Initial commit

1 files changed, 74 insertions, 0 deletions

diff --git a/etc/sahara/policy.json b/etc/sahara/policy.json
new file mode 100644
index 0000000..06948c5
--- /dev/null
+++ b/etc/sahara/policy.json
@@ -0,0 +1,74 @@
+{
+    "deny_readonly": "not role:readonly",
+    "context_is_admin": "role:admin",
+    "default": "",
+
+    "data-processing:clusters:get_all": "",
+    "data-processing:clusters:create": "rule:deny_readonly",
+    "data-processing:clusters:scale": "rule:deny_readonly",
+    "data-processing:clusters:get": "",
+    "data-processing:clusters:delete": "rule:deny_readonly",
+    "data-processing:clusters:modify": "rule:deny_readonly",
+
+    "data-processing:cluster-templates:get_all": "",
+    "data-processing:cluster-templates:create": "rule:deny_readonly",
+    "data-processing:cluster-templates:get": "",
+    "data-processing:cluster-templates:modify": "rule:deny_readonly",
+    "data-processing:cluster-templates:delete": "rule:deny_readonly",
+
+    "data-processing:node-group-templates:get_all": "",
+    "data-processing:node-group-templates:create": "rule:deny_readonly",
+    "data-processing:node-group-templates:get": "",
+    "data-processing:node-group-templates:modify": "rule:deny_readonly",
+    "data-processing:node-group-templates:delete": "rule:deny_readonly",
+
+    "data-processing:plugins:get_all": "",
+    "data-processing:plugins:get": "",
+    "data-processing:plugins:get_version": "",
+    "data-processing:plugins:convert_config": "rule:deny_readonly",
+    "data-processing:plugins:patch": "role:admin",
+
+    "data-processing:images:get_all": "",
+    "data-processing:images:get": "",
+    "data-processing:images:register": "rule:deny_readonly",
+    "data-processing:images:unregister": "rule:deny_readonly",
+    "data-processing:images:add_tags": "rule:deny_readonly",
+    "data-processing:images:remove_tags": "rule:deny_readonly",
+
+    "data-processing:job-executions:get_all": "",
+    "data-processing:job-executions:get": "",
+    "data-processing:job-executions:refresh_status": "",
+    "data-processing:job-executions:cancel": "rule:deny_readonly",
+    "data-processing:job-executions:delete": "rule:deny_readonly",
+    "data-processing:job-executions:modify": "rule:deny_readonly",
+
+    "data-processing:data-sources:get_all": "",
+    "data-processing:data-sources:get": "",
+    "data-processing:data-sources:register": "rule:deny_readonly",
+    "data-processing:data-sources:delete": "rule:deny_readonly",
+    "data-processing:data-sources:modify": "rule:deny_readonly",
+
+    "data-processing:jobs:get_all": "",
+    "data-processing:jobs:create": "rule:deny_readonly",
+    "data-processing:jobs:get": "",
+    "data-processing:jobs:delete": "rule:deny_readonly",
+    "data-processing:jobs:get_config_hints": "",
+    "data-processing:jobs:execute": "rule:deny_readonly",
+    "data-processing:jobs:modify": "rule:deny_readonly",
+
+    "data-processing:job-binaries:get_all": "",
+    "data-processing:job-binaries:create": "rule:deny_readonly",
+    "data-processing:job-binaries:get": "",
+    "data-processing:job-binaries:delete": "rule:deny_readonly",
+    "data-processing:job-binaries:get_data": "",
+    "data-processing:job-binaries:modify": "rule:deny_readonly",
+
+    "data-processing:job-binary-internals:get_all": "",
+    "data-processing:job-binary-internals:create": "rule:deny_readonly",
+    "data-processing:job-binary-internals:get": "",
+    "data-processing:job-binary-internals:delete": "rule:deny_readonly",
+    "data-processing:job-binary-internals:get_data": "",
+    "data-processing:job-binary-internals:modify": "rule:deny_readonly",
+
+    "data-processing:job-types:get_all": ""
+}