Atom feed of this document
  
Icehouse -  Icehouse -  Icehouse -  Icehouse -  Icehouse -  Icehouse -  Icehouse -  Icehouse - 

 policy.json

The policy.json file defines additional access controls that apply to the Block Storage service.

{
    "context_is_admin": [["role:admin"]],
    "admin_or_owner":  [["is_admin:True"], ["project_id:%(project_id)s"]],
    "default": [["rule:admin_or_owner"]],

    "admin_api": [["is_admin:True"]],

    "volume:create": [],
    "volume:get_all": [],
    "volume:get_volume_metadata": [],
    "volume:get_volume_admin_metadata": [["rule:admin_api"]],
    "volume:delete_volume_admin_metadata": [["rule:admin_api"]],
    "volume:update_volume_admin_metadata": [["rule:admin_api"]],
    "volume:get_snapshot": [],
    "volume:get_all_snapshots": [],
    "volume:extend": [],
    "volume:update_readonly_flag": [],
    "volume:retype": [],

    "volume_extension:types_manage": [["rule:admin_api"]],
    "volume_extension:types_extra_specs": [["rule:admin_api"]],
    "volume_extension:volume_type_encryption": [["rule:admin_api"]],
    "volume_extension:volume_encryption_metadata": [["rule:admin_or_owner"]],
    "volume_extension:extended_snapshot_attributes": [],
    "volume_extension:volume_image_metadata": [],

    "volume_extension:quotas:show": [],
    "volume_extension:quotas:update": [["rule:admin_api"]],
    "volume_extension:quota_classes": [],

    "volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]],
    "volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]],
    "volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]],
    "volume_extension:snapshot_admin_actions:force_delete": [["rule:admin_api"]],
    "volume_extension:volume_admin_actions:migrate_volume": [["rule:admin_api"]],
    "volume_extension:volume_admin_actions:migrate_volume_completion": [["rule:admin_api"]],

    "volume_extension:volume_host_attribute": [["rule:admin_api"]],
    "volume_extension:volume_tenant_attribute": [["rule:admin_or_owner"]],
    "volume_extension:volume_mig_status_attribute": [["rule:admin_api"]],
    "volume_extension:hosts": [["rule:admin_api"]],
    "volume_extension:services": [["rule:admin_api"]],
    "volume:services": [["rule:admin_api"]],

    "volume:create_transfer": [],
    "volume:accept_transfer": [],
    "volume:delete_transfer": [],
    "volume:get_all_transfers": [],

    "backup:create" : [],
    "backup:delete": [],
    "backup:get": [],
    "backup:get_all": [],
    "backup:restore": [],
    "backup:backup-import": [["rule:admin_api"]],
    "backup:backup-export": [["rule:admin_api"]],

    "snapshot_extension:snapshot_actions:update_snapshot_status": []
}
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...