Sync default policy rules
This patch updates default policy-in-code rules in horizon based on nova/neutron/cinder RC deliverables. It doesn't update policy rules for glance and keystone as I have found no changes in their policy rules. Horizon needs to update default policy-in-code rules for all backend services before releasing the horizon[1]. [1] https://docs.openstack.org/horizon/latest/contributor/policies/releasing.html#things-to-do-before-releasing Change-Id: Iae50f131be3f7d1345b8b899b70da8301700428c
This commit is contained in:
manchandavishal
parent
d4b73ed1c4
commit
a10d7895e3
|
|
@ -454,7 +454,16 @@
|
|||
# since X in favor of "group:group_types:create":"rule:admin_api".
|
||||
# group:group_types_manage has been replaced by more granular policies
|
||||
# that separately govern POST, PUT, and DELETE operations.
|
||||
#"group:group_types_manage": "rule:group:group_types:create"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "group:group_types_manage": "rule:group:group_types:create"
|
||||
|
||||
# Update a group type.
|
||||
# PUT /group_types/{group_type_id}
|
||||
|
|
@ -465,7 +474,16 @@
|
|||
# since X in favor of "group:group_types:update":"rule:admin_api".
|
||||
# group:group_types_manage has been replaced by more granular policies
|
||||
# that separately govern POST, PUT, and DELETE operations.
|
||||
#"group:group_types_manage": "rule:group:group_types:update"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "group:group_types_manage": "rule:group:group_types:update"
|
||||
|
||||
# Delete a group type.
|
||||
# DELETE /group_types/{group_type_id}
|
||||
|
|
@ -476,7 +494,16 @@
|
|||
# since X in favor of "group:group_types:delete":"rule:admin_api".
|
||||
# group:group_types_manage has been replaced by more granular policies
|
||||
# that separately govern POST, PUT, and DELETE operations.
|
||||
#"group:group_types_manage": "rule:group:group_types:delete"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "group:group_types_manage": "rule:group:group_types:delete"
|
||||
|
||||
# Show group type with type specs attributes.
|
||||
# GET /group_types/{group_type_id}
|
||||
|
|
@ -491,7 +518,16 @@
|
|||
# X in favor of "group:group_types_specs:get":"rule:admin_api".
|
||||
# group:group_types_specs has been replaced by more granular policies
|
||||
# that separately govern GET, POST, PUT, and DELETE operations.
|
||||
#"group:group_types_specs": "rule:group:group_types_specs:get"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "group:group_types_specs": "rule:group:group_types_specs:get"
|
||||
|
||||
# List group type specs.
|
||||
# GET /group_types/{group_type_id}/group_specs
|
||||
|
|
@ -502,7 +538,16 @@
|
|||
# X in favor of "group:group_types_specs:get_all":"rule:admin_api".
|
||||
# group:group_types_specs has been replaced by more granular policies
|
||||
# that separately govern GET, POST, PUT, and DELETE operations.
|
||||
#"group:group_types_specs": "rule:group:group_types_specs:get_all"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "group:group_types_specs": "rule:group:group_types_specs:get_all"
|
||||
|
||||
# Create a group type spec.
|
||||
# POST /group_types/{group_type_id}/group_specs
|
||||
|
|
@ -513,7 +558,16 @@
|
|||
# X in favor of "group:group_types_specs:create":"rule:admin_api".
|
||||
# group:group_types_specs has been replaced by more granular policies
|
||||
# that separately govern GET, POST, PUT, and DELETE operations.
|
||||
#"group:group_types_specs": "rule:group:group_types_specs:create"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "group:group_types_specs": "rule:group:group_types_specs:create"
|
||||
|
||||
# Update a group type spec.
|
||||
# PUT /group_types/{group_type_id}/group_specs/{g_spec_id}
|
||||
|
|
@ -524,7 +578,16 @@
|
|||
# X in favor of "group:group_types_specs:update":"rule:admin_api".
|
||||
# group:group_types_specs has been replaced by more granular policies
|
||||
# that separately govern GET, POST, PUT, and DELETE operations.
|
||||
#"group:group_types_specs": "rule:group:group_types_specs:update"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "group:group_types_specs": "rule:group:group_types_specs:update"
|
||||
|
||||
# Delete a group type spec.
|
||||
# DELETE /group_types/{group_type_id}/group_specs/{g_spec_id}
|
||||
|
|
@ -535,7 +598,16 @@
|
|||
# X in favor of "group:group_types_specs:delete":"rule:admin_api".
|
||||
# group:group_types_specs has been replaced by more granular policies
|
||||
# that separately govern GET, POST, PUT, and DELETE operations.
|
||||
#"group:group_types_specs": "rule:group:group_types_specs:delete"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "group:group_types_specs": "rule:group:group_types_specs:delete"
|
||||
|
||||
# List group snapshots.
|
||||
# GET /group_snapshots
|
||||
|
|
@ -715,7 +787,16 @@
|
|||
# "volume_extension:quota_classes:get":"rule:admin_api".
|
||||
# volume_extension:quota_classes has been replaced by more granular
|
||||
# policies that separately govern GET and PUT operations.
|
||||
#"volume_extension:quota_classes": "rule:volume_extension:quota_classes:get"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "volume_extension:quota_classes": "rule:volume_extension:quota_classes:get"
|
||||
|
||||
# Update project quota class.
|
||||
# PUT /os-quota-class-sets/{project_id}
|
||||
|
|
@ -727,7 +808,16 @@
|
|||
# "volume_extension:quota_classes:update":"rule:admin_api".
|
||||
# volume_extension:quota_classes has been replaced by more granular
|
||||
# policies that separately govern GET and PUT operations.
|
||||
#"volume_extension:quota_classes": "rule:volume_extension:quota_classes:update"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "volume_extension:quota_classes": "rule:volume_extension:quota_classes:update"
|
||||
|
||||
# Show project quota (including usage and default).
|
||||
# GET /os-quota-sets/{project_id}
|
||||
|
|
@ -819,7 +909,16 @@
|
|||
# since X in favor of "volume_extension:type_create":"rule:admin_api".
|
||||
# volume_extension:types_manage has been replaced by more granular
|
||||
# policies that separately govern POST, PUT, and DELETE operations.
|
||||
#"volume_extension:types_manage": "rule:volume_extension:type_create"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "volume_extension:types_manage": "rule:volume_extension:type_create"
|
||||
|
||||
# Update volume type.
|
||||
# PUT /types
|
||||
|
|
@ -830,7 +929,16 @@
|
|||
# since X in favor of "volume_extension:type_update":"rule:admin_api".
|
||||
# volume_extension:types_manage has been replaced by more granular
|
||||
# policies that separately govern POST, PUT, and DELETE operations.
|
||||
#"volume_extension:types_manage": "rule:volume_extension:type_update"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "volume_extension:types_manage": "rule:volume_extension:type_update"
|
||||
|
||||
# Delete volume type.
|
||||
# DELETE /types
|
||||
|
|
@ -841,7 +949,16 @@
|
|||
# since X in favor of "volume_extension:type_delete":"rule:admin_api".
|
||||
# volume_extension:types_manage has been replaced by more granular
|
||||
# policies that separately govern POST, PUT, and DELETE operations.
|
||||
#"volume_extension:types_manage": "rule:volume_extension:type_delete"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "volume_extension:types_manage": "rule:volume_extension:type_delete"
|
||||
|
||||
# Get one specific volume type.
|
||||
# GET /types/{type_id}
|
||||
|
|
@ -1351,7 +1468,16 @@
|
|||
# volume_extension:volume_image_metadata has been replaced by more
|
||||
# granular policies that separately govern show, set, and remove
|
||||
# operations.
|
||||
#"volume_extension:volume_image_metadata": "rule:volume_extension:volume_image_metadata:show"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "volume_extension:volume_image_metadata": "rule:volume_extension:volume_image_metadata:show"
|
||||
|
||||
# Set image metadata for a volume
|
||||
# POST /volumes/{volume_id}/action (os-set_image_metadata)
|
||||
|
|
@ -1364,7 +1490,16 @@
|
|||
# volume_extension:volume_image_metadata has been replaced by more
|
||||
# granular policies that separately govern show, set, and remove
|
||||
# operations.
|
||||
#"volume_extension:volume_image_metadata": "rule:volume_extension:volume_image_metadata:set"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "volume_extension:volume_image_metadata": "rule:volume_extension:volume_image_metadata:set"
|
||||
|
||||
# Remove specific image metadata from a volume
|
||||
# POST /volumes/{volume_id}/action (os-unset_image_metadata)
|
||||
|
|
@ -1377,7 +1512,16 @@
|
|||
# volume_extension:volume_image_metadata has been replaced by more
|
||||
# granular policies that separately govern show, set, and remove
|
||||
# operations.
|
||||
#"volume_extension:volume_image_metadata": "rule:volume_extension:volume_image_metadata:remove"
|
||||
# WARNING: A rule name change has been identified.
|
||||
# This may be an artifact of new rules being
|
||||
# included which require legacy fallback
|
||||
# rules to ensure proper policy behavior.
|
||||
# Alternatively, this may just be an alias.
|
||||
# Please evaluate on a case by case basis
|
||||
# keeping in mind the format for aliased
|
||||
# rules is:
|
||||
# "old_rule_name": "new_rule_name".
|
||||
# "volume_extension:volume_image_metadata": "rule:volume_extension:volume_image_metadata:remove"
|
||||
|
||||
# Update volume admin metadata. This permission is required to
|
||||
# complete these API calls, though the ability to make these calls is
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@
|
|||
name: shared_address_groups
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: role:reader and project_id:%(project_id)s or rule:shared_address_groups
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared_address_groups
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner or rule:shared_address_groups
|
||||
|
|
@ -93,7 +93,7 @@
|
|||
name: shared_address_scopes
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -134,7 +134,7 @@
|
|||
path: /address-scopes/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -160,7 +160,7 @@
|
|||
path: /address-scopes/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -318,7 +318,7 @@
|
|||
path: /routers/{router_id}/l3-agents
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -331,7 +331,7 @@
|
|||
path: /auto-allocated-topology/{project_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -370,7 +370,7 @@
|
|||
path: /flavors
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
- check_str: role:reader
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -504,7 +504,7 @@
|
|||
path: /flavors/{flavor_id}/service_profiles/{profile_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -530,7 +530,7 @@
|
|||
path: /floatingips
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -545,7 +545,7 @@
|
|||
path: /floatingips/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -558,7 +558,7 @@
|
|||
path: /floatingips/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -571,7 +571,7 @@
|
|||
path: /floatingips/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -584,7 +584,7 @@
|
|||
path: /floatingip_pools
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -597,7 +597,7 @@
|
|||
path: /floatingips/{floatingip_id}/port_forwardings
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -612,7 +612,7 @@
|
|||
path: /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -625,7 +625,7 @@
|
|||
path: /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -638,7 +638,7 @@
|
|||
path: /floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -651,7 +651,7 @@
|
|||
path: /routers/{router_id}/conntrack_helpers
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -666,7 +666,7 @@
|
|||
path: /routers/{router_id}/conntrack_helpers/{conntrack_helper_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -679,7 +679,7 @@
|
|||
path: /routers/{router_id}/conntrack_helpers/{conntrack_helper_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -692,7 +692,7 @@
|
|||
path: /routers/{router_id}/conntrack_helpers/{conntrack_helper_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -705,7 +705,7 @@
|
|||
path: /local-ips
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -720,7 +720,7 @@
|
|||
path: /local-ips/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -733,7 +733,7 @@
|
|||
path: /local-ips/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -746,7 +746,7 @@
|
|||
path: /local-ips/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -759,7 +759,7 @@
|
|||
path: /local_ips/{local_ip_id}/port_associations
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -774,7 +774,7 @@
|
|||
path: /local_ips/{local_ip_id}/port_associations/{fixed_port_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s or rule:ext_parent_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_ext_parent_owner
|
||||
|
|
@ -867,7 +867,7 @@
|
|||
path: /metering/metering-labels
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_only
|
||||
|
|
@ -908,7 +908,7 @@
|
|||
path: /metering/metering-label-rules
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_only
|
||||
|
|
@ -936,7 +936,7 @@
|
|||
path: /metering/metering-label-rules/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -949,7 +949,7 @@
|
|||
path: /ndp_proxies
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -964,7 +964,7 @@
|
|||
path: /ndp_proxies/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -977,7 +977,7 @@
|
|||
path: /ndp_proxies/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -995,7 +995,7 @@
|
|||
name: external
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -1041,7 +1041,7 @@
|
|||
operations: *id001
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -1096,7 +1096,7 @@
|
|||
operations: *id001
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s or rule:shared
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared
|
||||
or rule:external or rule:context_is_advsvc
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
|
|
@ -1112,17 +1112,6 @@
|
|||
path: /networks/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
name: get_network:router:external
|
||||
deprecated_since: null
|
||||
description: Get ``router:external`` attribute of a network
|
||||
name: get_network:router:external
|
||||
operations: *id002
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
|
|
@ -1167,7 +1156,7 @@
|
|||
operations: *id002
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -1257,7 +1246,7 @@
|
|||
operations: *id003
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -1268,7 +1257,7 @@
|
|||
operations: *id003
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -1360,7 +1349,7 @@
|
|||
name: admin_or_data_plane_int
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -1462,7 +1451,7 @@
|
|||
operations: *id004
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -1737,6 +1726,7 @@
|
|||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or rule:context_is_advsvc or role:member and project_id:%(project_id)s
|
||||
or rule:network_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:context_is_advsvc or rule:admin_owner_or_network_owner
|
||||
|
|
@ -1749,7 +1739,12 @@
|
|||
path: /ports/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: field:policies:shared=True
|
||||
description: Rule of shared qos policy
|
||||
name: shared_qos_policy
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared_qos_policy
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -1818,7 +1813,7 @@
|
|||
path: /qos/rule-types/{rule_type}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -1872,7 +1867,7 @@
|
|||
path: /qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
description: Get a QoS packet rate limit rule
|
||||
name: get_policy_packet_rate_limit_rule
|
||||
operations:
|
||||
|
|
@ -1906,7 +1901,7 @@
|
|||
path: /qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -1960,7 +1955,7 @@
|
|||
path: /qos/policies/{policy_id}/dscp_marking_rules/{rule_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -2014,7 +2009,7 @@
|
|||
path: /qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
description: Get a QoS minimum packet rate rule
|
||||
name: get_policy_minimum_packet_rate_rule
|
||||
operations:
|
||||
|
|
@ -2048,7 +2043,7 @@
|
|||
path: /qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -2087,7 +2082,7 @@
|
|||
path: /qos/alias_bandwidth_limit_rules/{rule_id}/
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -2126,7 +2121,7 @@
|
|||
path: /qos/alias_dscp_marking_rules/{rule_id}/
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -2236,7 +2231,7 @@
|
|||
name: restrict_wildcard
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -2262,7 +2257,7 @@
|
|||
path: /rbac-policies
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2288,7 +2283,7 @@
|
|||
path: /rbac-policies/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2303,7 +2298,7 @@
|
|||
path: /rbac-policies/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2316,7 +2311,7 @@
|
|||
path: /rbac-policies/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -2351,7 +2346,7 @@
|
|||
operations: *id007
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2362,7 +2357,7 @@
|
|||
operations: *id007
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2398,7 +2393,7 @@
|
|||
operations: *id007
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2435,7 +2430,7 @@
|
|||
operations: *id008
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2470,7 +2465,7 @@
|
|||
operations: *id009
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2481,7 +2476,7 @@
|
|||
operations: *id009
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2517,7 +2512,7 @@
|
|||
operations: *id009
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2530,7 +2525,7 @@
|
|||
path: /routers/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2543,7 +2538,7 @@
|
|||
path: /routers/{id}/add_router_interface
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2556,7 +2551,7 @@
|
|||
path: /routers/{id}/remove_router_interface
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2569,7 +2564,7 @@
|
|||
path: /routers/{id}/add_extraroutes
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2592,7 +2587,12 @@
|
|||
name: admin_owner_or_sg_owner
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: field:security_groups:shared=True
|
||||
description: Definition of a shared security group
|
||||
name: shared_security_group
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2605,7 +2605,7 @@
|
|||
path: /security-groups
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared_security_group
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -2620,7 +2620,7 @@
|
|||
path: /security-groups/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2633,7 +2633,7 @@
|
|||
path: /security-groups/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2646,7 +2646,7 @@
|
|||
path: /security-groups/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2659,7 +2659,7 @@
|
|||
path: /security-group-rules
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s or rule:sg_owner
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:sg_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_owner_or_sg_owner
|
||||
|
|
@ -2674,7 +2674,7 @@
|
|||
path: /security-group-rules/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2754,7 +2754,7 @@
|
|||
path: /service-providers
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s or rule:network_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:network_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_network_owner
|
||||
|
|
@ -2789,7 +2789,7 @@
|
|||
operations: *id010
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s or rule:shared
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner or rule:shared
|
||||
|
|
@ -2815,7 +2815,7 @@
|
|||
operations: *id011
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s or rule:network_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:network_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_network_owner
|
||||
|
|
@ -2850,7 +2850,7 @@
|
|||
operations: *id012
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s or rule:network_owner
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s) or rule:network_owner
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_network_owner
|
||||
|
|
@ -2868,7 +2868,7 @@
|
|||
name: shared_subnetpools
|
||||
operations: []
|
||||
scope_types: null
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -2907,7 +2907,7 @@
|
|||
path: /subnetpools
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:reader and project_id:%(project_id)s or rule:shared_subnetpools
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared_subnetpools
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner or rule:shared_subnetpools
|
||||
|
|
@ -2922,7 +2922,7 @@
|
|||
path: /subnetpools/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2948,7 +2948,7 @@
|
|||
path: /subnetpools/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2961,7 +2961,7 @@
|
|||
path: /subnetpools/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2974,7 +2974,7 @@
|
|||
path: /subnetpools/{id}/onboard_network_subnets
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2987,7 +2987,7 @@
|
|||
path: /subnetpools/{id}/add_prefixes
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:admin_only or role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -3000,7 +3000,7 @@
|
|||
path: /subnetpools/{id}/remove_prefixes
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -3013,7 +3013,7 @@
|
|||
path: /trunks
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -3028,7 +3028,7 @@
|
|||
path: /trunks/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -3041,7 +3041,7 @@
|
|||
path: /trunks/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -3054,7 +3054,7 @@
|
|||
path: /trunks/{id}
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:reader and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:reader and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:regular_user
|
||||
|
|
@ -3067,7 +3067,7 @@
|
|||
path: /trunks/{id}/get_subports
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -3080,7 +3080,7 @@
|
|||
path: /trunks/{id}/add_subports
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: role:member and project_id:%(project_id)s
|
||||
- check_str: (rule:admin_only) or (role:member and project_id:%(project_id)s)
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
|
|||
|
|
@ -2055,7 +2055,7 @@
|
|||
path: /servers/{server_id}/action (suspend)
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:project_reader_api
|
||||
- check_str: rule:project_reader_or_admin
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
@ -2071,7 +2071,7 @@
|
|||
path: /os-tenant-networks
|
||||
scope_types:
|
||||
- project
|
||||
- check_str: rule:project_reader_api
|
||||
- check_str: rule:project_reader_or_admin
|
||||
deprecated_reason: null
|
||||
deprecated_rule:
|
||||
check_str: rule:admin_or_owner
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -2119,12 +2119,12 @@
|
|||
# This API is proxy calls to the Network service. This is deprecated.
|
||||
# GET /os-tenant-networks
|
||||
# Intended scope(s): project
|
||||
#"os_compute_api:os-tenant-networks:list": "rule:project_reader_api"
|
||||
#"os_compute_api:os-tenant-networks:list": "rule:project_reader_or_admin"
|
||||
|
||||
# DEPRECATED
|
||||
# "os_compute_api:os-tenant-networks":"rule:admin_or_owner" has been
|
||||
# deprecated since 22.0.0 in favor of "os_compute_api:os-tenant-
|
||||
# networks:list":"rule:project_reader_api".
|
||||
# networks:list":"rule:project_reader_or_admin".
|
||||
# Nova API policies are introducing new default roles with scope_type
|
||||
# capabilities. Old policies are deprecated and silently going to be
|
||||
# ignored in nova 23.0.0 release.
|
||||
|
|
@ -2144,12 +2144,12 @@
|
|||
# This API is proxy calls to the Network service. This is deprecated.
|
||||
# GET /os-tenant-networks/{network_id}
|
||||
# Intended scope(s): project
|
||||
#"os_compute_api:os-tenant-networks:show": "rule:project_reader_api"
|
||||
#"os_compute_api:os-tenant-networks:show": "rule:project_reader_or_admin"
|
||||
|
||||
# DEPRECATED
|
||||
# "os_compute_api:os-tenant-networks":"rule:admin_or_owner" has been
|
||||
# deprecated since 22.0.0 in favor of "os_compute_api:os-tenant-
|
||||
# networks:show":"rule:project_reader_api".
|
||||
# networks:show":"rule:project_reader_or_admin".
|
||||
# Nova API policies are introducing new default roles with scope_type
|
||||
# capabilities. Old policies are deprecated and silently going to be
|
||||
# ignored in nova 23.0.0 release.
|
||||
|
|
|
|||
Loading…
Reference in New Issue