Initial commit

1 files changed, 47 insertions, 0 deletions

diff --git a/etc/zaqar/policy.json b/etc/zaqar/policy.json
new file mode 100644
index 0000000..a7645f7
--- /dev/null
+++ b/etc/zaqar/policy.json
@@ -0,0 +1,47 @@
+{
+    "deny_readonly": "not role:readonly",
+    "context_is_admin": "role:admin",
+    "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
+    "default": "rule:admin_or_owner",
+
+    "queues:get_all": "",
+    "queues:create": "rule:deny_readonly",
+    "queues:get": "",
+    "queues:delete": "rule:deny_readonly",
+    "queues:update": "rule:deny_readonly",
+    "queues:stats": "",
+
+    "messages:get_all": "",
+    "messages:create": "rule:deny_readonly",
+    "messages:get": "",
+    "messages:delete": "rule:deny_readonly",
+    "messages:delete_all": "rule:deny_readonly",
+
+    "claims:get_all": "",
+    "claims:create": "rule:deny_readonly",
+    "claims:get": "",
+    "claims:delete": "rule:deny_readonly",
+    "claims:update": "rule:deny_readonly",
+
+    "subscription:get_all": "",
+    "subscription:create": "rule:deny_readonly",
+    "subscription:get": "",
+    "subscription:delete": "rule:deny_readonly",
+    "subscription:update": "rule:deny_readonly",
+    "subscription:confirm": "rule:deny_readonly",
+
+    "pools:get_all": "rule:context_is_admin",
+    "pools:create": "rule:context_is_admin",
+    "pools:get": "rule:context_is_admin",
+    "pools:delete": "rule:context_is_admin",
+    "pools:update": "rule:context_is_admin",
+
+    "flavors:get_all": "",
+    "flavors:create": "rule:context_is_admin",
+    "flavors:get": "",
+    "flavors:delete": "rule:context_is_admin",
+    "flavors:update": "rule:context_is_admin",
+
+    "ping:get": "",
+    "health:get": "rule:context_is_admin"
+}