Policies¶
Warning
Using a JSON-formatted policy file is deprecated since Blazar 7.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.
The following is an overview of all available policies in Blazar. For a sample configuration file, refer to Sample Policy File.
To change policies, please create a policy file in /etc/blazar/ and specify the policy file name at the oslo_policy/policy_file option in blazar.conf.
blazar¶
admin
- Default
is_admin:True or role:admin
Default rule for most Admin APIs.
admin_or_owner
- Default
rule:admin or project_id:%(project_id)s
Default rule for most non-Admin APIs.
blazar:leases:get
- Default
rule:admin_or_owner
- Operations
GET
/{api_version}/leases
GET
/{api_version}/leases/{lease_id}
Policy rule for List/Show Lease(s) API.
blazar:leases:post
- Default
rule:admin_or_owner
- Operations
POST
/{api_version}/leases
Policy rule for Create Lease API.
blazar:leases:put
- Default
rule:admin_or_owner
- Operations
PUT
/{api_version}/leases/{lease_id}
Policy rule for Update Lease API.
blazar:leases:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/{api_version}/leases/{lease_id}
Policy rule for Delete Lease API.
blazar:oshosts:get
- Default
rule:admin
- Operations
GET
/{api_version}/os-hosts
GET
/{api_version}/os-hosts/{host_id}
Policy rule for List/Show Host(s) API.
blazar:oshosts:post
- Default
rule:admin
- Operations
POST
/{api_version}/os-hosts
Policy rule for Create Host API.
blazar:oshosts:put
- Default
rule:admin
- Operations
PUT
/{api_version}/os-hosts/{host_id}
Policy rule for Update Host API.
blazar:oshosts:delete
- Default
rule:admin
- Operations
DELETE
/{api_version}/os-hosts/{host_id}
Policy rule for Delete Host API.
blazar:oshosts:get_allocations
- Default
rule:admin
- Operations
GET
/{api_version}/os-hosts/allocations
GET
/{api_version}/os-hosts/{host_id}/allocation
Policy rule for List/Get Host(s) Allocations API.
blazar:floatingips:get
- Default
rule:admin
- Operations
GET
/{api_version}/floatingips
GET
/{api_version}/floatingips/{floatingip_id}
Policy rule for List/Show FloatingIP(s) API.
blazar:floatingips:post
- Default
rule:admin
- Operations
POST
/{api_version}/floatingips
Policy rule for Create Floating IP API.
blazar:floatingips:delete
- Default
rule:admin
- Operations
DELETE
/{api_version}/floatingips/{floatingip_id}
Policy rule for Delete Floating IP API.