Sync default policy rules
This patch updates default policy-in-code rules in horizon based on nova/neutron/keystone/glance/cinder RC deliverables. It also bumps a few packages versions in lower-constraints.txt and requirements.txt to fix the failed lower-constraints job after updating policy rules. Change-Id: I168bb171076e3442b29670461a29d12c9988df52
This commit is contained in:
manchandavishal
parent
1bb9092abf
commit
05473b765e
@ -54,19 +54,19 @@ openstacksdk==0.11.2
|
|||||||
os-client-config==1.28.0
|
os-client-config==1.28.0
|
||||||
os-service-types==1.2.0
|
os-service-types==1.2.0
|
||||||
osc-lib==1.8.0
|
osc-lib==1.8.0
|
||||||
oslo.concurrency==3.26.0
|
oslo.concurrency==4.5.0
|
||||||
oslo.config==5.2.0
|
oslo.config==8.8.0
|
||||||
oslo.context==2.22.0
|
oslo.context==4.1.0
|
||||||
oslo.i18n==5.0.1
|
oslo.i18n==5.1.0
|
||||||
oslo.log==3.36.0
|
oslo.log==4.7.0
|
||||||
oslo.messaging==5.29.0
|
oslo.messaging==5.29.0
|
||||||
oslo.middleware==3.31.0
|
oslo.middleware==3.31.0
|
||||||
oslo.policy==3.2.0
|
oslo.policy==3.11.0
|
||||||
oslo.serialization==2.18.0
|
oslo.serialization==4.3.0
|
||||||
oslo.service==1.24.0
|
oslo.service==1.24.0
|
||||||
oslo.upgradecheck==0.1.1
|
oslo.upgradecheck==1.5.0
|
||||||
oslo.utils==4.8.0
|
oslo.utils==4.12.0
|
||||||
osprofiler==2.3.0
|
osprofiler==3.4.2
|
||||||
Paste==2.0.2
|
Paste==2.0.2
|
||||||
PasteDeploy==1.5.0
|
PasteDeploy==1.5.0
|
||||||
pbr==5.5.0
|
pbr==5.5.0
|
||||||
@ -97,14 +97,14 @@ python-neutronclient==6.7.0
|
|||||||
python-novaclient==9.1.0
|
python-novaclient==9.1.0
|
||||||
python-swiftclient==3.2.0
|
python-swiftclient==3.2.0
|
||||||
pytz==2013.6
|
pytz==2013.6
|
||||||
PyYAML==3.12
|
PyYAML==6.0
|
||||||
rcssmin==1.0.6
|
rcssmin==1.0.6
|
||||||
reno==3.1.0
|
reno==3.1.0
|
||||||
repoze.lru==0.7
|
repoze.lru==0.7
|
||||||
requests==2.25.1
|
requests==2.25.1
|
||||||
requestsexceptions==1.2.0
|
requestsexceptions==1.2.0
|
||||||
restructuredtext-lint==1.1.1
|
restructuredtext-lint==1.1.1
|
||||||
rfc3986==0.3.1
|
rfc3986==1.5.0
|
||||||
rjsmin==1.1.0
|
rjsmin==1.1.0
|
||||||
Routes==2.3.1
|
Routes==2.3.1
|
||||||
selenium==2.50.1
|
selenium==2.50.1
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,13 +1,9 @@
|
|||||||
- check_str: ''
|
- check_str: ''
|
||||||
deprecated_reason: In order to allow operators to accept the default policies from
|
deprecated_reason: null
|
||||||
code by not defining them in the policy file, while still working with old policy
|
|
||||||
files that rely on the ``default`` rule for policies that are not specified in
|
|
||||||
the policy file, the ``default`` rule must now be explicitly set to ``"role:admin"``
|
|
||||||
when that is the desired default for unspecified rules.
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: role:admin
|
check_str: role:admin
|
||||||
name: default
|
name: default
|
||||||
deprecated_since: Ussuri
|
deprecated_since: null
|
||||||
description: Defines the default rule used for policies that historically had an
|
description: Defines the default rule used for policies that historically had an
|
||||||
empty policy in the supplied policy.json file.
|
empty policy in the supplied policy.json file.
|
||||||
name: default
|
name: default
|
||||||
@ -18,16 +14,12 @@
|
|||||||
name: context_is_admin
|
name: context_is_admin
|
||||||
operations: []
|
operations: []
|
||||||
scope_types: null
|
scope_types: null
|
||||||
- check_str: role:role:admin or (role:member and project_id:%(project_id)s and project_id:%(owner)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s and project_id:%(owner)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: add_image
|
name: add_image
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Create new image
|
description: Create new image
|
||||||
name: add_image
|
name: add_image
|
||||||
operations:
|
operations:
|
||||||
@ -37,15 +29,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: delete_image
|
name: delete_image
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Deletes the image
|
description: Deletes the image
|
||||||
name: delete_image
|
name: delete_image
|
||||||
operations:
|
operations:
|
||||||
@ -55,16 +43,12 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s
|
||||||
or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))
|
or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: get_image
|
name: get_image
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Get specified image
|
description: Get specified image
|
||||||
name: get_image
|
name: get_image
|
||||||
operations:
|
operations:
|
||||||
@ -74,15 +58,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: get_images
|
name: get_images
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Get all available images
|
description: Get all available images
|
||||||
name: get_images
|
name: get_images
|
||||||
operations:
|
operations:
|
||||||
@ -92,15 +72,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: modify_image
|
name: modify_image
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Updates given image
|
description: Updates given image
|
||||||
name: modify_image
|
name: modify_image
|
||||||
operations:
|
operations:
|
||||||
@ -119,15 +95,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: communitize_image
|
name: communitize_image
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Communitize given image
|
description: Communitize given image
|
||||||
name: communitize_image
|
name: communitize_image
|
||||||
operations:
|
operations:
|
||||||
@ -137,16 +109,12 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s
|
- check_str: role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s
|
||||||
or "community":%(visibility)s or "public":%(visibility)s))
|
or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: download_image
|
name: download_image
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Downloads given image
|
description: Downloads given image
|
||||||
name: download_image
|
name: download_image
|
||||||
operations:
|
operations:
|
||||||
@ -156,15 +124,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: upload_image
|
name: upload_image
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Uploads data to specified image
|
description: Uploads data to specified image
|
||||||
name: upload_image
|
name: upload_image
|
||||||
operations:
|
operations:
|
||||||
@ -174,15 +138,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin
|
- check_str: role:admin
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: delete_image_location
|
name: delete_image_location
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Deletes the location of given image
|
description: Deletes the location of given image
|
||||||
name: delete_image_location
|
name: delete_image_location
|
||||||
operations:
|
operations:
|
||||||
@ -192,15 +152,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: get_image_location
|
name: get_image_location
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Reads the location of the image
|
description: Reads the location of the image
|
||||||
name: get_image_location
|
name: get_image_location
|
||||||
operations:
|
operations:
|
||||||
@ -210,15 +166,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: set_image_location
|
name: set_image_location
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Sets location URI to given image
|
description: Sets location URI to given image
|
||||||
name: set_image_location
|
name: set_image_location
|
||||||
operations:
|
operations:
|
||||||
@ -228,15 +180,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: add_member
|
name: add_member
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Create image member
|
description: Create image member
|
||||||
name: add_member
|
name: add_member
|
||||||
operations:
|
operations:
|
||||||
@ -246,15 +194,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: delete_member
|
name: delete_member
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Delete image member
|
description: Delete image member
|
||||||
name: delete_member
|
name: delete_member
|
||||||
operations:
|
operations:
|
||||||
@ -264,15 +208,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)
|
- check_str: role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: get_member
|
name: get_member
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Show image member details
|
description: Show image member details
|
||||||
name: get_member
|
name: get_member
|
||||||
operations:
|
operations:
|
||||||
@ -282,15 +222,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)
|
- check_str: role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: get_members
|
name: get_members
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: List image members
|
description: List image members
|
||||||
name: get_members
|
name: get_members
|
||||||
operations:
|
operations:
|
||||||
@ -300,15 +236,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(member_id)s)
|
- check_str: role:admin or (role:member and project_id:%(member_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: modify_member
|
name: modify_member
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Update image member
|
description: Update image member
|
||||||
name: modify_member
|
name: modify_member
|
||||||
operations:
|
operations:
|
||||||
@ -325,15 +257,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: deactivate
|
name: deactivate
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Deactivate image
|
description: Deactivate image
|
||||||
name: deactivate
|
name: deactivate
|
||||||
operations:
|
operations:
|
||||||
@ -343,15 +271,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
- check_str: role:admin or (role:member and project_id:%(project_id)s)
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
The image API now supports roles.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: reactivate
|
name: reactivate
|
||||||
deprecated_since: W
|
deprecated_since: null
|
||||||
description: Reactivate image
|
description: Reactivate image
|
||||||
name: reactivate
|
name: reactivate
|
||||||
operations:
|
operations:
|
||||||
@ -370,18 +294,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: rule:default
|
- check_str: rule:default
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
From Xena we are enforcing policy checks in the API and policy layer where task
|
|
||||||
policies were enforcing will be removed. Since task APIs are already deprecated
|
|
||||||
and `tasks_api_access` is checked for each API at API layer, there will be no
|
|
||||||
benefit of other having other task related policies.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: get_task
|
name: get_task
|
||||||
deprecated_since: X
|
deprecated_since: null
|
||||||
description: 'Get an image task.
|
description: 'Get an image task.
|
||||||
|
|
||||||
|
|
||||||
@ -406,18 +323,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: rule:default
|
- check_str: rule:default
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
From Xena we are enforcing policy checks in the API and policy layer where task
|
|
||||||
policies were enforcing will be removed. Since task APIs are already deprecated
|
|
||||||
and `tasks_api_access` is checked for each API at API layer, there will be no
|
|
||||||
benefit of other having other task related policies.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: get_task
|
name: get_tasks
|
||||||
deprecated_since: X
|
deprecated_since: null
|
||||||
description: 'List tasks for all images.
|
description: 'List tasks for all images.
|
||||||
|
|
||||||
|
|
||||||
@ -442,18 +352,11 @@
|
|||||||
- system
|
- system
|
||||||
- project
|
- project
|
||||||
- check_str: rule:default
|
- check_str: rule:default
|
||||||
deprecated_reason: '
|
deprecated_reason: null
|
||||||
|
|
||||||
From Xena we are enforcing policy checks in the API and policy layer where task
|
|
||||||
policies were enforcing will be removed. Since task APIs are already deprecated
|
|
||||||
and `tasks_api_access` is checked for each API at API layer, there will be no
|
|
||||||
benefit of other having other task related policies.
|
|
||||||
|
|
||||||
'
|
|
||||||
deprecated_rule:
|
deprecated_rule:
|
||||||
check_str: rule:default
|
check_str: rule:default
|
||||||
name: add_task
|
name: add_task
|
||||||
deprecated_since: X
|
deprecated_since: null
|
||||||
description: 'List tasks for all images.
|
description: 'List tasks for all images.
|
||||||
|
|
||||||
|
|
||||||
@ -528,133 +431,337 @@
|
|||||||
name: metadef_admin
|
name: metadef_admin
|
||||||
operations: []
|
operations: []
|
||||||
scope_types: null
|
scope_types: null
|
||||||
- check_str: rule:metadef_default
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||||
description: null
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: get_metadef_namespace
|
name: get_metadef_namespace
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: Get a specific namespace.
|
||||||
- check_str: rule:metadef_default
|
name: get_metadef_namespace
|
||||||
description: null
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin or (role:reader and project_id:%(project_id)s)
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: get_metadef_namespaces
|
name: get_metadef_namespaces
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: List namespace.
|
||||||
|
name: get_metadef_namespaces
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Modify an existing namespace.
|
||||||
name: modify_metadef_namespace
|
name: modify_metadef_namespace
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: PUT
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Create a namespace.
|
||||||
name: add_metadef_namespace
|
name: add_metadef_namespace
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: POST
|
||||||
|
path: /v2/metadefs/namespaces
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Delete a namespace.
|
||||||
name: delete_metadef_namespace
|
name: delete_metadef_namespace
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: DELETE
|
||||||
- check_str: rule:metadef_default
|
path: /v2/metadefs/namespaces/{namespace_name}
|
||||||
description: null
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: get_metadef_object
|
name: get_metadef_object
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: Get a specific object from a namespace.
|
||||||
- check_str: rule:metadef_default
|
name: get_metadef_object
|
||||||
description: null
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: get_metadef_objects
|
name: get_metadef_objects
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: Get objects from a namespace.
|
||||||
|
name: get_metadef_objects
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/objects
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Update an object within a namespace.
|
||||||
name: modify_metadef_object
|
name: modify_metadef_object
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: PUT
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Create an object within a namespace.
|
||||||
name: add_metadef_object
|
name: add_metadef_object
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: POST
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/objects
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Delete an object within a namespace.
|
||||||
name: delete_metadef_object
|
name: delete_metadef_object
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: DELETE
|
||||||
- check_str: rule:metadef_default
|
path: /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||||
description: null
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: list_metadef_resource_types
|
name: list_metadef_resource_types
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: List meta definition resource types.
|
||||||
- check_str: rule:metadef_default
|
name: list_metadef_resource_types
|
||||||
description: null
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/resource_types
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: get_metadef_resource_type
|
name: get_metadef_resource_type
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: Get meta definition resource types associations.
|
||||||
|
name: get_metadef_resource_type
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/resource_types
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Create meta definition resource types association.
|
||||||
name: add_metadef_resource_type_association
|
name: add_metadef_resource_type_association
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: POST
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/resource_types
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Delete meta definition resource types association.
|
||||||
name: remove_metadef_resource_type_association
|
name: remove_metadef_resource_type_association
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: POST
|
||||||
- check_str: rule:metadef_default
|
path: /v2/metadefs/namespaces/{namespace_name}/resource_types/{name}
|
||||||
description: null
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: get_metadef_property
|
name: get_metadef_property
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: Get a specific meta definition property.
|
||||||
- check_str: rule:metadef_default
|
name: get_metadef_property
|
||||||
description: null
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: get_metadef_properties
|
name: get_metadef_properties
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: List meta definition properties.
|
||||||
|
name: get_metadef_properties
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/properties
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Update meta definition property.
|
||||||
name: modify_metadef_property
|
name: modify_metadef_property
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Create meta definition property.
|
||||||
name: add_metadef_property
|
name: add_metadef_property
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: POST
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/properties
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Delete meta definition property.
|
||||||
name: remove_metadef_property
|
name: remove_metadef_property
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: DELETE
|
||||||
- check_str: rule:metadef_default
|
path: /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||||
description: null
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: get_metadef_tag
|
name: get_metadef_tag
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: Get tag definition.
|
||||||
- check_str: rule:metadef_default
|
name: get_metadef_tag
|
||||||
description: null
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:metadef_default
|
||||||
name: get_metadef_tags
|
name: get_metadef_tags
|
||||||
operations: []
|
deprecated_since: null
|
||||||
scope_types: null
|
description: List tag definitions.
|
||||||
|
name: get_metadef_tags
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/tags
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Update tag definition.
|
||||||
name: modify_metadef_tag
|
name: modify_metadef_tag
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: PUT
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Add tag definition.
|
||||||
name: add_metadef_tag
|
name: add_metadef_tag
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: POST
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Create tag definitions.
|
||||||
name: add_metadef_tags
|
name: add_metadef_tags
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: POST
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/tags
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Delete tag definition.
|
||||||
name: delete_metadef_tag
|
name: delete_metadef_tag
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: DELETE
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
- check_str: rule:metadef_admin
|
- check_str: rule:metadef_admin
|
||||||
description: null
|
description: Delete tag definitions.
|
||||||
name: delete_metadef_tags
|
name: delete_metadef_tags
|
||||||
operations: []
|
operations:
|
||||||
scope_types: null
|
- method: DELETE
|
||||||
|
path: /v2/metadefs/namespaces/{namespace_name}/tags
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
- check_str: role:admin
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:manage_image_cache
|
||||||
|
name: cache_image
|
||||||
|
deprecated_since: null
|
||||||
|
description: Queue image for caching
|
||||||
|
name: cache_image
|
||||||
|
operations:
|
||||||
|
- method: PUT
|
||||||
|
path: /v2/cache/{image_id}
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: role:admin
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:manage_image_cache
|
||||||
|
name: cache_list
|
||||||
|
deprecated_since: null
|
||||||
|
description: List cache status
|
||||||
|
name: cache_list
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/cache
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: role:admin
|
||||||
|
deprecated_reason: null
|
||||||
|
deprecated_rule:
|
||||||
|
check_str: rule:manage_image_cache
|
||||||
|
name: cache_delete
|
||||||
|
deprecated_since: null
|
||||||
|
description: Delete image(s) from cache and/or queue
|
||||||
|
name: cache_delete
|
||||||
|
operations:
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/cache
|
||||||
|
- method: DELETE
|
||||||
|
path: /v2/cache/{image_id}
|
||||||
|
scope_types:
|
||||||
|
- project
|
||||||
|
- check_str: role:admin
|
||||||
|
description: Expose store specific information
|
||||||
|
name: stores_info_detail
|
||||||
|
operations:
|
||||||
|
- method: GET
|
||||||
|
path: /v2/info/stores/detail
|
||||||
|
scope_types:
|
||||||
|
- system
|
||||||
|
- project
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -40,14 +40,14 @@
|
|||||||
# Get specified image
|
# Get specified image
|
||||||
# GET /v2/images/{image_id}
|
# GET /v2/images/{image_id}
|
||||||
# Intended scope(s): system, project
|
# Intended scope(s): system, project
|
||||||
#"get_image": "role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))"
|
#"get_image": "role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "get_image":"rule:default" has been deprecated since W in favor of
|
# "get_image":"rule:default" has been deprecated since W in favor of
|
||||||
# "get_image":"role:admin or (role:reader and
|
# "get_image":"role:admin or (role:reader and
|
||||||
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
||||||
# "community":%(visibility)s or "public":%(visibility)s or
|
# 'community':%(visibility)s or 'public':%(visibility)s or
|
||||||
# "shared":%(visibility)s))".
|
# 'shared':%(visibility)s))".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Get all available images
|
# Get all available images
|
||||||
@ -91,14 +91,14 @@
|
|||||||
# Downloads given image
|
# Downloads given image
|
||||||
# GET /v2/images/{image_id}/file
|
# GET /v2/images/{image_id}/file
|
||||||
# Intended scope(s): system, project
|
# Intended scope(s): system, project
|
||||||
#"download_image": "role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))"
|
#"download_image": "role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "download_image":"rule:default" has been deprecated since W in favor
|
# "download_image":"rule:default" has been deprecated since W in favor
|
||||||
# of "download_image":"role:admin or (role:member and
|
# of "download_image":"role:admin or (role:member and
|
||||||
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
# (project_id:%(project_id)s or project_id:%(member_id)s or
|
||||||
# "community":%(visibility)s or "public":%(visibility)s or
|
# 'community':%(visibility)s or 'public':%(visibility)s or
|
||||||
# "shared":%(visibility)s))".
|
# 'shared':%(visibility)s))".
|
||||||
# The image API now supports roles.
|
# The image API now supports roles.
|
||||||
|
|
||||||
# Uploads data to specified image
|
# Uploads data to specified image
|
||||||
@ -319,55 +319,235 @@
|
|||||||
|
|
||||||
#"metadef_admin": "role:admin"
|
#"metadef_admin": "role:admin"
|
||||||
|
|
||||||
#"get_metadef_namespace": "rule:metadef_default"
|
# Get a specific namespace.
|
||||||
|
# GET /v2/metadefs/namespaces/{namespace_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"get_metadef_namespace": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
#"get_metadef_namespaces": "rule:metadef_default"
|
# DEPRECATED
|
||||||
|
# "get_metadef_namespace":"rule:metadef_default" has been deprecated
|
||||||
|
# since X in favor of "get_metadef_namespace":"role:admin or
|
||||||
|
# (role:reader and (project_id:%(project_id)s or
|
||||||
|
# 'public':%(visibility)s))".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# List namespace.
|
||||||
|
# GET /v2/metadefs/namespaces
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"get_metadef_namespaces": "role:admin or (role:reader and project_id:%(project_id)s)"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "get_metadef_namespaces":"rule:metadef_default" has been deprecated
|
||||||
|
# since X in favor of "get_metadef_namespaces":"role:admin or
|
||||||
|
# (role:reader and project_id:%(project_id)s)".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Modify an existing namespace.
|
||||||
|
# PUT /v2/metadefs/namespaces/{namespace_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"modify_metadef_namespace": "rule:metadef_admin"
|
#"modify_metadef_namespace": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Create a namespace.
|
||||||
|
# POST /v2/metadefs/namespaces
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"add_metadef_namespace": "rule:metadef_admin"
|
#"add_metadef_namespace": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Delete a namespace.
|
||||||
|
# DELETE /v2/metadefs/namespaces/{namespace_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"delete_metadef_namespace": "rule:metadef_admin"
|
#"delete_metadef_namespace": "rule:metadef_admin"
|
||||||
|
|
||||||
#"get_metadef_object": "rule:metadef_default"
|
# Get a specific object from a namespace.
|
||||||
|
# GET /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"get_metadef_object": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
#"get_metadef_objects": "rule:metadef_default"
|
# DEPRECATED
|
||||||
|
# "get_metadef_object":"rule:metadef_default" has been deprecated
|
||||||
|
# since X in favor of "get_metadef_object":"role:admin or (role:reader
|
||||||
|
# and (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Get objects from a namespace.
|
||||||
|
# GET /v2/metadefs/namespaces/{namespace_name}/objects
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"get_metadef_objects": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "get_metadef_objects":"rule:metadef_default" has been deprecated
|
||||||
|
# since X in favor of "get_metadef_objects":"role:admin or
|
||||||
|
# (role:reader and (project_id:%(project_id)s or
|
||||||
|
# 'public':%(visibility)s))".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Update an object within a namespace.
|
||||||
|
# PUT /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"modify_metadef_object": "rule:metadef_admin"
|
#"modify_metadef_object": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Create an object within a namespace.
|
||||||
|
# POST /v2/metadefs/namespaces/{namespace_name}/objects
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"add_metadef_object": "rule:metadef_admin"
|
#"add_metadef_object": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Delete an object within a namespace.
|
||||||
|
# DELETE /v2/metadefs/namespaces/{namespace_name}/objects/{object_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"delete_metadef_object": "rule:metadef_admin"
|
#"delete_metadef_object": "rule:metadef_admin"
|
||||||
|
|
||||||
#"list_metadef_resource_types": "rule:metadef_default"
|
# List meta definition resource types.
|
||||||
|
# GET /v2/metadefs/resource_types
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"list_metadef_resource_types": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
#"get_metadef_resource_type": "rule:metadef_default"
|
# DEPRECATED
|
||||||
|
# "list_metadef_resource_types":"rule:metadef_default" has been
|
||||||
|
# deprecated since X in favor of
|
||||||
|
# "list_metadef_resource_types":"role:admin or (role:reader and
|
||||||
|
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Get meta definition resource types associations.
|
||||||
|
# GET /v2/metadefs/namespaces/{namespace_name}/resource_types
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"get_metadef_resource_type": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "get_metadef_resource_type":"rule:metadef_default" has been
|
||||||
|
# deprecated since X in favor of
|
||||||
|
# "get_metadef_resource_type":"role:admin or (role:reader and
|
||||||
|
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Create meta definition resource types association.
|
||||||
|
# POST /v2/metadefs/namespaces/{namespace_name}/resource_types
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"add_metadef_resource_type_association": "rule:metadef_admin"
|
#"add_metadef_resource_type_association": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Delete meta definition resource types association.
|
||||||
|
# POST /v2/metadefs/namespaces/{namespace_name}/resource_types/{name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"remove_metadef_resource_type_association": "rule:metadef_admin"
|
#"remove_metadef_resource_type_association": "rule:metadef_admin"
|
||||||
|
|
||||||
#"get_metadef_property": "rule:metadef_default"
|
# Get a specific meta definition property.
|
||||||
|
# GET /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"get_metadef_property": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
#"get_metadef_properties": "rule:metadef_default"
|
# DEPRECATED
|
||||||
|
# "get_metadef_property":"rule:metadef_default" has been deprecated
|
||||||
|
# since X in favor of "get_metadef_property":"role:admin or
|
||||||
|
# (role:reader and (project_id:%(project_id)s or
|
||||||
|
# 'public':%(visibility)s))".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# List meta definition properties.
|
||||||
|
# GET /v2/metadefs/namespaces/{namespace_name}/properties
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"get_metadef_properties": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "get_metadef_properties":"rule:metadef_default" has been deprecated
|
||||||
|
# since X in favor of "get_metadef_properties":"role:admin or
|
||||||
|
# (role:reader and (project_id:%(project_id)s or
|
||||||
|
# 'public':%(visibility)s))".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Update meta definition property.
|
||||||
|
# GET /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"modify_metadef_property": "rule:metadef_admin"
|
#"modify_metadef_property": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Create meta definition property.
|
||||||
|
# POST /v2/metadefs/namespaces/{namespace_name}/properties
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"add_metadef_property": "rule:metadef_admin"
|
#"add_metadef_property": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Delete meta definition property.
|
||||||
|
# DELETE /v2/metadefs/namespaces/{namespace_name}/properties/{property_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"remove_metadef_property": "rule:metadef_admin"
|
#"remove_metadef_property": "rule:metadef_admin"
|
||||||
|
|
||||||
#"get_metadef_tag": "rule:metadef_default"
|
# Get tag definition.
|
||||||
|
# GET /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"get_metadef_tag": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
#"get_metadef_tags": "rule:metadef_default"
|
# DEPRECATED
|
||||||
|
# "get_metadef_tag":"rule:metadef_default" has been deprecated since X
|
||||||
|
# in favor of "get_metadef_tag":"role:admin or (role:reader and
|
||||||
|
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# List tag definitions.
|
||||||
|
# GET /v2/metadefs/namespaces/{namespace_name}/tags
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"get_metadef_tags": "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "get_metadef_tags":"rule:metadef_default" has been deprecated since
|
||||||
|
# X in favor of "get_metadef_tags":"role:admin or (role:reader and
|
||||||
|
# (project_id:%(project_id)s or 'public':%(visibility)s))".
|
||||||
|
# The metadata API now supports project scope and default roles.
|
||||||
|
|
||||||
|
# Update tag definition.
|
||||||
|
# PUT /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"modify_metadef_tag": "rule:metadef_admin"
|
#"modify_metadef_tag": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Add tag definition.
|
||||||
|
# POST /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"add_metadef_tag": "rule:metadef_admin"
|
#"add_metadef_tag": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Create tag definitions.
|
||||||
|
# POST /v2/metadefs/namespaces/{namespace_name}/tags
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"add_metadef_tags": "rule:metadef_admin"
|
#"add_metadef_tags": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Delete tag definition.
|
||||||
|
# DELETE /v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"delete_metadef_tag": "rule:metadef_admin"
|
#"delete_metadef_tag": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Delete tag definitions.
|
||||||
|
# DELETE /v2/metadefs/namespaces/{namespace_name}/tags
|
||||||
|
# Intended scope(s): system, project
|
||||||
#"delete_metadef_tags": "rule:metadef_admin"
|
#"delete_metadef_tags": "rule:metadef_admin"
|
||||||
|
|
||||||
|
# Queue image for caching
|
||||||
|
# PUT /v2/cache/{image_id}
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"cache_image": "role:admin"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "cache_image":"rule:manage_image_cache" has been deprecated since X
|
||||||
|
# in favor of "cache_image":"role:admin".
|
||||||
|
# The image API now supports roles.
|
||||||
|
|
||||||
|
# List cache status
|
||||||
|
# GET /v2/cache
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"cache_list": "role:admin"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "cache_list":"rule:manage_image_cache" has been deprecated since X
|
||||||
|
# in favor of "cache_list":"role:admin".
|
||||||
|
# The image API now supports roles.
|
||||||
|
|
||||||
|
# Delete image(s) from cache and/or queue
|
||||||
|
# DELETE /v2/cache
|
||||||
|
# DELETE /v2/cache/{image_id}
|
||||||
|
# Intended scope(s): project
|
||||||
|
#"cache_delete": "role:admin"
|
||||||
|
|
||||||
|
# DEPRECATED
|
||||||
|
# "cache_delete":"rule:manage_image_cache" has been deprecated since X
|
||||||
|
# in favor of "cache_delete":"role:admin".
|
||||||
|
# The image API now supports roles.
|
||||||
|
|
||||||
|
# Expose store specific information
|
||||||
|
# GET /v2/info/stores/detail
|
||||||
|
# Intended scope(s): system, project
|
||||||
|
#"stores_info_detail": "role:admin"
|
||||||
|
|
||||||
|
|||||||
@ -68,13 +68,12 @@
|
|||||||
#"identity:get_application_credential": "(role:reader and system_scope:all) or rule:owner"
|
#"identity:get_application_credential": "(role:reader and system_scope:all) or rule:owner"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "identity:get_application_credentials":"rule:admin_or_owner" has
|
# "identity:get_application_credential":"rule:admin_or_owner" has been
|
||||||
# been deprecated since T in favor of
|
# deprecated since T in favor of
|
||||||
# "identity:get_application_credential":"(role:reader and
|
# "identity:get_application_credential":"(role:reader and
|
||||||
# system_scope:all) or rule:owner".
|
# system_scope:all) or rule:owner".
|
||||||
# The application credential API is now aware of system scope and
|
# The application credential API is now aware of system scope and
|
||||||
# default roles.
|
# default roles.
|
||||||
#"identity:get_application_credentials": "rule:identity:get_application_credential"
|
|
||||||
|
|
||||||
# List application credentials for a user.
|
# List application credentials for a user.
|
||||||
# GET /v3/users/{user_id}/application_credentials
|
# GET /v3/users/{user_id}/application_credentials
|
||||||
@ -101,13 +100,12 @@
|
|||||||
#"identity:delete_application_credential": "(role:admin and system_scope:all) or rule:owner"
|
#"identity:delete_application_credential": "(role:admin and system_scope:all) or rule:owner"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "identity:delete_application_credentials":"rule:admin_or_owner" has
|
# "identity:delete_application_credential":"rule:admin_or_owner" has
|
||||||
# been deprecated since T in favor of
|
# been deprecated since T in favor of
|
||||||
# "identity:delete_application_credential":"(role:admin and
|
# "identity:delete_application_credential":"(role:admin and
|
||||||
# system_scope:all) or rule:owner".
|
# system_scope:all) or rule:owner".
|
||||||
# The application credential API is now aware of system scope and
|
# The application credential API is now aware of system scope and
|
||||||
# default roles.
|
# default roles.
|
||||||
#"identity:delete_application_credentials": "rule:identity:delete_application_credential"
|
|
||||||
|
|
||||||
# Get service catalog.
|
# Get service catalog.
|
||||||
# GET /v3/auth/catalog
|
# GET /v3/auth/catalog
|
||||||
@ -426,13 +424,12 @@
|
|||||||
#"identity:ec2_create_credential": "(role:admin and system_scope:all) or rule:owner"
|
#"identity:ec2_create_credential": "(role:admin and system_scope:all) or rule:owner"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "identity:ec2_create_credentials":"rule:admin_or_owner" has been
|
# "identity:ec2_create_credential":"rule:admin_or_owner" has been
|
||||||
# deprecated since T in favor of
|
# deprecated since T in favor of
|
||||||
# "identity:ec2_create_credential":"(role:admin and system_scope:all)
|
# "identity:ec2_create_credential":"(role:admin and system_scope:all)
|
||||||
# or rule:owner".
|
# or rule:owner".
|
||||||
# The EC2 credential API is now aware of system scope and default
|
# The EC2 credential API is now aware of system scope and default
|
||||||
# roles.
|
# roles.
|
||||||
#"identity:ec2_create_credentials": "rule:identity:ec2_create_credential"
|
|
||||||
|
|
||||||
# Delete ec2 credential.
|
# Delete ec2 credential.
|
||||||
# DELETE /v3/users/{user_id}/credentials/OS-EC2/{credential_id}
|
# DELETE /v3/users/{user_id}/credentials/OS-EC2/{credential_id}
|
||||||
@ -440,14 +437,12 @@
|
|||||||
#"identity:ec2_delete_credential": "(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"
|
#"identity:ec2_delete_credential": "(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "identity:ec2_delete_credentials":"rule:admin_required or
|
# "identity:ec2_delete_credential":"rule:admin_required or (rule:owner
|
||||||
# (rule:owner and user_id:%(target.credential.user_id)s)" has been
|
# and user_id:%(target.credential.user_id)s)" has been deprecated
|
||||||
# deprecated since T in favor of
|
# since T in favor of "identity:ec2_delete_credential":"(role:admin
|
||||||
# "identity:ec2_delete_credential":"(role:admin and system_scope:all)
|
# and system_scope:all) or user_id:%(target.credential.user_id)s".
|
||||||
# or user_id:%(target.credential.user_id)s".
|
|
||||||
# The EC2 credential API is now aware of system scope and default
|
# The EC2 credential API is now aware of system scope and default
|
||||||
# roles.
|
# roles.
|
||||||
#"identity:ec2_delete_credentials": "rule:identity:ec2_delete_credential"
|
|
||||||
|
|
||||||
# Show endpoint details.
|
# Show endpoint details.
|
||||||
# GET /v3/endpoints/{endpoint_id}
|
# GET /v3/endpoints/{endpoint_id}
|
||||||
@ -1013,13 +1008,12 @@
|
|||||||
#"identity:create_identity_provider": "role:admin and system_scope:all"
|
#"identity:create_identity_provider": "role:admin and system_scope:all"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "identity:create_identity_providers":"rule:admin_required" has been
|
# "identity:create_identity_provider":"rule:admin_required" has been
|
||||||
# deprecated since S in favor of
|
# deprecated since S in favor of
|
||||||
# "identity:create_identity_provider":"role:admin and
|
# "identity:create_identity_provider":"role:admin and
|
||||||
# system_scope:all".
|
# system_scope:all".
|
||||||
# The identity provider API is now aware of system scope and default
|
# The identity provider API is now aware of system scope and default
|
||||||
# roles.
|
# roles.
|
||||||
#"identity:create_identity_providers": "rule:identity:create_identity_provider"
|
|
||||||
|
|
||||||
# List identity providers.
|
# List identity providers.
|
||||||
# GET /v3/OS-FEDERATION/identity_providers
|
# GET /v3/OS-FEDERATION/identity_providers
|
||||||
@ -1042,12 +1036,11 @@
|
|||||||
#"identity:get_identity_provider": "role:reader and system_scope:all"
|
#"identity:get_identity_provider": "role:reader and system_scope:all"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "identity:get_identity_providers":"rule:admin_required" has been
|
# "identity:get_identity_provider":"rule:admin_required" has been
|
||||||
# deprecated since S in favor of
|
# deprecated since S in favor of
|
||||||
# "identity:get_identity_provider":"role:reader and system_scope:all".
|
# "identity:get_identity_provider":"role:reader and system_scope:all".
|
||||||
# The identity provider API is now aware of system scope and default
|
# The identity provider API is now aware of system scope and default
|
||||||
# roles.
|
# roles.
|
||||||
#"identity:get_identity_providers": "rule:identity:get_identity_provider"
|
|
||||||
|
|
||||||
# Update identity provider.
|
# Update identity provider.
|
||||||
# PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}
|
# PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||||
@ -1055,13 +1048,12 @@
|
|||||||
#"identity:update_identity_provider": "role:admin and system_scope:all"
|
#"identity:update_identity_provider": "role:admin and system_scope:all"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "identity:update_identity_providers":"rule:admin_required" has been
|
# "identity:update_identity_provider":"rule:admin_required" has been
|
||||||
# deprecated since S in favor of
|
# deprecated since S in favor of
|
||||||
# "identity:update_identity_provider":"role:admin and
|
# "identity:update_identity_provider":"role:admin and
|
||||||
# system_scope:all".
|
# system_scope:all".
|
||||||
# The identity provider API is now aware of system scope and default
|
# The identity provider API is now aware of system scope and default
|
||||||
# roles.
|
# roles.
|
||||||
#"identity:update_identity_providers": "rule:identity:update_identity_provider"
|
|
||||||
|
|
||||||
# Delete identity provider.
|
# Delete identity provider.
|
||||||
# DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}
|
# DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||||
@ -1069,13 +1061,12 @@
|
|||||||
#"identity:delete_identity_provider": "role:admin and system_scope:all"
|
#"identity:delete_identity_provider": "role:admin and system_scope:all"
|
||||||
|
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
# "identity:delete_identity_providers":"rule:admin_required" has been
|
# "identity:delete_identity_provider":"rule:admin_required" has been
|
||||||
# deprecated since S in favor of
|
# deprecated since S in favor of
|
||||||
# "identity:delete_identity_provider":"role:admin and
|
# "identity:delete_identity_provider":"role:admin and
|
||||||
# system_scope:all".
|
# system_scope:all".
|
||||||
# The identity provider API is now aware of system scope and default
|
# The identity provider API is now aware of system scope and default
|
||||||
# roles.
|
# roles.
|
||||||
#"identity:delete_identity_providers": "rule:identity:delete_identity_provider"
|
|
||||||
|
|
||||||
# Get information about an association between two roles. When a
|
# Get information about an association between two roles. When a
|
||||||
# relationship exists between a prior role and an implied role and the
|
# relationship exists between a prior role and an implied role and the
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -20,14 +20,14 @@ futurist>=1.2.0 # Apache-2.0
|
|||||||
iso8601>=0.1.11 # MIT
|
iso8601>=0.1.11 # MIT
|
||||||
keystoneauth1>=4.3.1 # Apache-2.0
|
keystoneauth1>=4.3.1 # Apache-2.0
|
||||||
netaddr>=0.7.18 # BSD
|
netaddr>=0.7.18 # BSD
|
||||||
oslo.concurrency>=3.26.0 # Apache-2.0
|
oslo.concurrency>=4.5.0 # Apache-2.0
|
||||||
oslo.config>=5.2.0 # Apache-2.0
|
oslo.config>=8.8.0 # Apache-2.0
|
||||||
oslo.i18n>=5.0.1 # Apache-2.0
|
oslo.i18n>=5.1.0 # Apache-2.0
|
||||||
oslo.policy>=3.2.0 # Apache-2.0
|
oslo.policy>=3.11.0 # Apache-2.0
|
||||||
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
oslo.serialization>=4.3.0 # Apache-2.0
|
||||||
oslo.upgradecheck>=0.1.1 # Apache-2.0
|
oslo.upgradecheck>=1.5.0 # Apache-2.0
|
||||||
oslo.utils>=4.8.0 # Apache-2.0
|
oslo.utils>=4.12.0 # Apache-2.0
|
||||||
osprofiler>=2.3.0 # Apache-2.0
|
osprofiler>=3.4.2 # Apache-2.0
|
||||||
pymongo!=3.1,>=3.0.2 # Apache-2.0
|
pymongo!=3.1,>=3.0.2 # Apache-2.0
|
||||||
pyScss>=1.3.7 # MIT License
|
pyScss>=1.3.7 # MIT License
|
||||||
python-cinderclient>=8.0.0 # Apache-2.0
|
python-cinderclient>=8.0.0 # Apache-2.0
|
||||||
@ -37,7 +37,7 @@ python-neutronclient>=6.7.0 # Apache-2.0
|
|||||||
python-novaclient>=9.1.0 # Apache-2.0
|
python-novaclient>=9.1.0 # Apache-2.0
|
||||||
python-swiftclient>=3.2.0 # Apache-2.0
|
python-swiftclient>=3.2.0 # Apache-2.0
|
||||||
pytz>=2013.6 # MIT
|
pytz>=2013.6 # MIT
|
||||||
PyYAML>=3.12 # MIT
|
PyYAML>=6.0 # MIT
|
||||||
requests>=2.25.1 # Apache-2.0
|
requests>=2.25.1 # Apache-2.0
|
||||||
six>=1.16.0 # MIT
|
six>=1.16.0 # MIT
|
||||||
semantic-version>=2.3.1 # BSD
|
semantic-version>=2.3.1 # BSD
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user