Masakari Policy

The following is a sample masakari policy file. Operator can configure policies as per his requirement. It is recommended that all api’s of masakari should be allowed to admin user only.

# Decides what is required for the 'is_admin:True' check to succeed.
#"context_is_admin": "role:admin"

# Default rule for most non-Admin APIs.
#"admin_or_owner": "is_admin:True or project_id:%(project_id)s"

# Default rule for most Admin APIs.
#"admin_api": "is_admin:True"

# List available extensions.
# GET  /extensions
#"os_masakari_api:extensions:index": "rule:admin_api"

# Shows information for an extension.
# GET  /extensions/{extensions_id}
#"os_masakari_api:extensions:detail": "rule:admin_api"

# Extension Info API extensions to change the API.
#"os_masakari_api:extensions:discoverable": "rule:admin_api"

# Lists IDs, names, type, reserved, on_maintenance for all hosts.
# GET  /segments/{segment_id}/hosts
#"os_masakari_api:os-hosts:index": "rule:admin_api"

# Shows details for a host.
# GET  /segments/{segment_id}/hosts/{host_id}
#"os_masakari_api:os-hosts:detail": "rule:admin_api"

# Creates a host under given segment.
# POST  /segments/{segment_id}/hosts
#"os_masakari_api:os-hosts:create": "rule:admin_api"

# Updates the editable attributes of an existing host.
# PUT  /segments/{segment_id}/hosts/{host_id}
#"os_masakari_api:os-hosts:update": "rule:admin_api"

# Deletes a host from given segment.
# DELETE  /segments/{segment_id}/hosts/{host_id}
#"os_masakari_api:os-hosts:delete": "rule:admin_api"

# Host API extensions to change the API.
#"os_masakari_api:os-hosts:discoverable": "rule:admin_api"

# Lists IDs, notification types, host_name, generated_time, payload
# and status for all notifications.
# GET  /notifications
#"os_masakari_api:notifications:index": "rule:admin_api"

# Shows details for a notification.
# GET  /notifications/{notification_id}
#"os_masakari_api:notifications:detail": "rule:admin_api"

# Creates a notiification.
# POST  /notifications
#"os_masakari_api:notifications:create": "rule:admin_api"

# Notification API extensions to change the API.
#"os_masakari_api:notifications:discoverable": "rule:admin_api"

# Lists IDs, names, description, recovery_method, service_type for all
# segments.
# GET  /segments
#"os_masakari_api:segments:index": "rule:admin_api"

# Shows details for a segment.
# GET  /segments/{segment_id}
#"os_masakari_api:segments:detail": "rule:admin_api"

# Creates a segment.
# POST  /segments
#"os_masakari_api:segments:create": "rule:admin_api"

# Updates the editable attributes of an existing host.
# PUT  /segments/{segment_id}
#"os_masakari_api:segments:update": "rule:admin_api"

# Deletes a segment.
# DELETE  /segments/{segment_id}
#"os_masakari_api:segments:delete": "rule:admin_api"

# Segment API extensions to change the API.
#"os_masakari_api:segments:discoverable": "rule:admin_api"

# List all versions.
# GET  /
#"os_masakari_api:versions:index": "@"

# Version API extensions to change the API.
#"os_masakari_api:versions:discoverable": "@"