ci/conf/policy.json

   1 {
   2   "admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or  tenant_id:%(tenant_id)s",
   3   "default": "rule:admin_or_owner",
   4   "admin_api": "is_admin:True or (role:admin and is_admin_project:True)",
   5
   6
   7   "profile:create":"rule:admin_api",
   8   "profile:list":"",
   9   "profile:get":"",
  10   "profile:update":"rule:admin_api",
  11   "profile:delete":"rule:admin_api",
  12   "profile:add_extra_property": "rule:admin_api",
  13   "profile:list_extra_properties": "",
  14   "profile:remove_extra_property": "rule:admin_api",
  15   "volume:create": "rule:admin_or_owner",
  16   "volume:list": "rule:admin_or_owner",
  17   "volume:get": "rule:admin_or_owner",
  18   "volume:update": "rule:admin_or_owner",
  19   "volume:extend": "rule:admin_or_owner",
  20   "volume:delete": "rule:admin_or_owner",
  21   "volume:create_attachment": "rule:admin_or_owner",
  22   "volume:list_attachments": "rule:admin_or_owner",
  23   "volume:get_attachment": "rule:admin_or_owner",
  24   "volume:update_attachment": "rule:admin_or_owner",
  25   "volume:delete_attachment": "rule:admin_or_owner",
  26   "snapshot:create": "rule:admin_or_owner",
  27   "snapshot:list": "rule:admin_or_owner",
  28   "snapshot:get": "rule:admin_or_owner",
  29   "snapshot:update": "rule:admin_or_owner",
  30   "snapshot:delete": "rule:admin_or_owner",
  31   "dock:list": "rule:admin_api",
  32   "dock:get": "rule:admin_api",
  33   "pool:list": "rule:admin_api",
  34   "pool:get": "rule:admin_api",
  35   "replication:create": "rule:admin_or_owner",
  36   "replication:list": "rule:admin_or_owner",
  37   "replication:list_detail": "rule:admin_or_owner",
  38   "replication:get": "rule:admin_or_owner",
  39   "replication:update": "rule:admin_or_owner",
  40   "replication:delete": "rule:admin_or_owner",
  41   "replication:action:enable": "rule:admin_or_owner",
  42   "replication:action:disable": "rule:admin_or_owner",
  43   "replication:action:failover": "rule:admin_or_owner",
  44   "volume_group:create": "rule:admin_or_owner",
  45   "volume_group:list": "rule:admin_or_owner",
  46   "volume_group:get": "rule:admin_or_owner",
  47   "volume_group:update": "rule:admin_or_owner",
  48   "volume_group:delete": "rule:admin_or_owner"
  49 }