Policies¶
Warning
Using a JSON-formatted policy file is deprecated since Blazar 7.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.
The following is an overview of all available policies in Blazar. For a sample configuration file, refer to Sample Policy File.
To change policies, please create a policy file in /etc/blazar/ and specify the policy file name at the oslo_policy/policy_file option in blazar.conf.
blazar¶
admin- Default:
is_admin:True or role:admin
Default rule for most Admin APIs.
admin_or_owner- Default:
rule:admin or project_id:%(project_id)s
Default rule for most non-Admin APIs.
project_member_api- Default:
role:member and project_id:%(project_id)s
Default rule for Project Member (non-Admin) APIs.
project_reader_api- Default:
role:reader and project_id:%(project_id)s
Default rule for Project Reader (read-only) APIs.
project_member_or_admin- Default:
rule:project_member_api or rule:admin
Default rule for Project Member or Admin APIs.
project_reader_or_admin- Default:
rule:project_reader_api or rule:admin
Default rule for Project Reader or Admin APIs.
blazar:leases:get- Default:
rule:project_reader_or_admin- Operations:
GET
/{api_version}/leasesGET
/{api_version}/leases/{lease_id}
- Scope Types:
project
Policy rule for List/Show Lease(s) API.
blazar:leases:post- Default:
rule:project_member_or_admin- Operations:
POST
/{api_version}/leases
- Scope Types:
project
Policy rule for Create Lease API.
blazar:leases:put- Default:
rule:project_member_or_admin- Operations:
PUT
/{api_version}/leases/{lease_id}
- Scope Types:
project
Policy rule for Update Lease API.
blazar:leases:delete- Default:
rule:project_member_or_admin- Operations:
DELETE
/{api_version}/leases/{lease_id}
- Scope Types:
project
Policy rule for Delete Lease API.
blazar:oshosts:get- Default:
rule:admin- Operations:
GET
/{api_version}/os-hostsGET
/{api_version}/os-hosts/{host_id}
- Scope Types:
project
Policy rule for List/Show Host(s) API.
blazar:oshosts:post- Default:
rule:admin- Operations:
POST
/{api_version}/os-hosts
- Scope Types:
project
Policy rule for Create Host API.
blazar:oshosts:put- Default:
rule:admin- Operations:
PUT
/{api_version}/os-hosts/{host_id}
- Scope Types:
project
Policy rule for Update Host API.
blazar:oshosts:delete- Default:
rule:admin- Operations:
DELETE
/{api_version}/os-hosts/{host_id}
- Scope Types:
project
Policy rule for Delete Host API.
blazar:oshosts:get_allocations- Default:
rule:admin- Operations:
GET
/{api_version}/os-hosts/allocationsGET
/{api_version}/os-hosts/{host_id}/allocation
- Scope Types:
project
Policy rule for List/Get Host(s) Allocations API.
blazar:oshosts:get_resource_properties- Default:
rule:admin- Operations:
GET
/{api_version}/os-hosts/resource_properties
- Scope Types:
project
Policy rule for Resource Properties API.
blazar:oshosts:update_resource_properties- Default:
rule:admin- Operations:
PATCH
/{api_version}/os-hosts/resource_properties/{property_name}
- Scope Types:
project
Policy rule for Resource Properties API.
blazar:floatingips:get- Default:
rule:project_reader_or_admin- Operations:
GET
/{api_version}/floatingipsGET
/{api_version}/floatingips/{floatingip_id}
- Scope Types:
project
Policy rule for List/Show FloatingIP(s) API.
blazar:floatingips:post- Default:
rule:admin- Operations:
POST
/{api_version}/floatingips
- Scope Types:
project
Policy rule for Create Floating IP API.
blazar:floatingips:delete- Default:
rule:admin- Operations:
DELETE
/{api_version}/floatingips/{floatingip_id}
- Scope Types:
project
Policy rule for Delete Floating IP API.
