Icehouse - Icehouse - Icehouse - Icehouse - Icehouse - Icehouse - Icehouse - Icehouse -
The policy.json
file defines additional access controls that apply to the Block Storage service.
{ "context_is_admin": [["role:admin"]], "admin_or_owner": [["is_admin:True"], ["project_id:%(project_id)s"]], "default": [["rule:admin_or_owner"]], "admin_api": [["is_admin:True"]], "volume:create": [], "volume:get_all": [], "volume:get_volume_metadata": [], "volume:get_volume_admin_metadata": [["rule:admin_api"]], "volume:delete_volume_admin_metadata": [["rule:admin_api"]], "volume:update_volume_admin_metadata": [["rule:admin_api"]], "volume:get_snapshot": [], "volume:get_all_snapshots": [], "volume:extend": [], "volume:update_readonly_flag": [], "volume:retype": [], "volume_extension:types_manage": [["rule:admin_api"]], "volume_extension:types_extra_specs": [["rule:admin_api"]], "volume_extension:volume_type_encryption": [["rule:admin_api"]], "volume_extension:volume_encryption_metadata": [["rule:admin_or_owner"]], "volume_extension:extended_snapshot_attributes": [], "volume_extension:volume_image_metadata": [], "volume_extension:quotas:show": [], "volume_extension:quotas:update": [["rule:admin_api"]], "volume_extension:quota_classes": [], "volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]], "volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]], "volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]], "volume_extension:snapshot_admin_actions:force_delete": [["rule:admin_api"]], "volume_extension:volume_admin_actions:migrate_volume": [["rule:admin_api"]], "volume_extension:volume_admin_actions:migrate_volume_completion": [["rule:admin_api"]], "volume_extension:volume_host_attribute": [["rule:admin_api"]], "volume_extension:volume_tenant_attribute": [["rule:admin_or_owner"]], "volume_extension:volume_mig_status_attribute": [["rule:admin_api"]], "volume_extension:hosts": [["rule:admin_api"]], "volume_extension:services": [["rule:admin_api"]], "volume:services": [["rule:admin_api"]], "volume:create_transfer": [], "volume:accept_transfer": [], "volume:delete_transfer": [], "volume:get_all_transfers": [], "backup:create" : [], "backup:delete": [], "backup:get": [], "backup:get_all": [], "backup:restore": [], "backup:backup-import": [["rule:admin_api"]], "backup:backup-export": [["rule:admin_api"]], "snapshot_extension:snapshot_actions:update_snapshot_status": [] }