Policies¶
Warning
JSON formatted policy files were deprecated in the Wallaby development
cycle due to the Victoria deprecation by the olso.policy
library.
Use the oslopolicy-convert-json-to-yaml tool
to convert the existing JSON to YAML formatted policy file in backward
compatible way.
The following is an overview of all available policies in ironic inspector. For a sample configuration file, refer to Ironic Inspector Policy.
ironic_inspector.api¶
is_admin
- Default
role:admin or role:administrator or role:baremetal_admin
Full read/write API access
is_observer
- Default
role:baremetal_observer
Read-only API access
public_api
- Default
is_public_api:True
Internal flag for public API routes
default
- Default
!
Default API access policy
introspection
- Default
rule:public_api
- Operations
GET
/
Access the API root for available versions information
introspection:version
- Default
rule:public_api
- Operations
GET
/{version}
Access the versioned API root for version information
introspection:continue
- Default
rule:public_api
- Operations
POST
/continue
Ramdisk callback to continue introspection
introspection:status
- Default
(role:reader and system_scope:all) or (role:admin) or (role:service)
- Operations
GET
/introspection
GET
/introspection/{node_id}
Get introspection status
introspection:start
- Default
(role:admin and system_scope:all) or (role:admin) or (role:service)
- Operations
POST
/introspection/{node_id}
Start introspection
introspection:abort
- Default
(role:admin and system_scope:all) or (role:admin) or (role:service)
- Operations
POST
/introspection/{node_id}/abort
Abort introspection
introspection:data
- Default
(role:admin and system_scope:all) or (role:admin) or (role:service)
- Operations
GET
/introspection/{node_id}/data
Get introspection data
introspection:reapply
- Default
(role:admin and system_scope:all) or (role:admin) or (role:service)
- Operations
POST
/introspection/{node_id}/data/unprocessed
Reapply introspection on stored data
introspection:rule:get
- Default
(role:admin and system_scope:all) or (role:admin) or (role:service)
- Operations
GET
/rules
GET
/rules/{rule_id}
Get introspection rule(s)
introspection:rule:delete
- Default
(role:admin and system_scope:all) or (role:admin) or (role:service)
- Operations
DELETE
/rules
DELETE
/rules/{rule_id}
Delete introspection rule(s)
introspection:rule:create
- Default
(role:admin and system_scope:all) or (role:admin) or (role:service)
- Operations
POST
/rules
Create introspection rule