1 files changed, 49 insertions, 0 deletions

diff --git a/ci/conf/policy.json b/ci/conf/policy.json
new file mode 100644
index 0000000..781ee48
--- /dev/null
+++ b/ci/conf/policy.json
@@ -0,0 +1,49 @@
+{
+  "admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or  tenant_id:%(tenant_id)s",
+  "default": "rule:admin_or_owner",
+  "admin_api": "is_admin:True or (role:admin and is_admin_project:True)",
+
+
+  "profile:create":"rule:admin_api",
+  "profile:list":"",
+  "profile:get":"",
+  "profile:update":"rule:admin_api",
+  "profile:delete":"rule:admin_api",
+  "profile:add_extra_property": "rule:admin_api",
+  "profile:list_extra_properties": "",
+  "profile:remove_extra_property": "rule:admin_api",
+  "volume:create": "rule:admin_or_owner",
+  "volume:list": "rule:admin_or_owner",
+  "volume:get": "rule:admin_or_owner",
+  "volume:update": "rule:admin_or_owner",
+  "volume:extend": "rule:admin_or_owner",
+  "volume:delete": "rule:admin_or_owner",
+  "volume:create_attachment": "rule:admin_or_owner",
+  "volume:list_attachments": "rule:admin_or_owner",
+  "volume:get_attachment": "rule:admin_or_owner",
+  "volume:update_attachment": "rule:admin_or_owner",
+  "volume:delete_attachment": "rule:admin_or_owner",
+  "snapshot:create": "rule:admin_or_owner",
+  "snapshot:list": "rule:admin_or_owner",
+  "snapshot:get": "rule:admin_or_owner",
+  "snapshot:update": "rule:admin_or_owner",
+  "snapshot:delete": "rule:admin_or_owner",
+  "dock:list": "rule:admin_api",
+  "dock:get": "rule:admin_api",
+  "pool:list": "rule:admin_api",
+  "pool:get": "rule:admin_api",
+  "replication:create": "rule:admin_or_owner",
+  "replication:list": "rule:admin_or_owner",
+  "replication:list_detail": "rule:admin_or_owner",
+  "replication:get": "rule:admin_or_owner",
+  "replication:update": "rule:admin_or_owner",
+  "replication:delete": "rule:admin_or_owner",
+  "replication:action:enable": "rule:admin_or_owner",
+  "replication:action:disable": "rule:admin_or_owner",
+  "replication:action:failover": "rule:admin_or_owner",
+  "volume_group:create": "rule:admin_or_owner",
+  "volume_group:list": "rule:admin_or_owner",
+  "volume_group:get": "rule:admin_or_owner",
+  "volume_group:update": "rule:admin_or_owner",
+  "volume_group:delete": "rule:admin_or_owner"
+}
\ No newline at end of file