etc/glance/policy.json


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

{
    "readonly": "(project_id:%(project_id)s and role:readonly)",
    "global_readonly": "(role:global_readonly)",
    "_member_role": "(role:member or role:_member_)",
    "member": "(project_id:%(project_id)s and rule:_member_role)",
    "admin": "(is_admin:True or role:admin)",
    "owner": "(user_id:%(user_id)s and rule:_member_role)",

    "default": "role:admin",

    "add_image": "rule:admin or rule:member",
    "delete_image": "rule:admin or rule:member or rule:owner",
    "get_image": "rule:admin or rule:member or rule:readonly",
    "get_images": "rule:admin or rule:member or rule:readonly",
    "modify_image": "rule:admin or rule:member",
    "publicize_image": "rule:admin",
    "copy_from": "rule:admin or rule:member",

    "download_image": "rule:admin or rule:member",
    "upload_image": "rule:admin or rule:member",

    "delete_image_location": "rule:admin or rule:member",
    "get_image_location": "rule:admin or rule:member",
    "set_image_location": "rule:admin or rule:member",

    "add_member": "rule:admin or rule:member",
    "delete_member": "rule:admin or rule:member",
    "get_member": "rule:admin or rule:member or rule:readonly",
    "get_members": "rule:admin or rule:member or rule:readonly",
    "modify_member": "rule:admin or rule:member",

    "manage_image_cache": "role:admin",

    "get_task": "role:admin",
    "get_tasks": "role:admin",
    "add_task": "role:admin",
    "modify_task": "role:admin",

    "deactivate": "rule:admin or rule:member",
    "reactivate": "rule:admin or rule:member",

    "get_metadef_namespace": "rule:admin or rule:member or rule:readonly",
    "get_metadef_namespaces":"rule:admin or rule:member or rule:readonly",
    "modify_metadef_namespace":"rule:admin or rule:member",
    "add_metadef_namespace":"rule:admin or rule:member",

    "get_metadef_object":"rule:admin or rule:member or rule:readonly",
    "get_metadef_objects":"rule:admin or rule:member or rule:readonly",
    "modify_metadef_object":"rule:admin or rule:member",
    "add_metadef_object":"rule:admin or rule:member",

    "list_metadef_resource_types":"rule:admin or rule:member or rule:readonly",
    "get_metadef_resource_type":"rule:admin or rule:member or rule:readonly",
    "add_metadef_resource_type_association":"rule:admin or rule:member",

    "get_metadef_property":"rule:admin or rule:member or rule:readonly",
    "get_metadef_properties":"rule:admin or rule:member or rule:readonly",
    "modify_metadef_property":"rule:admin or rule:member",
    "add_metadef_property":"rule:admin or rule:member",

    "get_metadef_tag":"rule:admin or rule:member or rule:readonly",
    "get_metadef_tags":"rule:admin or rule:member or rule:readonly",
    "modify_metadef_tag":"rule:admin or rule:member",
    "add_metadef_tag":"rule:admin or rule:member",
    "add_metadef_tags":"rule:admin or rule:member"

}