policy.yaml¶
Use the policy.yaml
file to define additional access controls that will be
applied to Senlin:
#"context_is_admin": "role:admin"
#"deny_everybody": "!"
# Show build information
# GET /v1/build-info
#"build_info:build_info": ""
# List profile types
# GET /v1/profile-types
#"profile_types:index": ""
# Show profile type details
# GET /v1/profile-types/{profile_type}
#"profile_types:get": ""
# List profile type operations
# GET /v1/profile-types/{profile_type}/ops
#"profile_types:ops": ""
# List policy types
# GET /v1/policy-types
#"policy_types:index": ""
# Show policy type details
# GET /v1/policy-types/{policy_type}
#"policy_types:get": ""
# List clusters
# GET /v1/clusters
#"clusters:index": ""
# Create cluster
# POST /v1/clusters
#"clusters:create": ""
# Delete cluster
# DELETE /v1/clusters/{cluster_id}
#"clusters:delete": ""
# Show cluster details
# GET /v1/clusters/{cluster_id}
#"clusters:get": ""
# Perform specified action on a cluster.
# POST /v1/clusters/{cluster_id}/actions
#"clusters:action": ""
# Update cluster
# PATCH /v1/clusters/{cluster_id}
#"clusters:update": ""
# Collect Attributes Across a Cluster
# GET v1/clusters/{cluster_id}/attrs/{path}
#"clusters:collect": ""
# Perform an Operation on a Cluster
# POST /v1/clusters/{cluster_id}/ops
#"clusters:operation": ""
# List profiles
# GET /v1/profiles
#"profiles:index": ""
# Create profile
# POST /v1/profiles
#"profiles:create": ""
# Show profile details
# GET /v1/profiles/{profile_id}
#"profiles:get": ""
# Delete profile
# DELETE /v1/profiles/{profile_id}
#"profiles:delete": ""
# Update profile
# PATCH /v1/profiles/{profile_id}
#"profiles:update": ""
# Validate profile
# POST /v1/profiles/validate
#"profiles:validate": ""
# List nodes
# GET /v1/nodes
#"nodes:index": ""
# Create node
# GET /v1/nodes
#"nodes:create": ""
# Adopt node
# POST /v1/nodes/adopt
#"nodes:adopt": ""
# Adopt node (preview)
# POST /v1/nodes/adopt-preview
#"nodes:adopt_preview": ""
# Show node details
# GET /v1/nodes/{node_id}
#"nodes:get": ""
# Perform specified action on a Node.
# POST /v1/nodes/{node_id}/actions
#"nodes:action": ""
# Update node
# PATCH /v1/nodes/{node_id}
#"nodes:update": ""
# Delete node
# DELETE /v1/nodes/{node_id}
#"nodes:delete": ""
# Perform an Operation on a Node
# POST /v1/nodes/{node_id}/ops
#"nodes:operation": ""
# List policies
# GET /v1/policies
#"policies:index": ""
# Create policy
# POST /v1/policies
#"policies:create": ""
# Show policy details
# GET /v1/policies/{policy_id}
#"policies:get": ""
# Update policy
# PATCH /v1/policies/{policy_id}
#"policies:update": ""
# Delete policy
# DELETE /v1/policies/{policy_id}
#"policies:delete": ""
# Validate policy.
# POST /v1/policies/validate
#"policies:validate": ""
# List cluster policies
# GET /v1/clusters/{cluster_id}/policies
#"cluster_policies:index": ""
# Attach a Policy to a Cluster
# POST /v1/clusters/{cluster_id}/actions
#"cluster_policies:attach": ""
# Detach a Policy from a Cluster
# POST /v1/clusters/{cluster_id}/actions
#"cluster_policies:detach": ""
# Update a Policy on a Cluster
# POST /v1/clusters/{cluster_id}/actions
#"cluster_policies:update": ""
# Show cluster_policy details
# GET /v1/clusters/{cluster_id}/policies/{policy_id}
#"cluster_policies:get": ""
# List receivers
# GET /v1/receivers
#"receivers:index": ""
# Create receiver
# POST /v1/receivers
#"receivers:create": ""
# Show receiver details
# GET /v1/receivers/{receiver_id}
#"receivers:get": ""
# Update receiver
# PATCH /v1/receivers/{receiver_id}
#"receivers:update": ""
# Delete receiver
# DELETE /v1/receivers/{receiver_id}
#"receivers:delete": ""
# Notify receiver
# POST /v1/receivers/{receiver_id}/notify
#"receivers:notify": ""
# List actions
# GET /v1/actions
#"actions:index": ""
# Show action details
# GET /v1/actions/{action_id}
#"actions:get": ""
# Update action
# PATCH /v1/actions/{action_id}
#"actions:update": ""
# List events
# GET /v1/events
#"events:index": ""
# Show event details
# GET /v1/events/{event_id}
#"events:get": ""
# Trigger webhook action
# POST /v1/webhooks/{webhook_id}/trigger
#"webhooks:trigger": ""
# List services
# GET /v1/services
#"services:index": "role:admin"