Ironic Inspector Policy

The following is a sample ironic-inspector policy file, autogenerated from Ironic Inspector when this documentation is built. To avoid issues, make sure your version of ironic-inspector matches that of the example policy file.

The sample policy can also be downloaded as a file.

# DEPRECATED
# "is_admin" has been deprecated since W.
# The inspector API is now aware of system scope and default roles.
"is_admin": "role:admin or role:administrator or role:baremetal_admin"
# DEPRECATED
# "is_observer" has been deprecated since W.
# The inspector API is now aware of system scope and default roles.
"is_observer": "role:baremetal_observer"
"public_api": "is_public_api:True"
"default": "!"
"introspection": "rule:public_api"
"introspection:version": "rule:public_api"
"introspection:continue": "rule:public_api"
"introspection:status": "role:reader and system_scope:all"
# DEPRECATED
# "introspection:status":"rule:is_admin or rule:is_observer" has been
# deprecated since W in favor of "introspection:status":"role:reader
# and system_scope:all".
# The inspector API is now aware of system scope and default roles.

"introspection:start": "role:admin and system_scope:all"
# DEPRECATED
# "introspection:start":"rule:is_admin" has been deprecated since W in
# favor of "introspection:start":"role:admin and system_scope:all".
# The inspector API is now aware of system scope and default roles.

"introspection:abort": "role:admin and system_scope:all"
# DEPRECATED
# "introspection:abort":"rule:is_admin" has been deprecated since W in
# favor of "introspection:abort":"role:admin and system_scope:all".
# The inspector API is now aware of system scope and default roles.

"introspection:data": "role:admin and system_scope:all"
# DEPRECATED
# "introspection:data":"rule:is_admin" has been deprecated since W in
# favor of "introspection:data":"role:admin and system_scope:all".
# The inspector API is now aware of system scope and default roles.

"introspection:reapply": "role:admin and system_scope:all"
# DEPRECATED
# "introspection:reapply":"rule:is_admin" has been deprecated since W
# in favor of "introspection:reapply":"role:admin and
# system_scope:all".
# The inspector API is now aware of system scope and default roles.

"introspection:rule:get": "role:admin and system_scope:all"
# DEPRECATED
# "introspection:rule:get":"rule:is_admin" has been deprecated since W
# in favor of "introspection:rule:get":"role:admin and
# system_scope:all".
# The inspector API is now aware of system scope and default roles.

"introspection:rule:delete": "role:admin and system_scope:all"
# DEPRECATED
# "introspection:rule:delete":"rule:is_admin" has been deprecated
# since W in favor of "introspection:rule:delete":"role:admin and
# system_scope:all".
# The inspector API is now aware of system scope and default roles.

"introspection:rule:create": "role:admin and system_scope:all"
# DEPRECATED
# "introspection:rule:create":"rule:is_admin" has been deprecated
# since W in favor of "introspection:rule:create":"role:admin and
# system_scope:all".
# The inspector API is now aware of system scope and default roles.