Tacker Policies

Warning

JSON formatted policy file is deprecated since Tacker 5.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is an overview of all available policies in Tacker. For a sample configuration file, refer to Sample Tacker Policy File.

tacker

context_is_admin
Default:

role:admin

Decides what is required for the ‘is_admin:True’ check to succeed.

admin_or_owner
Default:

is_admin:True or project_id:%(project_id)s

Default rule for most non-Admin APIs.

admin_only
Default:

is_admin:True

Default rule for most Admin APIs.

shared
Default:

field:vims:shared=True

Default rule for sharing vims.

project_member
Default:

role:member and project_id:%(project_id)s

Default rule for Project level non admin APIs.

project_member_or_admin
Default:

rule:project_member or rule:context_is_admin

Default rule for Project Member or admin APIs.

project_reader
Default:

role:reader and project_id:%(project_id)s

Default rule for Project level read only APIs.

project_reader_or_admin
Default:

rule:project_reader or rule:context_is_admin

Default rule for Project reader or admin APIs.

default
Default:

rule:project_member_or_admin

Default rule for most non-Admin APIs.

os_nfv_orchestration_api:vnf_packages:create
Default:

rule:project_member_or_admin

Operations:
  • POST /vnf_packages

Scope Types:
  • project

Creates a vnf package.

os_nfv_orchestration_api:vnf_packages:show
Default:

rule:project_reader_or_admin

Operations:
  • GET /vnf_packages/{vnf_package_id}

Scope Types:
  • project

Show a vnf package.

os_nfv_orchestration_api:vnf_packages:index
Default:

rule:project_reader_or_admin

Operations:
  • GET /vnf_packages/

Scope Types:
  • project

List all vnf packages.

os_nfv_orchestration_api:vnf_packages:delete
Default:

rule:project_member_or_admin

Operations:
  • DELETE /vnf_packages/{vnf_package_id}

Scope Types:
  • project

Delete a vnf package.

os_nfv_orchestration_api:vnf_packages:fetch_package_content
Default:

rule:project_reader_or_admin

Operations:
  • GET /vnf_packages/{vnf_package_id}/package_content

Scope Types:
  • project

fetch the contents of an on-boarded VNF Package

os_nfv_orchestration_api:vnf_packages:upload_package_content
Default:

rule:project_member_or_admin

Operations:
  • PUT /vnf_packages/{vnf_package_id}/package_content

Scope Types:
  • project

upload a vnf package content.

os_nfv_orchestration_api:vnf_packages:upload_from_uri
Default:

rule:project_member_or_admin

Operations:
  • POST /vnf_packages/{vnf_package_id}/package_content/upload_from_uri

Scope Types:
  • project

upload a vnf package content from uri.

os_nfv_orchestration_api:vnf_packages:patch
Default:

rule:project_member_or_admin

Operations:
  • PATCH /vnf_packages/{vnf_package_id}

Scope Types:
  • project

update information of vnf package.

os_nfv_orchestration_api:vnf_packages:get_vnf_package_vnfd
Default:

rule:project_reader_or_admin

Operations:
  • GET /vnf_packages/{vnf_package_id}/vnfd

Scope Types:
  • project

reads the content of the VNFD within a VNF package.

os_nfv_orchestration_api:vnf_packages:fetch_artifact
Default:

rule:project_reader_or_admin

Operations:
  • GET /vnf_packages/{vnfPkgId}/artifacts/{artifactPath}

Scope Types:
  • project

reads the content of the artifact within a VNF package.

os_nfv_orchestration_api:vnf_instances:api_versions
Default:

@

Operations:
  • GET /vnflcm/v1/api_versions

Scope Types:
  • project

Get API Versions.

os_nfv_orchestration_api:vnf_instances:create
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_instances

Scope Types:
  • project

Creates vnf instance.

os_nfv_orchestration_api:vnf_instances:instantiate
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/instantiate

Scope Types:
  • project

Instantiate vnf instance.

os_nfv_orchestration_api:vnf_instances:show
Default:

rule:project_reader_or_admin

Operations:
  • GET /vnflcm/v1/vnf_instances/{vnfInstanceId}

Scope Types:
  • project

Query an Individual VNF instance.

os_nfv_orchestration_api:vnf_instances:terminate
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/terminate

Scope Types:
  • project

Terminate a VNF instance.

os_nfv_orchestration_api:vnf_instances:heal
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/heal

Scope Types:
  • project

Heal a VNF instance.

os_nfv_orchestration_api:vnf_instances:scale
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/scale

Scope Types:
  • project

Scale a VNF instance.

os_nfv_orchestration_api:vnf_instances:show_lcm_op_occs
Default:

rule:project_reader_or_admin

Operations:
  • GET /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}

Scope Types:
  • project

Query an Individual VNF LCM operation occurrence

os_nfv_orchestration_api:vnf_instances:list_lcm_op_occs
Default:

rule:project_reader_or_admin

Operations:
  • GET /vnflcm/v1/vnf_lcm_op_occs

Scope Types:
  • project

Query VNF LCM operation occurrence

os_nfv_orchestration_api:vnf_instances:index
Default:

rule:project_reader_or_admin

Operations:
  • GET /vnflcm/v1/vnf_instances

Scope Types:
  • project

Query VNF instances.

os_nfv_orchestration_api:vnf_instances:delete
Default:

rule:project_member_or_admin

Operations:
  • DELETE /vnflcm/v1/vnf_instances/{vnfInstanceId}

Scope Types:
  • project

Delete an Individual VNF instance.

os_nfv_orchestration_api:vnf_instances:update_vnf
Default:

rule:project_member_or_admin

Operations:
  • PATCH /vnflcm/v1/vnf_instances/{vnfInstanceId}

Scope Types:
  • project

Update an Individual VNF instance.

os_nfv_orchestration_api:vnf_instances:rollback
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/rollback

Scope Types:
  • project

Rollback a VNF instance.

os_nfv_orchestration_api:vnf_instances:cancel
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/cancel

Scope Types:
  • project

Cancel a VNF instance.

os_nfv_orchestration_api:vnf_instances:fail
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/fail

Scope Types:
  • project

Fail a VNF instance.

os_nfv_orchestration_api:vnf_instances:retry
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/retry

Scope Types:
  • project

Retry a VNF instance.

os_nfv_orchestration_api:vnf_instances:change_ext_conn
Default:

rule:project_member_or_admin

Operations:
  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/change_ext_conn

Scope Types:
  • project

Change external VNF connectivity.

os_nfv_orchestration_api_v2:vnf_instances:api_versions
Default:

@

Operations:
  • GET /vnflcm/v2/api_versions

Get API Versions.

os_nfv_orchestration_api_v2:vnf_instances:create
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_instances

Creates vnf instance.

os_nfv_orchestration_api_v2:vnf_instances:index
Default:

@

Operations:
  • GET /vnflcm/v2/vnf_instances

Query VNF instances.

os_nfv_orchestration_api_v2:vnf_instances:show
Default:

@

Operations:
  • GET /vnflcm/v2/vnf_instances/{vnfInstanceId}

Query an Individual VNF instance.

os_nfv_orchestration_api_v2:vnf_instances:delete
Default:

@

Operations:
  • DELETE /vnflcm/v2/vnf_instances/{vnfInstanceId}

Delete an Individual VNF instance.

os_nfv_orchestration_api_v2:vnf_instances:update
Default:

@

Operations:
  • PATCH /vnflcm/v2/vnf_instances/{vnfInstanceId}

Modify vnf instance information.

os_nfv_orchestration_api_v2:vnf_instances:instantiate
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_instances/{vnfInstanceId}/instantiate

Instantiate vnf instance.

os_nfv_orchestration_api_v2:vnf_instances:terminate
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_instances/{vnfInstanceId}/terminate

Terminate vnf instance.

os_nfv_orchestration_api_v2:vnf_instances:scale
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_instances/{vnfInstanceId}/scale

Scale vnf instance.

os_nfv_orchestration_api_v2:vnf_instances:heal
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_instances/{vnfInstanceId}/heal

Heal vnf instance.

os_nfv_orchestration_api_v2:vnf_instances:change_ext_conn
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_instances/{vnfInstanceId}/change_ext_conn

Change external vnf connectivity.

os_nfv_orchestration_api_v2:vnf_instances:change_vnfpkg
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_instances/{vnfInstanceId}/change_vnfpkg

Change vnf package.

os_nfv_orchestration_api_v2:vnf_instances:subscription_create
Default:

@

Operations:
  • POST /vnflcm/v2/subscriptions

Create subscription.

os_nfv_orchestration_api_v2:vnf_instances:subscription_list
Default:

@

Operations:
  • GET /vnflcm/v2/subscriptions

List subscription.

os_nfv_orchestration_api_v2:vnf_instances:subscription_show
Default:

@

Operations:
  • GET /vnflcm/v2/vnf_instances/{subscriptionId}

Show subscription.

os_nfv_orchestration_api_v2:vnf_instances:subscription_delete
Default:

@

Operations:
  • DELETE /vnflcm/v2/vnf_instances/{subscriptionId}

Delete subscription.

os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_list
Default:

@

Operations:
  • GET /vnflcm/v2/vnf_lcm_op_occs

List VnfLcmOpOcc.

os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_show
Default:

@

Operations:
  • GET /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}

Show VnfLcmOpOcc.

os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_retry
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}/retry

Retry VnfLcmOpOcc.

os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_rollback
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}/rollback

Rollback VnfLcmOpOcc.

os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_fail
Default:

@

Operations:
  • POST /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}/fail

Fail VnfLcmOpOcc.

os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_delete
Default:

@

Operations:
  • DELETE /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}

Delete VnfLcmOpOcc.

tacker_server_notification_api:server_notification:notify
Default:

@

Operations:
  • POST /server_notification

notify

os_nfv_orchestration_api_v2:vnf_fault_monitor:index
Default:

@

Operations:
  • GET /vnffm/v1/alarms

Query FM alarms.

os_nfv_orchestration_api_v2:vnf_fault_monitor:show
Default:

@

Operations:
  • GET /vnffm/v1/alarms/{alarmId}

Query an Individual FM alarm.

os_nfv_orchestration_api_v2:vnf_fault_monitor:update
Default:

@

Operations:
  • PATCH /vnffm/v1/alarms/{alarmId}

Modify FM alarm information.

os_nfv_orchestration_api_v2:vnf_fault_monitor:subscription_create
Default:

@

Operations:
  • POST /vnffm/v1/subscriptions

Create subscription.

os_nfv_orchestration_api_v2:vnf_fault_monitor:subscription_list
Default:

@

Operations:
  • GET /vnffm/v1/subscriptions

List subscription.

os_nfv_orchestration_api_v2:vnf_fault_monitor:subscription_show
Default:

@

Operations:
  • GET /vnffm/v1/subscriptions/{subscriptionId}

Show subscription.

os_nfv_orchestration_api_v2:vnf_fault_monitor:subscription_delete
Default:

@

Operations:
  • DELETE /vnffm/v1/subscriptions/{subscriptionId}

Delete subscription.

tacker_PROM_PLUGIN_api:PROM_PLUGIN:alert
Default:

@

Operations:
  • POST /alert

Receive the alert sent from External Monitoring Tool

os_nfv_orchestration_api_v2:vnf_performance_management:create
Default:

@

Operations:
  • POST /vnfpm/v2/pm_jobs

Create a PM job.

os_nfv_orchestration_api_v2:vnf_performance_management:index
Default:

@

Operations:
  • GET /vnfpm/v2/pm_jobs

Query PM jobs.

os_nfv_orchestration_api_v2:vnf_performance_management:update
Default:

@

Operations:
  • PATCH /vnfpm/v2/pm_jobs/{pmJobId}

Update a PM job.

os_nfv_orchestration_api_v2:vnf_performance_management:show
Default:

@

Operations:
  • GET /vnfpm/v2/pm_jobs/{pmJobId}

Get an individual PM job.

os_nfv_orchestration_api_v2:vnf_performance_management:delete
Default:

@

Operations:
  • DELETE /vnfpm/v2/pm_jobs/{pmJobId}

Delete a PM job.

os_nfv_orchestration_api_v2:vnf_performance_management:report_get
Default:

@

Operations:
  • GET /vnfpm/v2/pm_jobs/{id}/reports/{report_id}

Get an individual performance report.

tacker_PROM_PLUGIN_api:PROM_PLUGIN:pm_event
Default:

@

Operations:
  • POST /pm_event

Receive the PM event sent from External Monitoring Tool

tacker_PROM_PLUGIN_api:PROM_PLUGIN:auto_healing
Default:

@

Operations:
  • POST /alert/auto_healing

auto_healing

tacker_PROM_PLUGIN_api:PROM_PLUGIN:auto_scaling
Default:

@

Operations:
  • POST /alert/auto_scaling

auto_scaling

os_nfv_orchestration_api_v2:vnf_performance_management:create_threshold
Default:

@

Operations:
  • POST /vnfpm/v2/thresholds

Create a PM threshold.

os_nfv_orchestration_api_v2:vnf_performance_management:index_threshold
Default:

@

Operations:
  • GET /vnfpm/v2/thresholds

Query PM thresholds.

os_nfv_orchestration_api_v2:vnf_performance_management:show_threshold
Default:

@

Operations:
  • GET /vnfpm/v2/thresholds/{thresholdId}

Get an individual PM threshold.

os_nfv_orchestration_api_v2:vnf_performance_management:update_threshold
Default:

@

Operations:
  • PATCH /vnfpm/v2/thresholds/{thresholdId}

Update a PM threshold callback.

os_nfv_orchestration_api_v2:vnf_performance_management:delete_threshold
Default:

@

Operations:
  • DELETE /vnfpm/v2/thresholds/{thresholdId}

Delete a PM threshold.

tacker_PROM_PLUGIN_api:PROM_PLUGIN:pm_threshold
Default:

@

Operations:
  • POST /pm_threshold

Receive the PM threshold sent from External Monitoring Tool.