deny_readonly", + "data-processing:images:add_tags": "rule:deny_readonly", + "data-processing:images:remove_tags": "rule:deny_readonly", + + "data-processing:job-executions:get_all": "", + "data-processing:job-executions:get": "", + "data-processing:job-executions:refresh_status": "", + "data-processing:job-executions:cancel": "rule:deny_readonly", + "data-processing:job-executions:delete": "rule:deny_readonly", + "data-processing:job-executions:modify": "rule:deny_readonly", + + "data-processing:data-sources:get_all": "", + "data-processing:data-sources:get": "", + "data-processing:data-sources:register": "rule:deny_readonly", + "data-processing:data-sources:delete": "rule:deny_readonly", + "data-processing:data-sources:modify": "rule:deny_readonly", + + "data-processing:jobs:get_all": "", + "data-processing:jobs:create": "rule:deny_readonly", + "data-processing:jobs:get": "", + "data-processing:jobs:delete": "rule:deny_readonly", + "data-processing:jobs:get_config_hints": "", + "data-processing:jobs:execute": "rule:deny_readonly", + "data-processing:jobs:modify": "rule:deny_readonly", + + "data-processing:job-binaries:get_all": "", + "data-processing:job-binaries:create": "rule:deny_readonly", + "data-processing:job-binaries:get": "", + "data-processing:job-binaries:delete": "rule:deny_readonly", + "data-processing:job-binaries:get_data": "", + "data-processing:job-binaries:modify": "rule:deny_readonly", + + "data-processing:job-binary-internals:get_all": "", + "data-processing:job-binary-internals:create": "rule:deny_readonly", + "data-processing:job-binary-internals:get": "", + "data-processing:job-binary-internals:delete": "rule:deny_readonly", + "data-processing:job-binary-internals:get_data": "", + "data-processing:job-binary-internals:modify": "rule:deny_readonly", + + "data-processing:job-types:get_all": "" +} |