diff options
author | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-08 16:42:22 -0500 |
---|---|---|
committer | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-08 16:42:22 -0500 |
commit | 76707f93fc6e67c6905b0f79c47130eb32d7ee14 (patch) | |
tree | fe24acb8c05f1e7f9f8a4c1f770a36765fdc8daf /etc/zaqar/policy.json | |
download | openstack-access-policy-76707f93fc6e67c6905b0f79c47130eb32d7ee14.tar.gz openstack-access-policy-76707f93fc6e67c6905b0f79c47130eb32d7ee14.tar.xz openstack-access-policy-76707f93fc6e67c6905b0f79c47130eb32d7ee14.zip |
Initial commit
Diffstat (limited to 'etc/zaqar/policy.json')
-rw-r--r-- | etc/zaqar/policy.json | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/etc/zaqar/policy.json b/etc/zaqar/policy.json new file mode 100644 index 0000000..a7645f7 --- /dev/null +++ b/etc/zaqar/policy.json @@ -0,0 +1,47 @@ +{ + "deny_readonly": "not role:readonly", + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "queues:get_all": "", + "queues:create": "rule:deny_readonly", + "queues:get": "", + "queues:delete": "rule:deny_readonly", + "queues:update": "rule:deny_readonly", + "queues:stats": "", + + "messages:get_all": "", + "messages:create": "rule:deny_readonly", + "messages:get": "", + "messages:delete": "rule:deny_readonly", + "messages:delete_all": "rule:deny_readonly", + + "claims:get_all": "", + "claims:create": "rule:deny_readonly", + "claims:get": "", + "claims:delete": "rule:deny_readonly", + "claims:update": "rule:deny_readonly", + + "subscription:get_all": "", + "subscription:create": "rule:deny_readonly", + "subscription:get": "", + "subscription:delete": "rule:deny_readonly", + "subscription:update": "rule:deny_readonly", + "subscription:confirm": "rule:deny_readonly", + + "pools:get_all": "rule:context_is_admin", + "pools:create": "rule:context_is_admin", + "pools:get": "rule:context_is_admin", + "pools:delete": "rule:context_is_admin", + "pools:update": "rule:context_is_admin", + + "flavors:get_all": "", + "flavors:create": "rule:context_is_admin", + "flavors:get": "", + "flavors:delete": "rule:context_is_admin", + "flavors:update": "rule:context_is_admin", + + "ping:get": "", + "health:get": "rule:context_is_admin" +} |