1fba0bc166
The legacy v2 API code was removed. The policy rules which are used by legacy v2 API code are useless anymore. This patch cleanup them. Partially implements blueprint remove-legacy-v2-api-code Change-Id: I64648bf97ec483981426086b81b2056928fa1b3e
197 lines
9.0 KiB
Python
197 lines
9.0 KiB
Python
# Copyright (c) 2012 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
policy_data = """
|
|
{
|
|
"admin_api": "is_admin:True",
|
|
|
|
"cells_scheduler_filter:TargetCellFilter": "is_admin:True",
|
|
|
|
"context_is_admin": "role:admin or role:administrator",
|
|
|
|
"os_compute_api:servers:confirm_resize": "",
|
|
"os_compute_api:servers:create": "",
|
|
"os_compute_api:servers:create:attach_network": "",
|
|
"os_compute_api:servers:create:attach_volume": "",
|
|
"os_compute_api:servers:create:forced_host": "",
|
|
"os_compute_api:servers:delete": "",
|
|
"os_compute_api:servers:detail": "",
|
|
"os_compute_api:servers:detail:get_all_tenants": "",
|
|
"os_compute_api:servers:index": "",
|
|
"os_compute_api:servers:index:get_all_tenants": "",
|
|
"os_compute_api:servers:reboot": "",
|
|
"os_compute_api:servers:rebuild": "",
|
|
"os_compute_api:servers:resize": "",
|
|
"os_compute_api:servers:revert_resize": "",
|
|
"os_compute_api:servers:show": "",
|
|
"os_compute_api:servers:show:host_status": "",
|
|
"os_compute_api:servers:create_image": "",
|
|
"os_compute_api:servers:create_image:allow_volume_backed": "",
|
|
"os_compute_api:servers:update": "",
|
|
"os_compute_api:servers:start": "",
|
|
"os_compute_api:servers:stop": "",
|
|
"os_compute_api:servers:trigger_crash_dump": "",
|
|
"os_compute_api:servers:migrations:delete": "rule:admin_api",
|
|
"os_compute_api:servers:migrations:force_complete": "",
|
|
"os_compute_api:servers:migrations:index": "rule:admin_api",
|
|
"os_compute_api:servers:migrations:show": "rule:admin_api",
|
|
"os_compute_api:os-access-ips": "",
|
|
"os_compute_api:os-admin-actions:inject_network_info": "",
|
|
"os_compute_api:os-admin-actions:reset_network": "",
|
|
"os_compute_api:os-admin-actions:reset_state": "",
|
|
"os_compute_api:os-admin-password": "",
|
|
"os_compute_api:os-aggregates:index": "rule:admin_api",
|
|
"os_compute_api:os-aggregates:create": "rule:admin_api",
|
|
"os_compute_api:os-aggregates:show": "rule:admin_api",
|
|
"os_compute_api:os-aggregates:update": "rule:admin_api",
|
|
"os_compute_api:os-aggregates:delete": "rule:admin_api",
|
|
"os_compute_api:os-aggregates:add_host": "rule:admin_api",
|
|
"os_compute_api:os-aggregates:remove_host": "rule:admin_api",
|
|
"os_compute_api:os-aggregates:set_metadata": "rule:admin_api",
|
|
"os_compute_api:os-agents": "",
|
|
"os_compute_api:os-attach-interfaces": "",
|
|
"os_compute_api:os-baremetal-nodes": "",
|
|
"os_compute_api:os-cells": "",
|
|
"os_compute_api:os-cells:create": "rule:admin_api",
|
|
"os_compute_api:os-cells:delete": "rule:admin_api",
|
|
"os_compute_api:os-cells:update": "rule:admin_api",
|
|
"os_compute_api:os-cells:sync_instances": "rule:admin_api",
|
|
"os_compute_api:os-certificates:create": "",
|
|
"os_compute_api:os-certificates:show": "",
|
|
"os_compute_api:os-cloudpipe": "",
|
|
"os_compute_api:os-config-drive": "",
|
|
"os_compute_api:os-console-output": "",
|
|
"os_compute_api:os-remote-consoles": "",
|
|
"os_compute_api:os-consoles:create": "",
|
|
"os_compute_api:os-consoles:delete": "",
|
|
"os_compute_api:os-consoles:index": "",
|
|
"os_compute_api:os-consoles:show": "",
|
|
"os_compute_api:os-create-backup": "",
|
|
"os_compute_api:os-deferred-delete": "",
|
|
"os_compute_api:os-disk-config": "",
|
|
"os_compute_api:os-evacuate": "is_admin:True",
|
|
"os_compute_api:os-extended-server-attributes": "",
|
|
"os_compute_api:os-extended-status": "",
|
|
"os_compute_api:os-extended-availability-zone": "",
|
|
"os_compute_api:ips:index": "",
|
|
"os_compute_api:ips:show": "",
|
|
"os_compute_api:os-extended-volumes": "",
|
|
"os_compute_api:extensions": "",
|
|
"os_compute_api:os-fixed-ips": "",
|
|
"os_compute_api:os-flavor-access": "",
|
|
"os_compute_api:os-flavor-access:remove_tenant_access": "",
|
|
"os_compute_api:os-flavor-access:add_tenant_access": "",
|
|
"os_compute_api:os-flavor-rxtx": "",
|
|
"os_compute_api:os-flavor-extra-specs:index": "",
|
|
"os_compute_api:os-flavor-extra-specs:show": "",
|
|
"os_compute_api:os-flavor-extra-specs:create": "is_admin:True",
|
|
"os_compute_api:os-flavor-extra-specs:update": "is_admin:True",
|
|
"os_compute_api:os-flavor-extra-specs:delete": "is_admin:True",
|
|
"os_compute_api:os-flavor-manage": "",
|
|
"os_compute_api:os-floating-ip-dns": "",
|
|
"os_compute_api:os-floating-ip-dns:domain:update": "",
|
|
"os_compute_api:os-floating-ip-dns:domain:delete": "",
|
|
"os_compute_api:os-floating-ip-pools": "",
|
|
"os_compute_api:os-floating-ips": "",
|
|
"os_compute_api:os-floating-ips-bulk": "",
|
|
"os_compute_api:os-fping": "",
|
|
"os_compute_api:os-fping:all_tenants": "is_admin:True",
|
|
"os_compute_api:os-hide-server-addresses": "",
|
|
"os_compute_api:os-hosts": "rule:admin_api",
|
|
"os_compute_api:os-hypervisors": "rule:admin_api",
|
|
"os_compute_api:image-size": "",
|
|
"os_compute_api:os-instance-actions": "",
|
|
"os_compute_api:os-instance-actions:events": "is_admin:True",
|
|
"os_compute_api:os-instance-usage-audit-log": "",
|
|
|
|
"os_compute_api:os-keypairs": "",
|
|
"os_compute_api:os-keypairs:index":
|
|
"rule:admin_api or user_id:%(user_id)s",
|
|
"os_compute_api:os-keypairs:show":
|
|
"rule:admin_api or user_id:%(user_id)s",
|
|
"os_compute_api:os-keypairs:create":
|
|
"rule:admin_api or user_id:%(user_id)s",
|
|
"os_compute_api:os-keypairs:delete":
|
|
"rule:admin_api or user_id:%(user_id)s",
|
|
"os_compute_api:os-lock-server:lock": "",
|
|
"os_compute_api:os-lock-server:unlock": "",
|
|
"os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api",
|
|
"os_compute_api:os-migrate-server:migrate": "",
|
|
"os_compute_api:os-migrate-server:migrate_live": "",
|
|
"os_compute_api:os-multinic": "",
|
|
"os_compute_api:os-networks": "",
|
|
"os_compute_api:os-networks:view": "",
|
|
"os_compute_api:os-networks-associate": "",
|
|
"os_compute_api:os-tenant-networks": "",
|
|
"os_compute_api:os-pause-server:pause": "",
|
|
"os_compute_api:os-pause-server:unpause": "",
|
|
"os_compute_api:os-pci:pci_servers": "",
|
|
"os_compute_api:os-pci:index": "",
|
|
"os_compute_api:os-pci:detail": "",
|
|
"os_compute_api:os-pci:show": "",
|
|
"os_compute_api:os-quota-sets:show": "",
|
|
"os_compute_api:os-quota-sets:update": "",
|
|
"os_compute_api:os-quota-sets:delete": "",
|
|
"os_compute_api:os-quota-sets:detail": "",
|
|
"os_compute_api:os-quota-sets:defaults": "",
|
|
"os_compute_api:os-quota-class-sets:update": "",
|
|
"os_compute_api:os-quota-class-sets:show": "",
|
|
"os_compute_api:os-rescue": "",
|
|
"os_compute_api:os-security-group-default-rules": "",
|
|
"os_compute_api:os-security-groups": "",
|
|
"os_compute_api:os-server-diagnostics": "",
|
|
"os_compute_api:os-server-password": "",
|
|
"os_compute_api:os-server-tags:index": "",
|
|
"os_compute_api:os-server-tags:show": "",
|
|
"os_compute_api:os-server-tags:update": "",
|
|
"os_compute_api:os-server-tags:update_all": "",
|
|
"os_compute_api:os-server-tags:delete": "",
|
|
"os_compute_api:os-server-tags:delete_all": "",
|
|
"os_compute_api:os-server-usage": "",
|
|
"os_compute_api:os-server-groups": "",
|
|
"os_compute_api:os-services": "",
|
|
"os_compute_api:os-shelve:shelve": "",
|
|
"os_compute_api:os-shelve:shelve_offload": "",
|
|
"os_compute_api:os-simple-tenant-usage:show": "",
|
|
"os_compute_api:os-simple-tenant-usage:list": "",
|
|
"os_compute_api:os-shelve:unshelve": "",
|
|
"os_compute_api:os-suspend-server:suspend": "",
|
|
"os_compute_api:os-suspend-server:resume": "",
|
|
"os_compute_api:os-virtual-interfaces": "",
|
|
"os_compute_api:os-volumes": "",
|
|
"os_compute_api:os-volumes-attachments:index": "",
|
|
"os_compute_api:os-volumes-attachments:show": "",
|
|
"os_compute_api:os-volumes-attachments:create": "",
|
|
"os_compute_api:os-volumes-attachments:update": "",
|
|
"os_compute_api:os-volumes-attachments:delete": "",
|
|
"os_compute_api:os-availability-zone:list": "",
|
|
"os_compute_api:os-availability-zone:detail": "",
|
|
"os_compute_api:os-used-limits": "is_admin:True",
|
|
"os_compute_api:limits": "",
|
|
"os_compute_api:os-migrations:index": "is_admin:True",
|
|
"os_compute_api:os-assisted-volume-snapshots:create": "",
|
|
"os_compute_api:os-assisted-volume-snapshots:delete": "",
|
|
"os_compute_api:os-console-auth-tokens": "is_admin:True",
|
|
"os_compute_api:os-server-external-events:create": "rule:admin_api",
|
|
"os_compute_api:server-metadata:create": "",
|
|
"os_compute_api:server-metadata:update": "",
|
|
"os_compute_api:server-metadata:update_all": "",
|
|
"os_compute_api:server-metadata:delete": "",
|
|
"os_compute_api:server-metadata:show": "",
|
|
"os_compute_api:server-metadata:index": "",
|
|
"network:attach_external_network": "rule:admin_api"
|
|
}
|
|
"""
|