summaryrefslogtreecommitdiffstats
path: root/etc/heat/policy.json
blob: acb0d7ea659daa74f1576391f574cf7a7511a80c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

{
    "global_readonly": "(role:global_readonly)",
    "readonly": "((project_id:%(project_id)s and role:readonly) or rule:global_readonly)",
    "_member_role": "(role:member or role:_member_)",
    "member": "(project_id:%(project_id)s and rule:_member_role)",
    "admin": "(is_admin:True or role:admin)",
    "owner": "(user_id:%(user_id)s and rule:_member_role)",

    "context_is_admin": "role:admin",
    "project_admin": "role:admin",
    "deny_stack_user": "not role:heat_stack_user",
    "deny_everybody": "!",

    "cloudformation:ListStacks": "rule:deny_stack_user",
    "cloudformation:CreateStack": "rule:deny_stack_user",
    "cloudformation:DescribeStacks": "rule:deny_stack_user",
    "cloudformation:DeleteStack": "rule:deny_stack_user",
    "cloudformation:UpdateStack": "rule:deny_stack_user",
    "cloudformation:CancelUpdateStack": "rule:deny_stack_user",
    "cloudformation:DescribeStackEvents": "rule:deny_stack_user",
    "cloudformation:ValidateTemplate": "rule:deny_stack_user",
    "cloudformation:GetTemplate": "rule:deny_stack_user",
    "cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
    "cloudformation:DescribeStackResource": "",
    "cloudformation:DescribeStackResources": "rule:deny_stack_user",
    "cloudformation:ListStackResources": "rule:deny_stack_user",
    "cloudwatch:DeleteAlarms": "rule:deny_stack_user",
    "cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user",
    "cloudwatch:DescribeAlarms": "rule:deny_stack_user",
    "cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user",
    "cloudwatch:DisableAlarmActions": "rule:deny_stack_user",
    "cloudwatch:EnableAlarmActions": "rule:deny_stack_user",
    "cloudwatch:GetMetricStatistics": "rule:deny_stack_user",
    "cloudwatch:ListMetrics": "rule:deny_stack_user",
    "cloudwatch:PutMetricAlarm": "rule:deny_stack_user",
    "cloudwatch:PutMetricData": "",
    "cloudwatch:SetAlarmState": "rule:deny_stack_user",
    "actions:action": "rule:deny_stack_user",
    "build_info:build_info": "rule:deny_stack_user",
    "events:index": "rule:deny_stack_user",
    "events:show": "rule:deny_stack_user",
    "resource:index": "rule:deny_stack_user",
    "resource:metadata": "",
    "resource:signal": "",
    "resource:mark_unhealthy": "rule:deny_stack_user",
    "resource:show": "rule:deny_stack_user",
    "stacks:abandon": "rule:deny_stack_user",
    "stacks:create": "rule:deny_stack_user",
    "stacks:delete": "rule:deny_stack_user",
    "stacks:detail": "rule:deny_stack_user",
    "stacks:export": "rule:deny_stack_user",
    "stacks:generate_template": "rule:deny_stack_user",
    "stacks:global_index": "rule:deny_everybody",
    "stacks:index": "rule:deny_stack_user",
    "stacks:list_resource_types": "rule:deny_stack_user",
    "stacks:list_template_versions": "rule:deny_stack_user",
    "stacks:list_template_functions": "rule:deny_stack_user",
    "stacks:lookup": "",
    "stacks:preview": "rule:deny_stack_user",
    "stacks:resource_schema": "rule:deny_stack_user",
    "stacks:show": "rule:deny_stack_user",
    "stacks:template": "rule:deny_stack_user",
    "stacks:environment": "rule:deny_stack_user",
    "stacks:files": "rule:deny_stack_user",
    "stacks:update": "rule:deny_stack_user",
    "stacks:update_patch": "rule:deny_stack_user",
    "stacks:preview_update": "rule:deny_stack_user",
    "stacks:preview_update_patch": "rule:deny_stack_user",
    "stacks:validate_template": "rule:deny_stack_user",
    "stacks:snapshot": "rule:deny_stack_user",
    "stacks:show_snapshot": "rule:deny_stack_user",
    "stacks:delete_snapshot": "rule:deny_stack_user",
    "stacks:list_snapshots": "rule:deny_stack_user",
    "stacks:restore_snapshot": "rule:deny_stack_user",
    "stacks:list_outputs": "rule:deny_stack_user",
    "stacks:show_output": "rule:deny_stack_user",
    "software_configs:global_index": "rule:deny_everybody",
    "software_configs:index": "rule:deny_stack_user",
    "software_configs:create": "rule:deny_stack_user",
    "software_configs:show": "rule:deny_stack_user",
    "software_configs:delete": "rule:deny_stack_user",
    "software_deployments:index": "rule:deny_stack_user",
    "software_deployments:create": "rule:deny_stack_user",
    "software_deployments:show": "rule:deny_stack_user",
    "software_deployments:update": "rule:deny_stack_user",
    "software_deployments:delete": "rule:deny_stack_user",
    "software_deployments:metadata": "",
    "service:index": "rule:context_is_admin",
    "resource_types:OS::Nova::Flavor": "rule:project_admin",
    "resource_types:OS::Cinder::EncryptedVolumeType": "rule:project_admin",
    "resource_types:OS::Cinder::VolumeType": "rule:project_admin",
    "resource_types:OS::Cinder::Quota": "rule:project_admin",
    "resource_types:OS::Manila::ShareType": "rule:project_admin",
    "resource_types:OS::Neutron::QoSPolicy": "rule:project_admin",
    "resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:project_admin",
    "resource_types:OS::Nova::HostAggregate": "rule:project_admin",
    "resource_types:OS::Cinder::QoSSpecs": "rule:project_admin"
}
generated by cgit (git 2.34.1) at 2024-04-26 05:12:41 +0000