policy.yaml

policy.yaml

Use the policy.yaml file to define additional access controls that apply to the Mistral services:

# Create a new action.
# POST  /v2/actions
#"actions:create": "rule:admin_or_owner"

# Delete the named action.
# DELETE  /v2/actions
#"actions:delete": "rule:admin_or_owner"

# Return the named action.
# GET  /v2/actions/{action_id}
#"actions:get": "rule:admin_or_owner"

# Return all actions.
# GET  /v2/actions
#"actions:list": "rule:admin_or_owner"

# Update one or more actions.
# PUT  /v2/actions
#"actions:update": "rule:admin_or_owner"

# Create new action execution.
# POST  /v2/action_executions
#"action_executions:create": "rule:admin_or_owner"

# Delete the specified action execution.
# DELETE  /v2/action_executions
#"action_executions:delete": "rule:admin_or_owner"

# Return the specified action execution.
# GET  /v2/action_executions/{action_execution_id}
#"action_executions:get": "rule:admin_or_owner"

# Return all tasks within the execution.
# GET  /v2/action_executions
#"action_executions:list": "rule:admin_or_owner"

# Update the specified action execution.
# PUT  /v2/action_executions
#"action_executions:update": "rule:admin_or_owner"

#
#"admin_only": "is_admin:True"

#
#"admin_or_owner": "is_admin:True or project_id:%(project_id)s"

# Creates a new cron trigger.
# POST  /v2/cron_triggers
#"cron_triggers:create": "rule:admin_or_owner"

# Delete cron trigger.
# DELETE  /v2/cron_triggers
#"cron_triggers:delete": "rule:admin_or_owner"

# Returns the named cron trigger.
# GET  /v2/cron_triggers/{cron_trigger_id}
#"cron_triggers:get": "rule:admin_or_owner"

# Return all cron triggers.
# GET  /v2/cron_triggers
#"cron_triggers:list": "rule:admin_or_owner"

# Return all cron triggers of all projects.
# GET  /v2/cron_triggers
#"cron_triggers:list:all_projects": "rule:admin_only"

# Create a new environment.
# POST  /v2/environments
#"environments:create": "rule:admin_or_owner"

# Delete the named environment.
# DELETE  /v2/environments/{environment_name}
#"environments:delete": "rule:admin_or_owner"

# Return the named environment.
# GET  /v2/environments/{environment_name}
#"environments:get": "rule:admin_or_owner"

# Return all environments.
# GET  /v2/environments
#"environments:list": "rule:admin_or_owner"

# Update an environment.
# PUT  /v2/environments
#"environments:update": "rule:admin_or_owner"

# Create a new event trigger.
# POST  /v2/event_triggers
#"event_triggers:create": "rule:admin_or_owner"

# Create a new event trigger for public usage.
# POST  /v2/event_triggers
#"event_triggers:create:public": "rule:admin_only"

# Delete event trigger.
# DELETE  /v2/event_triggers/{event_trigger_id}
#"event_triggers:delete": "rule:admin_or_owner"

# Returns the specified event trigger.
# GET  /v2/event_triggers/{event_trigger_id}
#"event_triggers:get": "rule:admin_or_owner"

# Return all event triggers.
# GET  /v2/event_triggers
#"event_triggers:list": "rule:admin_or_owner"

# Return all event triggers from all projects.
# GET  /v2/event_triggers
#"event_triggers:list:all_projects": "rule:admin_only"

# Updates an existing event trigger.
# PUT  /v2/event_triggers
#"event_triggers:update": "rule:admin_or_owner"

# Create a new execution.
# POST  /v2/executions
#"executions:create": "rule:admin_or_owner"

# Delete the specified execution.
# DELETE  /v2/executions/{execution_id}
#"executions:delete": "rule:admin_or_owner"

# Return the specified execution.
# GET  /v2/executions/{execution_id}
#"executions:get": "rule:admin_or_owner"

# Return all executions.
# GET  /v2/executions
#"executions:list": "rule:admin_or_owner"

# Return all executions from all projects.
# GET  /v2/executions
#"executions:list:all_projects": "rule:admin_only"

# Update an execution.
# PUT  /v2/executions
#"executions:update": "rule:admin_or_owner"

# Shares the resource to a new member.
# POST  /v2/members
#"members:create": "rule:admin_or_owner"

# Deletes a member from the member list of a resource.
# DELETE  /v2/members
#"members:delete": "rule:admin_or_owner"

# Shows resource member details.
# GET  /v2/members/{member_id}
#"members:get": "rule:admin_or_owner"

# Return all members with whom the resource has been shared.
# GET  /v2/members
#"members:list": "rule:admin_or_owner"

# Sets the status for a resource member.
# PUT  /v2/members
#"members:update": "rule:admin_or_owner"

# Return all Mistral services.
# GET  /v2/services
#"services:list": "rule:admin_or_owner"

# Return the specified task.
# GET  /v2/tasks/{task_id}
#"tasks:get": "rule:admin_or_owner"

# Return all tasks.
# GET  /v2/tasks
#"tasks:list": "rule:admin_or_owner"

# Update the specified task execution.
# PUT  /v2/tasks
#"tasks:update": "rule:admin_or_owner"

# Create a new workbook.
# POST  /v2/workbooks
#"workbooks:create": "rule:admin_or_owner"

# Delete the named workbook.
# DELETE  /v2/workbooks
#"workbooks:delete": "rule:admin_or_owner"

# Return the named workbook.
# GET  /v2/workbooks/{workbook_name}
#"workbooks:get": "rule:admin_or_owner"

# Return all workbooks.
# GET  /v2/workbooks
#"workbooks:list": "rule:admin_or_owner"

# Update an workbook.
# PUT  /v2/workbooks
#"workbooks:update": "rule:admin_or_owner"

# Create a new workflow.
# POST  /v2/workflows
#"workflows:create": "rule:admin_or_owner"

# Delete a workflow.
# DELETE  /v2/workflows
#"workflows:delete": "rule:admin_or_owner"

# Return the named workflow.
# GET  /v2/workflows/{workflow_id}
#"workflows:get": "rule:admin_or_owner"

# Return a list of workflows.
# GET  /v2/workflows
#"workflows:list": "rule:admin_or_owner"

# Return a list of workflows from all projects.
# GET  /v2/workflows
#"workflows:list:all_projects": "rule:admin_only"

# Update one or more workflows.
# PUT  /v2/workflows
#"workflows:update": "rule:admin_or_owner"

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.