Difference between revisions of "Nova/rbac"

Revision as of 22:15, 7 November 2021

API			Project-scope			System-scope			Domain-scope
Route	Method	RBAC Name	reader	member	admin	reader	member	admin	reader	member	admin	Notes
/	GET											no-auth
/v2, v2.1	GET											no-auth
/os-aggregates	GET	os-aggregates:index
/os-aggregates	POST	os-aggregates:create	x
/os-aggregates/{aggregate_id}	GET	os-aggregates:show
	PUT	os-aggregates:update	x
	DELETE	os-aggregates:delete		x
/os-aggregates/{aggregate_id}/action	POST (add_host)	os-aggregates:add_host
	POST (remove_host)	os-aggregates:remove_host	x
	POST (set_metadata)	os-aggregates:set_metadata	x
/os-aggregates/{aggregate_id}/images	POST	os-aggregates:images
/os-hosts	GET	os-hosts:list
/os-hosts/{host_name}/	GET	os-hosts:show	x	x	x	x	x
/os-hosts/{host_name}/	PUT	os-hosts:update	x
/os-hosts{host_name}/reboot	GET (but this is write operation)	os-hosts:reboot
/os-hosts{host_name}/shutdown	GET (but this is write operation)	os-hosts:shutdown
/os-hosts{host_name}/startup	GET (but this is write operation)	os-hosts:start
/os-hypervisors	GET	os-hypervisors:list
/os-hypervisors/details	GET	os-hypervisors:list-detail
/os-hypervisors/statistics	GET	os-hypervisors:statistics
/os-hypervisors/{hypervisor_id}	GET	os-hypervisors:show	x
/os-hypervisors/{hypervisor_id}/uptime	GET	os-hypervisors:uptime	x	x	x	x	x
/os-hypervisors/{hypervisor_hostname_pattern}/search	GET	os-hypervisors:search
/os-hypervisors/{hypervisor_hostname_pattern}/servers	GET	os-hypervisors:servers
/os-services	GET	os-services:list
/os-services/{service_id}	PUT	os-services:update
/os-services/{service_id}	DELETE	os-services:delete		x
/os-availability-zone	GET	os-availability-zone:list	x
/os-availability-zone/detail	GET	os-availability-zone:detail	x	x	x	x	x
/flavors	POST	os-flavor-manage:create	x	x	x	x	x
/flavors	POST	os-flavor-extra-specs:index -> (to show flavor extraspecs)		x			x
/flavors/detail	GET	os-flavor-extra-specs:index -> (to show flavor extraspecs)		x			x
/flavors/{flavor_id}	PUT	os-flavor-manage:update	x	x	x	x	x
	PUT	os-flavor-extra-specs:index -> (to show flavor extraspecs)		x			x
	DELETE	os-flavor-manage:delete		x			x
	GET	os-flavor-extra-specs:index -> (to show flavor extraspecs)		x			x
/flavors/{flavor_id}/os-flavor-access	GET	os-flavor-access	x	x	x	x	x
/flavors/{flavor_id}/action	POST (addTenantAccess)	os-flavor-access:add_tenant_access
/flavors/{flavor_id}/action	POST (removeTenantAccess)	os-flavor-access:remove_tenant_access
/flavors/{flavor_id}/os-extra_specs/	POST	os-flavor-extra-specs:create
/flavors/{flavor_id}/os-extra_specs/	GET	os-flavor-extra-specs:index		x
/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}	GET	os-flavor-extra-specs:show
	PUT	os-flavor-extra-specs:update		x
	DELETE	os-flavor-extra-specs:delete		x
/servers	POST	servers:create	x	x	x	x	x
		servers:create:forced_host		x			x
		servers:create:requested_destination		x			x
		servers:create:attach_volume		x			x
		servers:create:attach_network		x			x
		servers:create:trusted_certs		x			x
		servers:create:zero_disk_flavor		x			x
		network:attach_external_network		x			x
	GET	servers:index		x			x
		servers:index:get_all_tenants		x			x
		servers:allow_all_filters		x			x
/servers/detail	GET	servers:detail	x	x	x	x	x
		servers:detail:get_all_tenants		x			x
		servers:allow_all_filters		x			x
		servers:show:host_status		x			x
		servers:show:host_status:unknown-only		x			x
/servers/{server_id}	GET	servers:show	x	x	x	x	x
		servers:show:host_status		x			x
		servers:show:host_status:unknown-only		x			x
	PUT	servers:update		x			x
		servers:show:host_status		x			x
		servers:show:host_status:unknown-only		x			x
	DELETE	servers:delete		x			x
/servers/{server_id}/action	POST (rebuild)	servers:rebuild
		servers:show:host_status		x			x
		servers:show:host_status:unknown-only		x			x
		servers:rebuild:trusted_certs		x			x
	POST (confirmResize)	servers:confirm_resize
	POST (revertResize)	servers:revert_resize
	POST (resize)	servers:resize
	POST (resize)	servers:resize:cross_cell		x			x
	POST (reboot)	servers:reboot
	POST (createImage)	servers:create_image
	POST (createImage)	servers:create_image:allow_volume_backed		x			x
	POST (os-start)	servers:start
	POST (os-stop)	servers:stop
	POST (trigger_crash_dump)	servers:trigger_crash_dump
/servers/{server_id}/os-interface	POST	network:attach_external_network

Questions:

@@ Line 29: / Line 29: @@
 |-
 |  /os-aggregates/{aggregate_id}/images || POST || os-aggregates:images ||  ||  ||  ||  ||  ||  || || || ||
+|-
+|  /os-hosts || GET|| os-hosts:list||  ||  ||  ||  ||  ||  || || || ||
+|-
+| rowspan="2" |  /os-hosts/{host_name}/ || GET|| os-hosts:show || x || x || x || x || x ||  || || || ||
+|-
+| PUT || os-hosts:update || x ||  ||  ||  ||  ||  || || || ||
+|-
+|  /os-hosts{host_name}/reboot || GET (but this is write operation) || os-hosts:reboot ||  ||  ||  ||  ||  ||  || || || ||
+|-
+|  /os-hosts{host_name}/shutdown|| GET  (but this is write operation) || os-hosts:shutdown ||  ||  ||  ||  ||  ||  || || || ||
+|-
+|  /os-hosts{host_name}/startup || GET  (but this is write operation)|| os-hosts:start ||  ||  ||  ||  ||  ||  || || || ||
+|-
+|  /os-hypervisors || GET || os-hypervisors:list ||  ||  ||  ||  ||  ||  || || || ||
+|-
+|  /os-hypervisors/details|| GET  || os-hypervisors:list-detail ||  ||  ||  ||  ||  ||  || || || ||
+|-
+|  /os-hypervisors/statistics || GET || os-hypervisors:statistics  ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| /os-hypervisors/{hypervisor_id} || GET || os-hypervisors:show || x ||  ||  ||  ||  ||  || || || ||
+|-
+| /os-hypervisors/{hypervisor_id}/uptime || GET || os-hypervisors:uptime  || x || x || x || x || x ||  || || || ||
+|-
+|  /os-hypervisors/{hypervisor_hostname_pattern}/search|| GET || os-hypervisors:search ||  ||  ||  ||  ||  ||  || || || ||
+|-
+|  /os-hypervisors/{hypervisor_hostname_pattern}/servers || GET|| os-hypervisors:servers  ||  ||  ||  ||  ||  ||  || || || ||
+|-
+|  /os-services || GET|| os-services:list  ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| rowspan="2" | /os-services/{service_id} || PUT|| os-services:update ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| DELETE|| os-services:delete ||  || x ||  ||  ||  ||  || || || ||
 |-
 | /os-availability-zone || GET || os-availability-zone:list || x ||  ||  ||  ||  ||  || || || ||
@@ Line 34: / Line 66: @@
 | /os-availability-zone/detail || GET || os-availability-zone:detail || x || x || x || x || x ||  || || || ||
 |-
-|  /flavors || POST || os-flavor-manage:create || x || x || x || x || x ||  || || || ||
+| rowspan="2" |  /flavors || rowspan="2" | POST || os-flavor-manage:create || x || x || x || x || x ||  || || || ||
+|-
+| os-flavor-extra-specs:index ->  (to show flavor extraspecs)  ||  || x ||  ||  || x ||  || || || ||
 |-
-|  /flavors/detail || GET ||os-flavor-extra-specs:index  ||  || x ||  ||  || x ||  || || || || to show extraspecs
+|  /flavors/detail || GET ||os-flavor-extra-specs:index  -> (to show flavor extraspecs)  ||  || x ||  ||  || x ||  || || || ||
 |-
-| rowspan="4" | /flavors/{flavor_id} || PUT || os-flavor-manage:update ||x  ||x  || x || x || x ||  || || || ||
+| rowspan="4" | /flavors/{flavor_id} || rowspan="2" | PUT || os-flavor-manage:update ||x  ||x  || x || x || x ||  || || || ||
 |-
-| PUT ||os-flavor-extra-specs:index  ||  || x ||  ||  || x ||  || || || ||  to show extraspecs
+| os-flavor-extra-specs:index ->  (to show flavor extraspecs)  ||  || x ||  ||  || x ||  || || || ||
 |-
 | DELETE ||os-flavor-manage:delete  ||  || x ||  ||  || x ||  || || || ||
 |-
-| GET ||os-flavor-extra-specs:index  ||  || x ||  ||  || x ||  || || || ||  to show extraspecs
+| GET ||os-flavor-extra-specs:index ->  (to show flavor extraspecs) ||  || x ||  ||  || x ||  || || || ||
 |-
 | /flavors/{flavor_id}/os-flavor-access|| GET|| os-flavor-access|| x || x || x || x || x ||  || || || ||
 |-
-| /flavors/{flavor_id}/action (addTenantAccess) || POST || os-flavor-access:add_tenant_access ||  ||  ||  ||  ||  ||  || || || ||
+| rowspan="2" |/flavors/{flavor_id}/action || POST  (addTenantAccess)|| os-flavor-access:add_tenant_access ||  ||  ||  ||  ||  ||  || || || ||
 |-
-| /flavors/{flavor_id}/action (removeTenantAccess) || POST || os-flavor-access:remove_tenant_access ||  ||  ||  ||  ||  ||  || || || ||
+| POST  (removeTenantAccess) || os-flavor-access:remove_tenant_access ||  ||  ||  ||  ||  ||  || || || ||
 |-
 | rowspan="2" | /flavors/{flavor_id}/os-extra_specs/ || POST || os-flavor-extra-specs:create ||  ||  ||  ||  ||  ||  || || || ||
@@ Line 61: / Line 95: @@
 |-
 | DELETE || os-flavor-extra-specs:delete ||  || x ||  ||  ||  ||  || || || ||
+|-
+| rowspan="11" | /servers || rowspan="8" | POST || servers:create ||x  ||x  || x || x || x ||  || || || ||
+|-
+| servers:create:forced_host   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:create:requested_destination   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:create:attach_volume   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:create:attach_network   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:create:trusted_certs   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:create:zero_disk_flavor  ||  || x ||  ||  || x ||  || || || ||
+|-
+| network:attach_external_network  ||  || x ||  ||  || x ||  || || || ||
+|-
+|  rowspan="3" | GET || servers:index ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:index:get_all_tenants   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:allow_all_filters   ||  || x ||  ||  || x ||  || || || ||
+|-
+| rowspan="5" | /servers/detail || rowspan="5" | GET || servers:detail ||x  ||x  || x || x || x ||  || || || ||
+|-
+| servers:detail:get_all_tenants   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:allow_all_filters   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:show:host_status   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:show:host_status:unknown-only   ||  || x ||  ||  || x ||  || || || ||
+|-
+| rowspan="7" | /servers/{server_id} || rowspan="3" | GET || servers:show ||x  ||x  || x || x || x ||  || || || ||
+|-
+| servers:show:host_status   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:show:host_status:unknown-only   ||  || x ||  ||  || x ||  || || || ||
+|-
+| rowspan="3" |PUT || servers:update   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:show:host_status   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:show:host_status:unknown-only   ||  || x ||  ||  || x ||  || || || ||
+|-
+| DELETE || servers:delete   ||  || x ||  ||  || x ||  || || || ||
+|-
+| rowspan="14" |/servers/{server_id}/action || rowspan="4" | POST  (rebuild)|| servers:rebuild ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| servers:show:host_status   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:show:host_status:unknown-only   ||  || x ||  ||  || x ||  || || || ||
+|-
+| servers:rebuild:trusted_certs   ||  || x ||  ||  || x ||  || || || ||
+|-
+| POST  (confirmResize) || servers:confirm_resize ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| POST  (revertResize) || servers:revert_resize ||  ||  ||  ||  ||  ||  || || || ||
+|-
+|  rowspan="2" | POST  (resize) || servers:resize ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| servers:resize:cross_cell  ||  || x ||  ||  || x ||  || || || ||
+|-
+| POST  (reboot) || servers:reboot ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| rowspan="2" | POST  (createImage) || servers:create_image ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| servers:create_image:allow_volume_backed  ||  || x ||  ||  || x ||  || || || ||
+|-
+| POST  (os-start) || servers:start ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| POST  (os-stop) || servers:stop ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| POST  (trigger_crash_dump) ||servers:trigger_crash_dump ||  ||  ||  ||  ||  ||  || || || ||
+|-
+| /servers/{server_id}/os-interface ||  POST  ||network:attach_external_network ||  ||  ||  ||  ||  ||  || || || ||
 |-
 |}
 Questions: