Policy configuration¶
Configuration¶
The following is an overview of all available policies in Karbor. For a sample configuration file.
karbor¶
context_is_admin
- Default
role:admin
(no description provided)
admin_or_owner
- Default
is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s
(no description provided)
default
- Default
rule:admin_or_owner
(no description provided)
admin_api
- Default
is_admin:True or (role:admin and is_admin_project:True)
(no description provided)
plan:create
- Default
rule:admin_or_owner
- Operations
POST
/plans
Create a plan.
plan:update
- Default
rule:admin_or_owner
- Operations
PUT
/plans/{plan_id}
Update a plan.
plan:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/plans/{plan_id}
Delete a plan.
plan:get
- Default
rule:admin_or_owner
- Operations
GET
/plans/{plan_id}
Get a plan.
plan:get_all
- Default
rule:admin_or_owner
- Operations
GET
/plans
Get plans.
restore:create
- Default
rule:admin_or_owner
- Operations
POST
/restores
Create a restore.
restore:update
- Default
rule:admin_or_owner
- Operations
PUT
/restores
Update a restore.
restore:get
- Default
rule:admin_or_owner
- Operations
GET
/restores/{restore_id}
Get a restore.
restore:get_all
- Default
rule:admin_or_owner
- Operations
GET
/restores
Get restores.
protectable:get
- Default
rule:admin_or_owner
- Operations
GET
/protectables/{protectable_type}
Show a protectable type.
protectable:get_all
- Default
rule:admin_or_owner
- Operations
GET
/protectables
List protectable types.
protectable:instance_get
- Default
rule:admin_or_owner
- Operations
GET
/protectables/{protectable_type}/instances/{resource_id}
Show a protectable instance.
protectable:instance_get_all
- Default
rule:admin_or_owner
- Operations
GET
/protectables/{protectable_type}/instances
List protectable instances.
provider:get
- Default
rule:admin_or_owner
- Operations
GET
/providers/{provider_id}
Show a protection provider.
provider:get_all
- Default
rule:admin_or_owner
- Operations
GET
/providers
List protection providers.
provider:checkpoint_get
- Default
rule:admin_or_owner
- Operations
GET
/providers/{provider_id}/checkpoints/{checkpoint_id}
Show a checkpoint.
provider:checkpoint_get_all
- Default
rule:admin_or_owner
- Operations
GET
/providers/{provider_id}/checkpoints
List checkpoints.
provider:checkpoint_create
- Default
rule:admin_or_owner
- Operations
POST
/providers/{provider_id}/checkpoints
Create checkpoint.
provider:checkpoint_delete
- Default
rule:admin_or_owner
- Operations
DELETE
/providers/{provider_id}/checkpoints/{checkpoint_id}
Delete checkpoint.
provider:checkpoint_update
- Default
rule:admin_or_owner
- Operations
PUT
/providers/{provider_id}/checkpoints/{checkpoint_id}
Reset checkpoint state.
trigger:create
- Default
rule:admin_or_owner
- Operations
POST
/triggers
Create a trigger.
trigger:update
- Default
rule:admin_or_owner
- Operations
PUT
/triggers/{trigger_id}
Update a trigger.
trigger:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/triggers/{trigger_id}
Delete a trigger.
trigger:get
- Default
rule:admin_or_owner
- Operations
GET
/triggers/{trigger_id}
Get a trigger.
trigger:list
- Default
rule:admin_or_owner
- Operations
GET
/triggers
Get triggerss.
scheduled_operation:create
- Default
rule:admin_or_owner
- Operations
POST
/scheduled_operations
Create a scheduled_operation.
scheduled_operation:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/scheduled_operations/{scheduled_operation_id}
Delete a scheduled_operation.
scheduled_operation:get
- Default
rule:admin_or_owner
- Operations
GET
/scheduled_operations/{scheduled_operation_id}
Get a scheduled_operation.
scheduled_operation:list
- Default
rule:admin_or_owner
- Operations
GET
/scheduled_operations
Get scheduled_operations.
operation_log:get
- Default
rule:admin_or_owner
- Operations
GET
/operation_logs/{operation_log_id}
Get an operation_log.
operation_log:list
- Default
rule:admin_or_owner
- Operations
GET
/operation_logs
Get operation_logs.
verification:create
- Default
rule:admin_or_owner
- Operations
POST
/verifications
Create a verification.
verification:get
- Default
rule:admin_or_owner
- Operations
GET
/verifications/{verification_id}
Get a verification.
verification:get_all
- Default
rule:admin_or_owner
- Operations
GET
/verifications
Get verifications.
service:get_all
- Default
rule:admin_api
- Operations
GET
/os-services
List services.
service:update
- Default
rule:admin_api
- Operations
PUT
/os-services/{service_id}
Update service status
quota:update
- Default
rule:admin_api
- Operations
PUT
/quotas/{project_id}
Update quotas for a project.
quota:delete
- Default
rule:admin_api
- Operations
DELETE
/quotas/{project_id}
Delete quotas for a project.
quota:get
- Default
rule:admin_or_owner
- Operations
GET
/quotas/{project_id}
Get quotas for a project.
quota:get_default
- Default
rule:admin_or_owner
- Operations
GET
/quotas/{project_id}/defaults
Get default quotas for a project.
quota_class:update
- Default
rule:admin_api
- Operations
PUT
/quota_classes/{quota_class_name}
Update quota classes.
quota_class:get
- Default
rule:admin_or_owner
- Operations
GET
/quota_classes/{quota_class_name}
Get quota classes.
copy:create
- Default
rule:admin_or_owner
- Operations
POST
/{project_id}/providers/{provider_id}/checkpoints/action
Create a copy.