Policy configuration

Policy configuration

Configuration

The following is an overview of all available policies in Manila.

manila

context_is_admin
Default:role:admin

(no description provided)

admin_or_owner
Default:is_admin:True or project_id:%(project_id)s

(no description provided)

default
Default:rule:admin_or_owner

(no description provided)

admin_api
Default:is_admin:True

(no description provided)

availability_zone:index
Default:

rule:default

Operations:
  • GET /os-availability-zone
  • GET /availability-zone

Get all storage availability zones.

scheduler_stats:pools:index
Default:

rule:admin_api

Operations:
  • GET /scheduler-stats/pools
  • GET /scheduler-stats/pools?{query}

Get information regarding backends (and storage pools) known to the scheduler.

scheduler_stats:pools:detail
Default:

rule:admin_api

Operations:
  • GET /scheduler-stats/pools/detail?{query}
  • GET /scheduler-stats/pools/detail

Get detailed information regarding backends (and storage pools) known to the scheduler.

share:create
Default:

<empty string>

Operations:
  • POST /shares

Create share.

share:get
Default:

rule:default

Operations:
  • GET /shares/{share_id}

Get share.

share:get_all
Default:

rule:default

Operations:
  • GET /shares
  • GET /shares/detail

List shares.

share:update
Default:

rule:default

Operations:
  • PUT /shares

Update share.

share:delete
Default:

rule:default

Operations:
  • DELETE /shares/{share_id}

Delete share.

share:force_delete
Default:

rule:admin_api

Operations:
  • DELETE /shares/{share_id}

Force Delete a share.

share:manage
Default:

rule:admin_api

Operations:
  • POST /shares/manage

Manage share.

share:unmanage
Default:

rule:admin_api

Operations:
  • POST /shares/unmanage

Unmanage share.

share:create_snapshot
Default:

rule:default

Operations:
  • POST /snapshots

Create share snapshot.

share:list_by_host
Default:

rule:admin_api

Operations:
  • GET /shares
  • GET /shares/detail

List share by host.

share:list_by_share_server_id
Default:

rule:admin_api

Operations:
  • GET /shares
  • GET /shares/detail

List share by server id.

share:access_get
Default:

rule:default

Operations:
  • POST /shares/{share_id}/action

Get share access rule, it under deny access operation.

share:access_get_all
Default:

rule:default

Operations:
  • GET /shares/{share_id}/action

List share access rules.

share:extend
Default:

rule:default

Operations:
  • POST /shares/{share_id}/action

Extend share.

share:shrink
Default:

rule:default

Operations:
  • POST /shares/{share_id}/action

Shrink share.

share:migration_start
Default:

rule:admin_api

Operations:
  • POST /shares/{share_id}/action

Migrate a share to the specified host.

share:migration_complete
Default:

rule:admin_api

Operations:
  • POST /shares/{share_id}/action

Invokes 2nd phase of share migration.

share:migration_cancel
Default:

rule:admin_api

Operations:
  • POST /shares/{share_id}/action

Attempts to cancel share migration.

share:migration_get_progress
Default:

rule:admin_api

Operations:
  • POST /shares/{share_id}/action

Retrieve share migration progress for a given share.

share:reset_task_state
Default:

rule:admin_api

Operations:
  • POST /shares/{share_id}/action

Reset task state.

share:reset_status
Default:

rule:admin_api

Operations:
  • POST /shares/{share_id}/action

Reset status.

share:revert_to_snapshot
Default:

rule:default

Operations:
  • POST /shares/{share_id}/action

Revert a share to a snapshot.

share:allow_access
Default:

rule:default

Operations:
  • POST /shares/{share_id}/action

Add share access rule.

share:deny_access
Default:

rule:default

Operations:
  • POST /shares/{share_id}/action

Remove share access rule.

share:delete_snapshot
Default:

rule:default

Operations:
  • DELETE /snapshots/{snapshot_id}

Delete share snapshot.

share:snapshot_update
Default:

rule:default

Operations:
  • PUT /snapshots/{snapshot_id}/action

Update share snapshot.

share:update_share_metadata
Default:

rule:default

Operations:
  • PUT /shares/{share_id}/metadata

Update share metadata.

share:delete_share_metadata
Default:

rule:default

Operations:
  • DELETE /shares/{share_id}/metadata/{key}

Delete share metadata.

share:get_share_metadata
Default:

rule:default

Operations:
  • GET /shares/{share_id}/metadata

Get share metadata.

share_instance_export_location:index
Default:

rule:admin_api

Operations:
  • POST /share_instances/{share_instance_id}/export_locations

Return data about the requested export location.

share_instance_export_location:show
Default:

rule:admin_api

Operations:
  • GET /share_instances/{share_instance_id}/export_locations/{export_location_id}

Return data about the requested export location.

share_type:create
Default:

rule:admin_api

Operations:
  • POST /types

Create share type.

share_type:show
Default:

rule:default

Operations:
  • GET /types/{share_type_id}

Get share type.

share_type:index
Default:

rule:default

Operations:
  • GET /types
  • GET /types?is_public=all

List share types.

share_type:default
Default:

rule:default

Operations:
  • GET /types/default

Get default share type.

share_type:delete
Default:

rule:admin_api

Operations:
  • DELETE /types/{share_type_id}

Delete share type.

share_type:list_project_access
Default:

rule:admin_api

Operations:
  • GET /types/{share_type_id}

List share type project access.

share_type:add_project_access
Default:

rule:admin_api

Operations:
  • POST /types/{share_type_id}/action

Add share type to project.

share_type:remove_project_access
Default:

rule:admin_api

Operations:
  • POST /types/{share_type_id}/action

Remove share type from project.

share_types_extra_spec:create
Default:

rule:admin_api

Operations:
  • POST /types/{share_type_id}/extra_specs

Create share type extra spec.

share_types_extra_spec:show
Default:

rule:admin_api

Operations:
  • GET /types/{share_type_id}/extra_specs

Get share type extra specs of a given share type.

share_types_extra_spec:index
Default:

rule:admin_api

Operations:
  • GET /types/{share_type_id}/extra_specs/{extra_spec_id}

Get details of a share type extra spec.

share_types_extra_spec:update
Default:

rule:admin_api

Operations:
  • PUT /types/{share_type_id}/extra_specs

Update share type extra spec.

share_types_extra_spec:delete
Default:

rule:admin_api

Operations:
  • DELETE /types/{share_type_id}/extra_specs/{key}

Delete share type extra spec.

share_snapshot:get_snapshot
Default:

rule:default

Operations:
  • GET /snapshots/{snapshot_id}

Get share snapshot.

share_snapshot:get_all_snapshots
Default:

rule:default

Operations:
  • GET /snapshots
  • GET /snapshots/detail
  • GET /snapshots?{query}
  • GET /snapshots/detail?{query}

Get all share snapshots.

share_snapshot:force_delete
Default:

rule:admin_api

Operations:
  • DELETE /snapshots/{snapshot_id}

Force Delete a share snapshot.

share_snapshot:manage_snapshot
Default:

rule:admin_api

Operations:
  • POST /snapshots/manage

Manage share snapshot.

share_snapshot:unmanage_snapshot
Default:

rule:admin_api

Operations:
  • POST /snapshots/{snapshot_id}/action

Unmanage share snapshot.

share_snapshot:reset_status
Default:

rule:admin_api

Operations:
  • POST /snapshots/{snapshot_id}/action

Reset status.

share_snapshot:access_list
Default:

rule:default

Operations:
  • GET /snapshots/{snapshot_id}/access-list

List access rules of a share snapshot.

share_snapshot:allow_access
Default:

rule:default

Operations:
  • POST /snapshots/{snapshot_id}/action

Allow access to a share snapshot.

share_snapshot:deny_access
Default:

rule:default

Operations:
  • POST /snapshots/{snapshot_id}/action

Deny access to a share snapshot.

share_snapshot_export_location:index
Default:

rule:default

Operations:
  • GET /snapshots/{snapshot_id}/export-locations/

List export locations of a share snapshot.

share_snapshot_export_location:show
Default:

rule:default

Operations:
  • GET /snapshots/{snapshot_id}/export-locations/{export_location_id}

Get details of a specified export location of a share snapshot.

share_snapshot_instance:show
Default:

rule:admin_api

Operations:
  • GET /snapshot-instances/{snapshot_instance_id}

Get share snapshot instance.

share_snapshot_instance:index
Default:

rule:admin_api

Operations:
  • GET /snapshot-instances
  • GET /snapshot-instances?{query}

Get all share snapshot instances.

share_snapshot_instance:detail
Default:

rule:admin_api

Operations:
  • GET /snapshot-instances/detail
  • GET /snapshot-instances/detail?{query}

Get details of share snapshot instances.

share_snapshot_instance:reset_status
Default:

rule:admin_api

Operations:
  • POST /snapshot-instances/{snapshot_instance_id}/action

Reset share snapshot instance’s status.

share_snapshot_instance_export_location:index
Default:

rule:admin_api

Operations:
  • GET /snapshot-instances/{snapshot_instance_id}/export-locations

List export locations of a share snapshot instance.

share_snapshot_instance_export_location:show
Default:

rule:admin_api

Operations:
  • GET /snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}

Show details of a specified export location of a share snapshot instance.

share_server:index
Default:

rule:admin_api

Operations:
  • GET /share-servers
  • GET /share-servers?{query}

Get share servers.

share_server:show
Default:

rule:admin_api

Operations:
  • GET /share-servers/{server_id}

Show share server.

share_server:details
Default:

rule:admin_api

Operations:
  • GET /share-servers/{server_id}/details

Get share server details.

share_server:delete
Default:

rule:admin_api

Operations:
  • DELETE /share-servers/{server_id}

Delete share server.

service:index
Default:

rule:admin_api

Operations:
  • GET /os-services
  • GET /os-services?{query}
  • GET /services
  • GET /services?{query}

Return a list of all running services.

service:update
Default:

rule:admin_api

Operations:
  • PUT /os-services/disable
  • PUT /os-services/enable
  • PUT /services/disable
  • PUT /services/enable

Enable/Disable scheduling for a service.

quota_set:update
Default:

rule:admin_api

Operations:
  • PUT /quota-sets/{tenant_id}
  • PUT /quota-sets/{tenant_id}?user_id={user_id}
  • PUT /quota-sets/{tenant_id}?share_type={share_type_id}
  • PUT /os-quota-sets/{tenant_id}
  • PUT /os-quota-sets/{tenant_id}?user_id={user_id}

Update the quotas for a project/user and/or share type.

quota_set:show
Default:

rule:default

Operations:
  • GET /quota-sets/{tenant_id}/defaults
  • GET /os-quota-sets/{tenant_id}/defaults

List the quotas for a tenant/user.

quota_set:delete
Default:

rule:admin_api

Operations:
  • DELETE /quota-sets/{tenant_id}
  • DELETE /quota-sets/{tenant_id}?user_id={user_id}
  • DELETE /quota-sets/{tenant_id}?share_type={share_type_id}
  • DELETE /os-quota-sets/{tenant_id}
  • DELETE /os-quota-sets/{tenant_id}?user_id={user_id}

Delete quota for a tenant/user or tenant/share-type. The quota will revert back to default (Admin only).

quota_class_set:update
Default:

rule:admin_api

Operations:
  • PUT /quota-class-sets/{class_name}
  • PUT /os-quota-class-sets/{class_name}

Update quota class.

quota_class_set:show
Default:

rule:default

Operations:
  • GET /quota-class-sets/{class_name}
  • GET /os-quota-class-sets/{class_name}

Get quota class.

share_group_types_spec:create
Default:

rule:admin_api

Operations:
  • POST /share-group-types/{share_group_type_id}/group-specs

Create share group type specs.

share_group_types_spec:index
Default:

rule:admin_api

Operations:
  • GET /share-group-types/{share_group_type_id}/group-specs

Get share group type specs.

share_group_types_spec:show
Default:

rule:admin_api

Operations:
  • GET /share-group-types/{share_group_type_id}/group-specs/{key}

Get details of a share group type spec.

share_group_types_spec:update
Default:

rule:admin_api

Operations:
  • PUT /share-group-types/{share_group_type_id}/group-specs/{key}

Update a share group type spec.

share_group_types_spec:delete
Default:

rule:admin_api

Operations:
  • DELETE /share-group-types/{share_group_type_id}/group-specs/{key}

Delete a share group type spec.

share_group_type:create
Default:

rule:admin_api

Operations:
  • POST /share-group-types

Create a new share group type.

share_group_type:index
Default:

rule:default

Operations:
  • GET /share-group-types
  • GET /share-group-types?is_public=all

Get the list of share group types.

share_group_type:show
Default:

rule:default

Operations:
  • GET /share-group-types/{share_group_type_id}

Get details regarding the specified share group type.

share_group_type:default
Default:

rule:default

Operations:
  • GET /share-group-types/default

Get the default share group type.

share_group_type:delete
Default:

rule:admin_api

Operations:
  • DELETE /share-group-types/{share_group_type_id}

Delete an existing group type.

share_group_type:list_project_access
Default:

rule:admin_api

Operations:
  • POST /share-group-types/{share_group_type_id}/access

Get project access by share group type.

share_group_type:add_project_access
Default:

rule:admin_api

Operations:
  • POST /share-group-types/{share_group_type_id}/action

Allow project to use the share group type.

share_group_type:remove_project_access
Default:

rule:admin_api

Operations:
  • POST /share-group-types/{share_group_type_id}/action

Deny project access to use the share group type.

share_group_snapshot:create
Default:

rule:default

Operations:
  • POST /share-group-snapshots

Create a new share group snapshot.

share_group_snapshot:get
Default:

rule:default

Operations:
  • GET /share-group-snapshots/{share_group_snapshot_id}

Get details of a share group snapshot.

share_group_snapshot:get_all
Default:

rule:default

Operations:
  • GET /share-group-snapshots
  • GET /share-group-snapshots/detail
  • GET /share-group-snapshots/{query}
  • GET /share-group-snapshots/detail?{query}

Get all share group snapshots.

share_group_snapshot:update
Default:

rule:default

Operations:
  • PUT /share-group-snapshots/{share_group_snapshot_id}

Update a share group snapshot.

share_group_snapshot:delete
Default:

rule:default

Operations:
  • DELETE /share-group-snapshots/{share_group_snapshot_id}

Delete a share group snapshot.

share_group_snapshot:force_delete
Default:

rule:admin_api

Operations:
  • POST /share-group-snapshots/{share_group_snapshot_id}/action

Force delete a share group snapshot.

share_group_snapshot:reset_status
Default:

rule:admin_api

Operations:
  • POST /share-group-snapshots/{share_group_snapshot_id}/action

Reset a share group snapshot’s status.

share_group:create
Default:

rule:default

Operations:
  • POST /share-groups

Create share group.

share_group:get
Default:

rule:default

Operations:
  • GET /share-groups/{share_group_id}

Get details of a share group.

share_group:get_all
Default:

rule:default

Operations:
  • GET /share-groups
  • GET /share-groups/detail
  • GET /share-groups?{query}
  • GET /share-groups/detail?{query}

Get all share groups.

share_group:update
Default:

rule:default

Operations:
  • PUT /share-groups/{share_group_id}

Update share group.

share_group:delete
Default:

rule:default

Operations:
  • DELETE /share-groups/{share_group_id}

Delete share group.

share_group:force_delete
Default:

rule:admin_api

Operations:
  • POST /share-groups/{share_group_id}/action

Force delete a share group.

share_group:reset_status
Default:

rule:admin_api

Operations:
  • POST /share-groups/{share_group_id}/action

Reset share group’s status.

share_replica:create
Default:

rule:default

Operations:
  • POST /share-replicas

Create share replica.

share_replica:get_all
Default:

rule:default

Operations:
  • GET /share-replicas
  • GET /share-replicas/detail
  • GET /share-replicas/detail?share_id={share_id}

Get all share replicas.

share_replica:show
Default:

rule:default

Operations:
  • GET /share-replicas/{share_replica_id}

Get details of a share replica.

share_replica:delete
Default:

rule:default

Operations:
  • DELETE /share-replicas/{share_replica_id}

Delete a share replica.

share_replica:force_delete
Default:

rule:admin_api

Operations:
  • POST /share-replicas/{share_replica_id}/action

Force delete a share replica.

share_replica:promote
Default:

rule:default

Operations:
  • POST /share-replicas/{share_replica_id}/action

Promote a non-active share replica to active.

share_replica:resync
Default:

rule:admin_api

Operations:
  • POST /share-replicas/{share_replica_id}/action

Resync a share replica that is out of sync.

share_replica:reset_replica_state
Default:

rule:admin_api

Operations:
  • POST /share-replicas/{share_replica_id}/action

Reset share replica’s replica_state attribute.

share_replica:reset_status
Default:

rule:admin_api

Operations:
  • POST /share-replicas/{share_replica_id}/action

Reset share replica’s status.

share_network:create
Default:

rule:default

Operations:
  • POST /share-networks

Create share network.

share_network:show
Default:

rule:default

Operations:
  • GET /share-networks/{share_network_id}

Get details of a share network.

share_network:index
Default:

rule:default

Operations:
  • GET /share-networks
  • GET /share-networks?{query}

Get all share networks.

share_network:detail
Default:

rule:default

Operations:
  • GET /share-networks/detail?{query}
  • GET /share-networks/detail

Get details of share networks .

share_network:update
Default:

rule:default

Operations:
  • PUT /share-networks/{share_network_id}

Update a share network.

share_network:delete
Default:

rule:default

Operations:
  • DELETE /share-networks/{share_network_id}

Delete a share network.

share_network:add_security_service
Default:

rule:default

Operations:
  • POST /share-networks/{share_network_id}/action

Add security service to share network.

share_network:remove_security_service
Default:

rule:default

Operations:
  • POST /share-networks/{share_network_id}/action

Remove security service from share network.

share_network:get_all_share_networks
Default:

rule:admin_api

Operations:
  • GET /share-networks?all_tenants=1
  • GET /share-networks/detail?all_tenants=1

Get share networks belonging to all projects.

security_service:create
Default:

rule:default

Operations:
  • POST /security-services

Create security service.

security_service:show
Default:

rule:default

Operations:
  • GET /security-services/{security_service_id}

Get details of a security service.

security_service:detail
Default:

rule:default

Operations:
  • GET /security-services/detail?{query}
  • GET /security-services/detail

Get details of all security services.

security_service:index
Default:

rule:default

Operations:
  • GET /security-services
  • GET /security-services?{query}

Get all security services.

security_service:update
Default:

rule:default

Operations:
  • PUT /security-services/{security_service_id}

Update a security service.

security_service:delete
Default:

rule:default

Operations:
  • DELETE /security-services/{security_service_id}

Delete a security service.

security_service:get_all_security_services
Default:

rule:admin_api

Operations:
  • GET /security-services?all_tenants=1
  • GET /security-services/detail?all_tenants=1

Get security services of all projects.

share_export_location:index
Default:

rule:default

Operations:
  • GET /shares/{share_id}/export_locations

Get all export locations of a given share.

share_export_location:show
Default:

rule:default

Operations:
  • GET /shares/{share_id}/export_locations/{export_location_id}

Get details about the requested export location.

share_instance:index
Default:

rule:admin_api

Operations:
  • GET /share_instances
  • GET /share_instances?{query}

Get all share instances.

share_instance:show
Default:

rule:admin_api

Operations:
  • GET /share_instances/{share_instance_id}

Get details of a share instance.

share_instance:force_delete
Default:

rule:admin_api

Operations:
  • POST /share_instances/{share_instance_id}/action

Force delete a share instance.

share_instance:reset_status
Default:

rule:admin_api

Operations:
  • POST /share_instances/{share_instance_id}/action

Reset share instance’s status.

message:get
Default:

rule:default

Operations:
  • GET /messages/{message_id}

Get details of a given message.

message:get_all
Default:

rule:default

Operations:
  • GET /messages
  • GET /messages?{query}

Get all messages.

message:delete
Default:

rule:default

Operations:
  • DELETE /messages/{message_id}

Delete a message.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.