policy.yaml

Warning

JSON formatted policy file is deprecated since Trove 15.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

To see available policies, refer to Trove Policy Configuration.

Use the policy.yaml file to define additional access controls that will be applied to Trove:

"admin": "role:admin or is_admin:True"
"admin_or_owner": "rule:admin or project_id:%(tenant)s"
"default": "rule:admin_or_owner"
"instance:create": "rule:admin_or_owner"
"instance:delete": "rule:admin_or_owner"
"instance:force_delete": "rule:admin_or_owner"
"instance:index": "rule:admin_or_owner"
"instance:detail": "rule:admin_or_owner"
"instance:show": "rule:admin_or_owner"
"instance:update": "rule:admin_or_owner"
"instance:edit": "rule:admin_or_owner"
"instance:restart": "rule:admin_or_owner"
"instance:resize_volume": "rule:admin_or_owner"
"instance:resize_flavor": "rule:admin_or_owner"
"instance:reset_status": "rule:admin"
"instance:promote_to_replica_source": "rule:admin_or_owner"
"instance:eject_replica_source": "rule:admin_or_owner"
"instance:configuration": "rule:admin_or_owner"
"instance:guest_log_list": "rule:admin_or_owner"
"instance:backups": "rule:admin_or_owner"
"instance:module_list": "rule:admin_or_owner"
"instance:module_apply": "rule:admin_or_owner"
"instance:module_remove": "rule:admin_or_owner"
"instance:extension:root:create": "rule:admin_or_owner"
"instance:extension:root:delete": "rule:admin_or_owner"
"instance:extension:root:index": "rule:admin_or_owner"
"cluster:extension:root:create": "rule:admin_or_owner"
"cluster:extension:root:delete": "rule:admin_or_owner"
"cluster:extension:root:index": "rule:admin_or_owner"
"instance:extension:user:create": "rule:admin_or_owner"
"instance:extension:user:delete": "rule:admin_or_owner"
"instance:extension:user:index": "rule:admin_or_owner"
"instance:extension:user:show": "rule:admin_or_owner"
"instance:extension:user:update": "rule:admin_or_owner"
"instance:extension:user:update_all": "rule:admin_or_owner"
"instance:extension:user_access:update": "rule:admin_or_owner"
"instance:extension:user_access:delete": "rule:admin_or_owner"
"instance:extension:user_access:index": "rule:admin_or_owner"
"instance:extension:database:create": "rule:admin_or_owner"
"instance:extension:database:delete": "rule:admin_or_owner"
"instance:extension:database:index": "rule:admin_or_owner"
"instance:extension:database:show": "rule:admin_or_owner"
"cluster:create": "rule:admin_or_owner"
"cluster:delete": "rule:admin_or_owner"
"cluster:force_delete": "rule:admin_or_owner"
"cluster:index": "rule:admin_or_owner"
"cluster:show": "rule:admin_or_owner"
"cluster:show_instance": "rule:admin_or_owner"
"cluster:action": "rule:admin_or_owner"
"cluster:reset-status": "rule:admin"
"backup:create": "rule:admin_or_owner"
"backup:delete": "rule:admin_or_owner"
"backup:index": "rule:admin_or_owner"
"backup:index:all_projects": "role:admin"
"backup:show": "rule:admin_or_owner"
"backup_strategy:create": "rule:admin_or_owner"
"backup_strategy:index": "rule:admin_or_owner"
"backup_strategy:delete": "rule:admin_or_owner"
"configuration:create": "rule:admin_or_owner"
"configuration:delete": "rule:admin_or_owner"
"configuration:index": "rule:admin_or_owner"
"configuration:show": "rule:admin_or_owner"
"configuration:instances": "rule:admin_or_owner"
"configuration:update": "rule:admin_or_owner"
"configuration:edit": "rule:admin_or_owner"
"configuration-parameter:index": "rule:admin_or_owner"
"configuration-parameter:show": "rule:admin_or_owner"
"configuration-parameter:index_by_version": "rule:admin_or_owner"
"configuration-parameter:show_by_version": "rule:admin_or_owner"
"datastore:index": ""
"datastore:show": ""
"datastore:delete": "rule:admin"
"datastore:version_show": ""
"datastore:version_show_by_uuid": ""
"datastore:version_index": ""
"datastore:list_associated_flavors": ""
"datastore:list_associated_volume_types": ""
"flavor:index": ""
"flavor:show": ""
"limits:index": "rule:admin_or_owner"
"module:create": "rule:admin_or_owner"
"module:delete": "rule:admin_or_owner"
"module:index": "rule:admin_or_owner"
"module:show": "rule:admin_or_owner"
"module:instances": "rule:admin_or_owner"
"module:update": "rule:admin_or_owner"
"module:reapply": "rule:admin_or_owner"