Sample Tacker Policy File

Warning

JSON formatted policy file is deprecated since Tacker 5.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is a sample tacker policy file for adaptation and use.

The sample policy can also be viewed in file form.

Important

The sample policy file is auto-generated from tacker when this documentation is built. You must ensure your version of tacker matches the version of this documentation.

# Decides what is required for the 'is_admin:True' check to succeed.
#"context_is_admin": "role:admin"

# Default rule for most non-Admin APIs.
#"admin_or_owner": "is_admin:True or project_id:%(project_id)s"

# Default rule for most Admin APIs.
#"admin_only": "is_admin:True"

# Default rule for sharing vims.
#"shared": "field:vims:shared=True"

# Default rule for most non-Admin APIs.
#"default": "rule:admin_or_owner"

# Creates a vnf package.
# POST  /vnf_packages
#"os_nfv_orchestration_api:vnf_packages:create": "rule:admin_or_owner"

# Show a vnf package.
# GET  /vnf_packages/{vnf_package_id}
#"os_nfv_orchestration_api:vnf_packages:show": "rule:admin_or_owner"

# List all vnf packages.
# GET  /vnf_packages/
#"os_nfv_orchestration_api:vnf_packages:index": "rule:admin_or_owner"

# Delete a vnf package.
# DELETE  /vnf_packages/{vnf_package_id}
#"os_nfv_orchestration_api:vnf_packages:delete": "rule:admin_or_owner"

# fetch the contents of an on-boarded VNF Package
# GET  /vnf_packages/{vnf_package_id}/package_content
#"os_nfv_orchestration_api:vnf_packages:fetch_package_content": "rule:admin_or_owner"

# upload a vnf package content.
# PUT  /vnf_packages/{vnf_package_id}/package_content
#"os_nfv_orchestration_api:vnf_packages:upload_package_content": "rule:admin_or_owner"

# upload a vnf package content from uri.
# POST  /vnf_packages/{vnf_package_id}/package_content/upload_from_uri
#"os_nfv_orchestration_api:vnf_packages:upload_from_uri": "rule:admin_or_owner"

# update information of vnf package.
# PATCH  /vnf_packages/{vnf_package_id}
#"os_nfv_orchestration_api:vnf_packages:patch": "rule:admin_or_owner"

# reads the content of the VNFD within a VNF package.
# GET  /vnf_packages/{vnf_package_id}/vnfd
#"os_nfv_orchestration_api:vnf_packages:get_vnf_package_vnfd": "rule:admin_or_owner"

# reads the content of the artifact within a VNF package.
# GET  /vnf_packages/{vnfPkgId}/artifacts/{artifactPath}
#"os_nfv_orchestration_api:vnf_packages:fetch_artifact": "rule:admin_or_owner"

# Get API Versions.
# GET  /vnflcm/v1/api_versions
#"os_nfv_orchestration_api:vnf_instances:api_versions": "@"

# Creates vnf instance.
# POST  /vnflcm/v1/vnf_instances
#"os_nfv_orchestration_api:vnf_instances:create": "rule:admin_or_owner"

# Instantiate vnf instance.
# POST  /vnflcm/v1/vnf_instances/{vnfInstanceId}/instantiate
#"os_nfv_orchestration_api:vnf_instances:instantiate": "rule:admin_or_owner"

# Query an Individual VNF instance.
# GET  /vnflcm/v1/vnf_instances/{vnfInstanceId}
#"os_nfv_orchestration_api:vnf_instances:show": "rule:admin_or_owner"

# Terminate a VNF instance.
# POST  /vnflcm/v1/vnf_instances/{vnfInstanceId}/terminate
#"os_nfv_orchestration_api:vnf_instances:terminate": "rule:admin_or_owner"

# Heal a VNF instance.
# POST  /vnflcm/v1/vnf_instances/{vnfInstanceId}/heal
#"os_nfv_orchestration_api:vnf_instances:heal": "rule:admin_or_owner"

# Scale a VNF instance.
# POST  /vnflcm/v1/vnf_instances/{vnfInstanceId}/scale
#"os_nfv_orchestration_api:vnf_instances:scale": "rule:admin_or_owner"

# Query an Individual VNF LCM operation occurrence
# GET  /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}
#"os_nfv_orchestration_api:vnf_instances:show_lcm_op_occs": "rule:admin_or_owner"

# Query VNF LCM operation occurrence
# GET  /vnflcm/v1/vnf_lcm_op_occs
#"os_nfv_orchestration_api:vnf_instances:list_lcm_op_occs": "rule:admin_or_owner"

# Query VNF instances.
# GET  /vnflcm/v1/vnf_instances
#"os_nfv_orchestration_api:vnf_instances:index": "rule:admin_or_owner"

# Delete an Individual VNF instance.
# DELETE  /vnflcm/v1/vnf_instances/{vnfInstanceId}
#"os_nfv_orchestration_api:vnf_instances:delete": "rule:admin_or_owner"

# Update an Individual VNF instance.
# PATCH  /vnflcm/v1/vnf_instances/{vnfInstanceId}
#"os_nfv_orchestration_api:vnf_instances:update_vnf": "rule:admin_or_owner"

# Rollback a VNF instance.
# POST  /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/rollback
#"os_nfv_orchestration_api:vnf_instances:rollback": "rule:admin_or_owner"

# Cancel a VNF instance.
# POST  /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/cancel
#"os_nfv_orchestration_api:vnf_instances:cancel": "rule:admin_or_owner"

# Fail a VNF instance.
# POST  /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/fail
#"os_nfv_orchestration_api:vnf_instances:fail": "rule:admin_or_owner"

# Retry a VNF instance.
# POST  /vnflcm/v1/vnf_lcm_op_occs/{vnfLcmOpOccId}/retry
#"os_nfv_orchestration_api:vnf_instances:retry": "rule:admin_or_owner"

# Change external VNF connectivity.
# POST  /vnflcm/v1/vnf_instances/{vnfInstanceId}/change_ext_conn
#"os_nfv_orchestration_api:vnf_instances:change_ext_conn": "rule:admin_or_owner"

# Get API Versions.
# GET  /vnflcm/v2/api_versions
#"os_nfv_orchestration_api_v2:vnf_instances:api_versions": "@"

# Creates vnf instance.
# POST  /vnflcm/v2/vnf_instances
#"os_nfv_orchestration_api_v2:vnf_instances:create": "@"

# Query VNF instances.
# GET  /vnflcm/v2/vnf_instances
#"os_nfv_orchestration_api_v2:vnf_instances:index": "@"

# Query an Individual VNF instance.
# GET  /vnflcm/v2/vnf_instances/{vnfInstanceId}
#"os_nfv_orchestration_api_v2:vnf_instances:show": "@"

# Delete an Individual VNF instance.
# DELETE  /vnflcm/v2/vnf_instances/{vnfInstanceId}
#"os_nfv_orchestration_api_v2:vnf_instances:delete": "@"

# Modify vnf instance information.
# PATCH  /vnflcm/v2/vnf_instances/{vnfInstanceId}
#"os_nfv_orchestration_api_v2:vnf_instances:update": "@"

# Instantiate vnf instance.
# POST  /vnflcm/v2/vnf_instances/{vnfInstanceId}/instantiate
#"os_nfv_orchestration_api_v2:vnf_instances:instantiate": "@"

# Terminate vnf instance.
# POST  /vnflcm/v2/vnf_instances/{vnfInstanceId}/terminate
#"os_nfv_orchestration_api_v2:vnf_instances:terminate": "@"

# Scale vnf instance.
# POST  /vnflcm/v2/vnf_instances/{vnfInstanceId}/scale
#"os_nfv_orchestration_api_v2:vnf_instances:scale": "@"

# Heal vnf instance.
# POST  /vnflcm/v2/vnf_instances/{vnfInstanceId}/heal
#"os_nfv_orchestration_api_v2:vnf_instances:heal": "@"

# Change external vnf connectivity.
# POST  /vnflcm/v2/vnf_instances/{vnfInstanceId}/change_ext_conn
#"os_nfv_orchestration_api_v2:vnf_instances:change_ext_conn": "@"

# Change vnf package.
# POST  /vnflcm/v2/vnf_instances/{vnfInstanceId}/change_vnfpkg
#"os_nfv_orchestration_api_v2:vnf_instances:change_vnfpkg": "@"

# Create subscription.
# POST  /vnflcm/v2/subscriptions
#"os_nfv_orchestration_api_v2:vnf_instances:subscription_create": "@"

# List subscription.
# GET  /vnflcm/v2/subscriptions
#"os_nfv_orchestration_api_v2:vnf_instances:subscription_list": "@"

# Show subscription.
# GET  /vnflcm/v2/vnf_instances/{subscriptionId}
#"os_nfv_orchestration_api_v2:vnf_instances:subscription_show": "@"

# Delete subscription.
# DELETE  /vnflcm/v2/vnf_instances/{subscriptionId}
#"os_nfv_orchestration_api_v2:vnf_instances:subscription_delete": "@"

# List VnfLcmOpOcc.
# GET  /vnflcm/v2/vnf_lcm_op_occs
#"os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_list": "@"

# Show VnfLcmOpOcc.
# GET  /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}
#"os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_show": "@"

# Retry VnfLcmOpOcc.
# POST  /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}/retry
#"os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_retry": "@"

# Rollback VnfLcmOpOcc.
# POST  /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}/rollback
#"os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_rollback": "@"

# Fail VnfLcmOpOcc.
# POST  /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}/fail
#"os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_fail": "@"

# Delete VnfLcmOpOcc.
# DELETE  /vnflcm/v2/vnf_lcm_op_occs/{vnfLcmOpOccId}
#"os_nfv_orchestration_api_v2:vnf_instances:lcm_op_occ_delete": "@"