diff options
Diffstat (limited to 'etc/aodh')
-rw-r--r-- | etc/aodh/policy.json | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/etc/aodh/policy.json b/etc/aodh/policy.json index 4fd873e..444f1d5 100644 --- a/etc/aodh/policy.json +++ b/etc/aodh/policy.json @@ -1,20 +1,26 @@ { - "context_is_admin": "role:admin", - "segregation": "rule:context_is_admin", - "admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s", - "default": "rule:admin_or_owner", + "global_readonly": "(role:global_readonly)", + "readonly": "((project_id:%(project_id)s and role:readonly) or rule:global_readonly)", + "_member_role": "(role:member or role:_member_)", + "member": "(project_id:%(project_id)s and rule:_member_role)", + "admin": "(is_admin:True or role:admin)", + "owner": "(user_id:%(user_id)s and rule:_member_role)", - "telemetry:get_alarm": "rule:admin_or_owner", - "telemetry:get_alarms": "rule:admin_or_owner", - "telemetry:query_alarm": "rule:admin_or_owner", + "segregation": "rule:admin", - "telemetry:create_alarm": "", - "telemetry:change_alarm": "rule:admin_or_owner", - "telemetry:delete_alarm": "rule:admin_or_owner", + "default": "rule:admin or rule:member", - "telemetry:get_alarm_state": "rule:admin_or_owner", - "telemetry:change_alarm_state": "rule:admin_or_owner", + "telemetry:get_alarm": "rule:admin or rule:member", + "telemetry:get_alarms": "rule:admin or rule:member", + "telemetry:query_alarm": "rule:admin or rule:member", - "telemetry:alarm_history": "rule:admin_or_owner", - "telemetry:query_alarm_history": "rule:admin_or_owner" + "telemetry:create_alarm": "rule:admin or rule: member", + "telemetry:change_alarm": "rule:admin or rule:member", + "telemetry:delete_alarm": "rule:admin or rule:member", + + "telemetry:get_alarm_state": "rule:admin or rule:member", + "telemetry:change_alarm_state": "rule:admin or rule:member", + + "telemetry:alarm_history": "rule:admin or rule:member", + "telemetry:query_alarm_history": "rule:admin or rule:member" } |