Tacker Policies

Warning

JSON formatted policy file is deprecated since Tacker 5.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is an overview of all available policies in Tacker. For a sample configuration file, refer to Sample Tacker Policy File.

tacker

context_is_admin
Default

role:admin

Decides what is required for the ‘is_admin:True’ check to succeed.

admin_or_owner
Default

is_admin:True or tenant_id:%(tenant_id)s

Default rule for most non-Admin APIs.

admin_only
Default

is_admin:True

Default rule for most Admin APIs.

shared
Default

field:vims:shared=True

Default rule for sharing vims.

default
Default

rule:admin_or_owner

Default rule for most non-Admin APIs.

os_nfv_orchestration_api:vnf_packages:create
Default

rule:admin_or_owner

Operations

  • POST /vnf_packages

Creates a vnf package.

os_nfv_orchestration_api:vnf_packages:show
Default

rule:admin_or_owner

Operations

  • GET /vnf_packages/{vnf_package_id}

Show a vnf package.

os_nfv_orchestration_api:vnf_packages:index
Default

rule:admin_or_owner

Operations

  • GET /vnf_packages/

List all vnf packages.

os_nfv_orchestration_api:vnf_packages:delete
Default

rule:admin_or_owner

Operations

  • DELETE /vnf_packages/{vnf_package_id}

Delete a vnf package.

os_nfv_orchestration_api:vnf_packages:fetch_package_content
Default

rule:admin_or_owner

Operations

  • GET /vnf_packages/{vnf_package_id}/package_content

fetch the contents of an on-boarded VNF Package

os_nfv_orchestration_api:vnf_packages:upload_package_content
Default

rule:admin_or_owner

Operations

  • PUT /vnf_packages/{vnf_package_id}/package_content

upload a vnf package content.

os_nfv_orchestration_api:vnf_packages:upload_from_uri
Default

rule:admin_or_owner

Operations

  • POST /vnf_packages/{vnf_package_id}/package_content/upload_from_uri

upload a vnf package content from uri.

os_nfv_orchestration_api:vnf_packages:patch
Default

rule:admin_or_owner

Operations

  • PATCH /vnf_packages/{vnf_package_id}

update information of vnf package.

os_nfv_orchestration_api:vnf_packages:get_vnf_package_vnfd
Default

rule:admin_or_owner

Operations

  • GET /vnf_packages/{vnf_package_id}/vnfd

reads the content of the VNFD within a VNF package.

os_nfv_orchestration_api:vnf_packages:fetch_artifact
Default

rule:admin_or_owner

Operations

  • GET /vnf_packages/{vnfPkgId}/artifacts/{artifactPath}

reads the content of the artifact within a VNF package.

os_nfv_orchestration_api:vnf_instances:create
Default

rule:admin_or_owner

Operations

  • POST /vnflcm/v1/vnf_instances

Creates vnf instance.

os_nfv_orchestration_api:vnf_instances:instantiate
Default

rule:admin_or_owner

Operations

  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/instantiate

Instantiate vnf instance.

os_nfv_orchestration_api:vnf_instances:show
Default

rule:admin_or_owner

Operations

  • GET /vnflcm/v1/vnf_instances/{vnfInstanceId}

Query an Individual VNF instance.

os_nfv_orchestration_api:vnf_instances:terminate
Default

rule:admin_or_owner

Operations

  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/terminate

Terminate a VNF instance.

os_nfv_orchestration_api:vnf_instances:heal
Default

rule:admin_or_owner

Operations

  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/heal

Heal a VNF instance.

os_nfv_orchestration_api:vnf_instances:scale
Default

rule:admin_or_owner

Operations

  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/scale

Scale a VNF instance.

os_nfv_orchestration_api:vnf_instances:show_lcm_op_occs
Default

rule:admin_or_owner

Operations

  • GET /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}

Query an Individual VNF LCM operation occurrence

os_nfv_orchestration_api:vnf_instances:list_lcm_op_occs
Default

rule:admin_or_owner

Operations

  • GET /vnflcm/v1/vnf_lcm_op_occs

Query VNF LCM operation occurrence

os_nfv_orchestration_api:vnf_instances:index
Default

rule:admin_or_owner

Operations

  • GET /vnflcm/v1/vnf_instances

Query VNF instances.

os_nfv_orchestration_api:vnf_instances:delete
Default

rule:admin_or_owner

Operations

  • DELETE /vnflcm/v1/vnf_instances/{vnfInstanceId}

Delete an Individual VNF instance.

os_nfv_orchestration_api:vnf_instances:update_vnf
Default

rule:admin_or_owner

Operations

  • PATCH /vnflcm/v1/vnf_instances/{vnfInstanceId}

Update an Individual VNF instance.

os_nfv_orchestration_api:vnf_instances:rollback
Default

rule:admin_or_owner

Operations

  • POST /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/rollback

Rollback a VNF instance.

os_nfv_orchestration_api:vnf_instances:fail
Default

rule:admin_or_owner

Operations

  • POST /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/fail

Fail a VNF instance.

os_nfv_orchestration_api:vnf_instances:retry
Default

rule:admin_or_owner

Operations

  • POST /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/retry

Retry a VNF instance.

os_nfv_orchestration_api:vnf_instances:change_ext_conn
Default

rule:admin_or_owner

Operations

  • POST /vnflcm/v1/vnf_instances/{vnfInstanceId}/change_ext_conn

Change external VNF connectivity.