Use the policy.yaml
file to define additional access controls that apply to
the Mistral services:
# Create a new action.
# POST /v2/actions
#"actions:create": "rule:admin_or_owner"
# Delete the named action.
# DELETE /v2/actions
#"actions:delete": "rule:admin_or_owner"
# Return the named action.
# GET /v2/actions/{action_id}
#"actions:get": "rule:admin_or_owner"
# Return all actions.
# GET /v2/actions
#"actions:list": "rule:admin_or_owner"
# Update one or more actions.
# PUT /v2/actions
#"actions:update": "rule:admin_or_owner"
# Create new action execution.
# POST /v2/action_executions
#"action_executions:create": "rule:admin_or_owner"
# Delete the specified action execution.
# DELETE /v2/action_executions
#"action_executions:delete": "rule:admin_or_owner"
# Return the specified action execution.
# GET /v2/action_executions/{action_execution_id}
#"action_executions:get": "rule:admin_or_owner"
# Return all tasks within the execution.
# GET /v2/action_executions
#"action_executions:list": "rule:admin_or_owner"
# Update the specified action execution.
# PUT /v2/action_executions
#"action_executions:update": "rule:admin_or_owner"
#
#"admin_only": "is_admin:True"
#
#"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
# Creates a new cron trigger.
# POST /v2/cron_triggers
#"cron_triggers:create": "rule:admin_or_owner"
# Delete cron trigger.
# DELETE /v2/cron_triggers
#"cron_triggers:delete": "rule:admin_or_owner"
# Returns the named cron trigger.
# GET /v2/cron_triggers/{cron_trigger_id}
#"cron_triggers:get": "rule:admin_or_owner"
# Return all cron triggers.
# GET /v2/cron_triggers
#"cron_triggers:list": "rule:admin_or_owner"
# Return all cron triggers of all projects.
# GET /v2/cron_triggers
#"cron_triggers:list:all_projects": "rule:admin_only"
# Create a new environment.
# POST /v2/environments
#"environments:create": "rule:admin_or_owner"
# Delete the named environment.
# DELETE /v2/environments/{environment_name}
#"environments:delete": "rule:admin_or_owner"
# Return the named environment.
# GET /v2/environments/{environment_name}
#"environments:get": "rule:admin_or_owner"
# Return all environments.
# GET /v2/environments
#"environments:list": "rule:admin_or_owner"
# Update an environment.
# PUT /v2/environments
#"environments:update": "rule:admin_or_owner"
# Create a new event trigger.
# POST /v2/event_triggers
#"event_triggers:create": "rule:admin_or_owner"
# Create a new event trigger for public usage.
# POST /v2/event_triggers
#"event_triggers:create:public": "rule:admin_only"
# Delete event trigger.
# DELETE /v2/event_triggers/{event_trigger_id}
#"event_triggers:delete": "rule:admin_or_owner"
# Returns the specified event trigger.
# GET /v2/event_triggers/{event_trigger_id}
#"event_triggers:get": "rule:admin_or_owner"
# Return all event triggers.
# GET /v2/event_triggers
#"event_triggers:list": "rule:admin_or_owner"
# Return all event triggers from all projects.
# GET /v2/event_triggers
#"event_triggers:list:all_projects": "rule:admin_only"
# Updates an existing event trigger.
# PUT /v2/event_triggers
#"event_triggers:update": "rule:admin_or_owner"
# Create a new execution.
# POST /v2/executions
#"executions:create": "rule:admin_or_owner"
# Delete the specified execution.
# DELETE /v2/executions/{execution_id}
#"executions:delete": "rule:admin_or_owner"
# Return the specified execution.
# GET /v2/executions/{execution_id}
#"executions:get": "rule:admin_or_owner"
# Return all executions.
# GET /v2/executions
#"executions:list": "rule:admin_or_owner"
# Return all executions from all projects.
# GET /v2/executions
#"executions:list:all_projects": "rule:admin_only"
# Update an execution.
# PUT /v2/executions
#"executions:update": "rule:admin_or_owner"
# Shares the resource to a new member.
# POST /v2/members
#"members:create": "rule:admin_or_owner"
# Deletes a member from the member list of a resource.
# DELETE /v2/members
#"members:delete": "rule:admin_or_owner"
# Shows resource member details.
# GET /v2/members/{member_id}
#"members:get": "rule:admin_or_owner"
# Return all members with whom the resource has been shared.
# GET /v2/members
#"members:list": "rule:admin_or_owner"
# Sets the status for a resource member.
# PUT /v2/members
#"members:update": "rule:admin_or_owner"
# Return all Mistral services.
# GET /v2/services
#"services:list": "rule:admin_or_owner"
# Return the specified task.
# GET /v2/tasks/{task_id}
#"tasks:get": "rule:admin_or_owner"
# Return all tasks.
# GET /v2/tasks
#"tasks:list": "rule:admin_or_owner"
# Update the specified task execution.
# PUT /v2/tasks
#"tasks:update": "rule:admin_or_owner"
# Create a new workbook.
# POST /v2/workbooks
#"workbooks:create": "rule:admin_or_owner"
# Delete the named workbook.
# DELETE /v2/workbooks
#"workbooks:delete": "rule:admin_or_owner"
# Return the named workbook.
# GET /v2/workbooks/{workbook_name}
#"workbooks:get": "rule:admin_or_owner"
# Return all workbooks.
# GET /v2/workbooks
#"workbooks:list": "rule:admin_or_owner"
# Update an workbook.
# PUT /v2/workbooks
#"workbooks:update": "rule:admin_or_owner"
# Create a new workflow.
# POST /v2/workflows
#"workflows:create": "rule:admin_or_owner"
# Delete a workflow.
# DELETE /v2/workflows
#"workflows:delete": "rule:admin_or_owner"
# Return the named workflow.
# GET /v2/workflows/{workflow_id}
#"workflows:get": "rule:admin_or_owner"
# Return a list of workflows.
# GET /v2/workflows
#"workflows:list": "rule:admin_or_owner"
# Return a list of workflows from all projects.
# GET /v2/workflows
#"workflows:list:all_projects": "rule:admin_only"
# Update one or more workflows.
# PUT /v2/workflows
#"workflows:update": "rule:admin_or_owner"
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.