Tacker Policies¶
Warning
JSON formatted policy file is deprecated since Tacker 5.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.
The following is an overview of all available policies in Tacker. For a sample configuration file, refer to Sample Tacker Policy File.
tacker¶
context_is_admin
- Default:
role:admin
Decides what is required for the ‘is_admin:True’ check to succeed.
admin_or_owner
- Default:
is_admin:True or project_id:%(project_id)s
Default rule for most non-Admin APIs.
admin_only
- Default:
is_admin:True
Default rule for most Admin APIs.
shared
- Default:
field:vims:shared=True
Default rule for sharing vims.
project_member
- Default:
role:member and project_id:%(project_id)s
Default rule for Project level non admin APIs.
project_member_or_admin
- Default:
rule:project_member or rule:context_is_admin
Default rule for Project Member or admin APIs.
project_reader
- Default:
role:reader and project_id:%(project_id)s
Default rule for Project level read only APIs.
project_reader_or_admin
- Default:
rule:project_reader or rule:context_is_admin
Default rule for Project reader or admin APIs.
default
- Default:
rule:project_member_or_admin
Default rule for most non-Admin APIs.
os_nfv_orchestration_api:vnf_packages:create
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnf_packages
- Scope Types:
project
Creates a vnf package.
os_nfv_orchestration_api:vnf_packages:show
- Default:
rule:project_reader_or_admin
- Operations:
GET
/vnf_packages/{vnf_package_id}
- Scope Types:
project
Show a vnf package.
os_nfv_orchestration_api:vnf_packages:index
- Default:
rule:project_reader_or_admin
- Operations:
GET
/vnf_packages/
- Scope Types:
project
List all vnf packages.
os_nfv_orchestration_api:vnf_packages:delete
- Default:
rule:project_member_or_admin
- Operations:
DELETE
/vnf_packages/{vnf_package_id}
- Scope Types:
project
Delete a vnf package.
os_nfv_orchestration_api:vnf_packages:fetch_package_content
- Default:
rule:project_reader_or_admin
- Operations:
GET
/vnf_packages/{vnf_package_id}/package_content
- Scope Types:
project
fetch the contents of an on-boarded VNF Package
os_nfv_orchestration_api:vnf_packages:upload_package_content
- Default:
rule:project_member_or_admin
- Operations:
PUT
/vnf_packages/{vnf_package_id}/package_content
- Scope Types:
project
upload a vnf package content.
os_nfv_orchestration_api:vnf_packages:upload_from_uri
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnf_packages/{vnf_package_id}/package_content/upload_from_uri
- Scope Types:
project
upload a vnf package content from uri.
os_nfv_orchestration_api:vnf_packages:patch
- Default:
rule:project_member_or_admin
- Operations:
PATCH
/vnf_packages/{vnf_package_id}
- Scope Types:
project
update information of vnf package.
os_nfv_orchestration_api:vnf_packages:get_vnf_package_vnfd
- Default:
rule:project_reader_or_admin
- Operations:
GET
/vnf_packages/{vnf_package_id}/vnfd
- Scope Types:
project
reads the content of the VNFD within a VNF package.
os_nfv_orchestration_api:vnf_packages:fetch_artifact
- Default:
rule:project_reader_or_admin
- Operations:
GET
/vnf_packages/{vnfPkgId}/artifacts/{artifactPath}
- Scope Types:
project
reads the content of the artifact within a VNF package.
os_nfv_orchestration_api:vnf_instances:api_versions
- Default:
@
- Operations:
GET
/vnflcm/v1/api_versions
- Scope Types:
project
Get API Versions.
os_nfv_orchestration_api:vnf_instances:create
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_instances
- Scope Types:
project
Creates vnf instance.
os_nfv_orchestration_api:vnf_instances:instantiate
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_instances/{vnfInstanceId}/instantiate
- Scope Types:
project
Instantiate vnf instance.
os_nfv_orchestration_api:vnf_instances:show
- Default:
rule:project_reader_or_admin
- Operations:
GET
/vnflcm/v1/vnf_instances/{vnfInstanceId}
- Scope Types:
project
Query an Individual VNF instance.
os_nfv_orchestration_api:vnf_instances:terminate
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_instances/{vnfInstanceId}/terminate
- Scope Types:
project
Terminate a VNF instance.
os_nfv_orchestration_api:vnf_instances:heal
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_instances/{vnfInstanceId}/heal
- Scope Types:
project
Heal a VNF instance.
os_nfv_orchestration_api:vnf_instances:scale
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_instances/{vnfInstanceId}/scale
- Scope Types:
project
Scale a VNF instance.
os_nfv_orchestration_api:vnf_instances:show_lcm_op_occs
- Default:
rule:project_reader_or_admin
- Operations:
GET
/vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}
- Scope Types:
project
Query an Individual VNF LCM operation occurrence
os_nfv_orchestration_api:vnf_instances:list_lcm_op_occs
- Default:
rule:project_reader_or_admin
- Operations:
GET
/vnflcm/v1/vnf_lcm_op_occs
- Scope Types:
project
Query VNF LCM operation occurrence
os_nfv_orchestration_api:vnf_instances:index
- Default:
rule:project_reader_or_admin
- Operations:
GET
/vnflcm/v1/vnf_instances
- Scope Types:
project
Query VNF instances.
os_nfv_orchestration_api:vnf_instances:delete
- Default:
rule:project_member_or_admin
- Operations:
DELETE
/vnflcm/v1/vnf_instances/{vnfInstanceId}
- Scope Types:
project
Delete an Individual VNF instance.
os_nfv_orchestration_api:vnf_instances:update_vnf
- Default:
rule:project_member_or_admin
- Operations:
PATCH
/vnflcm/v1/vnf_instances/{vnfInstanceId}
- Scope Types:
project
Update an Individual VNF instance.
os_nfv_orchestration_api:vnf_instances:rollback
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/rollback
- Scope Types:
project
Rollback a VNF instance.
os_nfv_orchestration_api:vnf_instances:cancel
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/cancel
- Scope Types:
project
Cancel a VNF instance.
os_nfv_orchestration_api:vnf_instances:fail
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/fail
- Scope Types:
project
Fail a VNF instance.
os_nfv_orchestration_api:vnf_instances:retry
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/retry
- Scope Types:
project
Retry a VNF instance.
os_nfv_orchestration_api:vnf_instances:change_ext_conn
- Default:
rule:project_member_or_admin
- Operations:
POST
/vnflcm/v1/vnf_instances/{vnfInstanceId}/change_ext_conn
- Scope Types:
project
Change external VNF connectivity.
os_nfv_orchestration_api_v2:vnf_instances:api_versions
- Default:
@
- Operations:
GET
/vnflcm/v2/api_versions
Get API Versions.
os_nfv_orchestration_api_v2:vnf_instances:create
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_instances
Creates vnf instance.
os_nfv_orchestration_api_v2:vnf_instances:index
- Default:
@
- Operations:
GET
/vnflcm/v2/vnf_instances
Query VNF instances.
os_nfv_orchestration_api_v2:vnf_instances:show
- Default:
@
- Operations:
GET
/vnflcm/v2/vnf_instances/{vnfInstanceId}
Query an Individual VNF instance.
os_nfv_orchestration_api_v2:vnf_instances:delete
- Default:
@
- Operations:
DELETE
/vnflcm/v2/vnf_instances/{vnfInstanceId}
Delete an Individual VNF instance.
os_nfv_orchestration_api_v2:vnf_instances:update
- Default:
@
- Operations:
PATCH
/vnflcm/v2/vnf_instances/{vnfInstanceId}
Modify vnf instance information.
os_nfv_orchestration_api_v2:vnf_instances:instantiate
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_instances/{vnfInstanceId}/instantiate
Instantiate vnf instance.
os_nfv_orchestration_api_v2:vnf_instances:terminate
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_instances/{vnfInstanceId}/terminate
Terminate vnf instance.
os_nfv_orchestration_api_v2:vnf_instances:scale
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_instances/{vnfInstanceId}/scale
Scale vnf instance.
os_nfv_orchestration_api_v2:vnf_instances:heal
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_instances/{vnfInstanceId}/heal
Heal vnf instance.
os_nfv_orchestration_api_v2:vnf_instances:change_ext_conn
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_instances/{vnfInstanceId}/change_ext_conn
Change external vnf connectivity.
os_nfv_orchestration_api_v2:vnf_instances:change_vnfpkg
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_instances/{vnfInstanceId}/change_vnfpkg
Change vnf package.
os_nfv_orchestration_api_v2:vnf_instances:subscription_create
- Default:
@
- Operations:
POST
/vnflcm/v2/subscriptions
Create subscription.
os_nfv_orchestration_api_v2:vnf_instances:subscription_list
- Default:
@
- Operations:
GET
/vnflcm/v2/subscriptions
List subscription.
os_nfv_orchestration_api_v2:vnf_instances:subscription_show
- Default:
@
- Operations:
GET
/vnflcm/v2/vnf_instances/{subscriptionId}
Show subscription.
os_nfv_orchestration_api_v2:vnf_instances:subscription_delete
- Default:
@
- Operations:
DELETE
/vnflcm/v2/vnf_instances/{subscriptionId}
Delete subscription.
os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_list
- Default:
@
- Operations:
GET
/vnflcm/v2/vnf_lcm_op_occs
List VnfLcmOpOcc.
os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_show
- Default:
@
- Operations:
GET
/vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}
Show VnfLcmOpOcc.
os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_retry
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}/retry
Retry VnfLcmOpOcc.
os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_rollback
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}/rollback
Rollback VnfLcmOpOcc.
os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_fail
- Default:
@
- Operations:
POST
/vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}/fail
Fail VnfLcmOpOcc.
os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_delete
- Default:
@
- Operations:
DELETE
/vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}
Delete VnfLcmOpOcc.
tacker_server_notification_api:server_notification:notify
- Default:
@
- Operations:
POST
/server_notification
notify
os_nfv_orchestration_api_v2:vnf_fault_monitor:index
- Default:
@
- Operations:
GET
/vnffm/v1/alarms
Query FM alarms.
os_nfv_orchestration_api_v2:vnf_fault_monitor:show
- Default:
@
- Operations:
GET
/vnffm/v1/alarms/{alarmId}
Query an Individual FM alarm.
os_nfv_orchestration_api_v2:vnf_fault_monitor:update
- Default:
@
- Operations:
PATCH
/vnffm/v1/alarms/{alarmId}
Modify FM alarm information.
os_nfv_orchestration_api_v2:vnf_fault_monitor:subscription_create
- Default:
@
- Operations:
POST
/vnffm/v1/subscriptions
Create subscription.
os_nfv_orchestration_api_v2:vnf_fault_monitor:subscription_list
- Default:
@
- Operations:
GET
/vnffm/v1/subscriptions
List subscription.
os_nfv_orchestration_api_v2:vnf_fault_monitor:subscription_show
- Default:
@
- Operations:
GET
/vnffm/v1/subscriptions/{subscriptionId}
Show subscription.
os_nfv_orchestration_api_v2:vnf_fault_monitor:subscription_delete
- Default:
@
- Operations:
DELETE
/vnffm/v1/subscriptions/{subscriptionId}
Delete subscription.
tacker_PROM_PLUGIN_api:PROM_PLUGIN:alert
- Default:
@
- Operations:
POST
/alert
Receive the alert sent from External Monitoring Tool
os_nfv_orchestration_api_v2:vnf_performance_management:create
- Default:
@
- Operations:
POST
/vnfpm/v2/pm_jobs
Create a PM job.
os_nfv_orchestration_api_v2:vnf_performance_management:index
- Default:
@
- Operations:
GET
/vnfpm/v2/pm_jobs
Query PM jobs.
os_nfv_orchestration_api_v2:vnf_performance_management:update
- Default:
@
- Operations:
PATCH
/vnfpm/v2/pm_jobs/{pmJobId}
Update a PM job.
os_nfv_orchestration_api_v2:vnf_performance_management:show
- Default:
@
- Operations:
GET
/vnfpm/v2/pm_jobs/{pmJobId}
Get an individual PM job.
os_nfv_orchestration_api_v2:vnf_performance_management:delete
- Default:
@
- Operations:
DELETE
/vnfpm/v2/pm_jobs/{pmJobId}
Delete a PM job.
os_nfv_orchestration_api_v2:vnf_performance_management:report_get
- Default:
@
- Operations:
GET
/vnfpm/v2/pm_jobs/{id}/reports/{report_id}
Get an individual performance report.
tacker_PROM_PLUGIN_api:PROM_PLUGIN:pm_event
- Default:
@
- Operations:
POST
/pm_event
Receive the PM event sent from External Monitoring Tool
tacker_PROM_PLUGIN_api:PROM_PLUGIN:auto_healing
- Default:
@
- Operations:
POST
/alert/auto_healing
auto_healing
tacker_PROM_PLUGIN_api:PROM_PLUGIN:auto_scaling
- Default:
@
- Operations:
POST
/alert/auto_scaling
auto_scaling
os_nfv_orchestration_api_v2:vnf_performance_management:create_threshold
- Default:
@
- Operations:
POST
/vnfpm/v2/thresholds
Create a PM threshold.
os_nfv_orchestration_api_v2:vnf_performance_management:index_threshold
- Default:
@
- Operations:
GET
/vnfpm/v2/thresholds
Query PM thresholds.
os_nfv_orchestration_api_v2:vnf_performance_management:show_threshold
- Default:
@
- Operations:
GET
/vnfpm/v2/thresholds/{thresholdId}
Get an individual PM threshold.
os_nfv_orchestration_api_v2:vnf_performance_management:update_threshold
- Default:
@
- Operations:
PATCH
/vnfpm/v2/thresholds/{thresholdId}
Update a PM threshold callback.
os_nfv_orchestration_api_v2:vnf_performance_management:delete_threshold
- Default:
@
- Operations:
DELETE
/vnfpm/v2/thresholds/{thresholdId}
Delete a PM threshold.
tacker_PROM_PLUGIN_api:PROM_PLUGIN:pm_threshold
- Default:
@
- Operations:
POST
/pm_threshold
Receive the PM threshold sent from External Monitoring Tool.