| sgudz | f5a5122 | 2018-05-11 14:20:50 +0300 | [diff] [blame] | 1 | parameters: |
| 2 | nova: |
| 3 | controller: |
| 4 | policy: |
| 5 | context_is_admin: 'role:admin or role:administrator' |
| 6 | 'compute:create': 'rule:admin_or_owner' |
| 7 | 'compute:create:attach_network': |
| 8 | cinder: |
| 9 | controller: |
| 10 | policy: |
| 11 | 'volume:delete': 'rule:admin_or_owner' |
| 12 | 'volume:extend': |
| 13 | neutron: |
| 14 | server: |
| 15 | policy: |
| 16 | create_subnet: 'rule:admin_or_network_owner' |
| 17 | 'get_network:queue_id': 'rule:admin_only' |
| 18 | 'create_network:shared': |
| 19 | glance: |
| 20 | server: |
| 21 | policy: |
| 22 | publicize_image: "role:admin" |
| 23 | add_member: |
| 24 | keystone: |
| 25 | server: |
| 26 | policy: |
| 27 | admin_or_token_subject: 'rule:admin_required or rule:token_subject' |
| 28 | heat: |
| 29 | server: |
| 30 | policy: |
| 31 | context_is_admin: 'role:admin and is_admin_project:True' |
| 32 | deny_stack_user: 'not role:heat_stack_user' |
| 33 | deny_everybody: '!' |
| 34 | 'cloudformation:ValidateTemplate': 'rule:deny_everybody' |
| 35 | 'cloudformation:DescribeStackResources': |
| 36 | ceilometer: |
| 37 | server: |
| 38 | policy: |
| 39 | segregation: 'rule:context_is_admin' |
| 40 | 'telemetry:get_resource': |