Cyborg Policies¶

The following is an overview of all available policies in Cyborg.

Warning

JSON formatted policy file is deprecated since Cyborg (Victoria). Use YAML formatted file. Use oslopolicy-convert-json-to-yaml tool to convert the existing JSON to YAML formatted policy file in backward compatible way.

For a sample configuration file, refer to Cyborg Sample Policy.

cyborg.api¶

admin_api

Default:: role:admin or role:administrator

Legacy rule for cloud admin access

project_admin_api

Default:: role:admin and project_id:%(project_id)s

Default rule for Project level admin APIs.

project_member_api

Default:: role:member and project_id:%(project_id)s

Default rule for Project level non admin APIs.

project_reader_api

Default:: role:reader and project_id:%(project_id)s

Default rule for Project level read only APIs.

project_member_or_admin

Default:: rule:project_member_api or rule:admin_api

Default rule for Project Member or admin APIs.

project_reader_or_admin

Default:: rule:project_reader_api or rule:admin_api

Default rule for Project reader or admin APIs.

public_api

Default:: is_public_api:True

legacy rule of Internal flag for public API routes

allow

Default:: @

legacy rule: any access will be passed

deny

Default:: !

legacy rule: all access will be forbidden

default

Default:: rule:admin_or_owner

Legacy rule for default rule

is_admin

Default:: rule:admin_api

Full read/write API access

admin_or_owner

Default:: is_admin:True or project_id:%(project_id)s

Admin or owner API access

admin_or_user

Default:: is_admin:True or user_id:%(user_id)s

Admin or user API access

cyborg:device_profile:get_all

Default:

rule:project_reader_or_admin

Operations:

GET /v2/device_profiles

Scope Types:

project

Retrieve all device_profiles

cyborg:device_profile:get_one

Default:

rule:project_reader_or_admin

Operations:

GET /v2/device_profiles/{device_profiles_uuid}

Scope Types:

project

Retrieve a specific device_profile

cyborg:device_profile:create

Default:

rule:admin_api

Operations:

POST /v2/device_profiles

Scope Types:

project

Create a device_profile

cyborg:device_profile:delete

Default:

rule:admin_api

Operations:

DELETE /v2/device_profiles/{device_profiles_uuid}
DELETE /v2/device_profiles?value={device_profile_name1}

Scope Types:

project

Delete device_profile(s)

cyborg:device:get_one

Default:: rule:allow

Show device detail

cyborg:device:get_all

Default:: rule:allow

Retrieve all device records

cyborg:device:disable

Default:: rule:admin_api

Disable a device

cyborg:device:enable

Default:: rule:admin_api

Enable a device

cyborg:deployable:get_one

Default:: rule:allow

Show deployable detail

cyborg:deployable:get_all

Default:: rule:allow

Retrieve all deployable records

cyborg:deployable:program

Default:: rule:allow

FPGA programming.

cyborg:attribute:get_one

Default:: rule:allow

Show attribute detail

cyborg:attribute:get_all

Default:: rule:allow

Retrieve all attribute records

cyborg:attribute:create

Default:: rule:allow

Create an attribute record

cyborg:attribute:delete

Default:: rule:allow

Delete attribute records.

cyborg:arq:get_all

Default:: rule:default

Retrieve accelerator request records.

cyborg:arq:get_one

Default:: rule:default

Get an accelerator request record.

cyborg:arq:create

Default:: rule:allow

Create accelerator request records.

cyborg:arq:delete

Default:: rule:default

Delete accelerator request records.

cyborg:arq:update

Default:: rule:default

Update accelerator request records.

cyborg:fpga:get_one

Default:: rule:allow

Show fpga detail

cyborg:fpga:get_all

Default:: rule:allow

Retrieve all fpga records

cyborg:fpga:update

Default:: rule:allow

Update fpga records

Cyborg Policies

Cyborg Policies¶

cyborg.api¶

Project name not set 13.1.0.dev12

Page Contents