/etc/gnocchi/policy.json is in gnocchi-common 4.2.0-0ubuntu5.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | {
"admin_or_creator": "role:admin or user:%(creator)s or project_id:%(created_by_project_id)s",
"resource_owner": "project_id:%(project_id)s",
"metric_owner": "project_id:%(resource.project_id)s",
"get status": "role:admin",
"create resource": "",
"get resource": "rule:admin_or_creator or rule:resource_owner",
"update resource": "rule:admin_or_creator",
"delete resource": "rule:admin_or_creator",
"delete resources": "rule:admin_or_creator",
"list resource": "rule:admin_or_creator or rule:resource_owner",
"search resource": "rule:admin_or_creator or rule:resource_owner",
"create resource type": "role:admin",
"delete resource type": "role:admin",
"update resource type": "role:admin",
"list resource type": "",
"get resource type": "",
"get archive policy": "",
"list archive policy": "",
"create archive policy": "role:admin",
"update archive policy": "role:admin",
"delete archive policy": "role:admin",
"create archive policy rule": "role:admin",
"get archive policy rule": "",
"list archive policy rule": "",
"update archive policy rule": "role:admin",
"delete archive policy rule": "role:admin",
"create metric": "",
"delete metric": "rule:admin_or_creator",
"get metric": "rule:admin_or_creator or rule:metric_owner",
"search metric": "rule:admin_or_creator or rule:metric_owner",
"list metric": "rule:admin_or_creator or rule:metric_owner",
"get measures": "rule:admin_or_creator or rule:metric_owner",
"post measures": "rule:admin_or_creator"
}
|