Searchlight Policy Configuration¶
Configuration¶
The following is an overview of all available policies in Searchlight. For a sample configuration file, refer to policy.yaml.
searchlight¶
context_is_adminDefault: role:admin and is_admin_project:True(no description provided)
admin_or_ownerDefault: rule:context_is_admin or project_id:%(project_id)s(no description provided)
resource:OS::Glance::ImageDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Glance Image resource.
- POST
resource:OS::Glance::MetadefDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Glance Metadef resource.
- POST
resource:OS::Nova::ServerDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Nova Server resource.
- POST
resource:OS::Nova::HypervisorDefault: rule:context_is_adminOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Nova Hypervisor resource.
- POST
resource:OS::Nova::ServerGroupDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Nova ServerGroup resource.
- POST
resource:OS::Nova::FlavorDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Nova Flavor resource.
- POST
resource:OS::Cinder::VolumeDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Cinder Volume resource.
- POST
resource:OS::Cinder::SnapshotDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Cinder Snapshot resource.
- POST
resource:OS::Designate::ZoneDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Designate Zone resource.
- POST
resource:OS::Designate::RecordSetDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Designate RecordSet resource.
- POST
resource:OS::Neutron::NetDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Neutron Net resource.
- POST
resource:OS::Neutron::PortDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Neutron Port resource.
- POST
resource:OS::Neutron::SubnetDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Neutron Subnet resource.
- POST
resource:OS::Neutron::RouterDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Neutron Router resource.
- POST
resource:OS::Neutron::SecurityGroupDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Neutron SecurityGroup resource.
- POST
resource:OS::Ironic::ChassisDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Ironic Chassis resource.
- POST
resource:OS::Ironic::NodeDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Ironic Node resource.
- POST
resource:OS::Ironic::PortDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search - GET
/v1/search/plugins - GET
/v1/search/facets
Query with Ironic Port resource.
- POST
search:queryDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search
Query a search.
- POST
search:query:aggregationsDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - POST
/v1/search - GET
/v1/search
Query a search with aggregation request.
- POST
search:plugins_infoDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - GET
/v1/search/plugins
Retrieve a list of installed plugins.
- GET
search:facetsDefault: rule:context_is_admin or project_id:%(project_id)sOperations: - GET
/v1/search/facets
List supported facets.
- GET
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.