Ironic Inspector Policy¶
The following is a sample ironic-inspector policy file, autogenerated from Ironic Inspector when this documentation is built. To avoid issues, make sure your version of ironic-inspector matches that of the example policy file.
The sample policy can also be downloaded as a file
.
# Full read/write API access
#"is_admin": "role:admin or role:administrator or role:baremetal_admin"
# Read-only API access
#"is_observer": "role:baremetal_observer"
# Internal flag for public API routes
#"public_api": "is_public_api:True"
# Default API access policy
#"default": "!"
# Access the API root for available versions information
# GET /
#"introspection": "rule:public_api"
# Access the versioned API root for version information
# GET /{version}
#"introspection:version": "rule:public_api"
# Ramdisk callback to continue introspection
# POST /continue
#"introspection:continue": "rule:public_api"
# Get introspection status
# GET /introspection
# GET /introspection/{node_id}
#"introspection:status": "rule:is_admin or rule:is_observer"
# Start introspection
# POST /introspection/{node_id}
#"introspection:start": "rule:is_admin"
# Abort introspection
# POST /introspection/{node_id}/abort
#"introspection:abort": "rule:is_admin"
# Get introspection data
# GET /introspection/{node_id}/data
#"introspection:data": "rule:is_admin"
# Reapply introspection on stored data
# POST /introspection/{node_id}/data/unprocessed
#"introspection:reapply": "rule:is_admin"
# Get introspection rule(s)
# GET /rules
# GET /rules/{rule_id}
#"introspection:rule:get": "rule:is_admin"
# Delete introspection rule(s)
# DELETE /rules
# DELETE /rules/{rule_id}
#"introspection:rule:delete": "rule:is_admin"
# Create introspection rule
# POST /rules
#"introspection:rule:create": "rule:is_admin"