Sample Policy File

Warning

Using a JSON-formatted policy file is deprecated since Blazar 7.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is a sample blazar policy file for adaptation and use.

The sample policy can also be viewed in file form.

Important

The sample policy file is auto-generated from blazar when this documentation is built. You must ensure your version of blazar matches the version of this documentation.

# Default rule for most Admin APIs.
#"admin": "is_admin:True or role:admin"

# Default rule for most non-Admin APIs.
#"admin_or_owner": "rule:admin or project_id:%(project_id)s"

# Policy rule for List/Show Lease(s) API.
# GET  /{api_version}/leases
# GET  /{api_version}/leases/{lease_id}
#"blazar:leases:get": "rule:admin_or_owner"

# Policy rule for Create Lease API.
# POST  /{api_version}/leases
#"blazar:leases:post": "rule:admin_or_owner"

# Policy rule for Update Lease API.
# PUT  /{api_version}/leases/{lease_id}
#"blazar:leases:put": "rule:admin_or_owner"

# Policy rule for Delete Lease API.
# DELETE  /{api_version}/leases/{lease_id}
#"blazar:leases:delete": "rule:admin_or_owner"

# Policy rule for List/Show Host(s) API.
# GET  /{api_version}/os-hosts
# GET  /{api_version}/os-hosts/{host_id}
#"blazar:oshosts:get": "rule:admin"

# Policy rule for Create Host API.
# POST  /{api_version}/os-hosts
#"blazar:oshosts:post": "rule:admin"

# Policy rule for Update Host API.
# PUT  /{api_version}/os-hosts/{host_id}
#"blazar:oshosts:put": "rule:admin"

# Policy rule for Delete Host API.
# DELETE  /{api_version}/os-hosts/{host_id}
#"blazar:oshosts:delete": "rule:admin"

# Policy rule for List/Get Host(s) Allocations API.
# GET  /{api_version}/os-hosts/allocations
# GET  /{api_version}/os-hosts/{host_id}/allocation
#"blazar:oshosts:get_allocations": "rule:admin"

# Policy rule for List/Show FloatingIP(s) API.
# GET  /{api_version}/floatingips
# GET  /{api_version}/floatingips/{floatingip_id}
#"blazar:floatingips:get": "rule:admin"

# Policy rule for Create Floating IP API.
# POST  /{api_version}/floatingips
#"blazar:floatingips:post": "rule:admin"

# Policy rule for Delete Floating IP API.
# DELETE  /{api_version}/floatingips/{floatingip_id}
#"blazar:floatingips:delete": "rule:admin"