Panko Sample Policy


JSON formatted policy file is deprecated since Panko 10.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is a sample panko policy file that has been auto-generated from default policy values in code. If you’re using the default policies, then the maintenance of this file is not necessary, and it should not be copied into a deployment. Doing so will result in duplicate policy definitions. It is here to help explain which policy operations protect specific panko APIs, but it is not suggested to copy and paste into a deployment unless you’re planning on providing a different policy for an operation that is not the default.

The sample policy file can also be viewed in file form.

#"context_is_admin": "role:admin"

# Return the user and project the requestshould be limited to
# GET  /v2/events
# GET  /v2/events/{message_id}
# Intended scope(s): system
#"segregation": "role:admin and system_scope:all"

# "segregation":"rule:context_is_admin" has been deprecated since W in
# favor of "segregation":"role:admin and system_scope:all".
# The events API now supports system scope and default roles.

# Return all events matching the query filters.
# GET  /v2/events
# Intended scope(s): system, project
#"telemetry:events:index": ""

# Return a single event with the given message id.
# GET  /v2/events/{message_id}
# Intended scope(s): system, project
#"telemetry:events:show": ""