From ab91ff350034a186fe7f1400c2ffece96efaeacf Mon Sep 17 00:00:00 2001
From: Sean Pryor <spryor@redhat.com>
Date: Mon, 5 Jun 2017 15:35:25 -0400
Subject: Created branch 'original' with unmodified policies

Change-Id: Ia0b0ae2786caabf70b16020bfdfe26c4b02fa0ea
---
 etc/mistral/policy.json | 98 ++++++++++++++++++++++++-------------------------
 1 file changed, 49 insertions(+), 49 deletions(-)

(limited to 'etc/mistral')

diff --git a/etc/mistral/policy.json b/etc/mistral/policy.json
index a5787af..3278023 100644
--- a/etc/mistral/policy.json
+++ b/etc/mistral/policy.json
@@ -1,64 +1,64 @@
 {
     "admin_only": "is_admin:True",
     "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
-    "default": "rule:admin_or_owner and rule:deny_readonly",
+    "default": "rule:admin_or_owner",
 
-    "action_executions:delete": "rule:admin_or_owner and rule:deny_readonly",
-    "action_execution:create": "rule:admin_or_owner and rule:deny_readonly",
-    "action_executions:get": "rule:admin_or_owner and rule:deny_readonly",
-    "action_executions:list": "rule:admin_or_owner and rule:deny_readonly",
-    "action_executions:update": "rule:admin_or_owner and rule:deny_readonly",
+    "action_executions:delete": "rule:admin_or_owner",
+    "action_execution:create": "rule:admin_or_owner",
+    "action_executions:get": "rule:admin_or_owner",
+    "action_executions:list": "rule:admin_or_owner",
+    "action_executions:update": "rule:admin_or_owner",
 
-    "actions:create": "rule:admin_or_owner and rule:deny_readonly",
-    "actions:delete": "rule:admin_or_owner and rule:deny_readonly",
-    "actions:get": "rule:admin_or_owner and rule:deny_readonly",
-    "actions:list": "rule:admin_or_owner and rule:deny_readonly",
-    "actions:update": "rule:admin_or_owner and rule:deny_readonly",
+    "actions:create": "rule:admin_or_owner",
+    "actions:delete": "rule:admin_or_owner",
+    "actions:get": "rule:admin_or_owner",
+    "actions:list": "rule:admin_or_owner",
+    "actions:update": "rule:admin_or_owner",
 
-    "cron_triggers:create": "rule:admin_or_owner and rule:deny_readonly",
-    "cron_triggers:delete": "rule:admin_or_owner and rule:deny_readonly",
-    "cron_triggers:get": "rule:admin_or_owner and rule:deny_readonly",
-    "cron_triggers:list": "rule:admin_or_owner and rule:deny_readonly",
+    "cron_triggers:create": "rule:admin_or_owner",
+    "cron_triggers:delete": "rule:admin_or_owner",
+    "cron_triggers:get": "rule:admin_or_owner",
+    "cron_triggers:list": "rule:admin_or_owner",
 
-    "environments:create": "rule:admin_or_owner and rule:deny_readonly",
-    "environments:delete": "rule:admin_or_owner and rule:deny_readonly",
-    "environments:get": "rule:admin_or_owner and rule:deny_readonly",
-    "environments:list": "rule:admin_or_owner and rule:deny_readonly",
-    "environments:update": "rule:admin_or_owner and rule:deny_readonly",
+    "environments:create": "rule:admin_or_owner",
+    "environments:delete": "rule:admin_or_owner",
+    "environments:get": "rule:admin_or_owner",
+    "environments:list": "rule:admin_or_owner",
+    "environments:update": "rule:admin_or_owner",
 
-    "executions:create": "rule:admin_or_owner and rule:deny_readonly",
-    "executions:delete": "rule:admin_or_owner and rule:deny_readonly",
-    "executions:get": "rule:admin_or_owner and rule:deny_readonly",
-    "executions:list": "rule:admin_or_owner and rule:deny_readonly",
-    "executions:update": "rule:admin_or_owner and rule:deny_readonly",
+    "executions:create": "rule:admin_or_owner",
+    "executions:delete": "rule:admin_or_owner",
+    "executions:get": "rule:admin_or_owner",
+    "executions:list": "rule:admin_or_owner",
+    "executions:update": "rule:admin_or_owner",
 
-    "members:create": "rule:admin_or_owner and rule:deny_readonly",
-    "members:delete": "rule:admin_or_owner and rule:deny_readonly",
-    "members:get": "rule:admin_or_owner and rule:deny_readonly",
-    "members:list": "rule:admin_or_owner and rule:deny_readonly",
-    "members:update": "rule:admin_or_owner and rule:deny_readonly",
+    "members:create": "rule:admin_or_owner",
+    "members:delete": "rule:admin_or_owner",
+    "members:get": "rule:admin_or_owner",
+    "members:list": "rule:admin_or_owner",
+    "members:update": "rule:admin_or_owner",
 
-    "services:list": "rule:admin_or_owner and rule:deny_readonly",
+    "services:list": "rule:admin_or_owner",
 
-    "tasks:get": "rule:admin_or_owner and rule:deny_readonly",
-    "tasks:list": "rule:admin_or_owner and rule:deny_readonly",
-    "tasks:update": "rule:admin_or_owner and rule:deny_readonly",
+    "tasks:get": "rule:admin_or_owner",
+    "tasks:list": "rule:admin_or_owner",
+    "tasks:update": "rule:admin_or_owner",
 
-    "workbooks:create": "rule:admin_or_owner and rule:deny_readonly",
-    "workbooks:delete": "rule:admin_or_owner and rule:deny_readonly",
-    "workbooks:get": "rule:admin_or_owner and rule:deny_readonly",
-    "workbooks:list": "rule:admin_or_owner and rule:deny_readonly",
-    "workbooks:update": "rule:admin_or_owner and rule:deny_readonly",
+    "workbooks:create": "rule:admin_or_owner",
+    "workbooks:delete": "rule:admin_or_owner",
+    "workbooks:get": "rule:admin_or_owner",
+    "workbooks:list": "rule:admin_or_owner",
+    "workbooks:update": "rule:admin_or_owner",
 
-    "workflows:create": "rule:admin_or_owner and rule:deny_readonly",
-    "workflows:delete": "rule:admin_or_owner and rule:deny_readonly",
-    "workflows:get": "rule:admin_or_owner and rule:deny_readonly",
-    "workflows:list": "rule:admin_or_owner and rule:deny_readonly",
-    "workflows:update": "rule:admin_or_owner and rule:deny_readonly",
+    "workflows:create": "rule:admin_or_owner",
+    "workflows:delete": "rule:admin_or_owner",
+    "workflows:get": "rule:admin_or_owner",
+    "workflows:list": "rule:admin_or_owner",
+    "workflows:update": "rule:admin_or_owner",
 
-    "event_triggers:create": "rule:admin_or_owner and rule:deny_readonly",
-    "event_triggers:delete": "rule:admin_or_owner and rule:deny_readonly",
-    "event_triggers:get": "rule:admin_or_owner and rule:deny_readonly",
-    "event_triggers:list": "rule:admin_or_owner and rule:deny_readonly",
-    "event_triggers:update": "rule:admin_or_owner and rule:deny_readonly"
+    "event_triggers:create": "rule:admin_or_owner",
+    "event_triggers:delete": "rule:admin_or_owner",
+    "event_triggers:get": "rule:admin_or_owner",
+    "event_triggers:list": "rule:admin_or_owner",
+    "event_triggers:update": "rule:admin_or_owner"
 }
-- 
cgit