Masakari Policies

Warning

JSON formatted policy file is deprecated since Masakari 11.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is an overview of all available policies in masakari. For a sample configuration file, refer to Sample Masakari Policy File.

masakari

context_is_admin
Default

role:admin

Decides what is required for the ‘is_admin:True’ check to succeed.

admin_or_owner
Default

is_admin:True or project_id:%(project_id)s

Default rule for most non-Admin APIs.

admin_api
Default

is_admin:True

Default rule for most Admin APIs.

os_masakari_api:extensions:index
Default

rule:admin_api

Operations
  • GET /extensions

List available extensions.

os_masakari_api:extensions:detail
Default

rule:admin_api

Operations
  • GET /extensions/{extensions_id}

Shows information for an extension.

os_masakari_api:extensions:discoverable
Default

rule:admin_api

Extension Info API extensions to change the API.

os_masakari_api:os-hosts:index
Default

rule:admin_api

Operations
  • GET /segments/{segment_id}/hosts

Lists IDs, names, type, reserved, on_maintenance for all hosts.

os_masakari_api:os-hosts:detail
Default

rule:admin_api

Operations
  • GET /segments/{segment_id}/hosts/{host_id}

Shows details for a host.

os_masakari_api:os-hosts:create
Default

rule:admin_api

Operations
  • POST /segments/{segment_id}/hosts

Creates a host under given segment.

os_masakari_api:os-hosts:update
Default

rule:admin_api

Operations
  • PUT /segments/{segment_id}/hosts/{host_id}

Updates the editable attributes of an existing host.

os_masakari_api:os-hosts:delete
Default

rule:admin_api

Operations
  • DELETE /segments/{segment_id}/hosts/{host_id}

Deletes a host from given segment.

os_masakari_api:os-hosts:discoverable
Default

rule:admin_api

Host API extensions to change the API.

os_masakari_api:notifications:index
Default

rule:admin_api

Operations
  • GET /notifications

Lists IDs, notification types, host_name, generated_time, payload and status for all notifications.

os_masakari_api:notifications:detail
Default

rule:admin_api

Operations
  • GET /notifications/{notification_id}

Shows details for a notification.

os_masakari_api:notifications:create
Default

rule:admin_api

Operations
  • POST /notifications

Creates a notification.

os_masakari_api:notifications:discoverable
Default

rule:admin_api

Notification API extensions to change the API.

os_masakari_api:segments:index
Default

rule:admin_api

Operations
  • GET /segments

Lists IDs, names, description, recovery_method, service_type for all segments.

os_masakari_api:segments:detail
Default

rule:admin_api

Operations
  • GET /segments/{segment_id}

Shows details for a segment.

os_masakari_api:segments:create
Default

rule:admin_api

Operations
  • POST /segments

Creates a segment.

os_masakari_api:segments:update
Default

rule:admin_api

Operations
  • PUT /segments/{segment_id}

Updates the editable attributes of an existing host.

os_masakari_api:segments:delete
Default

rule:admin_api

Operations
  • DELETE /segments/{segment_id}

Deletes a segment.

os_masakari_api:segments:discoverable
Default

rule:admin_api

Segment API extensions to change the API.

os_masakari_api:versions:index
Default

@

Operations
  • GET /

List all versions.

os_masakari_api:versions:discoverable
Default

@

Version API extensions to change the API.

os_masakari_api:vmoves:index
Default

rule:admin_api

Operations
  • GET /notifications/{notification_id}/vmoves

Lists IDs, notification_id, instance_id, source_host, dest_host, status and type for all VM moves.

os_masakari_api:vmoves:detail
Default

rule:admin_api

Operations
  • GET /notifications/{notification_id}/vmoves/{vmove_id}

Shows details for one VM move.

os_masakari_api:vmoves:discoverable
Default

rule:admin_api

VM moves API extensions to change the API.