blob: 1f35a6b9b929e583d578a2e651f308d3d24385bf [file] [log] [blame]
parameters:
nova:
controller:
policy:
context_is_admin: 'role:admin or role:administrator'
'compute:create': 'rule:admin_or_owner'
'compute:create:attach_network':
cinder:
controller:
policy:
'volume:delete': 'rule:admin_or_owner'
'volume:extend':
neutron:
server:
policy:
create_subnet: 'rule:admin_or_network_owner'
'get_network:queue_id': 'rule:admin_only'
'create_network:shared':
glance:
server:
policy:
publicize_image: "role:admin"
add_member:
keystone:
server:
policy:
admin_or_token_subject: 'rule:admin_required or rule:token_subject'
heat:
server:
policy:
context_is_admin: 'role:admin and is_admin_project:True'
deny_stack_user: 'not role:heat_stack_user'
deny_everybody: '!'
'cloudformation:ValidateTemplate': 'rule:deny_everybody'
'cloudformation:DescribeStackResources':
ceilometer:
server:
policy:
segregation: 'rule:context_is_admin'
'telemetry:get_resource':