Policy configuration¶
Configuration¶
The following is an overview of all available policies in Zun. For a sample configuration file.
zun¶
context_is_adminDefault: role:admin(no description provided)
admin_or_ownerDefault: is_admin:True or project_id:%(project_id)s(no description provided)
admin_apiDefault: rule:context_is_admin(no description provided)
container:createDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers
Create a new container.
- POST
container:deleteDefault: is_admin:True or project_id:%(project_id)sOperations: - DELETE
/v1/containers/{container_ident}
Delete a container.
- DELETE
container:delete_all_projectsDefault: rule:context_is_adminOperations: - DELETE
/v1/containers/{container_ident}
Delete a container from all projects.
- DELETE
container:delete_forceDefault: rule:context_is_adminOperations: - DELETE
/v1/containers/{container_ident}
Forcibly delete a container.
- DELETE
container:get_oneDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/containers/{container_ident}
Retrieve the details of a specific container.
- GET
container:get_one_all_projectsDefault: rule:context_is_adminOperations: - GET
/v1/containers/{container_ident}
Retrieve the details of a specific container from all projects.
- GET
container:get_allDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/containers
Retrieve the details of all containers.
- GET
container:get_all_all_projectsDefault: rule:context_is_adminOperations: - GET
/v1/containers
Retrieve the details of all containers across projects.
- GET
container:updateDefault: is_admin:True or project_id:%(project_id)sOperations: - PATCH
/v1/containers/{container_ident}
Update a container.
- PATCH
container:startDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/start
Start a container.
- POST
container:stopDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/stop
Stop a container.
- POST
container:rebootDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/reboot
Reboot a container.
- POST
container:pauseDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/pause
Pause a container.
- POST
container:unpauseDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/unpause
Unpause a container.
- POST
container:logsDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/containers/{container_ident}/logs
Get the log of a container
- GET
container:executeDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/execute
Execute command in a running container
- POST
container:execute_resizeDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/execute_resize
Resize the TTY used by an execute command.
- POST
container:killDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/kill
Kill a running container
- POST
container:renameDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/rename
Rename a container.
- POST
container:attachDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/containers/{container_ident}/attach
Attach to a running container
- GET
container:resizeDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/resize
Resize a container.
- POST
container:topDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/containers/{container_ident}/top
Display the running processes inside the container.
- GET
container:get_archiveDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/containers/{container_ident}/get_archive
Get a tar archive of a path of container.
- GET
container:put_archiveDefault: is_admin:True or project_id:%(project_id)sOperations: - PUT
/v1/containers/{container_ident}/put_archive
Put a tar archive to be extracted to a path of container
- PUT
container:statsDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/containers/{container_ident}/stats
Display the statistics of a container
- GET
container:commitDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/commit
Commit a container
- POST
container:add_security_groupDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/add_security_group
Add a security group to a specific container.
- POST
container:network_detachDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/network_detach
Detach a network from a container.
- POST
container:network_attachDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/network_attach
Attach a network from a container.
- POST
container:remove_security_groupDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/containers/{container_ident}/remove_security_group
Remove security group from a specific container.
- POST
image:pullDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/images
Pull an image.
- POST
image:get_allDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/images
Print a list of available images.
- GET
image:get_oneDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/images/{image_id}
Retrieve the details of a specific image.
- GET
image:searchDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/images/{image_ident}/search
Search an image.
- GET
zun-service:deleteDefault: rule:context_is_adminOperations: - DELETE
/v1/services
Delete a service.
- DELETE
zun-service:disableDefault: rule:context_is_adminOperations: - PUT
/v1/services/disable
Disable a service.
- PUT
zun-service:enableDefault: rule:context_is_adminOperations: - PUT
/v1/services/enable
Enable a service.
- PUT
zun-service:force_downDefault: rule:context_is_adminOperations: - PUT
/v1/services/force_down
Forcibly shutdown a service.
- PUT
zun-service:get_allDefault: rule:context_is_adminOperations: - GET
/v1/services
Show the status of a service.
- GET
host:get_allDefault: rule:context_is_adminOperations: - GET
/v1/hosts
List all compute hosts.
- GET
host:getDefault: rule:context_is_adminOperations: - GET
/v1/hosts/{host_ident}
Show the details of a specific compute host.
- GET
capsule:createDefault: is_admin:True or project_id:%(project_id)sOperations: - POST
/v1/capsules/
Create a capsule
- POST
capsule:deleteDefault: is_admin:True or project_id:%(project_id)sOperations: - DELETE
/v1/capsules/{capsule_ident}
Delete a capsule
- DELETE
capsule:delete_all_projectsDefault: rule:context_is_adminOperations: - DELETE
/v1/capsules/{capsule_ident}
Delete a container in any project.
- DELETE
capsule:getDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/capsules/{capsule_ident}
Retrieve the details of a capsule.
- GET
capsule:get_one_all_projectsDefault: rule:context_is_adminOperations: - GET
/v1/capsules/{capsule_ident}
Retrieve the details of a capsule in any project.
- GET
capsule:get_allDefault: is_admin:True or project_id:%(project_id)sOperations: - GET
/v1/capsules/
List all capsules.
- GET
capsule:get_all_all_projectsDefault: rule:context_is_adminOperations: - GET
/v1/capsules/
List all capsules across projects.
- GET
network:attach_external_networkDefault: role:adminOperations: - POST
/v1/containers
Attach an unshared external network to a container
- POST
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.