The following is an overview of all available policies in Zun. For a sample configuration file.
context_is_admin
Default: | role:admin |
---|
(no description provided)
admin_or_owner
Default: | is_admin:True or project_id:%(project_id)s |
---|
(no description provided)
admin_api
Default: | rule:context_is_admin |
---|
(no description provided)
deny_everybody
Default: | ! |
---|
Default rule for deny everybody.
container:create
Default: |
|
---|---|
Operations: |
|
Create a new container.
container:create:runtime
Default: |
|
---|---|
Operations: |
|
Create a new container with specified runtime.
container:create:privileged
Default: |
|
---|---|
Operations: |
|
Create a new privileged container.Warning: the privileged container has a big security risk so be caution if you want to enable this feature
container:delete
Default: |
|
---|---|
Operations: |
|
Delete a container.
container:delete_all_projects
Default: |
|
---|---|
Operations: |
|
Delete a container from all projects.
container:delete_force
Default: |
|
---|---|
Operations: |
|
Forcibly delete a container.
container:get_one
Default: |
|
---|---|
Operations: |
|
Retrieve the details of a specific container.
container:get_one:host
Default: |
|
---|---|
Operations: |
|
Retrieve the host field of containers.
container:get_one_all_projects
Default: |
|
---|---|
Operations: |
|
Retrieve the details of a specific container from all projects.
container:get_all
Default: |
|
---|---|
Operations: |
|
Retrieve the details of all containers.
container:get_all_all_projects
Default: |
|
---|---|
Operations: |
|
Retrieve the details of all containers across projects.
container:update
Default: |
|
---|---|
Operations: |
|
Update a container.
container:start
Default: |
|
---|---|
Operations: |
|
Start a container.
container:stop
Default: |
|
---|---|
Operations: |
|
Stop a container.
container:reboot
Default: |
|
---|---|
Operations: |
|
Reboot a container.
container:pause
Default: |
|
---|---|
Operations: |
|
Pause a container.
container:unpause
Default: |
|
---|---|
Operations: |
|
Unpause a container.
container:logs
Default: |
|
---|---|
Operations: |
|
Get the log of a container
container:execute
Default: |
|
---|---|
Operations: |
|
Execute command in a running container
container:execute_resize
Default: |
|
---|---|
Operations: |
|
Resize the TTY used by an execute command.
container:kill
Default: |
|
---|---|
Operations: |
|
Kill a running container
container:rename
Default: |
|
---|---|
Operations: |
|
Rename a container.
container:attach
Default: |
|
---|---|
Operations: |
|
Attach to a running container
container:resize
Default: |
|
---|---|
Operations: |
|
Resize a container.
container:top
Default: |
|
---|---|
Operations: |
|
Display the running processes inside the container.
container:get_archive
Default: |
|
---|---|
Operations: |
|
Get a tar archive of a path of container.
container:put_archive
Default: |
|
---|---|
Operations: |
|
Put a tar archive to be extracted to a path of container
container:stats
Default: |
|
---|---|
Operations: |
|
Display the statistics of a container
container:commit
Default: |
|
---|---|
Operations: |
|
Commit a container
container:add_security_group
Default: |
|
---|---|
Operations: |
|
Add a security group to a specific container.
container:network_detach
Default: |
|
---|---|
Operations: |
|
Detach a network from a container.
container:network_attach
Default: |
|
---|---|
Operations: |
|
Attach a network from a container.
container:remove_security_group
Default: |
|
---|---|
Operations: |
|
Remove security group from a specific container.
container:rebuild
Default: |
|
---|---|
Operations: |
|
Rebuild a container.
container:resize_container
Default: |
|
---|---|
Operations: |
|
Resize an existing container.
image:pull
Default: |
|
---|---|
Operations: |
|
Pull an image.
image:get_all
Default: |
|
---|---|
Operations: |
|
Print a list of available images.
image:get_one
Default: |
|
---|---|
Operations: |
|
Retrieve the details of a specific image.
image:search
Default: |
|
---|---|
Operations: |
|
Search an image.
image:delete
Default: |
|
---|---|
Operations: |
|
Delete an image.
zun-service:delete
Default: |
|
---|---|
Operations: |
|
Delete a service.
zun-service:disable
Default: |
|
---|---|
Operations: |
|
Disable a service.
zun-service:enable
Default: |
|
---|---|
Operations: |
|
Enable a service.
zun-service:force_down
Default: |
|
---|---|
Operations: |
|
Forcibly shutdown a service.
zun-service:get_all
Default: |
|
---|---|
Operations: |
|
Show the status of a service.
host:get_all
Default: |
|
---|---|
Operations: |
|
List all compute hosts.
host:get
Default: |
|
---|---|
Operations: |
|
Show the details of a specific compute host.
capsule:create
Default: |
|
---|---|
Operations: |
|
Create a capsule
capsule:delete
Default: |
|
---|---|
Operations: |
|
Delete a capsule
capsule:delete_all_projects
Default: |
|
---|---|
Operations: |
|
Delete a container in any project.
capsule:get
Default: |
|
---|---|
Operations: |
|
Retrieve the details of a capsule.
capsule:get_one_all_projects
Default: |
|
---|---|
Operations: |
|
Retrieve the details of a capsule in any project.
capsule:get_all
Default: |
|
---|---|
Operations: |
|
List all capsules.
capsule:get_all_all_projects
Default: |
|
---|---|
Operations: |
|
List all capsules across projects.
network:attach_external_network
Default: |
|
---|---|
Operations: |
|
Attach an unshared external network to a container
network:create
Default: |
|
---|---|
Operations: |
|
Create a network
container:actions
Default: |
|
---|---|
Operations: |
|
List actions and show action details for a container
container:action:events
Default: |
|
---|---|
Operations: |
|
Add events details in action details for a container.
availability_zones:get_all
Default: |
|
---|---|
Operations: |
|
List availability zone
quota:update
Default: |
|
---|---|
Operations: |
|
Update quotas for a project
quota:delete
Default: |
|
---|---|
Operations: |
|
Delete quotas for a project
quota:get
Default: |
|
---|---|
Operations: |
|
Get quotas for a project
quota:get_default
Default: |
|
---|---|
Operations: |
|
Get default quotas for a project
quota_class:update
Default: |
|
---|---|
Operations: |
|
Update quotas for specific quota class
quota_class:get
Default: |
|
---|---|
Operations: |
|
List quotas for specific quota class
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.