policy.yaml

Use the policy.yaml file to define additional access controls that apply to the Rating service:

#"context_is_admin": "role:admin"

#"admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s"

#"default": ""

# Return the list of every services mapped to a collector.
# LIST  /v1/collector/mappings
#"collector:list_mappings": "role:admin"

# Return a service to collector mapping.
# GET  /v1/collector/mappings/{service_id}
#"collector:get_mapping": "role:admin"

# Manage a service to collector mapping.
# POST  /v1/collector/mappings
# DELETE  /v1/collector/mappings/{service_id}
#"collector:manage_mapping": "role:admin"

# Query the enable state of a collector.
# GET  /v1/collector/states/{collector_id}
#"collector:get_state": "role:admin"

# Set the enable state of a collector.
# PUT  /v1/collector/states/{collector_id}
#"collector:update_state": "role:admin"

# List available services information in Cloudkitty.
# LIST  /v1/info/services
#"info:list_services_info": ""

# Get specified service information.
# GET  /v1/info/services/{metric_id}
#"info:get_service_info": ""

# List available metrics information in Cloudkitty.
# LIST  /v1/info/metrics
#"info:list_metrics_info": ""

# Get specified metric information.
# GET  /v1/info/metrics/{metric_id}
#"info:get_metric_info": ""

# Get current configuration in Cloudkitty.
# GET  /v1/info/config
#"info:get_config": ""

# Return the list of loaded modules in Cloudkitty.
# LIST  /v1/rating/modules
#"rating:list_modules": "role:admin"

# Get specified module.
# GET  /v1/rating/modules/{module_id}
#"rating:get_module": "role:admin"

# Change the state and priority of a module.
# PUT  /v1/rating/modules/{module_id}
#"rating:update_module": "role:admin"

# Get an instant quote based on multiple resource descriptions.
# POST  /v1/rating/quote
#"rating:quote": ""

# Trigger a rating module list reload.
# GET  /v1/rating/reload_modules
#"rating:module_config": "role:admin"

# Return the list of rated tenants.
# GET  /v1/report/tenants
#"report:list_tenants": "role:admin"

# Return the summary to pay for a given period.
# GET  /v1/report/summary
#"report:get_summary": "rule:admin_or_owner"

# Return the amount to pay for a given period.
# GET  /v1/report/total
#"report:get_total": "rule:admin_or_owner"

# Return a list of rated resources for a time period and a tenant.
# GET  /v1/storage/dataframes
#"storage:list_data_frames": "rule:admin_or_owner"

# Add one or several DataFrames
# POST  /v2/dataframes
#"dataframes:add": "role:admin"

# Get DataFrames
# GET  /v2/dataframes
#"dataframes:get": "rule:admin_or_owner"

# Returns the list of loaded modules in Cloudkitty.
# GET  /v2/rating/modules
#"v2_rating:list_modules": "role:admin"

# Get specified module.
# GET  /v2/rating/modules/{module_id}
#"v2_rating:get_module": "role:admin"

# Get the state of one or several scopes
# GET  /v2/scope
#"scope:get_state": "role:admin"

# Reset the state of one or several scopes
# PUT  /v2/scope
#"scope:reset_state": "role:admin"

# Enables operators to patch a storage scope
# PATCH  /v2/scope
#"scope:patch_state": "role:admin"

# Enables operators to create a storage scope
# POST  /v2/scope
#"scope:post_state": "role:admin"

# Get a rating summary
# GET  /v2/summary
#"summary:get_summary": "rule:admin_or_owner"

# Schedule a scope for reprocessing
# POST  /v2/task/reprocesses
#"schedule:task_reprocesses": "role:admin"

# Get reprocessing schedule tasks for scopes.
# GET  /v2/task/reprocesses
#"schedule:get_task_reprocesses": "role:admin"