Policies

Warning

JSON formatted policy files were deprecated in the Wallaby development cycle due to the Victoria deprecation by the olso.policy library. Use the oslopolicy-convert-json-to-yaml tool to convert the existing JSON to YAML formatted policy file in backward compatible way.

The following is an overview of all available policies in ironic inspector. For a sample configuration file, refer to Ironic Inspector Policy.

ironic_inspector.api

is_admin
Default:

role:admin or role:administrator or role:baremetal_admin

Full read/write API access

is_observer
Default:

role:baremetal_observer

Read-only API access

public_api
Default:

is_public_api:True

Internal flag for public API routes

default
Default:

!

Default API access policy

introspection
Default:

rule:public_api

Operations:
  • GET /

Access the API root for available versions information

introspection:version
Default:

rule:public_api

Operations:
  • GET /{version}

Access the versioned API root for version information

introspection:continue
Default:

rule:public_api

Operations:
  • POST /continue

Ramdisk callback to continue introspection

introspection:status
Default:

(role:reader and system_scope:all) or (role:admin) or (role:service)

Operations:
  • GET /introspection

  • GET /introspection/{node_id}

Get introspection status

introspection:start
Default:

(role:admin and system_scope:all) or (role:admin) or (role:service)

Operations:
  • POST /introspection/{node_id}

Start introspection

introspection:abort
Default:

(role:admin and system_scope:all) or (role:admin) or (role:service)

Operations:
  • POST /introspection/{node_id}/abort

Abort introspection

introspection:data
Default:

(role:admin and system_scope:all) or (role:admin) or (role:service)

Operations:
  • GET /introspection/{node_id}/data

Get introspection data

introspection:reapply
Default:

(role:admin and system_scope:all) or (role:admin) or (role:service)

Operations:
  • POST /introspection/{node_id}/data/unprocessed

Reapply introspection on stored data

introspection:rule:get
Default:

(role:admin and system_scope:all) or (role:admin) or (role:service)

Operations:
  • GET /rules

  • GET /rules/{rule_id}

Get introspection rule(s)

introspection:rule:delete
Default:

(role:admin and system_scope:all) or (role:admin) or (role:service)

Operations:
  • DELETE /rules

  • DELETE /rules/{rule_id}

Delete introspection rule(s)

introspection:rule:create
Default:

(role:admin and system_scope:all) or (role:admin) or (role:service)

Operations:
  • POST /rules

Create introspection rule