33 lines
1.2 KiB
Plaintext
33 lines
1.2 KiB
Plaintext
# Legacy rule for cloud admin access
|
|
"admin_api": "role:admin or role:administrator"
|
|
# Internal flag for public API routes
|
|
"public_api": "is_public_api:True"
|
|
# Show or mask secrets within instance information in API responses
|
|
"show_instance_secrets": "!"
|
|
# any access will be passed
|
|
"allow": "@"
|
|
# all access will be forbidden
|
|
"deny": "!"
|
|
# Full read/write API access
|
|
"is_admin": "rule:admin_api or (rule:is_member and role:mogan_admin)"
|
|
# Admin or owner API access
|
|
"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
|
|
# Admin or user API access
|
|
"admin_or_user": "is_admin:True or user_id:%(user_id)s"
|
|
# Default API access rule
|
|
"default": "rule:admin_or_owner"
|
|
# Retrieve Instance records
|
|
"mogan:instance:get": "rule:default"
|
|
# View Instance power and provision state
|
|
"mogan:instance:get_states": "rule:default"
|
|
# Create Instance records
|
|
"mogan:instance:create": "rule:allow"
|
|
# Delete Instance records
|
|
"mogan:instance:delete": "rule:default"
|
|
# Update Instance records
|
|
"mogan:instance:update": "rule:default"
|
|
# Change Instance power status
|
|
"mogan:instance:set_power_state": "rule:default"
|
|
# Get Instance network information
|
|
"mogan:instance:get_networks": "rule:default"
|