Use the policy.yaml
file to define additional access controls that will be
applied to Searchlight:
#
#"context_is_admin": "role:admin and is_admin_project:True"
#
#"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Glance Image resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Glance::Image": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Glance Metadef resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Glance::Metadef": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Nova Server resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Nova::Server": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Nova Hypervisor resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Nova::Hypervisor": "rule:context_is_admin"
# Query with Nova ServerGroup resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Nova::ServerGroup": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Nova Flavor resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Nova::Flavor": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Cinder Volume resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Cinder::Volume": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Cinder Snapshot resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Cinder::Snapshot": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Designate Zone resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Designate::Zone": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Designate RecordSet resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Designate::RecordSet": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Neutron Net resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Neutron::Net": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Neutron Port resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Neutron::Port": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Neutron Subnet resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Neutron::Subnet": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Neutron Router resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Neutron::Router": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Neutron SecurityGroup resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Neutron::SecurityGroup": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Ironic Chassis resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Ironic::Chassis": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Ironic Node resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Ironic::Node": "rule:context_is_admin or project_id:%(project_id)s"
# Query with Ironic Port resource.
# POST /v1/search
# GET /v1/search
# GET /v1/search/plugins
# GET /v1/search/facets
#"resource:OS::Ironic::Port": "rule:context_is_admin or project_id:%(project_id)s"
# Query a search.
# POST /v1/search
# GET /v1/search
#"search:query": "rule:context_is_admin or project_id:%(project_id)s"
# Query a search with aggregation request.
# POST /v1/search
# GET /v1/search
#"search:query:aggregations": "rule:context_is_admin or project_id:%(project_id)s"
# Retrieve a list of installed plugins.
# GET /v1/search/plugins
#"search:plugins_info": "rule:context_is_admin or project_id:%(project_id)s"
# List supported facets.
# GET /v1/search/facets
#"search:facets": "rule:context_is_admin or project_id:%(project_id)s"
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.