Policy configuration

Configuration

Warning

JSON formatted policy file is deprecated since Cloudkitty 14.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is an overview of all available policies in Cloudkitty. For a sample configuration file, refer to policy.yaml.

cloudkitty

context_is_admin
Default:

role:admin

(no description provided)

admin_or_owner
Default:

is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s

(no description provided)

default
Default:

<empty string>

(no description provided)

project_member_api
Default:

role:member and project_id:%(project_id)s

Default rule for Project level non admin APIs.

project_reader_api
Default:

role:reader and project_id:%(project_id)s

Default rule for Project level read only APIs.

project_member_or_admin
Default:

rule:project_member_api or rule:context_is_admin

Default rule for Project Member or admin APIs.

project_reader_or_admin
Default:

rule:project_reader_api or rule:context_is_admin

Default rule for Project reader or admin APIs.

collector:list_mappings
Default:

role:admin

Operations:

  • LIST /v1/collector/mappings

Scope Types:

  • project

Return the list of every services mapped to a collector.

collector:get_mapping
Default:

role:admin

Operations:

  • GET /v1/collector/mappings/{service_id}

Scope Types:

  • project

Return a service to collector mapping.

collector:manage_mapping
Default:

role:admin

Operations:

  • POST /v1/collector/mappings

  • DELETE /v1/collector/mappings/{service_id}

Scope Types:

  • project

Manage a service to collector mapping.

collector:get_state
Default:

role:admin

Operations:

  • GET /v1/collector/states/{collector_id}

Scope Types:

  • project

Query the enable state of a collector.

collector:update_state
Default:

role:admin

Operations:

  • PUT /v1/collector/states/{collector_id}

Scope Types:

  • project

Set the enable state of a collector.

info:list_services_info
Default:

<empty string>

Operations:

  • LIST /v1/info/services

Scope Types:

  • project

List available services information in Cloudkitty.

info:get_service_info
Default:

<empty string>

Operations:

  • GET /v1/info/services/{metric_id}

Scope Types:

  • project

Get specified service information.

info:list_metrics_info
Default:

<empty string>

Operations:

  • LIST /v1/info/metrics

Scope Types:

  • project

List available metrics information in Cloudkitty.

info:get_metric_info
Default:

<empty string>

Operations:

  • GET /v1/info/metrics/{metric_id}

Scope Types:

  • project

Get specified metric information.

info:get_config
Default:

<empty string>

Operations:

  • GET /v1/info/config

Scope Types:

  • project

Get current configuration in Cloudkitty.

rating:list_modules
Default:

role:admin

Operations:

  • LIST /v1/rating/modules

Scope Types:

  • project

Return the list of loaded modules in Cloudkitty.

rating:get_module
Default:

role:admin

Operations:

  • GET /v1/rating/modules/{module_id}

Scope Types:

  • project

Get specified module.

rating:update_module
Default:

role:admin

Operations:

  • PUT /v1/rating/modules/{module_id}

Scope Types:

  • project

Change the state and priority of a module.

rating:quote
Default:

<empty string>

Operations:

  • POST /v1/rating/quote

Scope Types:

  • project

Get an instant quote based on multiple resource descriptions.

rating:module_config
Default:

role:admin

Operations:

  • GET /v1/rating/reload_modules

Scope Types:

  • project

Trigger a rating module list reload.

report:list_tenants
Default:

role:admin

Operations:

  • GET /v1/report/tenants

Scope Types:

  • project

Return the list of rated tenants.

report:get_summary
Default:

rule:project_reader_or_admin

Operations:

  • GET /v1/report/summary

Scope Types:

  • project

Return the summary to pay for a given period.

report:get_total
Default:

rule:project_reader_or_admin

Operations:

  • GET /v1/report/total

Scope Types:

  • project

Return the amount to pay for a given period.

storage:list_data_frames
Default:

rule:project_reader_or_admin

Operations:

  • GET /v1/storage/dataframes

Scope Types:

  • project

Return a list of rated resources for a time period and a tenant.

dataframes:add
Default:

role:admin

Operations:

  • POST /v2/dataframes

Scope Types:

  • project

Add one or several DataFrames

dataframes:get
Default:

rule:project_reader_or_admin

Operations:

  • GET /v2/dataframes

Scope Types:

  • project

Get DataFrames

v2_rating:list_modules
Default:

role:admin

Operations:

  • GET /v2/rating/modules

Scope Types:

  • project

Returns the list of loaded modules in Cloudkitty.

v2_rating:get_module
Default:

role:admin

Operations:

  • GET /v2/rating/modules/{module_id}

Scope Types:

  • project

Get specified module.

v2_rating:update_module
Default:

role:admin

Operations:

  • PUT /v2/rating/modules/{module_id}

Scope Types:

  • project

Change the state and priority of a module.

scope:get_state
Default:

role:admin

Operations:

  • GET /v2/scope

Scope Types:

  • project

Get the state of one or several scopes

scope:reset_state
Default:

role:admin

Operations:

  • PUT /v2/scope

Scope Types:

  • project

Reset the state of one or several scopes

scope:patch_state
Default:

role:admin

Operations:

  • PATCH /v2/scope

Scope Types:

  • project

Enables operators to patch a storage scope

scope:post_state
Default:

role:admin

Operations:

  • POST /v2/scope

Scope Types:

  • project

Enables operators to create a storage scope

summary:get_summary
Default:

rule:project_reader_or_admin

Operations:

  • GET /v2/summary

Scope Types:

  • project

Get a rating summary

schedule:task_reprocesses
Default:

role:admin

Operations:

  • POST /v2/task/reprocesses

Scope Types:

  • project

Schedule a scope for reprocessing

schedule:get_task_reprocesses
Default:

role:admin

Operations:

  • GET /v2/task/reprocesses

Scope Types:

  • project

Get reprocessing schedule tasks for scopes.