The following is a sample blazar policy file for adaptation and use.
The sample policy can also be viewed in file form
.
Important
The sample policy file is auto-generated from blazar when this documentation is built. You must ensure your version of blazar matches the version of this documentation.
# Default rule for most Admin APIs.
#"admin": "is_admin:True or role:admin"
# Default rule for most non-Admin APIs.
#"admin_or_owner": "rule:admin or project_id:%(project_id)s"
# Policy rule for List/Show Lease(s) API.
# GET /{api_version}/leases
# GET /{api_version}/leases/{lease_id}
#"blazar:leases:get": "rule:admin_or_owner"
# Policy rule for Create Lease API.
# POST /{api_version}/leases
#"blazar:leases:post": "rule:admin_or_owner"
# Policy rule for Update Lease API.
# PUT /{api_version}/leases/{lease_id}
#"blazar:leases:put": "rule:admin_or_owner"
# Policy rule for Delete Lease API.
# DELETE /{api_version}/leases/{lease_id}
#"blazar:leases:delete": "rule:admin_or_owner"
# Policy rule for List/Show Host(s) API.
# GET /{api_version}/os-hosts
# GET /{api_version}/os-hosts/{host_id}
#"blazar:oshosts:get": "rule:admin"
# Policy rule for Create Host API.
# POST /{api_version}/os-hosts
#"blazar:oshosts:post": "rule:admin"
# Policy rule for Update Host API.
# PUT /{api_version}/os-hosts/{host_id}
#"blazar:oshosts:put": "rule:admin"
# Policy rule for Delete Host API.
# DELETE /{api_version}/os-hosts/{host_id}
#"blazar:oshosts:delete": "rule:admin"
# Policy rule for List/Get Host(s) Allocations API.
# GET /{api_version}/os-hosts/allocations
# GET /{api_version}/os-hosts/{host_id}/allocation
#"blazar:oshosts:get_allocations": "rule:admin"
# Policy rule for List/Show FloatingIP(s) API.
# GET /{api_version}/floatingips
# GET /{api_version}/floatingips/{floatingip_id}
#"blazar:floatingips:get": "rule:admin"
# Policy rule for Create Floating IP API.
# POST /{api_version}/floatingips
#"blazar:floatingips:post": "rule:admin"
# Policy rule for Delete Floating IP API.
# DELETE /{api_version}/floatingips/{floatingip_id}
#"blazar:floatingips:delete": "rule:admin"
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.