Policies

Warning

Using a JSON-formatted policy file is deprecated since Blazar 7.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is an overview of all available policies in Blazar. For a sample configuration file, refer to Sample Policy File.

To change policies, please create a policy file in /etc/blazar/ and specify the policy file name at the oslo_policy/policy_file option in blazar.conf.

blazar

admin

Default

is_admin:True or role:admin

Default rule for most Admin APIs.

admin_or_owner

Default

rule:admin or project_id:%(project_id)s

Default rule for most non-Admin APIs.

blazar:leases:get

Default

rule:admin_or_owner

Operations

• GET /{api_version}/leases

• GET /{api_version}/leases/{lease_id}

Policy rule for List/Show Lease(s) API.

blazar:leases:post

Default

rule:admin_or_owner

Operations

• POST /{api_version}/leases

Policy rule for Create Lease API.

blazar:leases:put

Default

rule:admin_or_owner

Operations

• PUT /{api_version}/leases/{lease_id}

Policy rule for Update Lease API.

blazar:leases:delete

Default

rule:admin_or_owner

Operations

• DELETE /{api_version}/leases/{lease_id}

Policy rule for Delete Lease API.

blazar:oshosts:get

Default

rule:admin

Operations

• GET /{api_version}/os-hosts

• GET /{api_version}/os-hosts/{host_id}

Policy rule for List/Show Host(s) API.

blazar:oshosts:post

Default

rule:admin

Operations

• POST /{api_version}/os-hosts

Policy rule for Create Host API.

blazar:oshosts:put

Default

rule:admin

Operations

• PUT /{api_version}/os-hosts/{host_id}

Policy rule for Update Host API.

blazar:oshosts:delete

Default

rule:admin

Operations

• DELETE /{api_version}/os-hosts/{host_id}

Policy rule for Delete Host API.

blazar:oshosts:get_allocations

Default

rule:admin

Operations

• GET /{api_version}/os-hosts/allocations

• GET /{api_version}/os-hosts/{host_id}/allocation

Policy rule for List/Get Host(s) Allocations API.

blazar:floatingips:get

Default

rule:admin

Operations

• GET /{api_version}/floatingips

• GET /{api_version}/floatingips/{floatingip_id}

Policy rule for List/Show FloatingIP(s) API.

blazar:floatingips:post

Default

rule:admin

Operations

• POST /{api_version}/floatingips

Policy rule for Create Floating IP API.

blazar:floatingips:delete

Default

rule:admin

Operations

• DELETE /{api_version}/floatingips/{floatingip_id}

Policy rule for Delete Floating IP API.