summaryrefslogtreecommitdiffstats
path: root/etc/sahara/policy.json
diff options
context:
space:
mode:
Diffstat (limited to 'etc/sahara/policy.json')
-rw-r--r--etc/sahara/policy.json126
1 files changed, 66 insertions, 60 deletions
diff --git a/etc/sahara/policy.json b/etc/sahara/policy.json
index 789dafc..15eeb69 100644
--- a/etc/sahara/policy.json
+++ b/etc/sahara/policy.json
@@ -1,73 +1,79 @@
{
- "context_is_admin": "role:admin",
- "default": "",
+ "global_readonly": "(role:global_readonly)",
+ "readonly": "((project_id:%(project_id)s and role:readonly) or rule:global_readonly)",
+ "_member_role": "(role:member or role:_member_)",
+ "member": "(project_id:%(project_id)s and rule:_member_role)",
+ "admin": "(is_admin:True or role:admin)",
+ "owner": "(user_id:%(user_id)s and rule:_member_role)",
- "data-processing:clusters:get_all": "",
- "data-processing:clusters:create": "",
- "data-processing:clusters:scale": "",
- "data-processing:clusters:get": "",
- "data-processing:clusters:delete": "",
- "data-processing:clusters:modify": "",
+ "default": "rule:admin or rule:member",
- "data-processing:cluster-templates:get_all": "",
- "data-processing:cluster-templates:create": "",
- "data-processing:cluster-templates:get": "",
- "data-processing:cluster-templates:modify": "",
- "data-processing:cluster-templates:delete": "",
+ "data-processing:clusters:get_all": "rule:admin or rule:member",
+ "data-processing:clusters:create": "rule:admin or rule:member",
+ "data-processing:clusters:scale": "rule:admin or rule:member",
+ "data-processing:clusters:get": "rule:admin or rule:member",
+ "data-processing:clusters:delete": "rule:admin or rule:member",
+ "data-processing:clusters:modify": "rule:admin or rule:member",
- "data-processing:node-group-templates:get_all": "",
- "data-processing:node-group-templates:create": "",
- "data-processing:node-group-templates:get": "",
- "data-processing:node-group-templates:modify": "",
- "data-processing:node-group-templates:delete": "",
+ "data-processing:cluster-templates:get_all": "rule:admin or rule:member",
+ "data-processing:cluster-templates:create": "rule:admin or rule:member",
+ "data-processing:cluster-templates:get": "rule:admin or rule:member",
+ "data-processing:cluster-templates:modify": "rule:admin or rule:member",
+ "data-processing:cluster-templates:delete": "rule:admin or rule:member",
- "data-processing:plugins:get_all": "",
- "data-processing:plugins:get": "",
- "data-processing:plugins:get_version": "",
- "data-processing:plugins:convert_config": "",
- "data-processing:plugins:patch": "role:admin",
+ "data-processing:node-group-templates:get_all": "rule:admin or rule:member",
+ "data-processing:node-group-templates:create": "rule:admin or rule:member",
+ "data-processing:node-group-templates:get": "rule:admin or rule:member",
+ "data-processing:node-group-templates:modify": "rule:admin or rule:member",
+ "data-processing:node-group-templates:delete": "rule:admin or rule:member",
- "data-processing:images:get_all": "",
- "data-processing:images:get": "",
- "data-processing:images:register": "",
- "data-processing:images:unregister": "",
- "data-processing:images:add_tags": "",
- "data-processing:images:remove_tags": "",
+ "data-processing:plugins:get_all": "rule:admin or rule:member",
+ "data-processing:plugins:get": "rule:admin or rule:member",
+ "data-processing:plugins:get_version": "rule:admin or rule:member",
+ "data-processing:plugins:convert_config": "rule:admin or rule:member",
+ "data-processing:plugins:patch": "rule:admin",
- "data-processing:job-executions:get_all": "",
- "data-processing:job-executions:get": "",
- "data-processing:job-executions:refresh_status": "",
- "data-processing:job-executions:cancel": "",
- "data-processing:job-executions:delete": "",
- "data-processing:job-executions:modify": "",
+ "data-processing:images:get_all": "rule:admin or rule:member",
+ "data-processing:images:get": "rule:admin or rule:member",
+ "data-processing:images:register": "rule:admin or rule:member",
+ "data-processing:images:unregister": "rule:admin or rule:member",
+ "data-processing:images:add_tags": "rule:admin or rule:member",
+ "data-processing:images:remove_tags": "rule:admin or rule:member",
- "data-processing:data-sources:get_all": "",
- "data-processing:data-sources:get": "",
- "data-processing:data-sources:register": "",
- "data-processing:data-sources:delete": "",
- "data-processing:data-sources:modify": "",
+ "data-processing:job-executions:get_all": "rule:admin or rule:member",
+ "data-processing:job-executions:get": "rule:admin or rule:member",
+ "data-processing:job-executions:refresh_status": "rule:admin or rule:member",
+ "data-processing:job-executions:cancel": "rule:admin or rule:member",
+ "data-processing:job-executions:delete": "rule:admin or rule:member",
+ "data-processing:job-executions:modify": "rule:admin or rule:member",
- "data-processing:jobs:get_all": "",
- "data-processing:jobs:create": "",
- "data-processing:jobs:get": "",
- "data-processing:jobs:delete": "",
- "data-processing:jobs:get_config_hints": "",
- "data-processing:jobs:execute": "",
- "data-processing:jobs:modify": "",
+ "data-processing:data-sources:get_all": "rule:admin or rule:member",
+ "data-processing:data-sources:get": "rule:admin or rule:member",
+ "data-processing:data-sources:register": "rule:admin or rule:member",
+ "data-processing:data-sources:delete": "rule:admin or rule:member",
+ "data-processing:data-sources:modify": "rule:admin or rule:member",
- "data-processing:job-binaries:get_all": "",
- "data-processing:job-binaries:create": "",
- "data-processing:job-binaries:get": "",
- "data-processing:job-binaries:delete": "",
- "data-processing:job-binaries:get_data": "",
- "data-processing:job-binaries:modify": "",
+ "data-processing:jobs:get_all": "rule:admin or rule:member",
+ "data-processing:jobs:create": "rule:admin or rule:member",
+ "data-processing:jobs:get": "rule:admin or rule:member",
+ "data-processing:jobs:delete": "rule:admin or rule:member",
+ "data-processing:jobs:get_config_hints": "rule:admin or rule:member",
+ "data-processing:jobs:execute": "rule:admin or rule:member",
+ "data-processing:jobs:modify": "rule:admin or rule:member",
- "data-processing:job-binary-internals:get_all": "",
- "data-processing:job-binary-internals:create": "",
- "data-processing:job-binary-internals:get": "",
- "data-processing:job-binary-internals:delete": "",
- "data-processing:job-binary-internals:get_data": "",
- "data-processing:job-binary-internals:modify": "",
+ "data-processing:job-binaries:get_all": "rule:admin or rule:member",
+ "data-processing:job-binaries:create": "rule:admin or rule:member",
+ "data-processing:job-binaries:get": "rule:admin or rule:member",
+ "data-processing:job-binaries:delete": "rule:admin or rule:member",
+ "data-processing:job-binaries:get_data": "rule:admin or rule:member",
+ "data-processing:job-binaries:modify": "rule:admin or rule:member",
- "data-processing:job-types:get_all": ""
+ "data-processing:job-binary-internals:get_all": "rule:admin or rule:member",
+ "data-processing:job-binary-internals:create": "rule:admin or rule:member",
+ "data-processing:job-binary-internals:get": "rule:admin or rule:member",
+ "data-processing:job-binary-internals:delete": "rule:admin or rule:member",
+ "data-processing:job-binary-internals:get_data": "rule:admin or rule:member",
+ "data-processing:job-binary-internals:modify": "rule:admin or rule:member",
+
+ "data-processing:job-types:get_all": "rule:admin or rule:member"
}
generated by cgit (git 2.34.1) at 2024-04-27 15:27:03 +0000