summaryrefslogtreecommitdiffstats
path: root/ci/conf/policy.json
blob: 781ee48897b57507e95027174813657a7d5e3e54 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{
  "admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or  tenant_id:%(tenant_id)s",
  "default": "rule:admin_or_owner",
  "admin_api": "is_admin:True or (role:admin and is_admin_project:True)",


  "profile:create":"rule:admin_api",
  "profile:list":"",
  "profile:get":"",
  "profile:update":"rule:admin_api",
  "profile:delete":"rule:admin_api",
  "profile:add_extra_property": "rule:admin_api",
  "profile:list_extra_properties": "",
  "profile:remove_extra_property": "rule:admin_api",
  "volume:create": "rule:admin_or_owner",
  "volume:list": "rule:admin_or_owner",
  "volume:get": "rule:admin_or_owner",
  "volume:update": "rule:admin_or_owner",
  "volume:extend": "rule:admin_or_owner",
  "volume:delete": "rule:admin_or_owner",
  "volume:create_attachment": "rule:admin_or_owner",
  "volume:list_attachments": "rule:admin_or_owner",
  "volume:get_attachment": "rule:admin_or_owner",
  "volume:update_attachment": "rule:admin_or_owner",
  "volume:delete_attachment": "rule:admin_or_owner",
  "snapshot:create": "rule:admin_or_owner",
  "snapshot:list": "rule:admin_or_owner",
  "snapshot:get": "rule:admin_or_owner",
  "snapshot:update": "rule:admin_or_owner",
  "snapshot:delete": "rule:admin_or_owner",
  "dock:list": "rule:admin_api",
  "dock:get": "rule:admin_api",
  "pool:list": "rule:admin_api",
  "pool:get": "rule:admin_api",
  "replication:create": "rule:admin_or_owner",
  "replication:list": "rule:admin_or_owner",
  "replication:list_detail": "rule:admin_or_owner",
  "replication:get": "rule:admin_or_owner",
  "replication:update": "rule:admin_or_owner",
  "replication:delete": "rule:admin_or_owner",
  "replication:action:enable": "rule:admin_or_owner",
  "replication:action:disable": "rule:admin_or_owner",
  "replication:action:failover": "rule:admin_or_owner",
  "volume_group:create": "rule:admin_or_owner",
  "volume_group:list": "rule:admin_or_owner",
  "volume_group:get": "rule:admin_or_owner",
  "volume_group:update": "rule:admin_or_owner",
  "volume_group:delete": "rule:admin_or_owner"
}