-
Notifications
You must be signed in to change notification settings - Fork 0
/
policy-glance-stable-2023.2.yaml
60 lines (60 loc) · 4.27 KB
/
policy-glance-stable-2023.2.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
"default": ""
"context_is_admin": "role:admin"
"add_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s and project_id:%(owner)s)"
"delete_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
"get_image": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
"get_images": "rule:context_is_admin or (role:reader and project_id:%(project_id)s)"
"modify_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
"publicize_image": "rule:context_is_admin"
"communitize_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
"download_image": "rule:context_is_admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
"upload_image": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
"delete_image_location": "rule:context_is_admin"
"get_image_location": "rule:context_is_admin or (role:reader and project_id:%(project_id)s)"
"set_image_location": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
"add_member": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
"delete_member": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
"get_member": "rule:context_is_admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
"get_members": "rule:context_is_admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
"modify_member": "rule:context_is_admin or (role:member and project_id:%(member_id)s)"
"manage_image_cache": "rule:context_is_admin"
"deactivate": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
"reactivate": "rule:context_is_admin or (role:member and project_id:%(project_id)s)"
"copy_image": "rule:context_is_admin"
"get_task": "rule:default"
"get_tasks": "rule:default"
"add_task": "rule:default"
"modify_task": "rule:default"
"tasks_api_access": "rule:context_is_admin"
"metadef_default": ""
"metadef_admin": "rule:context_is_admin"
"get_metadef_namespace": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
"get_metadef_namespaces": "rule:context_is_admin or (role:reader and project_id:%(project_id)s)"
"modify_metadef_namespace": "rule:metadef_admin"
"add_metadef_namespace": "rule:metadef_admin"
"delete_metadef_namespace": "rule:metadef_admin"
"get_metadef_object": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
"get_metadef_objects": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
"modify_metadef_object": "rule:metadef_admin"
"add_metadef_object": "rule:metadef_admin"
"delete_metadef_object": "rule:metadef_admin"
"list_metadef_resource_types": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
"get_metadef_resource_type": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
"add_metadef_resource_type_association": "rule:metadef_admin"
"remove_metadef_resource_type_association": "rule:metadef_admin"
"get_metadef_property": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
"get_metadef_properties": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
"modify_metadef_property": "rule:metadef_admin"
"add_metadef_property": "rule:metadef_admin"
"remove_metadef_property": "rule:metadef_admin"
"get_metadef_tag": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
"get_metadef_tags": "rule:context_is_admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
"modify_metadef_tag": "rule:metadef_admin"
"add_metadef_tag": "rule:metadef_admin"
"add_metadef_tags": "rule:metadef_admin"
"delete_metadef_tag": "rule:metadef_admin"
"delete_metadef_tags": "rule:metadef_admin"
"cache_image": "rule:context_is_admin"
"cache_list": "rule:context_is_admin"
"cache_delete": "rule:context_is_admin"
"stores_info_detail": "rule:context_is_admin"