diff options
author | Dai Dang Van <daidv@vn.fujitsu.com> | 2017-10-04 10:05:31 +0700 |
---|---|---|
committer | Dai Dang Van <daidv@vn.fujitsu.com> | 2017-12-07 16:38:03 +0700 |
commit | dd6b22d47ab8529afb7126bfde491b625058f319 (patch) | |
tree | 92f8862affa14ee571a67996695155c355e2125f /etc | |
parent | ccb6752f6973a7d1c8bb08675fde421710942998 (diff) | |
download | trove-dd6b22d47ab8529afb7126bfde491b625058f319.tar.gz |
Remove policy.json file
We already had default rule in code, so we should not
still define all of them again in policy file.
Besides, we should you yaml format for now instead json.
Another thing, we don't need to config policy file in
Devstack enviroment.
Change-Id: I783ba51695271d358764557899fe91e84620556d
Diffstat (limited to 'etc')
-rw-r--r-- | etc/trove/policy.json | 97 | ||||
-rw-r--r-- | etc/trove/policy.yaml.sample | 243 |
2 files changed, 243 insertions, 97 deletions
diff --git a/etc/trove/policy.json b/etc/trove/policy.json deleted file mode 100644 index 902f4303..00000000 --- a/etc/trove/policy.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "admin": "role:admin or is_admin:True", - "admin_or_owner": "rule:admin or tenant:%(tenant)s", - "default": "rule:admin_or_owner", - - "instance:create": "rule:admin_or_owner", - "instance:delete": "rule:admin_or_owner", - "instance:force_delete": "rule:admin_or_owner", - "instance:index": "rule:admin_or_owner", - "instance:show": "rule:admin_or_owner", - "instance:update": "rule:admin_or_owner", - "instance:edit": "rule:admin_or_owner", - "instance:restart": "rule:admin_or_owner", - "instance:resize_volume": "rule:admin_or_owner", - "instance:resize_flavor": "rule:admin_or_owner", - "instance:reset_status": "rule:admin", - "instance:promote_to_replica_source": "rule:admin_or_owner", - "instance:eject_replica_source": "rule:admin_or_owner", - "instance:configuration": "rule:admin_or_owner", - "instance:guest_log_list": "rule:admin_or_owner", - "instance:backups": "rule:admin_or_owner", - "instance:module_list": "rule:admin_or_owner", - "instance:module_apply": "rule:admin_or_owner", - "instance:module_remove": "rule:admin_or_owner", - - "instance:extension:root:create": "rule:admin_or_owner", - "instance:extension:root:delete": "rule:admin_or_owner", - "instance:extension:root:index": "rule:admin_or_owner", - - "instance:extension:user:create": "rule:admin_or_owner", - "instance:extension:user:delete": "rule:admin_or_owner", - "instance:extension:user:index": "rule:admin_or_owner", - "instance:extension:user:show": "rule:admin_or_owner", - "instance:extension:user:update": "rule:admin_or_owner", - "instance:extension:user:update_all": "rule:admin_or_owner", - - "instance:extension:user_access:update": "rule:admin_or_owner", - "instance:extension:user_access:delete": "rule:admin_or_owner", - "instance:extension:user_access:index": "rule:admin_or_owner", - - "instance:extension:database:create": "rule:admin_or_owner", - "instance:extension:database:delete": "rule:admin_or_owner", - "instance:extension:database:index": "rule:admin_or_owner", - "instance:extension:database:show": "rule:admin_or_owner", - - "cluster:create": "rule:admin_or_owner", - "cluster:delete": "rule:admin_or_owner", - "cluster:force_delete": "rule:admin_or_owner", - "cluster:index": "rule:admin_or_owner", - "cluster:show": "rule:admin_or_owner", - "cluster:show_instance": "rule:admin_or_owner", - "cluster:action": "rule:admin_or_owner", - "cluster:reset-status": "rule:admin", - - "cluster:extension:root:create": "rule:admin_or_owner", - "cluster:extension:root:delete": "rule:admin_or_owner", - "cluster:extension:root:index": "rule:admin_or_owner", - - "backup:create": "rule:admin_or_owner", - "backup:delete": "rule:admin_or_owner", - "backup:index": "rule:admin_or_owner", - "backup:show": "rule:admin_or_owner", - - "configuration:create": "rule:admin_or_owner", - "configuration:delete": "rule:admin_or_owner", - "configuration:index": "rule:admin_or_owner", - "configuration:show": "rule:admin_or_owner", - "configuration:instances": "rule:admin_or_owner", - "configuration:update": "rule:admin_or_owner", - "configuration:edit": "rule:admin_or_owner", - - "configuration-parameter:index": "rule:admin_or_owner", - "configuration-parameter:show": "rule:admin_or_owner", - "configuration-parameter:index_by_version": "rule:admin_or_owner", - "configuration-parameter:show_by_version": "rule:admin_or_owner", - - "datastore:index": "", - "datastore:show": "", - "datastore:version_show": "", - "datastore:version_show_by_uuid": "", - "datastore:version_index": "", - "datastore:list_associated_flavors": "", - "datastore:list_associated_volume_types": "", - - "flavor:index": "", - "flavor:show": "", - - "limits:index": "rule:admin_or_owner", - - "module:create": "rule:admin_or_owner", - "module:delete": "rule:admin_or_owner", - "module:index": "rule:admin_or_owner", - "module:show": "rule:admin_or_owner", - "module:instances": "rule:admin_or_owner", - "module:update": "rule:admin_or_owner", - "module:reapply": "rule:admin_or_owner" -} diff --git a/etc/trove/policy.yaml.sample b/etc/trove/policy.yaml.sample new file mode 100644 index 00000000..823144dc --- /dev/null +++ b/etc/trove/policy.yaml.sample @@ -0,0 +1,243 @@ +# Must be an administrator. +#"admin": "role:admin or is_admin:True" + +# Must be an administrator or owner of the object. +#"admin_or_owner": "rule:admin or tenant:%(tenant)s" + +# Must be an administrator or owner of the object. +#"default": "rule:admin_or_owner" + +# +#"instance:create": "rule:admin_or_owner" + +# +#"instance:delete": "rule:admin_or_owner" + +# +#"instance:force_delete": "rule:admin_or_owner" + +# +#"instance:index": "rule:admin_or_owner" + +# +#"instance:show": "rule:admin_or_owner" + +# +#"instance:update": "rule:admin_or_owner" + +# +#"instance:edit": "rule:admin_or_owner" + +# +#"instance:restart": "rule:admin_or_owner" + +# +#"instance:resize_volume": "rule:admin_or_owner" + +# +#"instance:resize_flavor": "rule:admin_or_owner" + +# +#"instance:reset_status": "rule:admin" + +# +#"instance:promote_to_replica_source": "rule:admin_or_owner" + +# +#"instance:eject_replica_source": "rule:admin_or_owner" + +# +#"instance:configuration": "rule:admin_or_owner" + +# +#"instance:guest_log_list": "rule:admin_or_owner" + +# +#"instance:backups": "rule:admin_or_owner" + +# +#"instance:module_list": "rule:admin_or_owner" + +# +#"instance:module_apply": "rule:admin_or_owner" + +# +#"instance:module_remove": "rule:admin_or_owner" + +# +#"instance:extension:root:create": "rule:admin_or_owner" + +# +#"instance:extension:root:delete": "rule:admin_or_owner" + +# +#"instance:extension:root:index": "rule:admin_or_owner" + +# +#"instance:extension:user:create": "rule:admin_or_owner" + +# +#"instance:extension:user:delete": "rule:admin_or_owner" + +# +#"instance:extension:user:index": "rule:admin_or_owner" + +# +#"instance:extension:user:show": "rule:admin_or_owner" + +# +#"instance:extension:user:update": "rule:admin_or_owner" + +# +#"instance:extension:user:update_all": "rule:admin_or_owner" + +# +#"instance:extension:user_access:update": "rule:admin_or_owner" + +# +#"instance:extension:user_access:delete": "rule:admin_or_owner" + +# +#"instance:extension:user_access:index": "rule:admin_or_owner" + +# +#"instance:extension:database:create": "rule:admin_or_owner" + +# +#"instance:extension:database:delete": "rule:admin_or_owner" + +# +#"instance:extension:database:index": "rule:admin_or_owner" + +# +#"instance:extension:database:show": "rule:admin_or_owner" + +# +#"cluster:create": "rule:admin_or_owner" + +# +#"cluster:delete": "rule:admin_or_owner" + +# +#"cluster:force_delete": "rule:admin_or_owner" + +# +#"cluster:index": "rule:admin_or_owner" + +# +#"cluster:show": "rule:admin_or_owner" + +# +#"cluster:show_instance": "rule:admin_or_owner" + +# +#"cluster:action": "rule:admin_or_owner" + +# +#"cluster:reset-status": "rule:admin" + +# +#"cluster:extension:root:create": "rule:admin_or_owner" + +# +#"cluster:extension:root:delete": "rule:admin_or_owner" + +# +#"cluster:extension:root:index": "rule:admin_or_owner" + +# +#"backup:create": "rule:admin_or_owner" + +# +#"backup:delete": "rule:admin_or_owner" + +# +#"backup:index": "rule:admin_or_owner" + +# +#"backup:show": "rule:admin_or_owner" + +# +#"configuration:create": "rule:admin_or_owner" + +# +#"configuration:delete": "rule:admin_or_owner" + +# +#"configuration:index": "rule:admin_or_owner" + +# +#"configuration:show": "rule:admin_or_owner" + +# +#"configuration:instances": "rule:admin_or_owner" + +# +#"configuration:update": "rule:admin_or_owner" + +# +#"configuration:edit": "rule:admin_or_owner" + +# +#"configuration-parameter:index": "rule:admin_or_owner" + +# +#"configuration-parameter:show": "rule:admin_or_owner" + +# +#"configuration-parameter:index_by_version": "rule:admin_or_owner" + +# +#"configuration-parameter:show_by_version": "rule:admin_or_owner" + +# +#"datastore:index": "" + +# +#"datastore:show": "" + +# +#"datastore:version_show": "" + +# +#"datastore:version_show_by_uuid": "" + +# +#"datastore:version_index": "" + +# +#"datastore:list_associated_flavors": "" + +# +#"datastore:list_associated_volume_types": "" + +# +#"flavor:index": "" + +# +#"flavor:show": "" + +# +#"limits:index": "rule:admin_or_owner" + +# +#"module:create": "rule:admin_or_owner" + +# +#"module:delete": "rule:admin_or_owner" + +# +#"module:index": "rule:admin_or_owner" + +# +#"module:show": "rule:admin_or_owner" + +# +#"module:instances": "rule:admin_or_owner" + +# +#"module:update": "rule:admin_or_owner" + +# +#"module:reapply": "rule:admin_or_owner" + |