2
"context_is_admin": "role:admin",
3
"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
4
"context_is_advsvc": "role:advsvc",
5
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
6
"admin_only": "rule:context_is_admin",
8
"shared": "field:networks:shared=True",
9
"shared_firewalls": "field:firewalls:shared=True",
10
"shared_firewall_policies": "field:firewall_policies:shared=True",
11
"external": "field:networks:router:external=True",
12
"default": "rule:admin_or_owner",
14
"create_subnet": "rule:admin_or_network_owner",
15
"get_subnet": "rule:admin_or_owner or rule:shared",
16
"update_subnet": "rule:admin_or_network_owner",
17
"delete_subnet": "rule:admin_or_network_owner",
20
"get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
21
"get_network:router:external": "rule:regular_user",
22
"get_network:segments": "rule:admin_only",
23
"get_network:provider:network_type": "rule:admin_only",
24
"get_network:provider:physical_network": "rule:admin_only",
25
"get_network:provider:segmentation_id": "rule:admin_only",
26
"get_network:queue_id": "rule:admin_only",
27
"create_network:shared": "rule:admin_only",
28
"create_network:router:external": "rule:admin_only",
29
"create_network:segments": "rule:admin_only",
30
"create_network:provider:network_type": "rule:admin_only",
31
"create_network:provider:physical_network": "rule:admin_only",
32
"create_network:provider:segmentation_id": "rule:admin_only",
33
"update_network": "rule:admin_or_owner",
34
"update_network:segments": "rule:admin_only",
35
"update_network:shared": "rule:admin_only",
36
"update_network:provider:network_type": "rule:admin_only",
37
"update_network:provider:physical_network": "rule:admin_only",
38
"update_network:provider:segmentation_id": "rule:admin_only",
39
"update_network:router:external": "rule:admin_only",
40
"delete_network": "rule:admin_or_owner",
43
"create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc",
44
"create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
45
"create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
46
"create_port:binding:host_id": "rule:admin_only",
47
"create_port:binding:profile": "rule:admin_only",
48
"create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
49
"get_port": "rule:admin_or_owner or rule:context_is_advsvc",
50
"get_port:queue_id": "rule:admin_only",
51
"get_port:binding:vif_type": "rule:admin_only",
52
"get_port:binding:vif_details": "rule:admin_only",
53
"get_port:binding:host_id": "rule:admin_only",
54
"get_port:binding:profile": "rule:admin_only",
55
"update_port": "rule:admin_or_owner or rule:context_is_advsvc",
56
"update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
57
"update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
58
"update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
59
"update_port:binding:host_id": "rule:admin_only",
60
"update_port:binding:profile": "rule:admin_only",
61
"update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
62
"delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
64
"get_router:ha": "rule:admin_only",
65
"create_router": "rule:regular_user",
66
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
67
"create_router:distributed": "rule:admin_only",
68
"create_router:ha": "rule:admin_only",
69
"get_router": "rule:admin_or_owner",
70
"get_router:distributed": "rule:admin_only",
71
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
72
"update_router:distributed": "rule:admin_only",
73
"update_router:ha": "rule:admin_only",
74
"delete_router": "rule:admin_or_owner",
76
"add_router_interface": "rule:admin_or_owner",
77
"remove_router_interface": "rule:admin_or_owner",
79
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
80
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
82
"create_firewall": "",
83
"get_firewall": "rule:admin_or_owner",
84
"create_firewall:shared": "rule:admin_only",
85
"get_firewall:shared": "rule:admin_only",
86
"update_firewall": "rule:admin_or_owner",
87
"update_firewall:shared": "rule:admin_only",
88
"delete_firewall": "rule:admin_or_owner",
90
"create_firewall_policy": "",
91
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies",
92
"create_firewall_policy:shared": "rule:admin_or_owner",
93
"update_firewall_policy": "rule:admin_or_owner",
94
"delete_firewall_policy": "rule:admin_or_owner",
96
"create_firewall_rule": "",
97
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
98
"update_firewall_rule": "rule:admin_or_owner",
99
"delete_firewall_rule": "rule:admin_or_owner",
101
"create_qos_queue": "rule:admin_only",
102
"get_qos_queue": "rule:admin_only",
104
"update_agent": "rule:admin_only",
105
"delete_agent": "rule:admin_only",
106
"get_agent": "rule:admin_only",
108
"create_dhcp-network": "rule:admin_only",
109
"delete_dhcp-network": "rule:admin_only",
110
"get_dhcp-networks": "rule:admin_only",
111
"create_l3-router": "rule:admin_only",
112
"delete_l3-router": "rule:admin_only",
113
"get_l3-routers": "rule:admin_only",
114
"get_dhcp-agents": "rule:admin_only",
115
"get_l3-agents": "rule:admin_only",
116
"get_loadbalancer-agent": "rule:admin_only",
117
"get_loadbalancer-pools": "rule:admin_only",
118
"get_agent-loadbalancers": "rule:admin_only",
119
"get_loadbalancer-hosting-agent": "rule:admin_only",
121
"create_floatingip": "rule:regular_user",
122
"create_floatingip:floating_ip_address": "rule:admin_only",
123
"update_floatingip": "rule:admin_or_owner",
124
"delete_floatingip": "rule:admin_or_owner",
125
"get_floatingip": "rule:admin_or_owner",
127
"create_network_profile": "rule:admin_only",
128
"update_network_profile": "rule:admin_only",
129
"delete_network_profile": "rule:admin_only",
130
"get_network_profiles": "",
131
"get_network_profile": "",
132
"update_policy_profiles": "rule:admin_only",
133
"get_policy_profiles": "",
134
"get_policy_profile": "",
136
"create_metering_label": "rule:admin_only",
137
"delete_metering_label": "rule:admin_only",
138
"get_metering_label": "rule:admin_only",
140
"create_metering_label_rule": "rule:admin_only",
141
"delete_metering_label_rule": "rule:admin_only",
142
"get_metering_label_rule": "rule:admin_only",
144
"get_service_provider": "rule:regular_user",
145
"get_lsn": "rule:admin_only",
146
"create_lsn": "rule:admin_only"