x/ranger
Code Issues Proposed changes
ranger/etc/policy.json
jh629g a41951c6f7 update policy.json 
policy.json will be updated to become
monolithic under orm/ directory, maintaining
all previous rules. Also update policy.json to
allow for ranger project as an authorized project
to use for authing through ranger. Also removes
unused git classes.

Change-Id: I547cb601318b507f759c264644c781743673be72
2020-01-30 14:27:25 -06:00

122 lines
5.7 KiB
JSON
Raw Blame History

{
"default": "!",
"admin": "role:admin and tenant:admin or role:admin and tenant:service or role:admin and tenant:ranger",
"admin_support": "role:admin_support and tenant:admin or role:admin_support and tenant:service or role:admin_support and tenant:ranger",
"admin_viewer": "role:admin_viewer and tenant:admin or role:admin_viewer and tenant:service or role:admin_viewer and tenant:ranger",
"flavor_creator": "role:ranger_flavor_creator and tenant:admin or role:ranger_flavor_creator and tenant:service or role:ranger_flavor_creator and tenant:ranger",
"customer_creator": "role:ranger_customer_creator and tenant:admin or role:ranger_customer_creator and tenant:service or role:ranger_flavor_creator and tenant:ranger",
"admin_or_flavor_creator": "rule:admin or rule:flavor_creator",
"admin_or_customer_creator": "rule:admin or rule:customer_creator",
"admin_or_support": "rule:admin or rule:admin_support",
"admin_or_support_or_flavor_creator": "rule:admin or rule:admin_support or rule:flavor_creator",
"admin_or_support_or_customer_creator": "rule:admin or rule:admin_support or rule:customer_creator",
"admin_or_support_or_viewer": "rule:admin or rule:admin_support or rule:admin_viewer",
"admin_or_support_or_viewer_or_flavor_creator": "rule:admin or rule:admin_support or rule:admin_viewer or rule:flavor_creator",
"admin_or_support_or_viewer_or_customer_creator": "rule:admin or rule:admin_support or rule:admin_viewer or rule:customer_creator",
"flavor:get_one": "rule:admin_or_support_or_viewer_or_flavor_creator",
"flavor:get_all": "rule:admin_or_support_or_viewer_or_flavor_creator",
"flavor:create": "rule:admin_or_support_or_flavor_creator",
"flavor:delete": "rule:admin",
"flavor:get_flavor_extra_specs": "rule:admin_or_support_or_viewer_or_flavor_creator",
"flavor:add_flavor_extra_specs": "rule:admin_or_support_or_flavor_creator",
"flavor:replace_flavor_extra_specs": "rule:admin_or_flavor_creator",
"flavor:delete_flavor_extra_specs": "rule:admin",
"flavor:add_flavor_regions": "rule:admin_or_support_or_flavor_creator",
"flavor:delete_flavor_region": "rule:admin",
"flavor:get_flavor_tags": "rule:admin_or_support_or_viewer_or_flavor_creator",
"flavor:add_flavor_tags": "rule:admin_or_support_or_flavor_creator",
"flavor:replace_flavor_tags": "rule:admin_or_flavor_creator",
"flavor:delete_flavor_tags": "rule:admin",
"flavor:add_flavor_tenants": "rule:admin_or_support_or_flavor_creator",
"flavor:delete_flavor_tenant": "rule:admin",
"lcp:get_one": "",
"lcp:get_all": "",
"region:get_one": "",
"region:get_all": "",
"region:create": "rule:admin_or_support",
"region:update": "rule:admin",
"region:delete": "rule:admin",
"group:get_one": "",
"group:get_all": "",
"group:create": "rule:admin_or_support",
"group:update": "rule:admin",
"group:delete": "rule:admin",
"configuration:get": "rule:admin_or_support_or_viewer",
"log:update": "rule:admin",
"metadata:get": "rule:admin_or_support_or_viewer",
"metadata:create": "rule:admin_or_support",
"metadata:update": "rule:admin",
"metadata:delete": "rule:admin",
"status:put": "rule:admin",
"customers:get_one": "rule:admin_or_support_or_viewer_or_customer_creator",
"customers:get_all": "rule:admin_or_support_or_viewer_or_customer_creator",
"customers:create": "rule:admin_or_support_or_customer_creator",
"customers:update": "rule:admin_or_customer_creator",
"customers:delete": "rule:admin",
"customers:add_region": "rule:admin_or_support_or_customer_creator",
"customers:update_region": "rule:admin_or_customer_creator",
"customers:delete_region": "rule:admin_or_customer_creator",
"customers:add_region_user": "rule:admin_or_support",
"customers:update_region_user": "rule:admin",
"customers:delete_region_user": "rule:admin",
"customers:add_default_user": "rule:admin_or_support",
"customers:update_default_user": "rule:admin",
"customers:delete_default_user": "rule:admin",
"customers:add_metadata": "rule:admin_or_support_or_customer_creator",
"customers:update_metadata": "rule:admin_or_customer_creator",
"customers:enable": "rule:admin_or_support_or_customer_creator",
"groups:get_one": "rule:admin_or_support_or_viewer_or_customer_creator",
"groups:get_all": "rule:admin_or_support_or_viewer_or_customer_creator",
"groups:create": "rule:admin_or_support_or_customer_creator",
"groups:update": "rule:admin_or_customer_creator",
"groups:delete": "rule:admin",
"groups:add_region": "rule:admin_or_support_or_customer_creator",
"groups:delete_region": "rule:admin_or_customer_creator",
"groups:assign_role": "rule:admin_or_support_or_customer_creator",
"groups:assign_region_role": "rule:admin_or_support_or_customer_creator",
"groups:unassign_role": "rule:admin_or_customer_creator",
"groups:add_group_default_users": "rule:admin_or_support",
"groups:delete_group_default_user": "rule:admin",
"groups:add_group_region_users": "rule:admin_or_support",
"groups:delete_group_region_user": "rule:admin",
"groups:get_all_roles": "rule:admin_or_support_or_viewer_or_customer_creator",
"image:create": "rule:admin_or_support",
"image:list": "rule:admin_or_support_or_viewer",
"image:get_one": "rule:admin_or_support_or_viewer",
"image:update": "rule:admin",
"image:delete": "rule:admin",
"image:enable": "rule:admin_or_support",
"region:create": "rule:admin_or_support",
"region:update": "rule:admin",
"region:delete": "rule:admin",
"tenant:create": "rule:admin_or_support",
"tenant:update": "rule:admin",
"tenant:delete": "rule:admin",
"metadata:create": "rule:admin_or_support"
}
View Git Blame Copy Permalink