summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
authorHe Jie Xu <hejie.xu@intel.com>2016-05-25 11:09:18 +0800
committerMatt Riedemann <mriedem@us.ibm.com>2016-06-08 17:57:29 -0400
commit1fba0bc166af09ac54a1b7b17704511cb5363e09 (patch)
tree269fe0e9118b29dbfe1c164cc62babad3398f124 /etc
parent6d2470ade25b3a58045e7f75afa2629e851ac049 (diff)
downloadnova-1fba0bc166af09ac54a1b7b17704511cb5363e09.tar.gz
Remove legacy v2 policy rules
The legacy v2 API code was removed. The policy rules which are used by legacy v2 API code are useless anymore. This patch cleanup them. Partially implements blueprint remove-legacy-v2-api-code Change-Id: I64648bf97ec483981426086b81b2056928fa1b3e
Diffstat (limited to 'etc')
-rw-r--r--etc/nova/policy.json242
1 files changed, 1 insertions, 241 deletions
diff --git a/etc/nova/policy.json b/etc/nova/policy.json
index 2f63cd90ea..54408410eb 100644
--- a/etc/nova/policy.json
+++ b/etc/nova/policy.json
@@ -5,249 +5,9 @@
"cells_scheduler_filter:TargetCellFilter": "is_admin:True",
- "compute:create": "rule:admin_or_owner",
- "compute:create:attach_network": "rule:admin_or_owner",
- "compute:create:attach_volume": "rule:admin_or_owner",
- "compute:create:forced_host": "is_admin:True",
-
- "compute:get": "rule:admin_or_owner",
- "compute:get_all": "rule:admin_or_owner",
- "compute:get_all_tenants": "is_admin:True",
-
- "compute:update": "rule:admin_or_owner",
-
- "compute:get_instance_metadata": "rule:admin_or_owner",
- "compute:get_all_instance_metadata": "rule:admin_or_owner",
- "compute:get_all_instance_system_metadata": "rule:admin_or_owner",
- "compute:update_instance_metadata": "rule:admin_or_owner",
- "compute:delete_instance_metadata": "rule:admin_or_owner",
-
- "compute:get_diagnostics": "rule:admin_or_owner",
- "compute:get_instance_diagnostics": "rule:admin_or_owner",
-
- "compute:start": "rule:admin_or_owner",
- "compute:stop": "rule:admin_or_owner",
-
- "compute:lock": "rule:admin_or_owner",
- "compute:unlock": "rule:admin_or_owner",
- "compute:unlock_override": "rule:admin_api",
-
- "compute:get_vnc_console": "rule:admin_or_owner",
- "compute:get_spice_console": "rule:admin_or_owner",
- "compute:get_rdp_console": "rule:admin_or_owner",
- "compute:get_serial_console": "rule:admin_or_owner",
- "compute:get_mks_console": "rule:admin_or_owner",
- "compute:get_console_output": "rule:admin_or_owner",
-
- "compute:reset_network": "rule:admin_or_owner",
- "compute:inject_network_info": "rule:admin_or_owner",
- "compute:add_fixed_ip": "rule:admin_or_owner",
- "compute:remove_fixed_ip": "rule:admin_or_owner",
-
- "compute:attach_volume": "rule:admin_or_owner",
- "compute:detach_volume": "rule:admin_or_owner",
- "compute:swap_volume": "rule:admin_api",
-
- "compute:attach_interface": "rule:admin_or_owner",
- "compute:detach_interface": "rule:admin_or_owner",
-
- "compute:set_admin_password": "rule:admin_or_owner",
-
- "compute:rescue": "rule:admin_or_owner",
- "compute:unrescue": "rule:admin_or_owner",
-
- "compute:suspend": "rule:admin_or_owner",
- "compute:resume": "rule:admin_or_owner",
-
- "compute:pause": "rule:admin_or_owner",
- "compute:unpause": "rule:admin_or_owner",
-
- "compute:shelve": "rule:admin_or_owner",
- "compute:shelve_offload": "rule:admin_or_owner",
- "compute:unshelve": "rule:admin_or_owner",
-
- "compute:snapshot": "rule:admin_or_owner",
- "compute:snapshot_volume_backed": "rule:admin_or_owner",
- "compute:backup": "rule:admin_or_owner",
-
- "compute:resize": "rule:admin_or_owner",
- "compute:confirm_resize": "rule:admin_or_owner",
- "compute:revert_resize": "rule:admin_or_owner",
-
- "compute:rebuild": "rule:admin_or_owner",
- "compute:reboot": "rule:admin_or_owner",
- "compute:delete": "rule:admin_or_owner",
- "compute:soft_delete": "rule:admin_or_owner",
- "compute:force_delete": "rule:admin_or_owner",
-
- "compute:security_groups:add_to_instance": "rule:admin_or_owner",
- "compute:security_groups:remove_from_instance": "rule:admin_or_owner",
-
- "compute:restore": "rule:admin_or_owner",
-
- "compute:volume_snapshot_create": "rule:admin_or_owner",
- "compute:volume_snapshot_delete": "rule:admin_or_owner",
-
"admin_api": "is_admin:True",
- "compute_extension:accounts": "rule:admin_api",
- "compute_extension:admin_actions": "rule:admin_api",
- "compute_extension:admin_actions:pause": "rule:admin_or_owner",
- "compute_extension:admin_actions:unpause": "rule:admin_or_owner",
- "compute_extension:admin_actions:suspend": "rule:admin_or_owner",
- "compute_extension:admin_actions:resume": "rule:admin_or_owner",
- "compute_extension:admin_actions:lock": "rule:admin_or_owner",
- "compute_extension:admin_actions:unlock": "rule:admin_or_owner",
- "compute_extension:admin_actions:resetNetwork": "rule:admin_api",
- "compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api",
- "compute_extension:admin_actions:createBackup": "rule:admin_or_owner",
- "compute_extension:admin_actions:migrateLive": "rule:admin_api",
- "compute_extension:admin_actions:resetState": "rule:admin_api",
- "compute_extension:admin_actions:migrate": "rule:admin_api",
- "compute_extension:aggregates": "rule:admin_api",
- "compute_extension:agents": "rule:admin_api",
- "compute_extension:attach_interfaces": "rule:admin_or_owner",
- "compute_extension:baremetal_nodes": "rule:admin_api",
- "compute_extension:cells": "rule:admin_api",
- "compute_extension:cells:create": "rule:admin_api",
- "compute_extension:cells:delete": "rule:admin_api",
- "compute_extension:cells:update": "rule:admin_api",
- "compute_extension:cells:sync_instances": "rule:admin_api",
- "compute_extension:certificates": "rule:admin_or_owner",
- "compute_extension:cloudpipe": "rule:admin_api",
- "compute_extension:cloudpipe_update": "rule:admin_api",
- "compute_extension:config_drive": "rule:admin_or_owner",
- "compute_extension:console_output": "rule:admin_or_owner",
- "compute_extension:consoles": "rule:admin_or_owner",
- "compute_extension:createserverext": "rule:admin_or_owner",
- "compute_extension:deferred_delete": "rule:admin_or_owner",
- "compute_extension:disk_config": "rule:admin_or_owner",
- "compute_extension:evacuate": "rule:admin_api",
- "compute_extension:extended_server_attributes": "rule:admin_api",
- "compute_extension:extended_status": "rule:admin_or_owner",
- "compute_extension:extended_availability_zone": "rule:admin_or_owner",
- "compute_extension:extended_ips": "rule:admin_or_owner",
- "compute_extension:extended_ips_mac": "rule:admin_or_owner",
- "compute_extension:extended_vif_net": "rule:admin_or_owner",
- "compute_extension:extended_volumes": "rule:admin_or_owner",
- "compute_extension:fixed_ips": "rule:admin_api",
- "compute_extension:flavor_access": "rule:admin_or_owner",
- "compute_extension:flavor_access:addTenantAccess": "rule:admin_api",
- "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api",
- "compute_extension:flavor_disabled": "rule:admin_or_owner",
- "compute_extension:flavor_rxtx": "rule:admin_or_owner",
- "compute_extension:flavor_swap": "rule:admin_or_owner",
- "compute_extension:flavorextradata": "rule:admin_or_owner",
- "compute_extension:flavorextraspecs:index": "rule:admin_or_owner",
- "compute_extension:flavorextraspecs:show": "rule:admin_or_owner",
- "compute_extension:flavorextraspecs:create": "rule:admin_api",
- "compute_extension:flavorextraspecs:update": "rule:admin_api",
- "compute_extension:flavorextraspecs:delete": "rule:admin_api",
- "compute_extension:flavormanage": "rule:admin_api",
- "compute_extension:floating_ip_dns": "rule:admin_or_owner",
- "compute_extension:floating_ip_pools": "rule:admin_or_owner",
- "compute_extension:floating_ips": "rule:admin_or_owner",
- "compute_extension:floating_ips_bulk": "rule:admin_api",
- "compute_extension:fping": "rule:admin_or_owner",
- "compute_extension:fping:all_tenants": "rule:admin_api",
- "compute_extension:hide_server_addresses": "is_admin:False",
- "compute_extension:hosts": "rule:admin_api",
- "compute_extension:hypervisors": "rule:admin_api",
- "compute_extension:image_size": "rule:admin_or_owner",
- "compute_extension:instance_actions": "rule:admin_or_owner",
- "compute_extension:instance_actions:events": "rule:admin_api",
- "compute_extension:instance_usage_audit_log": "rule:admin_api",
- "compute_extension:keypairs": "rule:admin_or_owner",
- "compute_extension:keypairs:index": "rule:admin_or_owner",
- "compute_extension:keypairs:show": "rule:admin_or_owner",
- "compute_extension:keypairs:create": "rule:admin_or_owner",
- "compute_extension:keypairs:delete": "rule:admin_or_owner",
- "compute_extension:multinic": "rule:admin_or_owner",
- "compute_extension:networks": "rule:admin_api",
- "compute_extension:networks:view": "rule:admin_or_owner",
- "compute_extension:networks_associate": "rule:admin_api",
- "compute_extension:os-tenant-networks": "rule:admin_or_owner",
- "compute_extension:quotas:show": "rule:admin_or_owner",
- "compute_extension:quotas:update": "rule:admin_api",
- "compute_extension:quotas:delete": "rule:admin_api",
- "compute_extension:quota_classes": "rule:admin_or_owner",
- "compute_extension:rescue": "rule:admin_or_owner",
- "compute_extension:security_group_default_rules": "rule:admin_api",
- "compute_extension:security_groups": "rule:admin_or_owner",
- "compute_extension:server_diagnostics": "rule:admin_api",
- "compute_extension:server_groups": "rule:admin_or_owner",
- "compute_extension:server_password": "rule:admin_or_owner",
- "compute_extension:server_usage": "rule:admin_or_owner",
- "compute_extension:services": "rule:admin_api",
- "compute_extension:shelve": "rule:admin_or_owner",
- "compute_extension:shelveOffload": "rule:admin_api",
- "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner",
- "compute_extension:simple_tenant_usage:list": "rule:admin_api",
- "compute_extension:unshelve": "rule:admin_or_owner",
- "compute_extension:users": "rule:admin_api",
- "compute_extension:virtual_interfaces": "rule:admin_or_owner",
- "compute_extension:virtual_storage_arrays": "rule:admin_or_owner",
- "compute_extension:volumes": "rule:admin_or_owner",
- "compute_extension:volume_attachments:index": "rule:admin_or_owner",
- "compute_extension:volume_attachments:show": "rule:admin_or_owner",
- "compute_extension:volume_attachments:create": "rule:admin_or_owner",
- "compute_extension:volume_attachments:update": "rule:admin_api",
- "compute_extension:volume_attachments:delete": "rule:admin_or_owner",
- "compute_extension:volumetypes": "rule:admin_or_owner",
- "compute_extension:availability_zone:list": "rule:admin_or_owner",
- "compute_extension:availability_zone:detail": "rule:admin_api",
- "compute_extension:used_limits_for_admin": "rule:admin_api",
- "compute_extension:migrations:index": "rule:admin_api",
- "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api",
- "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api",
- "compute_extension:console_auth_tokens": "rule:admin_api",
- "compute_extension:os-server-external-events:create": "rule:admin_api",
-
- "network:get_all": "rule:admin_or_owner",
- "network:get": "rule:admin_or_owner",
- "network:create": "rule:admin_or_owner",
- "network:delete": "rule:admin_or_owner",
- "network:associate": "rule:admin_or_owner",
- "network:disassociate": "rule:admin_or_owner",
- "network:get_vifs_by_instance": "rule:admin_or_owner",
- "network:allocate_for_instance": "rule:admin_or_owner",
- "network:deallocate_for_instance": "rule:admin_or_owner",
- "network:validate_networks": "rule:admin_or_owner",
- "network:get_instance_uuids_by_ip_filter": "rule:admin_or_owner",
- "network:get_instance_id_by_floating_address": "rule:admin_or_owner",
- "network:setup_networks_on_host": "rule:admin_or_owner",
- "network:get_backdoor_port": "rule:admin_or_owner",
-
- "network:get_floating_ip": "rule:admin_or_owner",
- "network:get_floating_ip_pools": "rule:admin_or_owner",
- "network:get_floating_ip_by_address": "rule:admin_or_owner",
- "network:get_floating_ips_by_project": "rule:admin_or_owner",
- "network:get_floating_ips_by_fixed_address": "rule:admin_or_owner",
- "network:allocate_floating_ip": "rule:admin_or_owner",
- "network:associate_floating_ip": "rule:admin_or_owner",
- "network:disassociate_floating_ip": "rule:admin_or_owner",
- "network:release_floating_ip": "rule:admin_or_owner",
- "network:migrate_instance_start": "rule:admin_or_owner",
- "network:migrate_instance_finish": "rule:admin_or_owner",
-
- "network:get_fixed_ip": "rule:admin_or_owner",
- "network:get_fixed_ip_by_address": "rule:admin_or_owner",
- "network:add_fixed_ip_to_instance": "rule:admin_or_owner",
- "network:remove_fixed_ip_from_instance": "rule:admin_or_owner",
- "network:add_network_to_project": "rule:admin_or_owner",
- "network:get_instance_nw_info": "rule:admin_or_owner",
-
- "network:get_dns_domains": "rule:admin_or_owner",
- "network:add_dns_entry": "rule:admin_or_owner",
- "network:modify_dns_entry": "rule:admin_or_owner",
- "network:delete_dns_entry": "rule:admin_or_owner",
- "network:get_dns_entries_by_address": "rule:admin_or_owner",
- "network:get_dns_entries_by_name": "rule:admin_or_owner",
- "network:create_private_dns_domain": "rule:admin_or_owner",
- "network:create_public_dns_domain": "rule:admin_or_owner",
- "network:delete_dns_domain": "rule:admin_or_owner",
- "network:attach_external_network": "rule:admin_api",
- "network:get_vif_by_mac_address": "rule:admin_or_owner",
+ "network:attach_external_network": "is_admin:True",
"os_compute_api:servers:detail:get_all_tenants": "is_admin:True",
"os_compute_api:servers:index:get_all_tenants": "is_admin:True",
"os_compute_api:servers:confirm_resize": "rule:admin_or_owner",
View Lorry Controller Status