Last active
September 19, 2018 17:47
-
-
Save lbragstad/5000b46f27342589701371c88262c35b to your computer and use it in GitHub Desktop.
Inconsistent Policies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # cinder | |
| "volume:create_volume_metadata": "rule:admin_or_owner" | |
| "volume:delete_snapshot_metadata": "rule:admin_or_owner" | |
| "backup:export-import": "rule:admin_api" | |
| "volume:failover_host": "rule:admin_api" | |
| "volume_extension:capabilities": "rule:admin_api" | |
| "context_is_admin": "role:admin" | |
| "volume_extension:volume_admin_actions:force_detach": "rule:admin_api" | |
| "volume_extension:types_extra_specs:delete": "rule:admin_api" | |
| "backup:delete": "rule:admin_or_owner" | |
| "volume_extension:volume_encryption_metadata": "rule:admin_or_owner" | |
| "clusters:get": "rule:admin_api" | |
| "volume_extension:volume_actions:begin_detaching": "rule:admin_or_owner" | |
| "message:get": "rule:admin_or_owner" | |
| "volume_extension:volume_actions:detach": "rule:admin_or_owner" | |
| "volume_extension:quotas:update": "rule:admin_api" | |
| "snapshot_extension:snapshot_actions:update_snapshot_status": "" | |
| "scheduler_extension:scheduler_stats:get_pools": "rule:admin_api" | |
| "backup:restore": "rule:admin_or_owner" | |
| "volume_extension:volume_tenant_attribute": "rule:admin_or_owner" | |
| "volume_extension:services:update": "rule:admin_api" | |
| "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api" | |
| "group:create_group_snapshot": "" | |
| "volume_extension:volume_admin_actions:force_delete": "rule:admin_api" | |
| "volume:update_readonly_flag": "rule:admin_or_owner" | |
| "group:group_types_manage": "rule:admin_api" | |
| "volume:create_from_image": "" | |
| "backup:backup-import": "rule:admin_api" | |
| "backup:get_all": "rule:admin_or_owner" | |
| "group:delete": "rule:admin_or_owner" | |
| "group:disable_replication": "rule:admin_or_owner" | |
| "volume_extension:types_manage": "rule:admin_api" | |
| "limits_extension:used_limits": "rule:admin_or_owner" | |
| "group:get_all_group_snapshots": "rule:admin_or_owner" | |
| "volume:update_volume_metadata": "rule:admin_or_owner" | |
| "volume:accept_transfer": "" | |
| "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api" | |
| "volume:force_delete": "rule:admin_api" | |
| "volume_extension:volume_mig_status_attribute": "rule:admin_api" | |
| "admin_api": "is_admin:True or (role:admin and is_admin_project:True)" | |
| "volume_extension:quota_classes": "rule:admin_api" | |
| "volume_extension:qos_specs_manage:get_all": "rule:admin_api" | |
| "volume:create_snapshot": "rule:admin_or_owner" | |
| "volume:get_all": "rule:admin_or_owner" | |
| "snapshot_extension:snapshot_unmanage": "rule:admin_api" | |
| "volume_extension:volume_image_metadata": "rule:admin_or_owner" | |
| "volume_extension:types_extra_specs:show": "rule:admin_api" | |
| "volume:get_transfer": "rule:admin_or_owner" | |
| "volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api" | |
| "group:create": "" | |
| "volume:extend": "rule:admin_or_owner" | |
| "volume_extension:type_get": "" | |
| "volume:get_snapshot_metadata": "rule:admin_or_owner" | |
| "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api" | |
| "workers:cleanup": "rule:admin_api" | |
| "volume:update_snapshot_metadata": "rule:admin_or_owner" | |
| "volume_extension:access_types_extra_specs": "rule:admin_api" | |
| "group:reset_status": "rule:admin_api" | |
| "group:get": "rule:admin_or_owner" | |
| "group:update": "rule:admin_or_owner" | |
| "volume_extension:volume_manage": "rule:admin_api" | |
| "volume:get": "rule:admin_or_owner" | |
| "volume:get_snapshot": "rule:admin_or_owner" | |
| "volume:create": "" | |
| "volume_extension:volume_actions:terminate_connection": "rule:admin_or_owner" | |
| "volume:update_snapshot": "rule:admin_or_owner" | |
| "volume_extension:volume_actions:initialize_connection": "rule:admin_or_owner" | |
| "volume_extension:quotas:show": "rule:admin_or_owner" | |
| "volume_extension:hosts": "rule:admin_api" | |
| "group:update_group_snapshot": "rule:admin_or_owner" | |
| "volume_extension:volume_type_access": "rule:admin_or_owner" | |
| "volume:get_all_snapshots": "rule:admin_or_owner" | |
| "group:get_group_snapshot": "rule:admin_or_owner" | |
| "volume:attachment_delete": "rule:admin_or_owner" | |
| "volume:get_all_transfers": "rule:admin_or_owner" | |
| "volume:attachment_complete": "rule:admin_or_owner" | |
| "volume:attachment_create": "" | |
| "volume:get_volume_metadata": "rule:admin_or_owner" | |
| "group:enable_replication": "rule:admin_or_owner" | |
| "volume_extension:backup_admin_actions:force_delete": "rule:admin_api" | |
| "group:access_group_types_specs": "rule:admin_api" | |
| "group:failover_replication": "rule:admin_or_owner" | |
| "volume_extension:volume_unmanage": "rule:admin_api" | |
| "volume_extension:backup_admin_actions:reset_status": "rule:admin_api" | |
| "group:get_all": "rule:admin_or_owner" | |
| "group:reset_group_snapshot_status": "rule:admin_or_owner" | |
| "volume_extension:type_get_all": "" | |
| "volume:update_volume_admin_metadata": "rule:admin_api" | |
| "volume_extension:qos_specs_manage:update": "rule:admin_api" | |
| "clusters:update": "rule:admin_api" | |
| "admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s" | |
| "volume_extension:volume_admin_actions:reset_status": "rule:admin_api" | |
| "volume_extension:volume_actions:upload_image": "rule:admin_or_owner" | |
| "volume_extension:types_extra_specs:update": "rule:admin_api" | |
| "volume_extension:volume_actions:upload_public": "rule:admin_api" | |
| "volume_extension:volume_actions:attach": "rule:admin_or_owner" | |
| "volume:revert_to_snapshot": "rule:admin_or_owner" | |
| "volume_extension:qos_specs_manage:get": "rule:admin_api" | |
| "volume:multiattach": "rule:admin_or_owner" | |
| "volume_extension:list_manageable": "rule:admin_api" | |
| "volume_extension:extended_snapshot_attributes": "rule:admin_or_owner" | |
| "volume_extension:volume_actions:reserve": "rule:admin_or_owner" | |
| "volume_extension:qos_specs_manage:create": "rule:admin_api" | |
| "volume_extension:types_extra_specs:create": "rule:admin_api" | |
| "volume:delete_transfer": "rule:admin_or_owner" | |
| "backup:create": "" | |
| "snapshot_extension:list_manageable": "rule:admin_api" | |
| "volume_extension:quotas:delete": "rule:admin_api" | |
| "volume_extension:volume_actions:roll_detaching": "rule:admin_or_owner" | |
| "volume:multiattach_bootable_volume": "rule:admin_or_owner" | |
| "volume_extension:types_extra_specs:index": "rule:admin_api" | |
| "volume_extension:volume_host_attribute": "rule:admin_api" | |
| "volume:delete_volume_metadata": "rule:admin_or_owner" | |
| "backup:get": "rule:admin_or_owner" | |
| "backup:backup_project_attribute": "rule:admin_api" | |
| "group:delete_group_snapshot": "rule:admin_or_owner" | |
| "volume:retype": "rule:admin_or_owner" | |
| "clusters:get_all": "rule:admin_api" | |
| "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api" | |
| "backup:update": "rule:admin_or_owner" | |
| "volume:attachment_update": "rule:admin_or_owner" | |
| "volume:delete_snapshot": "rule:admin_or_owner" | |
| "volume_extension:volume_actions:unreserve": "rule:admin_or_owner" | |
| "snapshot_extension:snapshot_manage": "rule:admin_api" | |
| "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api" | |
| "volume_extension:services:index": "rule:admin_api" | |
| "volume:delete": "rule:admin_or_owner" | |
| "volume_extension:qos_specs_manage:delete": "rule:admin_api" | |
| "volume_extension:volume_type_encryption": "rule:admin_api" | |
| "volume:freeze_host": "rule:admin_api" | |
| "message:delete": "rule:admin_or_owner" | |
| "message:get_all": "rule:admin_or_owner" | |
| "group:group_types_specs": "rule:admin_api" | |
| "group:list_replication_targets": "rule:admin_or_owner" | |
| "volume_extension:access_types_qos_specs_id": "rule:admin_api" | |
| "volume:update": "rule:admin_or_owner" | |
| "volume:extend_attached_volume": "rule:admin_or_owner" | |
| "volume:create_transfer": "rule:admin_or_owner" | |
| "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api" | |
| "volume:thaw_host": "rule:admin_api" | |
| # glance | |
| "context_is_admin": "role:admin" | |
| "default": "role:admin" | |
| "add_image": "" | |
| "delete_image": "" | |
| "get_image": "" | |
| "get_images": "" | |
| "modify_image": "" | |
| "publicize_image": "role:admin" | |
| "communitize_image": "" | |
| "copy_from": "" | |
| "download_image": "" | |
| "upload_image": "" | |
| "delete_image_location": "" | |
| "get_image_location": "" | |
| "set_image_location": "" | |
| "add_member": "" | |
| "delete_member": "" | |
| "get_member": "", | |
| "get_members": "" | |
| "modify_member": "" | |
| "manage_image_cache": "role:admin" | |
| "get_task": "" | |
| "get_tasks": "" | |
| "add_task": "" | |
| "modify_task": "" | |
| "tasks_api_access": "role:admin" | |
| "deactivate": "" | |
| "reactivate": "" | |
| "get_metadef_namespace": "" | |
| "get_metadef_namespaces":"" | |
| "modify_metadef_namespace":"" | |
| "add_metadef_namespace":"" | |
| "get_metadef_object":"" | |
| "get_metadef_objects":"" | |
| "modify_metadef_object":"" | |
| "add_metadef_object":"" | |
| "list_metadef_resource_types":"" | |
| "get_metadef_resource_type":"" | |
| "add_metadef_resource_type_association":"" | |
| "get_metadef_property":"" | |
| "get_metadef_properties":"" | |
| "modify_metadef_property":"" | |
| "add_metadef_property":"" | |
| "get_metadef_tag":"" | |
| "get_metadef_tags":"" | |
| "modify_metadef_tag":"" | |
| "add_metadef_tag":"" | |
| "add_metadef_tags":"" | |
| # keystone | |
| "identity:delete_project": "rule:admin_required" | |
| "identity:list_revoke_events": "rule:service_or_admin" | |
| "identity:revoke_system_grant_for_group": "rule:admin_required" | |
| "identity:get_region": "" | |
| "identity:list_system_grants_for_group": "rule:admin_required" | |
| "identity:create_implied_role": "rule:admin_required" | |
| "identity:list_endpoint_groups": "rule:admin_required" | |
| "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required" | |
| "identity:get_auth_catalog": "" | |
| "identity:list_access_tokens": "rule:admin_required" | |
| "identity:list_trusts": "" | |
| "identity:update_registered_limit": "rule:admin_required" | |
| "identity:delete_implied_role": "rule:admin_required" | |
| "identity:get_domain_config_default": "rule:admin_required" | |
| "identity:update_service": "rule:admin_required" | |
| "identity:create_domain_config": "rule:admin_required" | |
| "identity:delete_service": "rule:admin_required" | |
| "identity:update_mapping": "rule:admin_required" | |
| "identity:update_limit": "rule:admin_required" | |
| "identity:list_domains": "rule:admin_required" | |
| "identity:list_policies": "rule:admin_required" | |
| "identity:update_endpoint_group": "rule:admin_required" | |
| "service_role": "role:service" | |
| "identity:get_project_tag": "rule:admin_required or project_id:%(target.project.id)s" | |
| "identity:check_system_grant_for_group": "rule:admin_required" | |
| "identity:create_policy_association_for_service": "rule:admin_required" | |
| "identity:delete_endpoint_group": "rule:admin_required" | |
| "identity:get_endpoint_group_in_project": "rule:admin_required" | |
| "identity:list_roles": "rule:admin_required" | |
| "identity:delete_application_credential": "rule:admin_or_owner" | |
| "identity:delete_identity_provider": "rule:admin_required" | |
| "identity:create_domain_role": "rule:admin_required" | |
| "identity:list_users": "rule:admin_required" | |
| "identity:create_protocol": "rule:admin_required" | |
| "identity:check_user_in_group": "rule:admin_required" | |
| "identity:create_user": "rule:admin_required" | |
| "identity:delete_policy_association_for_region_and_service": "rule:admin_required" | |
| "identity:get_policy_for_endpoint": "rule:admin_required" | |
| "identity:update_consumer": "rule:admin_required" | |
| "identity:get_registered_limit": "" | |
| "identity:create_grant": "rule:admin_required" | |
| "identity:list_projects_associated_with_endpoint_group": "rule:admin_required" | |
| "identity:list_groups": "rule:admin_required" | |
| "identity:validate_token": "rule:service_admin_or_token_subject" | |
| "identity:create_endpoint": "rule:admin_required" | |
| "identity:check_token": "rule:admin_or_token_subject" | |
| "identity:ec2_create_credential": "rule:admin_or_owner" | |
| "identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)" | |
| "identity:delete_project_tags": "rule:admin_required" | |
| "identity:delete_domain_role": "rule:admin_required" | |
| "identity:delete_mapping": "rule:admin_required" | |
| "identity:list_endpoints_for_policy": "rule:admin_required" | |
| "identity:update_project_tags": "rule:admin_required" | |
| "identity:update_service_provider": "rule:admin_required" | |
| "identity:list_endpoint_groups_for_project": "rule:admin_required" | |
| "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)" | |
| "identity:get_user": "rule:admin_or_owner" | |
| "identity:get_limit": "" | |
| "identity:delete_domain_config": "rule:admin_required" | |
| "identity:check_grant": "rule:admin_required" | |
| "identity:update_domain": "rule:admin_required" | |
| "identity:get_trust": "" | |
| "identity:get_endpoint": "rule:admin_required" | |
| "identity:get_access_token": "rule:admin_required" | |
| "admin_required": "role:admin or is_admin:1" | |
| "identity:authorize_request_token": "rule:admin_required" | |
| "identity:list_regions": "" | |
| "identity:create_trust": "user_id:%(trust.trustor_user_id)s" | |
| "service_admin_or_token_subject": "rule:service_or_admin or rule:token_subject" | |
| "identity:delete_policy_association_for_service": "rule:admin_required" | |
| "identity:create_identity_provider": "rule:admin_required" | |
| "identity:revoke_token": "rule:admin_or_token_subject" | |
| "identity:delete_service_provider": "rule:admin_required" | |
| "identity:list_limits": "" | |
| "identity:revoke_system_grant_for_user": "rule:admin_required" | |
| "identity:remove_endpoint_group_from_project": "rule:admin_required" | |
| "identity:delete_endpoint": "rule:admin_required" | |
| "identity:create_project": "rule:admin_required" | |
| "identity:list_identity_providers": "rule:admin_required" | |
| "identity:create_system_grant_for_group": "rule:admin_required" | |
| "identity:list_endpoints_for_project": "rule:admin_required" | |
| "identity:create_application_credential": "rule:admin_or_owner" | |
| "identity:check_implied_role": "rule:admin_required" | |
| "identity:get_auth_projects": "" | |
| "identity:list_projects": "rule:admin_required" | |
| "identity:get_role": "rule:admin_required" | |
| "identity:update_identity_provider": "rule:admin_required" | |
| "identity:list_services": "rule:admin_required" | |
| "identity:list_projects_for_user": "" | |
| "identity:delete_trust": "" | |
| "identity:update_protocol": "rule:admin_required" | |
| "identity:update_role": "rule:admin_required" | |
| "identity:check_system_grant_for_user": "rule:admin_required" | |
| "identity:create_service_provider": "rule:admin_required" | |
| "identity:create_credential": "rule:admin_required" | |
| "identity:create_system_grant_for_user": "rule:admin_required" | |
| "identity:revocation_list": "rule:service_or_admin" | |
| "identity:delete_policy": "rule:admin_required" | |
| "identity:delete_role": "rule:admin_required" | |
| "identity:create_role": "rule:admin_required" | |
| "identity:list_consumers": "rule:admin_required" | |
| "identity:get_role_for_trust": "" | |
| "admin_or_token_subject": "rule:admin_required or rule:token_subject" | |
| "identity:get_security_compliance_domain_config": "" | |
| "identity:get_mapping": "rule:admin_required" | |
| "identity:create_group": "rule:admin_required" | |
| "identity:list_protocols": "rule:admin_required" | |
| "owner": "user_id:%(user_id)s" | |
| "identity:get_project": "rule:admin_required or project_id:%(target.project.id)s" | |
| "identity:update_region": "rule:admin_required" | |
| "identity:create_region": "rule:admin_required" | |
| "identity:get_protocol": "rule:admin_required" | |
| "identity:check_policy_association_for_endpoint": "rule:admin_required" | |
| "identity:delete_registered_limit": "rule:admin_required" | |
| "identity:delete_limit": "rule:admin_required" | |
| "identity:get_domain_role": "rule:admin_required" | |
| "identity:get_service": "rule:admin_required" | |
| "identity:create_policy_association_for_endpoint": "rule:admin_required" | |
| "identity:get_policy": "rule:admin_required" | |
| "service_or_admin": "rule:admin_required or rule:service_role" | |
| "identity:get_access_token_role": "rule:admin_required" | |
| "identity:update_policy": "rule:admin_required" | |
| "identity:delete_consumer": "rule:admin_required" | |
| "identity:remove_user_from_group": "rule:admin_required" | |
| "identity:create_policy_association_for_region_and_service": "rule:admin_required" | |
| "identity:create_mapping": "rule:admin_required" | |
| "identity:list_projects_for_endpoint": "rule:admin_required" | |
| "identity:list_role_assignments": "rule:admin_required" | |
| "token_subject": "user_id:%(target.token.user_id)s" | |
| "identity:create_service": "rule:admin_required" | |
| "identity:list_mappings": "rule:admin_required" | |
| "identity:update_endpoint": "rule:admin_required" | |
| "admin_or_owner": "rule:admin_required or rule:owner" | |
| "identity:create_policy": "rule:admin_required" | |
| "identity:delete_user": "rule:admin_required" | |
| "identity:get_group": "rule:admin_required" | |
| "identity:create_consumer": "rule:admin_required" | |
| "identity:list_roles_for_trust": "" | |
| "identity:check_policy_association_for_region_and_service": "rule:admin_required" | |
| "identity:list_service_providers": "rule:admin_required" | |
| "identity:get_consumer": "rule:admin_required" | |
| "identity:revoke_grant": "rule:admin_required" | |
| "identity:add_user_to_group": "rule:admin_required" | |
| "identity:list_domains_for_user": "" | |
| "identity:list_user_projects": "rule:admin_or_owner" | |
| "identity:list_implied_roles": "rule:admin_required" | |
| "identity:list_role_assignments_for_tree": "rule:admin_required" | |
| "identity:list_endpoints": "rule:admin_required" | |
| "identity:get_identity_provider": "rule:admin_required" | |
| "identity:get_auth_domains": "" | |
| "identity:check_policy_association_for_service": "rule:admin_required" | |
| "identity:create_registered_limits": "rule:admin_required" | |
| "identity:delete_protocol": "rule:admin_required" | |
| "identity:add_endpoint_group_to_project": "rule:admin_required" | |
| "identity:create_limits": "rule:admin_required" | |
| "identity:update_project": "rule:admin_required" | |
| "identity:delete_group": "rule:admin_required" | |
| "identity:add_endpoint_to_project": "rule:admin_required" | |
| "identity:delete_access_token": "rule:admin_required" | |
| "identity:get_auth_system": "" | |
| "identity:get_service_provider": "rule:admin_required" | |
| "identity:create_project_tag": "rule:admin_required" | |
| "identity:list_application_credentials": "rule:admin_or_owner" | |
| "identity:create_domain": "rule:admin_required" | |
| "identity:update_domain_config": "rule:admin_required" | |
| "identity:list_grants": "rule:admin_required" | |
| "identity:ec2_list_credentials": "rule:admin_or_owner" | |
| "identity:list_credentials": "rule:admin_required" | |
| "identity:update_credential": "rule:admin_required" | |
| "identity:delete_policy_association_for_endpoint": "rule:admin_required" | |
| "identity:create_endpoint_group": "rule:admin_required" | |
| "identity:get_credential": "rule:admin_required" | |
| "identity:delete_domain": "rule:admin_required" | |
| "identity:get_limit_model": "" | |
| "identity:update_group": "rule:admin_required" | |
| "identity:remove_endpoint_from_project": "rule:admin_required" | |
| "identity:list_role_inference_rules": "rule:admin_required" | |
| "identity:get_implied_role": "rule:admin_required" | |
| "identity:delete_credential": "rule:admin_required" | |
| "identity:update_domain_role": "rule:admin_required" | |
| "identity:get_endpoint_group": "rule:admin_required" | |
| "identity:list_project_tags": "rule:admin_required or project_id:%(target.project.id)s" | |
| "identity:delete_project_tag": "rule:admin_required" | |
| "identity:get_application_credential": "rule:admin_or_owner" | |
| "identity:get_domain": "rule:admin_required or token.project.domain.id:%(target.domain.id)s" | |
| "identity:get_domain_config": "rule:admin_required" | |
| "identity:list_domain_roles": "rule:admin_required" | |
| "identity:check_endpoint_in_project": "rule:admin_required" | |
| "identity:list_users_in_group": "rule:admin_required" | |
| "identity:update_user": "rule:admin_required" | |
| "identity:list_groups_for_user": "rule:admin_or_owner" | |
| "identity:list_access_token_roles": "rule:admin_required" | |
| "identity:list_system_grants_for_user": "rule:admin_required" | |
| "identity:list_registered_limits": "" | |
| "identity:delete_region": "rule:admin_required" | |
| # nova | |
| "os_compute_api:os-evacuate": "rule:admin_api" | |
| "os_compute_api:servers:create": "rule:admin_or_owner" | |
| "os_compute_api:servers:create:forced_host": "rule:admin_api" | |
| "os_compute_api:os-aggregates:remove_host": "rule:admin_api" | |
| "os_compute_api:os-console-output": "rule:admin_or_owner" | |
| "os_compute_api:os-floating-ips": "rule:admin_or_owner" | |
| "os_compute_api:os-aggregates:update": "rule:admin_api" | |
| "os_compute_api:server-metadata:show": "rule:admin_or_owner" | |
| "os_compute_api:os-flavor-manage:create": "rule:os_compute_api:os-flavor-manage" | |
| "os_compute_api:servers:start": "rule:admin_or_owner" | |
| "os_compute_api:os-keypairs:create": "rule:admin_api or user_id:%(user_id)s" | |
| "os_compute_api:servers:create_image": "rule:admin_or_owner" | |
| "os_compute_api:ips:index": "rule:admin_or_owner" | |
| "os_compute_api:os-server-groups": "rule:admin_or_owner" | |
| "os_compute_api:os-server-tags:delete_all": "rule:admin_or_owner" | |
| "os_compute_api:servers:index:get_all_tenants": "rule:admin_api" | |
| "os_compute_api:os-keypairs:delete": "rule:admin_api or user_id:%(user_id)s" | |
| "os_compute_api:os-flavor-manage:delete": "rule:os_compute_api:os-flavor-manage" | |
| "os_compute_api:os-availability-zone:list": "rule:admin_or_owner" | |
| "os_compute_api:os-simple-tenant-usage:list": "rule:admin_api" | |
| "os_compute_api:os-quota-class-sets:show": "is_admin:True or quota_class:%(quota_class)s" | |
| "os_compute_api:os-suspend-server:resume": "rule:admin_or_owner" | |
| "os_compute_api:os-tenant-networks": "rule:admin_or_owner" | |
| "os_compute_api:os-server-tags:update_all": "rule:admin_or_owner" | |
| "os_compute_api:os-hypervisors": "rule:admin_api" | |
| "os_compute_api:os-consoles:delete": "rule:admin_or_owner" | |
| "os_compute_api:os-networks-associate": "rule:admin_api" | |
| "os_compute_api:os-volumes-attachments:index": "rule:admin_or_owner" | |
| "os_compute_api:os-remote-consoles": "rule:admin_or_owner" | |
| "os_compute_api:limits": "rule:admin_or_owner" | |
| "os_compute_api:os-cells:create": "rule:admin_api" | |
| "context_is_admin": "role:admin" | |
| "os_compute_api:server-metadata:index": "rule:admin_or_owner" | |
| "os_compute_api:os-consoles:create": "rule:admin_or_owner" | |
| "os_compute_api:os-aggregates:set_metadata": "rule:admin_api" | |
| "os_compute_api:os-create-backup": "rule:admin_or_owner" | |
| "os_compute_api:os-aggregates:delete": "rule:admin_api" | |
| "os_compute_api:server-metadata:delete": "rule:admin_or_owner" | |
| "os_compute_api:os-pause-server:pause": "rule:admin_or_owner" | |
| "os_compute_api:os-used-limits": "rule:admin_api" | |
| "os_compute_api:os-rescue": "rule:admin_or_owner" | |
| "admin_api": "is_admin:True" | |
| "os_compute_api:os-agents": "rule:admin_api" | |
| "os_compute_api:os-server-tags:delete": "rule:admin_or_owner" | |
| "os_compute_api:os-flavor-extra-specs:show": "rule:admin_or_owner" | |
| "os_compute_api:os-flavor-manage:update": "rule:admin_api" | |
| "os_compute_api:os-attach-interfaces:delete": "rule:admin_or_owner" | |
| "os_compute_api:os-instance-actions:events": "rule:admin_api" | |
| "network:attach_external_network": "is_admin:True" | |
| "os_compute_api:server-metadata:create": "rule:admin_or_owner" | |
| "os_compute_api:os-shelve:shelve": "rule:admin_or_owner" | |
| "os_compute_api:servers:resize": "rule:admin_or_owner" | |
| "os_compute_api:os-aggregates:add_host": "rule:admin_api" | |
| "os_compute_api:os-flavor-access:add_tenant_access": "rule:admin_api" | |
| "os_compute_api:os-cells:update": "rule:admin_api" | |
| "os_compute_api:os-server-diagnostics": "rule:admin_api" | |
| "os_compute_api:servers:revert_resize": "rule:admin_or_owner" | |
| "os_compute_api:os-cells": "rule:admin_api" | |
| "os_compute_api:servers:update": "rule:admin_or_owner" | |
| "os_compute_api:os-admin-actions:reset_network": "rule:admin_api" | |
| "os_compute_api:os-shelve:shelve_offload": "rule:admin_api" | |
| "os_compute_api:os-instance-actions": "rule:admin_or_owner" | |
| "os_compute_api:os-attach-interfaces:create": "rule:admin_or_owner" | |
| "os_compute_api:os-volumes-attachments:create": "rule:admin_or_owner" | |
| "os_compute_api:servers:migrations:force_complete": "rule:admin_api" | |
| "os_compute_api:os-consoles:index": "rule:admin_or_owner" | |
| "os_compute_api:os-instance-usage-audit-log": "rule:admin_api" | |
| "os_compute_api:os-migrations:index": "rule:admin_api" | |
| "os_compute_api:os-admin-actions:reset_state": "rule:admin_api" | |
| "os_compute_api:os-server-groups:create": "rule:os_compute_api:os-server-groups" | |
| "os_compute_api:os-quota-sets:defaults": "@" | |
| "os_compute_api:servers:detail": "rule:admin_or_owner" | |
| "os_compute_api:os-server-external-events:create": "rule:admin_api" | |
| "os_compute_api:os-flavor-extra-specs:create": "rule:admin_api" | |
| "os_compute_api:os-lock-server:lock": "rule:admin_or_owner" | |
| "os_compute_api:servers:confirm_resize": "rule:admin_or_owner" | |
| "os_compute_api:os-flavor-extra-specs:index": "rule:admin_or_owner" | |
| "os_compute_api:servers:create_image:allow_volume_backed": "rule:admin_or_owner" | |
| "os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api" | |
| "os_compute_api:servers:rebuild:trusted_certs": "rule:admin_or_owner" | |
| "os_compute_api:os-server-groups:index": "rule:os_compute_api:os-server-groups" | |
| "os_compute_api:os-extended-server-attributes": "rule:admin_api" | |
| "os_compute_api:os-assisted-volume-snapshots:create": "rule:admin_api" | |
| "os_compute_api:os-consoles:show": "rule:admin_or_owner" | |
| "os_compute_api:servers:migrations:show": "rule:admin_api" | |
| "os_compute_api:os-admin-actions:inject_network_info": "rule:admin_api" | |
| "os_compute_api:servers:create:attach_volume": "rule:admin_or_owner" | |
| "os_compute_api:os-quota-sets:show": "rule:admin_or_owner" | |
| "os_compute_api:os-server-tags:update": "rule:admin_or_owner" | |
| "os_compute_api:os-quota-class-sets:update": "rule:admin_api" | |
| "os_compute_api:os-server-groups:show": "rule:os_compute_api:os-server-groups" | |
| "os_compute_api:os-migrate-server:migrate": "rule:admin_api" | |
| "os_compute_api:extensions": "rule:admin_or_owner" | |
| "os_compute_api:flavors": "rule:admin_or_owner" | |
| "os_compute_api:os-flavor-access:remove_tenant_access": "rule:admin_api" | |
| "os_compute_api:os-simple-tenant-usage:show": "rule:admin_or_owner" | |
| "os_compute_api:os-floating-ip-pools": "rule:admin_or_owner" | |
| "os_compute_api:os-volumes-attachments:show": "rule:admin_or_owner" | |
| "os_compute_api:os-security-groups": "rule:admin_or_owner" | |
| "os_compute_api:os-keypairs:show": "rule:admin_api or user_id:%(user_id)s" | |
| "os_compute_api:os-deferred-delete": "rule:admin_or_owner" | |
| "os_compute_api:servers:show": "rule:admin_or_owner" | |
| "os_compute_api:os-hide-server-addresses": "is_admin:False" | |
| "os_compute_api:os-flavor-extra-specs:update": "rule:admin_api" | |
| "os_compute_api:os-pause-server:unpause": "rule:admin_or_owner" | |
| "os_compute_api:os-admin-password": "rule:admin_or_owner" | |
| "os_compute_api:os-server-tags:show": "rule:admin_or_owner" | |
| "os_compute_api:servers:rebuild": "rule:admin_or_owner" | |
| "os_compute_api:servers:delete": "rule:admin_or_owner" | |
| "admin_or_owner": "is_admin:True or project_id:%(project_id)s" | |
| "os_compute_api:os-quota-sets:delete": "rule:admin_api" | |
| "os_compute_api:os-quota-sets:detail": "rule:admin_or_owner" | |
| "os_compute_api:servers:trigger_crash_dump": "rule:admin_or_owner" | |
| "os_compute_api:os-availability-zone:detail": "rule:admin_api" | |
| "cells_scheduler_filter:TargetCellFilter": "is_admin:True" | |
| "os_compute_api:os-flavor-manage": "rule:admin_api" | |
| "os_compute_api:os-aggregates:show": "rule:admin_api" | |
| "os_compute_api:os-cells:sync_instances": "rule:admin_api" | |
| "os_compute_api:os-services": "rule:admin_api" | |
| "os_compute_api:servers:detail:get_all_tenants": "rule:admin_api" | |
| "os_compute_api:servers:index": "rule:admin_or_owner" | |
| "os_compute_api:os-keypairs:index": "rule:admin_api or user_id:%(user_id)s" | |
| "os_compute_api:os-volumes-attachments:update": "rule:admin_api" | |
| "os_compute_api:os-server-tags:index": "rule:admin_or_owner" | |
| "os_compute_api:os-suspend-server:suspend": "rule:admin_or_owner" | |
| "os_compute_api:servers:stop": "rule:admin_or_owner" | |
| "os_compute_api:os-quota-sets:update": "rule:admin_api" | |
| "os_compute_api:os-volumes": "rule:admin_or_owner" | |
| "os_compute_api:os-baremetal-nodes": "rule:admin_api" | |
| "os_compute_api:servers:show:host_status": "rule:admin_api" | |
| "os_compute_api:os-aggregates:index": "rule:admin_api" | |
| "os_compute_api:os-flavor-extra-specs:delete": "rule:admin_api" | |
| "os_compute_api:os-aggregates:create": "rule:admin_api" | |
| "os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api" | |
| "os_compute_api:os-networks": "rule:admin_api" | |
| "os_compute_api:os-lock-server:unlock": "rule:admin_or_owner" | |
| "os_compute_api:os-cells:delete": "rule:admin_api" | |
| "os_compute_api:os-networks:view": "rule:admin_or_owner" | |
| "os_compute_api:server-metadata:update_all": "rule:admin_or_owner" | |
| "os_compute_api:os-security-group-default-rules": "rule:admin_api" | |
| "os_compute_api:servers:reboot": "rule:admin_or_owner" | |
| "cells_scheduler_filter:DifferentCellFilter": "is_admin:True" | |
| "os_compute_api:servers:migrations:index": "rule:admin_api" | |
| "os_compute_api:os-flavor-access": "rule:admin_or_owner" | |
| "os_compute_api:os-server-password": "rule:admin_or_owner" | |
| "os_compute_api:os-server-groups:delete": "rule:os_compute_api:os-server-groups" | |
| "os_compute_api:os-migrate-server:migrate_live": "rule:admin_api" | |
| "os_compute_api:servers:create:attach_network": "rule:admin_or_owner" | |
| "os_compute_api:os-console-auth-tokens": "rule:admin_api" | |
| "os_compute_api:ips:show": "rule:admin_or_owner" | |
| "os_compute_api:os-attach-interfaces": "rule:admin_or_owner" | |
| "os_compute_api:os-hosts": "rule:admin_api" | |
| "os_compute_api:servers:migrations:delete": "rule:admin_api" | |
| "os_compute_api:os-multinic": "rule:admin_or_owner" | |
| "os_compute_api:os-shelve:unshelve": "rule:admin_or_owner" | |
| "os_compute_api:server-metadata:update": "rule:admin_or_owner" | |
| "os_compute_api:os-volumes-attachments:delete": "rule:admin_or_owner" | |
| "os_compute_api:servers:create:zero_disk_flavor": "rule:admin_or_owner" | |
| "os_compute_api:servers:create:trusted_certs": "rule:admin_or_owner" | |
| # neutron | |
| "context_is_admin": "role:admin", | |
| "owner": "tenant_id:%(tenant_id)s", | |
| "admin_or_owner": "rule:context_is_admin or rule:owner", | |
| "context_is_advsvc": "role:advsvc", | |
| "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", | |
| "admin_owner_or_network_owner": "rule:owner or rule:admin_or_network_owner", | |
| "admin_only": "rule:context_is_admin", | |
| "regular_user": "", | |
| "admin_or_data_plane_int": "rule:context_is_admin or role:data_plane_integrator", | |
| "shared": "field:networks:shared=True", | |
| "shared_subnetpools": "field:subnetpools:shared=True", | |
| "shared_address_scopes": "field:address_scopes:shared=True", | |
| "external": "field:networks:router:external=True", | |
| "default": "rule:admin_or_owner", | |
| "admin_or_ext_parent_owner": "rule:context_is_admin or tenant_id:%(ext_parent:tenant_id)s", | |
| "create_subnet": "rule:admin_or_network_owner", | |
| "create_subnet:segment_id": "rule:admin_only", | |
| "create_subnet:service_types": "rule:admin_only", | |
| "get_subnet": "rule:admin_or_owner or rule:shared", | |
| "get_subnet:segment_id": "rule:admin_only", | |
| "update_subnet": "rule:admin_or_network_owner", | |
| "update_subnet:service_types": "rule:admin_only", | |
| "delete_subnet": "rule:admin_or_network_owner", | |
| "create_subnetpool": "", | |
| "create_subnetpool:shared": "rule:admin_only", | |
| "create_subnetpool:is_default": "rule:admin_only", | |
| "get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools", | |
| "update_subnetpool": "rule:admin_or_owner", | |
| "update_subnetpool:is_default": "rule:admin_only", | |
| "delete_subnetpool": "rule:admin_or_owner", | |
| "create_address_scope": "", | |
| "create_address_scope:shared": "rule:admin_only", | |
| "get_address_scope": "rule:admin_or_owner or rule:shared_address_scopes", | |
| "update_address_scope": "rule:admin_or_owner", | |
| "update_address_scope:shared": "rule:admin_only", | |
| "delete_address_scope": "rule:admin_or_owner", | |
| "create_network": "", | |
| "create_network:shared": "rule:admin_only", | |
| "create_network:router:external": "rule:admin_only", | |
| "create_network:is_default": "rule:admin_only", | |
| "create_network:segments": "rule:admin_only", | |
| "create_network:provider:network_type": "rule:admin_only", | |
| "create_network:provider:physical_network": "rule:admin_only", | |
| "create_network:provider:segmentation_id": "rule:admin_only", | |
| "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc", | |
| "get_network:router:external": "rule:regular_user", | |
| "get_network:segments": "rule:admin_only", | |
| "get_network:provider:network_type": "rule:admin_only", | |
| "get_network:provider:physical_network": "rule:admin_only", | |
| "get_network:provider:segmentation_id": "rule:admin_only", | |
| "get_network:queue_id": "rule:admin_only", | |
| "get_network_ip_availabilities": "rule:admin_only", | |
| "get_network_ip_availability": "rule:admin_only", | |
| "update_network": "rule:admin_or_owner", | |
| "update_network:segments": "rule:admin_only", | |
| "update_network:shared": "rule:admin_only", | |
| "update_network:provider:network_type": "rule:admin_only", | |
| "update_network:provider:physical_network": "rule:admin_only", | |
| "update_network:provider:segmentation_id": "rule:admin_only", | |
| "update_network:router:external": "rule:admin_only", | |
| "delete_network": "rule:admin_or_owner", | |
| "create_segment": "rule:admin_only", | |
| "get_segment": "rule:admin_only", | |
| "update_segment": "rule:admin_only", | |
| "delete_segment": "rule:admin_only", | |
| "network_device": "field:port:device_owner=~^network:", | |
| "create_port": "", | |
| "create_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "create_port:mac_address": "rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "create_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "create_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared", | |
| "create_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "create_port:binding:host_id": "rule:admin_only", | |
| "create_port:binding:profile": "rule:admin_only", | |
| "create_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "create_port:allowed_address_pairs": "rule:admin_or_network_owner", | |
| "get_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner", | |
| "get_port:queue_id": "rule:admin_only", | |
| "get_port:binding:vif_type": "rule:admin_only", | |
| "get_port:binding:vif_details": "rule:admin_only", | |
| "get_port:binding:host_id": "rule:admin_only", | |
| "get_port:binding:profile": "rule:admin_only", | |
| "update_port": "rule:admin_or_owner or rule:context_is_advsvc", | |
| "update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc", | |
| "update_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "update_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "update_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared", | |
| "update_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "update_port:binding:host_id": "rule:admin_only", | |
| "update_port:binding:profile": "rule:admin_only", | |
| "update_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner", | |
| "update_port:allowed_address_pairs": "rule:admin_or_network_owner", | |
| "update_port:data_plane_status": "rule:admin_or_data_plane_int", | |
| "delete_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner", | |
| "create_router": "rule:regular_user", | |
| "create_router:external_gateway_info": "rule:admin_or_owner", | |
| "create_router:external_gateway_info:network_id": "rule:admin_or_owner", | |
| "create_router:external_gateway_info:enable_snat": "rule:admin_only", | |
| "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", | |
| "create_router:distributed": "rule:admin_only", | |
| "create_router:ha": "rule:admin_only", | |
| "get_router": "rule:admin_or_owner", | |
| "get_router:ha": "rule:admin_only", | |
| "get_router:distributed": "rule:admin_only", | |
| "update_router": "rule:admin_or_owner", | |
| "update_router:external_gateway_info": "rule:admin_or_owner", | |
| "update_router:external_gateway_info:network_id": "rule:admin_or_owner", | |
| "update_router:external_gateway_info:enable_snat": "rule:admin_only", | |
| "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", | |
| "update_router:distributed": "rule:admin_only", | |
| "update_router:ha": "rule:admin_only", | |
| "delete_router": "rule:admin_or_owner", | |
| "add_router_interface": "rule:admin_or_owner", | |
| "remove_router_interface": "rule:admin_or_owner", | |
| "create_qos_queue": "rule:admin_only", | |
| "get_qos_queue": "rule:admin_only", | |
| "get_agent": "rule:admin_only", | |
| "update_agent": "rule:admin_only", | |
| "delete_agent": "rule:admin_only", | |
| "create_dhcp-network": "rule:admin_only", | |
| "get_dhcp-networks": "rule:admin_only", | |
| "delete_dhcp-network": "rule:admin_only", | |
| "create_l3-router": "rule:admin_only", | |
| "get_l3-routers": "rule:admin_only", | |
| "delete_l3-router": "rule:admin_only", | |
| "get_dhcp-agents": "rule:admin_only", | |
| "get_l3-agents": "rule:admin_only", | |
| "get_loadbalancer-agent": "rule:admin_only", | |
| "get_loadbalancer-pools": "rule:admin_only", | |
| "get_agent-loadbalancers": "rule:admin_only", | |
| "get_loadbalancer-hosting-agent": "rule:admin_only", | |
| "create_floatingip": "rule:regular_user", | |
| "create_floatingip:floating_ip_address": "rule:admin_only", | |
| "get_floatingip": "rule:admin_or_owner", | |
| "update_floatingip": "rule:admin_or_owner", | |
| "delete_floatingip": "rule:admin_or_owner", | |
| "create_network_profile": "rule:admin_only", | |
| "get_network_profiles": "", | |
| "get_network_profile": "", | |
| "update_network_profile": "rule:admin_only", | |
| "delete_network_profile": "rule:admin_only", | |
| "get_policy_profiles": "", | |
| "get_policy_profile": "", | |
| "update_policy_profiles": "rule:admin_only", | |
| "create_metering_label": "rule:admin_only", | |
| "get_metering_label": "rule:admin_only", | |
| "delete_metering_label": "rule:admin_only", | |
| "create_metering_label_rule": "rule:admin_only", | |
| "get_metering_label_rule": "rule:admin_only", | |
| "delete_metering_label_rule": "rule:admin_only", | |
| "create_lsn": "rule:admin_only", | |
| "get_lsn": "rule:admin_only", | |
| "get_service_provider": "rule:regular_user", | |
| "create_flavor": "rule:admin_only", | |
| "get_flavors": "rule:regular_user", | |
| "get_flavor": "rule:regular_user", | |
| "update_flavor": "rule:admin_only", | |
| "delete_flavor": "rule:admin_only", | |
| "create_service_profile": "rule:admin_only", | |
| "get_service_profiles": "rule:admin_only", | |
| "get_service_profile": "rule:admin_only", | |
| "update_service_profile": "rule:admin_only", | |
| "delete_service_profile": "rule:admin_only", | |
| "create_policy": "rule:admin_only", | |
| "get_policy": "rule:regular_user", | |
| "update_policy": "rule:admin_only", | |
| "delete_policy": "rule:admin_only", | |
| "create_policy_bandwidth_limit_rule": "rule:admin_only", | |
| "get_policy_bandwidth_limit_rule": "rule:regular_user", | |
| "update_policy_bandwidth_limit_rule": "rule:admin_only", | |
| "delete_policy_bandwidth_limit_rule": "rule:admin_only", | |
| "create_policy_dscp_marking_rule": "rule:admin_only", | |
| "get_policy_dscp_marking_rule": "rule:regular_user", | |
| "update_policy_dscp_marking_rule": "rule:admin_only", | |
| "delete_policy_dscp_marking_rule": "rule:admin_only", | |
| "get_rule_type": "rule:regular_user", | |
| "create_policy_minimum_bandwidth_rule": "rule:admin_only", | |
| "get_policy_minimum_bandwidth_rule": "rule:regular_user", | |
| "update_policy_minimum_bandwidth_rule": "rule:admin_only", | |
| "delete_policy_minimum_bandwidth_rule": "rule:admin_only", | |
| "restrict_wildcard": "(not field:rbac_policy:target_tenant=*) or rule:admin_only", | |
| "create_rbac_policy": "", | |
| "create_rbac_policy:target_tenant": "rule:restrict_wildcard", | |
| "get_rbac_policy": "rule:admin_or_owner", | |
| "update_rbac_policy": "rule:admin_or_owner", | |
| "update_rbac_policy:target_tenant": "rule:restrict_wildcard and rule:admin_or_owner", | |
| "delete_rbac_policy": "rule:admin_or_owner", | |
| "create_flavor_service_profile": "rule:admin_only", | |
| "get_flavor_service_profile": "rule:regular_user", | |
| "delete_flavor_service_profile": "rule:admin_only", | |
| "get_auto_allocated_topology": "rule:admin_or_owner", | |
| "delete_auto_allocated_topology": "rule:admin_or_owner", | |
| "create_trunk": "rule:regular_user", | |
| "get_trunk": "rule:admin_or_owner", | |
| "delete_trunk": "rule:admin_or_owner", | |
| "add_subports": "rule:admin_or_owner", | |
| "get_subports": "", | |
| "remove_subports": "rule:admin_or_owner", | |
| "create_security_group": "rule:admin_or_owner", | |
| "get_security_groups": "rule:admin_or_owner", | |
| "get_security_group": "rule:admin_or_owner", | |
| "update_security_group": "rule:admin_or_owner", | |
| "delete_security_group": "rule:admin_or_owner", | |
| "create_security_group_rule": "rule:admin_or_owner", | |
| "get_security_group_rules": "rule:admin_or_owner", | |
| "get_security_group_rule": "rule:admin_or_owner", | |
| "delete_security_group_rule": "rule:admin_or_owner", | |
| "get_loggable_resources": "rule:admin_only", | |
| "create_log": "rule:admin_only", | |
| "get_log": "rule:admin_only", | |
| "get_logs": "rule:admin_only", | |
| "update_log": "rule:admin_only", | |
| "delete_log": "rule:admin_only", | |
| "create_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner", | |
| "get_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner", | |
| "get_floatingip_port_forwardings": "rule:admin_or_ext_parent_owner", | |
| "update_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner", | |
| "delete_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner" | |
| # octavia | |
| "load-balancer:read": "rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or rule:load-balancer:admin" | |
| "load-balancer:read-quota": "rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin" | |
| "os_load-balancer_api:pool:delete": "rule:load-balancer:write" | |
| "os_load-balancer_api:listener:get_all": "rule:load-balancer:read" | |
| "os_load-balancer_api:loadbalancer:post": "rule:load-balancer:write" | |
| "os_load-balancer_api:loadbalancer:get_status": "rule:load-balancer:read" | |
| "os_load-balancer_api:l7rule:post": "rule:load-balancer:write" | |
| "os_load-balancer_api:l7policy:get_one": "rule:load-balancer:read" | |
| "os_load-balancer_api:pool:get_all-global": "rule:load-balancer:read-global" | |
| "os_load-balancer_api:amphora:put_failover": "rule:load-balancer:admin" | |
| "load-balancer:owner": "project_id:%(project_id)s" | |
| "os_load-balancer_api:listener:get_one": "rule:load-balancer:read" | |
| "os_load-balancer_api:pool:get_all": "rule:load-balancer:read" | |
| "os_load-balancer_api:l7rule:get_all": "rule:load-balancer:read" | |
| "load-balancer:write": "rule:load-balancer:member_and_owner or rule:load-balancer:admin" | |
| "os_load-balancer_api:amphora:get_one": "rule:load-balancer:admin" | |
| "os_load-balancer_api:healthmonitor:delete": "rule:load-balancer:write" | |
| "load-balancer:read-global": "rule:load-balancer:global_observer or rule:load-balancer:admin" | |
| "os_load-balancer_api:loadbalancer:get_stats": "rule:load-balancer:read" | |
| "os_load-balancer_api:member:get_one": "rule:load-balancer:read" | |
| "os_load-balancer_api:pool:get_one": "rule:load-balancer:read" | |
| "load-balancer:read-quota-global": "rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin" | |
| "os_load-balancer_api:loadbalancer:get_all": "rule:load-balancer:read" | |
| "os_load-balancer_api:l7rule:put": "rule:load-balancer:write" | |
| "load-balancer:observer_and_owner": "role:load-balancer_observer and rule:load-balancer:owner" | |
| "os_load-balancer_api:quota:get_one": "rule:load-balancer:read-quota" | |
| "os_load-balancer_api:loadbalancer:get_all-global": "rule:load-balancer:read-global" | |
| "os_load-balancer_api:provider:get_all": "rule:load-balancer:read" | |
| "os_load-balancer_api:member:get_all": "rule:load-balancer:read" | |
| "os_load-balancer_api:l7policy:delete": "rule:load-balancer:write" | |
| "os_load-balancer_api:healthmonitor:put": "rule:load-balancer:write" | |
| "os_load-balancer_api:member:post": "rule:load-balancer:write" | |
| "load-balancer:global_observer": "role:load-balancer_global_observer" | |
| "os_load-balancer_api:l7policy:get_all-global": "rule:load-balancer:read-global" | |
| "os_load-balancer_api:loadbalancer:get_one": "rule:load-balancer:read" | |
| "os_load-balancer_api:loadbalancer:put": "rule:load-balancer:write" | |
| "os_load-balancer_api:l7rule:get_one": "rule:load-balancer:read" | |
| "os_load-balancer_api:listener:get_stats": "rule:load-balancer:read" | |
| "os_load-balancer_api:amphora:get_all": "rule:load-balancer:admin" | |
| "os_load-balancer_api:l7policy:put": "rule:load-balancer:write" | |
| "os_load-balancer_api:listener:get_all-global": "rule:load-balancer:read-global" | |
| "os_load-balancer_api:l7policy:post": "rule:load-balancer:write" | |
| "os_load-balancer_api:healthmonitor:get_all-global": "rule:load-balancer:read-global" | |
| "load-balancer:write-quota": "role:load-balancer_quota_admin or rule:load-balancer:admin" | |
| "os_load-balancer_api:listener:post": "rule:load-balancer:write" | |
| "context_is_admin": "role:admin or role:load-balancer_admin" | |
| "os_load-balancer_api:quota:get_all-global": "rule:load-balancer:read-quota-global" | |
| "load-balancer:admin": "is_admin:True or role:admin or role:load-balancer_admin" | |
| "os_load-balancer_api:pool:put": "rule:load-balancer:write" | |
| "os_load-balancer_api:healthmonitor:get_all": "rule:load-balancer:read" | |
| "os_load-balancer_api:l7policy:get_all": "rule:load-balancer:read" | |
| "os_load-balancer_api:loadbalancer:put_failover": "rule:load-balancer:admin" | |
| "os_load-balancer_api:healthmonitor:post": "rule:load-balancer:write" | |
| "os_load-balancer_api:pool:post": "rule:load-balancer:write" | |
| "os_load-balancer_api:quota:put": "rule:load-balancer:write-quota" | |
| "os_load-balancer_api:listener:put": "rule:load-balancer:write" | |
| "os_load-balancer_api:listener:delete": "rule:load-balancer:write" | |
| "os_load-balancer_api:quota:get_all": "rule:load-balancer:read-quota" | |
| "os_load-balancer_api:loadbalancer:delete": "rule:load-balancer:write" | |
| "os_load-balancer_api:quota:get_defaults": "rule:load-balancer:read-quota" | |
| "os_load-balancer_api:quota:delete": "rule:load-balancer:write-quota" | |
| "load-balancer:member_and_owner": "role:load-balancer_member and rule:load-balancer:owner" | |
| "os_load-balancer_api:member:delete": "rule:load-balancer:write" | |
| "os_load-balancer_api:l7rule:delete": "rule:load-balancer:write" | |
| "os_load-balancer_api:healthmonitor:get_one": "rule:load-balancer:read" | |
| "os_load-balancer_api:member:put": "rule:load-balancer:write" | |
| # mistral | |
| "workflows:publicize": "rule:admin_or_owner" | |
| "workbooks:get": "rule:admin_or_owner" | |
| "actions:get": "rule:admin_or_owner" | |
| "workflows:list": "rule:admin_or_owner" | |
| "workflows:delete": "rule:admin_or_owner" | |
| "action_executions:list": "rule:admin_or_owner" | |
| "cron_triggers:list": "rule:admin_or_owner" | |
| "services:list": "rule:admin_or_owner" | |
| "environments:update": "rule:admin_or_owner" | |
| "tasks:get": "rule:admin_or_owner" | |
| "environments:delete": "rule:admin_or_owner" | |
| "members:create": "rule:admin_or_owner" | |
| "actions:update": "rule:admin_or_owner" | |
| "actions:publicize": "rule:admin_or_owner" | |
| "tasks:list": "rule:admin_or_owner" | |
| "executions:get": "rule:admin_or_owner" | |
| "action_executions:get": "rule:admin_or_owner" | |
| "members:update": "rule:admin_or_owner" | |
| "workflows:create": "rule:admin_or_owner" | |
| "members:delete": "rule:admin_or_owner" | |
| "event_triggers:update": "rule:admin_or_owner" | |
| "cron_triggers:list:all_projects": "rule:admin_only" | |
| "executions:delete": "rule:admin_or_owner" | |
| "cron_triggers:create": "rule:admin_or_owner" | |
| "cron_triggers:delete": "rule:admin_or_owner" | |
| "event_triggers:delete": "rule:admin_or_owner" | |
| "event_triggers:list:all_projects": "rule:admin_only" | |
| "executions:list:all_projects": "rule:admin_only" | |
| "event_triggers:get": "rule:admin_or_owner" | |
| "members:list": "rule:admin_or_owner" | |
| "actions:delete": "rule:admin_or_owner" | |
| "tasks:update": "rule:admin_or_owner" | |
| "workbooks:delete": "rule:admin_or_owner" | |
| "admin_only": "is_admin:True" | |
| "actions:list": "rule:admin_or_owner" | |
| "workflows:list:all_projects": "rule:admin_only" | |
| "action_executions:create": "rule:admin_or_owner" | |
| "executions:update": "rule:admin_or_owner" | |
| "members:get": "rule:admin_or_owner" | |
| "workbooks:create": "rule:admin_or_owner" | |
| "executions:list": "rule:admin_or_owner" | |
| "cron_triggers:get": "rule:admin_or_owner" | |
| "environments:list": "rule:admin_or_owner" | |
| "action_executions:delete": "rule:admin_or_owner" | |
| "workbooks:update": "rule:admin_or_owner" | |
| "executions:create": "rule:admin_or_owner" | |
| "event_triggers:create": "rule:admin_or_owner" | |
| "workbooks:list": "rule:admin_or_owner" | |
| "workflows:update": "rule:admin_or_owner" | |
| "workflows:get": "rule:admin_or_owner" | |
| "environments:get": "rule:admin_or_owner" | |
| "action_executions:update": "rule:admin_or_owner" | |
| "environments:create": "rule:admin_or_owner" | |
| "event_triggers:create:public": "rule:admin_only" | |
| "actions:create": "rule:admin_or_owner" | |
| "event_triggers:list": "rule:admin_or_owner" | |
| "admin_or_owner": "is_admin:True or project_id:%(project_id)s" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # cinder | |
| "volume:create_volume_metadata" | |
| "volume:delete_snapshot_metadata" | |
| "backup:export-import" | |
| "volume:failover_host" | |
| "volume_extension:capabilities" | |
| "context_is_admin" | |
| "volume_extension:volume_admin_actions:force_detach" | |
| "volume_extension:types_extra_specs:delete" | |
| "backup:delete" | |
| "volume_extension:volume_encryption_metadata" | |
| "clusters:get" | |
| "volume_extension:volume_actions:begin_detaching" | |
| "message:get" | |
| "volume_extension:volume_actions:detach" | |
| "volume_extension:quotas:update" | |
| "snapshot_extension:snapshot_actions:update_snapshot_status" | |
| "scheduler_extension:scheduler_stats:get_pools" | |
| "backup:restore" | |
| "volume_extension:volume_tenant_attribute" | |
| "volume_extension:services:update" | |
| "volume_extension:snapshot_admin_actions:reset_status" | |
| "group:create_group_snapshot" | |
| "volume_extension:volume_admin_actions:force_delete" | |
| "volume:update_readonly_flag" | |
| "group:group_types_manage" | |
| "volume:create_from_image" | |
| "backup:backup-import" | |
| "backup:get_all" | |
| "group:delete" | |
| "group:disable_replication" | |
| "volume_extension:types_manage" | |
| "limits_extension:used_limits" | |
| "group:get_all_group_snapshots" | |
| "volume:update_volume_metadata" | |
| "volume:accept_transfer" | |
| "volume_extension:snapshot_admin_actions:force_delete" | |
| "volume:force_delete" | |
| "volume_extension:volume_mig_status_attribute" | |
| "admin_api" | |
| "volume_extension:quota_classes" | |
| "volume_extension:qos_specs_manage:get_all" | |
| "volume:create_snapshot" | |
| "volume:get_all" | |
| "snapshot_extension:snapshot_unmanage" | |
| "volume_extension:volume_image_metadata" | |
| "volume_extension:types_extra_specs:show" | |
| "volume:get_transfer" | |
| "volume_extension:volume_type_access:removeProjectAccess" | |
| "group:create" | |
| "volume:extend" | |
| "volume_extension:type_get" | |
| "volume:get_snapshot_metadata" | |
| "volume_extension:volume_admin_actions:migrate_volume_completion" | |
| "workers:cleanup" | |
| "volume:update_snapshot_metadata" | |
| "volume_extension:access_types_extra_specs" | |
| "group:reset_status" | |
| "group:get" | |
| "group:update" | |
| "volume_extension:volume_manage" | |
| "volume:get" | |
| "volume:get_snapshot" | |
| "volume:create" | |
| "volume_extension:volume_actions:terminate_connection" | |
| "volume:update_snapshot" | |
| "volume_extension:volume_actions:initialize_connection" | |
| "volume_extension:quotas:show" | |
| "volume_extension:hosts" | |
| "group:update_group_snapshot" | |
| "volume_extension:volume_type_access" | |
| "volume:get_all_snapshots" | |
| "group:get_group_snapshot" | |
| "volume:attachment_delete" | |
| "volume:get_all_transfers" | |
| "volume:attachment_complete" | |
| "volume:attachment_create" | |
| "volume:get_volume_metadata" | |
| "group:enable_replication" | |
| "volume_extension:backup_admin_actions:force_delete" | |
| "group:access_group_types_specs" | |
| "group:failover_replication" | |
| "volume_extension:volume_unmanage" | |
| "volume_extension:backup_admin_actions:reset_status" | |
| "group:get_all" | |
| "group:reset_group_snapshot_status" | |
| "volume_extension:type_get_all" | |
| "volume:update_volume_admin_metadata" | |
| "volume_extension:qos_specs_manage:update" | |
| "clusters:update" | |
| "admin_or_owner" | |
| "volume_extension:volume_admin_actions:reset_status" | |
| "volume_extension:volume_actions:upload_image" | |
| "volume_extension:types_extra_specs:update" | |
| "volume_extension:volume_actions:upload_public" | |
| "volume_extension:volume_actions:attach" | |
| "volume:revert_to_snapshot" | |
| "volume_extension:qos_specs_manage:get" | |
| "volume:multiattach" | |
| "volume_extension:list_manageable" | |
| "volume_extension:extended_snapshot_attributes" | |
| "volume_extension:volume_actions:reserve" | |
| "volume_extension:qos_specs_manage:create" | |
| "volume_extension:types_extra_specs:create" | |
| "volume:delete_transfer" | |
| "backup:create" | |
| "snapshot_extension:list_manageable" | |
| "volume_extension:quotas:delete" | |
| "volume_extension:volume_actions:roll_detaching" | |
| "volume:multiattach_bootable_volume" | |
| "volume_extension:types_extra_specs:index" | |
| "volume_extension:volume_host_attribute" | |
| "volume:delete_volume_metadata" | |
| "backup:get" | |
| "backup:backup_project_attribute" | |
| "group:delete_group_snapshot" | |
| "volume:retype" | |
| "clusters:get_all" | |
| "volume_extension:quota_classes:validate_setup_for_nested_quota_use" | |
| "backup:update" | |
| "volume:attachment_update" | |
| "volume:delete_snapshot" | |
| "volume_extension:volume_actions:unreserve" | |
| "snapshot_extension:snapshot_manage" | |
| "volume_extension:volume_admin_actions:migrate_volume" | |
| "volume_extension:services:index" | |
| "volume:delete" | |
| "volume_extension:qos_specs_manage:delete" | |
| "volume_extension:volume_type_encryption" | |
| "volume:freeze_host" | |
| "message:delete" | |
| "message:get_all" | |
| "group:group_types_specs" | |
| "group:list_replication_targets" | |
| "volume_extension:access_types_qos_specs_id" | |
| "volume:update" | |
| "volume:extend_attached_volume" | |
| "volume:create_transfer" | |
| "volume_extension:volume_type_access:addProjectAccess" | |
| "volume:thaw_host" | |
| # glance | |
| "context_is_admin" | |
| "default" | |
| "add_image" | |
| "delete_image" | |
| "get_image" | |
| "get_images" | |
| "modify_image" | |
| "publicize_image" | |
| "communitize_image" | |
| "copy_from" | |
| "download_image" | |
| "upload_image" | |
| "delete_image_location" | |
| "get_image_location" | |
| "set_image_location" | |
| "add_member" | |
| "delete_member" | |
| "get_member" | |
| "get_members" | |
| "modify_member" | |
| "manage_image_cache" | |
| "get_task" | |
| "get_tasks" | |
| "add_task" | |
| "modify_task" | |
| "tasks_api_access" | |
| "deactivate" | |
| "reactivate" | |
| "get_metadef_namespace" | |
| "get_metadef_namespaces":"" | |
| "modify_metadef_namespace":"" | |
| "add_metadef_namespace":"" | |
| "get_metadef_object":"" | |
| "get_metadef_objects":"" | |
| "modify_metadef_object":"" | |
| "add_metadef_object":"" | |
| "list_metadef_resource_types":"" | |
| "get_metadef_resource_type":"" | |
| "add_metadef_resource_type_association":"" | |
| "get_metadef_property":"" | |
| "get_metadef_properties":"" | |
| "modify_metadef_property":"" | |
| "add_metadef_property":"" | |
| "get_metadef_tag":"" | |
| "get_metadef_tags":"" | |
| "modify_metadef_tag":"" | |
| "add_metadef_tag":"" | |
| "add_metadef_tags":"" | |
| # keystone | |
| "identity:delete_project" | |
| "identity:list_revoke_events" | |
| "identity:revoke_system_grant_for_group" | |
| "identity:get_region" | |
| "identity:list_system_grants_for_group" | |
| "identity:create_implied_role" | |
| "identity:list_endpoint_groups" | |
| "identity:list_endpoints_associated_with_endpoint_group" | |
| "identity:get_auth_catalog" | |
| "identity:list_access_tokens" | |
| "identity:list_trusts" | |
| "identity:update_registered_limit" | |
| "identity:delete_implied_role" | |
| "identity:get_domain_config_default" | |
| "identity:update_service" | |
| "identity:create_domain_config" | |
| "identity:delete_service" | |
| "identity:update_mapping" | |
| "identity:update_limit" | |
| "identity:list_domains" | |
| "identity:list_policies" | |
| "identity:update_endpoint_group" | |
| "service_role" | |
| "identity:get_project_tag" | |
| "identity:check_system_grant_for_group" | |
| "identity:create_policy_association_for_service" | |
| "identity:delete_endpoint_group" | |
| "identity:get_endpoint_group_in_project" | |
| "identity:list_roles" | |
| "identity:delete_application_credential" | |
| "identity:delete_identity_provider" | |
| "identity:create_domain_role" | |
| "identity:list_users" | |
| "identity:create_protocol" | |
| "identity:check_user_in_group" | |
| "identity:create_user" | |
| "identity:delete_policy_association_for_region_and_service" | |
| "identity:get_policy_for_endpoint" | |
| "identity:update_consumer" | |
| "identity:get_registered_limit" | |
| "identity:create_grant" | |
| "identity:list_projects_associated_with_endpoint_group" | |
| "identity:list_groups" | |
| "identity:validate_token" | |
| "identity:create_endpoint" | |
| "identity:check_token" | |
| "identity:ec2_create_credential" | |
| "identity:ec2_get_credential" | |
| "identity:delete_project_tags" | |
| "identity:delete_domain_role" | |
| "identity:delete_mapping" | |
| "identity:list_endpoints_for_policy" | |
| "identity:update_project_tags" | |
| "identity:update_service_provider" | |
| "identity:list_endpoint_groups_for_project" | |
| "identity:ec2_delete_credential" | |
| "identity:get_user" | |
| "identity:get_limit" | |
| "identity:delete_domain_config" | |
| "identity:check_grant" | |
| "identity:update_domain" | |
| "identity:get_trust" | |
| "identity:get_endpoint" | |
| "identity:get_access_token" | |
| "admin_required" | |
| "identity:authorize_request_token" | |
| "identity:list_regions" | |
| "identity:create_trust" | |
| "service_admin_or_token_subject" | |
| "identity:delete_policy_association_for_service" | |
| "identity:create_identity_provider" | |
| "identity:revoke_token" | |
| "identity:delete_service_provider" | |
| "identity:list_limits" | |
| "identity:revoke_system_grant_for_user" | |
| "identity:remove_endpoint_group_from_project" | |
| "identity:delete_endpoint" | |
| "identity:create_project" | |
| "identity:list_identity_providers" | |
| "identity:create_system_grant_for_group" | |
| "identity:list_endpoints_for_project" | |
| "identity:create_application_credential" | |
| "identity:check_implied_role" | |
| "identity:get_auth_projects" | |
| "identity:list_projects" | |
| "identity:get_role" | |
| "identity:update_identity_provider" | |
| "identity:list_services" | |
| "identity:list_projects_for_user" | |
| "identity:delete_trust" | |
| "identity:update_protocol" | |
| "identity:update_role" | |
| "identity:check_system_grant_for_user" | |
| "identity:create_service_provider" | |
| "identity:create_credential" | |
| "identity:create_system_grant_for_user" | |
| "identity:revocation_list" | |
| "identity:delete_policy" | |
| "identity:delete_role" | |
| "identity:create_role" | |
| "identity:list_consumers" | |
| "identity:get_role_for_trust" | |
| "admin_or_token_subject" | |
| "identity:get_security_compliance_domain_config" | |
| "identity:get_mapping" | |
| "identity:create_group" | |
| "identity:list_protocols" | |
| "owner" | |
| "identity:get_project" | |
| "identity:update_region" | |
| "identity:create_region" | |
| "identity:get_protocol" | |
| "identity:check_policy_association_for_endpoint" | |
| "identity:delete_registered_limit" | |
| "identity:delete_limit" | |
| "identity:get_domain_role" | |
| "identity:get_service" | |
| "identity:create_policy_association_for_endpoint" | |
| "identity:get_policy" | |
| "service_or_admin" | |
| "identity:get_access_token_role" | |
| "identity:update_policy" | |
| "identity:delete_consumer" | |
| "identity:remove_user_from_group" | |
| "identity:create_policy_association_for_region_and_service" | |
| "identity:create_mapping" | |
| "identity:list_projects_for_endpoint" | |
| "identity:list_role_assignments" | |
| "token_subject" | |
| "identity:create_service" | |
| "identity:list_mappings" | |
| "identity:update_endpoint" | |
| "admin_or_owner" | |
| "identity:create_policy" | |
| "identity:delete_user" | |
| "identity:get_group" | |
| "identity:create_consumer" | |
| "identity:list_roles_for_trust" | |
| "identity:check_policy_association_for_region_and_service" | |
| "identity:list_service_providers" | |
| "identity:get_consumer" | |
| "identity:revoke_grant" | |
| "identity:add_user_to_group" | |
| "identity:list_domains_for_user" | |
| "identity:list_user_projects" | |
| "identity:list_implied_roles" | |
| "identity:list_role_assignments_for_tree" | |
| "identity:list_endpoints" | |
| "identity:get_identity_provider" | |
| "identity:get_auth_domains" | |
| "identity:check_policy_association_for_service" | |
| "identity:create_registered_limits" | |
| "identity:delete_protocol" | |
| "identity:add_endpoint_group_to_project" | |
| "identity:create_limits" | |
| "identity:update_project" | |
| "identity:delete_group" | |
| "identity:add_endpoint_to_project" | |
| "identity:delete_access_token" | |
| "identity:get_auth_system" | |
| "identity:get_service_provider" | |
| "identity:create_project_tag" | |
| "identity:list_application_credentials" | |
| "identity:create_domain" | |
| "identity:update_domain_config" | |
| "identity:list_grants" | |
| "identity:ec2_list_credentials" | |
| "identity:list_credentials" | |
| "identity:update_credential" | |
| "identity:delete_policy_association_for_endpoint" | |
| "identity:create_endpoint_group" | |
| "identity:get_credential" | |
| "identity:delete_domain" | |
| "identity:get_limit_model" | |
| "identity:update_group" | |
| "identity:remove_endpoint_from_project" | |
| "identity:list_role_inference_rules" | |
| "identity:get_implied_role" | |
| "identity:delete_credential" | |
| "identity:update_domain_role" | |
| "identity:get_endpoint_group" | |
| "identity:list_project_tags" | |
| "identity:delete_project_tag" | |
| "identity:get_application_credential" | |
| "identity:get_domain" | |
| "identity:get_domain_config" | |
| "identity:list_domain_roles" | |
| "identity:check_endpoint_in_project" | |
| "identity:list_users_in_group" | |
| "identity:update_user" | |
| "identity:list_groups_for_user" | |
| "identity:list_access_token_roles" | |
| "identity:list_system_grants_for_user" | |
| "identity:list_registered_limits" | |
| "identity:delete_region" | |
| # nova | |
| "os_compute_api:os-evacuate" | |
| "os_compute_api:servers:create" | |
| "os_compute_api:servers:create:forced_host" | |
| "os_compute_api:os-aggregates:remove_host" | |
| "os_compute_api:os-console-output" | |
| "os_compute_api:os-floating-ips" | |
| "os_compute_api:os-aggregates:update" | |
| "os_compute_api:server-metadata:show" | |
| "os_compute_api:os-flavor-manage:create" | |
| "os_compute_api:servers:start" | |
| "os_compute_api:os-keypairs:create" | |
| "os_compute_api:servers:create_image" | |
| "os_compute_api:ips:index" | |
| "os_compute_api:os-server-groups" | |
| "os_compute_api:os-server-tags:delete_all" | |
| "os_compute_api:servers:index:get_all_tenants" | |
| "os_compute_api:os-keypairs:delete" | |
| "os_compute_api:os-flavor-manage:delete" | |
| "os_compute_api:os-availability-zone:list" | |
| "os_compute_api:os-simple-tenant-usage:list" | |
| "os_compute_api:os-quota-class-sets:show" | |
| "os_compute_api:os-suspend-server:resume" | |
| "os_compute_api:os-tenant-networks" | |
| "os_compute_api:os-server-tags:update_all" | |
| "os_compute_api:os-hypervisors" | |
| "os_compute_api:os-consoles:delete" | |
| "os_compute_api:os-networks-associate" | |
| "os_compute_api:os-volumes-attachments:index" | |
| "os_compute_api:os-remote-consoles" | |
| "os_compute_api:limits" | |
| "os_compute_api:os-cells:create" | |
| "context_is_admin" | |
| "os_compute_api:server-metadata:index" | |
| "os_compute_api:os-consoles:create" | |
| "os_compute_api:os-aggregates:set_metadata" | |
| "os_compute_api:os-create-backup" | |
| "os_compute_api:os-aggregates:delete" | |
| "os_compute_api:server-metadata:delete" | |
| "os_compute_api:os-pause-server:pause" | |
| "os_compute_api:os-used-limits" | |
| "os_compute_api:os-rescue" | |
| "admin_api" | |
| "os_compute_api:os-agents" | |
| "os_compute_api:os-server-tags:delete" | |
| "os_compute_api:os-flavor-extra-specs:show" | |
| "os_compute_api:os-flavor-manage:update" | |
| "os_compute_api:os-attach-interfaces:delete" | |
| "os_compute_api:os-instance-actions:events" | |
| "network:attach_external_network" | |
| "os_compute_api:server-metadata:create" | |
| "os_compute_api:os-shelve:shelve" | |
| "os_compute_api:servers:resize" | |
| "os_compute_api:os-aggregates:add_host" | |
| "os_compute_api:os-flavor-access:add_tenant_access" | |
| "os_compute_api:os-cells:update" | |
| "os_compute_api:os-server-diagnostics" | |
| "os_compute_api:servers:revert_resize" | |
| "os_compute_api:os-cells" | |
| "os_compute_api:servers:update" | |
| "os_compute_api:os-admin-actions:reset_network" | |
| "os_compute_api:os-shelve:shelve_offload" | |
| "os_compute_api:os-instance-actions" | |
| "os_compute_api:os-attach-interfaces:create" | |
| "os_compute_api:os-volumes-attachments:create" | |
| "os_compute_api:servers:migrations:force_complete" | |
| "os_compute_api:os-consoles:index" | |
| "os_compute_api:os-instance-usage-audit-log" | |
| "os_compute_api:os-migrations:index" | |
| "os_compute_api:os-admin-actions:reset_state" | |
| "os_compute_api:os-server-groups:create" | |
| "os_compute_api:os-quota-sets:defaults" | |
| "os_compute_api:servers:detail" | |
| "os_compute_api:os-server-external-events:create" | |
| "os_compute_api:os-flavor-extra-specs:create" | |
| "os_compute_api:os-lock-server:lock" | |
| "os_compute_api:servers:confirm_resize" | |
| "os_compute_api:os-flavor-extra-specs:index" | |
| "os_compute_api:servers:create_image:allow_volume_backed" | |
| "os_compute_api:os-assisted-volume-snapshots:delete" | |
| "os_compute_api:servers:rebuild:trusted_certs" | |
| "os_compute_api:os-server-groups:index" | |
| "os_compute_api:os-extended-server-attributes" | |
| "os_compute_api:os-assisted-volume-snapshots:create" | |
| "os_compute_api:os-consoles:show" | |
| "os_compute_api:servers:migrations:show" | |
| "os_compute_api:os-admin-actions:inject_network_info" | |
| "os_compute_api:servers:create:attach_volume" | |
| "os_compute_api:os-quota-sets:show" | |
| "os_compute_api:os-server-tags:update" | |
| "os_compute_api:os-quota-class-sets:update" | |
| "os_compute_api:os-server-groups:show" | |
| "os_compute_api:os-migrate-server:migrate" | |
| "os_compute_api:extensions" | |
| "os_compute_api:flavors" | |
| "os_compute_api:os-flavor-access:remove_tenant_access" | |
| "os_compute_api:os-simple-tenant-usage:show" | |
| "os_compute_api:os-floating-ip-pools" | |
| "os_compute_api:os-volumes-attachments:show" | |
| "os_compute_api:os-security-groups" | |
| "os_compute_api:os-keypairs:show" | |
| "os_compute_api:os-deferred-delete" | |
| "os_compute_api:servers:show" | |
| "os_compute_api:os-hide-server-addresses" | |
| "os_compute_api:os-flavor-extra-specs:update" | |
| "os_compute_api:os-pause-server:unpause" | |
| "os_compute_api:os-admin-password" | |
| "os_compute_api:os-server-tags:show" | |
| "os_compute_api:servers:rebuild" | |
| "os_compute_api:servers:delete" | |
| "admin_or_owner" | |
| "os_compute_api:os-quota-sets:delete" | |
| "os_compute_api:os-quota-sets:detail" | |
| "os_compute_api:servers:trigger_crash_dump" | |
| "os_compute_api:os-availability-zone:detail" | |
| "cells_scheduler_filter:TargetCellFilter" | |
| "os_compute_api:os-flavor-manage" | |
| "os_compute_api:os-cells:sync_instances" | |
| "os_compute_api:os-services" | |
| "os_compute_api:servers:detail:get_all_tenants" | |
| "os_compute_api:servers:index" | |
| "os_compute_api:os-keypairs:index" | |
| "os_compute_api:os-volumes-attachments:update" | |
| "os_compute_api:os-server-tags:index" | |
| "os_compute_api:os-suspend-server:suspend" | |
| "os_compute_api:servers:stop" | |
| "os_compute_api:os-quota-sets:update" | |
| "os_compute_api:os-volumes" | |
| "os_compute_api:os-baremetal-nodes" | |
| "os_compute_api:servers:show:host_status" | |
| "os_compute_api:os-aggregates:index" | |
| "os_compute_api:os-flavor-extra-specs:delete" | |
| "os_compute_api:os-aggregates:create" | |
| "os_compute_api:os-lock-server:unlock:unlock_override" | |
| "os_compute_api:os-networks" | |
| "os_compute_api:os-lock-server:unlock" | |
| "os_compute_api:os-cells:delete" | |
| "os_compute_api:os-networks:view" | |
| "os_compute_api:server-metadata:update_all" | |
| "create_port:port_security_enabled" | |
| "create_port:binding:host_id" | |
| "create_port:binding:profile" | |
| "create_port:mac_learning_enabled" | |
| "create_port:allowed_address_pairs" | |
| "get_port" | |
| "get_port:queue_id" | |
| "get_port:binding:vif_type" | |
| "get_port:binding:vif_details" | |
| "get_port:binding:host_id" | |
| "get_port:binding:profile" | |
| "update_port" | |
| "update_port:device_owner" | |
| "update_port:mac_address" | |
| "update_port:fixed_ips" | |
| "update_port:fixed_ips:ip_address" | |
| "update_port:fixed_ips:subnet_id" | |
| "update_port:port_security_enabled" | |
| "update_port:binding:host_id" | |
| "update_port:binding:profile" | |
| "update_port:mac_learning_enabled" | |
| "update_port:allowed_address_pairs" | |
| "update_port:data_plane_status" | |
| "delete_port" | |
| "create_router" | |
| "create_router:external_gateway_info" | |
| "create_router:external_gateway_info:network_id" | |
| "create_router:external_gateway_info:enable_snat" | |
| "create_router:external_gateway_info:external_fixed_ips" | |
| "create_router:distributed" | |
| "create_router:ha" | |
| "get_router" | |
| "get_router:ha" | |
| "get_router:distributed" | |
| "update_router" | |
| "update_router:external_gateway_info" | |
| "update_router:external_gateway_info:network_id" | |
| "update_router:external_gateway_info:enable_snat" | |
| "update_router:external_gateway_info:external_fixed_ips" | |
| "update_router:distributed" | |
| "update_router:ha" | |
| "delete_router" | |
| "add_router_interface" | |
| "remove_router_interface" | |
| "create_qos_queue" | |
| "get_qos_queue" | |
| "get_agent" | |
| "update_agent" | |
| "delete_agent" | |
| "create_dhcp-network" | |
| "get_dhcp-networks" | |
| "delete_dhcp-network" | |
| "create_l3-router" | |
| "get_l3-routers" | |
| "delete_l3-router" | |
| "get_dhcp-agents" | |
| "get_l3-agents" | |
| "get_loadbalancer-agent" | |
| "get_loadbalancer-pools" | |
| "get_agent-loadbalancers" | |
| "get_loadbalancer-hosting-agent" | |
| "create_floatingip" | |
| "create_floatingip:floating_ip_address" | |
| "get_floatingip" | |
| "update_floatingip" | |
| "delete_floatingip" | |
| "create_network_profile" | |
| "get_network_profiles" | |
| "get_network_profile" | |
| "update_network_profile" | |
| "delete_network_profile" | |
| "get_policy_profiles" | |
| "get_policy_profile" | |
| "update_policy_profiles" | |
| "create_metering_label" | |
| "get_metering_label" | |
| "delete_metering_label" | |
| "create_metering_label_rule" | |
| "get_metering_label_rule" | |
| "delete_metering_label_rule" | |
| "create_lsn" | |
| "get_lsn" | |
| "get_service_provider" | |
| "create_flavor" | |
| "get_flavors" | |
| "get_flavor" | |
| "update_flavor" | |
| "delete_flavor" | |
| "create_service_profile" | |
| "get_service_profiles" | |
| "get_service_profile" | |
| "update_service_profile" | |
| "delete_service_profile" | |
| "create_policy" | |
| "get_policy" | |
| "update_policy" | |
| "delete_policy" | |
| "create_policy_bandwidth_limit_rule" | |
| "get_policy_bandwidth_limit_rule" | |
| "update_policy_bandwidth_limit_rule" | |
| "delete_policy_bandwidth_limit_rule" | |
| "create_policy_dscp_marking_rule" | |
| "get_policy_dscp_marking_rule" | |
| "update_policy_dscp_marking_rule" | |
| "delete_policy_dscp_marking_rule" | |
| "get_rule_type" | |
| "create_policy_minimum_bandwidth_rule" | |
| "get_policy_minimum_bandwidth_rule" | |
| "update_policy_minimum_bandwidth_rule" | |
| "delete_policy_minimum_bandwidth_rule" | |
| "restrict_wildcard" | |
| "create_rbac_policy" | |
| "create_rbac_policy:target_tenant" | |
| "get_rbac_policy" | |
| "update_rbac_policy" | |
| "update_rbac_policy:target_tenant" | |
| "delete_rbac_policy" | |
| "create_flavor_service_profile" | |
| "get_flavor_service_profile" | |
| "delete_flavor_service_profile" | |
| "get_auto_allocated_topology" | |
| "delete_auto_allocated_topology" | |
| "create_trunk" | |
| "get_trunk" | |
| "delete_trunk" | |
| "add_subports" | |
| "get_subports" | |
| "remove_subports" | |
| "create_security_group" | |
| "get_security_groups" | |
| "get_security_group" | |
| "update_security_group" | |
| "delete_security_group" | |
| "create_security_group_rule" | |
| "get_security_group_rules" | |
| "get_security_group_rule" | |
| "delete_security_group_rule" | |
| "get_loggable_resources" | |
| "create_log" | |
| "get_log" | |
| "get_logs" | |
| "update_log" | |
| "delete_log" | |
| "create_floatingip_port_forwarding" | |
| "get_floatingip_port_forwarding" | |
| "get_floatingip_port_forwardings" | |
| "update_floatingip_port_forwarding" | |
| "delete_floatingip_port_forwarding" | |
| # octavia | |
| "load-balancer:read" | |
| "load-balancer:read-quota" | |
| "os_load-balancer_api:pool:delete" | |
| "os_load-balancer_api:listener:get_all" | |
| "os_load-balancer_api:loadbalancer:post" | |
| "os_load-balancer_api:loadbalancer:get_status" | |
| "os_load-balancer_api:l7rule:post" | |
| "os_load-balancer_api:l7policy:get_one" | |
| "os_load-balancer_api:pool:get_all-global" | |
| "os_load-balancer_api:amphora:put_failover" | |
| "load-balancer:owner" | |
| "os_load-balancer_api:listener:get_one" | |
| "os_load-balancer_api:pool:get_all" | |
| "os_load-balancer_api:l7rule:get_all" | |
| "load-balancer:write" | |
| "os_load-balancer_api:amphora:get_one" | |
| "os_load-balancer_api:healthmonitor:delete" | |
| "load-balancer:read-global" | |
| "os_load-balancer_api:loadbalancer:get_stats" | |
| "os_load-balancer_api:member:get_one" | |
| "os_load-balancer_api:pool:get_one" | |
| "load-balancer:read-quota-global" | |
| "os_load-balancer_api:loadbalancer:get_all" | |
| "os_load-balancer_api:l7rule:put" | |
| "load-balancer:observer_and_owner" | |
| "os_load-balancer_api:quota:get_one" | |
| "os_load-balancer_api:loadbalancer:get_all-global" | |
| "os_load-balancer_api:provider:get_all" | |
| "os_load-balancer_api:member:get_all" | |
| "os_load-balancer_api:l7policy:delete" | |
| "os_load-balancer_api:healthmonitor:put" | |
| "os_load-balancer_api:member:post" | |
| "load-balancer:global_observer" | |
| "os_load-balancer_api:l7policy:get_all-global" | |
| "os_load-balancer_api:loadbalancer:get_one" | |
| "os_load-balancer_api:loadbalancer:put" | |
| "os_load-balancer_api:l7rule:get_one" | |
| "os_load-balancer_api:listener:get_stats" | |
| "os_load-balancer_api:amphora:get_all" | |
| "os_load-balancer_api:l7policy:put" | |
| "os_load-balancer_api:listener:get_all-global" | |
| "os_load-balancer_api:l7policy:post" | |
| "os_load-balancer_api:healthmonitor:get_all-global" | |
| "load-balancer:write-quota" | |
| "os_load-balancer_api:listener:post" | |
| "context_is_admin" | |
| "os_load-balancer_api:quota:get_all-global" | |
| "load-balancer:admin" | |
| "os_load-balancer_api:pool:put" | |
| "os_load-balancer_api:healthmonitor:get_all" | |
| "os_load-balancer_api:l7policy:get_all" | |
| "os_load-balancer_api:loadbalancer:put_failover" | |
| "os_load-balancer_api:healthmonitor:post" | |
| "os_load-balancer_api:pool:post" | |
| "os_load-balancer_api:quota:put" | |
| "os_load-balancer_api:listener:put" | |
| "os_load-balancer_api:listener:delete" | |
| "os_load-balancer_api:quota:get_all" | |
| "os_load-balancer_api:loadbalancer:delete" | |
| "os_load-balancer_api:quota:get_defaults" | |
| "os_load-balancer_api:quota:delete" | |
| "load-balancer:member_and_owner" | |
| "os_load-balancer_api:member:delete" | |
| "os_load-balancer_api:l7rule:delete" | |
| "os_load-balancer_api:healthmonitor:get_one" | |
| "os_load-balancer_api:member:put" | |
| # mistral | |
| "workflows:publicize" | |
| "workbooks:get" | |
| "actions:get" | |
| "workflows:list" | |
| "workflows:delete" | |
| "action_executions:list" | |
| "cron_triggers:list" | |
| "services:list" | |
| "environments:update" | |
| "tasks:get" | |
| "environments:delete" | |
| "members:create" | |
| "actions:update" | |
| "actions:publicize" | |
| "tasks:list" | |
| "executions:get" | |
| "action_executions:get" | |
| "members:update" | |
| "workflows:create" | |
| "members:delete" | |
| "event_triggers:update" | |
| "cron_triggers:list:all_projects" | |
| "executions:delete" | |
| "cron_triggers:create" | |
| "cron_triggers:delete" | |
| "event_triggers:delete" | |
| "event_triggers:list:all_projects" | |
| "executions:list:all_projects" | |
| "event_triggers:get" | |
| "members:list" | |
| "actions:delete" | |
| "tasks:update" | |
| "workbooks:delete" | |
| "admin_only" | |
| "actions:list" | |
| "workflows:list:all_projects" | |
| "action_executions:create" | |
| "executions:update" | |
| "members:get" | |
| "workbooks:create" | |
| "executions:list" | |
| "cron_triggers:get" | |
| "environments:list" | |
| "action_executions:delete" | |
| "workbooks:update" | |
| "executions:create" | |
| "event_triggers:create" | |
| "workbooks:list" | |
| "workflows:update" | |
| "workflows:get" | |
| "environments:get" | |
| "action_executions:update" | |
| "environments:create" | |
| "event_triggers:create:public" | |
| "actions:create" | |
| "event_triggers:list" | |
| "admin_or_owner" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment