Policies

Warning

Using a JSON-formatted policy file is deprecated since Blazar 7.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is an overview of all available policies in Blazar. For a sample configuration file, refer to Sample Policy File.

To change policies, please create a policy file in /etc/blazar/ and specify the policy file name at the oslo_policy/policy_file option in blazar.conf.

blazar

admin
Default

is_admin:True or role:admin

Default rule for most Admin APIs.

admin_or_owner
Default

rule:admin or project_id:%(project_id)s

Default rule for most non-Admin APIs.

blazar:leases:get
Default

rule:admin_or_owner

Operations
  • GET /{api_version}/leases

  • GET /{api_version}/leases/{lease_id}

Policy rule for List/Show Lease(s) API.

blazar:leases:post
Default

rule:admin_or_owner

Operations
  • POST /{api_version}/leases

Policy rule for Create Lease API.

blazar:leases:put
Default

rule:admin_or_owner

Operations
  • PUT /{api_version}/leases/{lease_id}

Policy rule for Update Lease API.

blazar:leases:delete
Default

rule:admin_or_owner

Operations
  • DELETE /{api_version}/leases/{lease_id}

Policy rule for Delete Lease API.

blazar:oshosts:get
Default

rule:admin

Operations
  • GET /{api_version}/os-hosts

  • GET /{api_version}/os-hosts/{host_id}

Policy rule for List/Show Host(s) API.

blazar:oshosts:post
Default

rule:admin

Operations
  • POST /{api_version}/os-hosts

Policy rule for Create Host API.

blazar:oshosts:put
Default

rule:admin

Operations
  • PUT /{api_version}/os-hosts/{host_id}

Policy rule for Update Host API.

blazar:oshosts:delete
Default

rule:admin

Operations
  • DELETE /{api_version}/os-hosts/{host_id}

Policy rule for Delete Host API.

blazar:oshosts:get_allocations
Default

rule:admin

Operations
  • GET /{api_version}/os-hosts/allocations

  • GET /{api_version}/os-hosts/{host_id}/allocation

Policy rule for List/Get Host(s) Allocations API.

blazar:floatingips:get
Default

rule:admin

Operations
  • GET /{api_version}/floatingips

  • GET /{api_version}/floatingips/{floatingip_id}

Policy rule for List/Show FloatingIP(s) API.

blazar:floatingips:post
Default

rule:admin

Operations
  • POST /{api_version}/floatingips

Policy rule for Create Floating IP API.

blazar:floatingips:delete
Default

rule:admin

Operations
  • DELETE /{api_version}/floatingips/{floatingip_id}

Policy rule for Delete Floating IP API.