Searchlight Policy Configuration¶

Configuration¶

The following is an overview of all available policies in Searchlight. For a sample configuration file, refer to policy.yaml.

searchlight¶

context_is_admin

Default: role:admin and is_admin_project:True

(no description provided)

admin_or_owner

Default: rule:context_is_admin or project_id:%(project_id)s

(no description provided)

resource:OS::Glance::Image

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Glance Image resource.

resource:OS::Glance::Metadef

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Glance Metadef resource.

resource:OS::Nova::Server

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Nova Server resource.

resource:OS::Nova::Hypervisor

Default

rule:context_is_admin

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Nova Hypervisor resource.

resource:OS::Nova::ServerGroup

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Nova ServerGroup resource.

resource:OS::Nova::Flavor

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Nova Flavor resource.

resource:OS::Cinder::Volume

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Cinder Volume resource.

resource:OS::Cinder::Snapshot

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Cinder Snapshot resource.

resource:OS::Designate::Zone

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Designate Zone resource.

resource:OS::Designate::RecordSet

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Designate RecordSet resource.

resource:OS::Neutron::Net

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Neutron Net resource.

resource:OS::Neutron::Port

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Neutron Port resource.

resource:OS::Neutron::Subnet

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Neutron Subnet resource.

resource:OS::Neutron::Router

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Neutron Router resource.

resource:OS::Neutron::SecurityGroup

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Neutron SecurityGroup resource.

resource:OS::Ironic::Chassis

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Ironic Chassis resource.

resource:OS::Ironic::Node

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Ironic Node resource.

resource:OS::Ironic::Port

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search
GET /v1/search/plugins
GET /v1/search/facets

Query with Ironic Port resource.

search:query

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search

Query a search.

search:query:aggregations

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

POST /v1/search
GET /v1/search

Query a search with aggregation request.

search:plugins_info

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

GET /v1/search/plugins

Retrieve a list of installed plugins.

search:facets

Default

rule:context_is_admin or project_id:%(project_id)s

Operations

GET /v1/search/facets

List supported facets.