Searchlight Policy Configuration

Configuration

The following is an overview of all available policies in Searchlight. For a sample configuration file, refer to policy.yaml.

searchlight

context_is_admin
Default

role:admin and is_admin_project:True

(no description provided)

admin_or_owner
Default

rule:context_is_admin or project_id:%(project_id)s

(no description provided)

resource:OS::Glance::Image
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Glance Image resource.

resource:OS::Glance::Metadef
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Glance Metadef resource.

resource:OS::Nova::Server
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Nova Server resource.

resource:OS::Nova::Hypervisor
Default

rule:context_is_admin

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Nova Hypervisor resource.

resource:OS::Nova::ServerGroup
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Nova ServerGroup resource.

resource:OS::Nova::Flavor
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Nova Flavor resource.

resource:OS::Cinder::Volume
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Cinder Volume resource.

resource:OS::Cinder::Snapshot
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Cinder Snapshot resource.

resource:OS::Designate::Zone
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Designate Zone resource.

resource:OS::Designate::RecordSet
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Designate RecordSet resource.

resource:OS::Neutron::Net
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Neutron Net resource.

resource:OS::Neutron::Port
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Neutron Port resource.

resource:OS::Neutron::Subnet
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Neutron Subnet resource.

resource:OS::Neutron::Router
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Neutron Router resource.

resource:OS::Neutron::SecurityGroup
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Neutron SecurityGroup resource.

resource:OS::Ironic::Chassis
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Ironic Chassis resource.

resource:OS::Ironic::Node
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Ironic Node resource.

resource:OS::Ironic::Port
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

  • GET /v1/search/plugins

  • GET /v1/search/facets

Query with Ironic Port resource.

search:query
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

Query a search.

search:query:aggregations
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • POST /v1/search

  • GET /v1/search

Query a search with aggregation request.

search:plugins_info
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • GET /v1/search/plugins

Retrieve a list of installed plugins.

search:facets
Default

rule:context_is_admin or project_id:%(project_id)s

Operations

  • GET /v1/search/facets

List supported facets.