策略配置¶

配置¶

以下是 Cinder 中所有可用策略的概述。有关如何编写自定义策略文件以修改这些策略的信息，请参阅 policy.yaml 在 Cinder 配置文档中。

cinder¶

admin_or_owner

默认值:: is_admin:True 或 (role:admin 且 is_admin_project:True) 或 project_id:%(project_id)s

已弃用：此规则将在 Yoga 版本中移除。大多数非管理员 API 的默认规则。

system_or_domain_or_project_admin

默认值:: (role:admin 且 system_scope:all) 或 (role:admin 且 domain_id:%(domain_id)s) 或 (role:admin 且 project_id:%(project_id)s)

已弃用：此规则将在 Yoga 版本中移除。云、域或项目的管理员的默认规则。

context_is_admin

默认值:: role:admin

确定 ‘is_admin:True’ 检查是否成功的必要条件。

admin_api

默认值:: is_admin:True 或 (role:admin 且 is_admin_project:True)

大多数管理员 API 的默认规则。

xena_system_admin_or_project_reader

默认值:: (role:admin) 或 (role:reader 且 project_id:%(project_id)s)

注意：此纯基于角色的规则仅识别项目范围

xena_system_admin_or_project_member

默认值:: (role:admin) 或 (role:member 且 project_id:%(project_id)s)

注意：此纯基于角色的规则仅识别项目范围

volume:attachment_create

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /attachments

创建挂载。

volume:attachment_update

默认值:

rule:xena_system_admin_or_project_member

操作:

PUT /attachments/{attachment_id}

更新挂载。

volume:attachment_delete

默认值:

rule:xena_system_admin_or_project_member

操作:

DELETE /attachments/{attachment_id}

删除挂载。

volume:attachment_complete

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /attachments/{attachment_id}/action (os-complete)

将卷挂载过程标记为完成（使用中）

volume:multiattach_bootable_volume

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /attachments

允许多重挂载可引导卷。

message:get_all

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /messages

列出消息。

message:get

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /messages/{message_id}

显示消息。

message:delete

默认值:

rule:xena_system_admin_or_project_member

操作:

DELETE /messages/{message_id}

删除消息。

clusters:get_all

默认值:

rule:admin_api

操作:

GET /clusters
GET /clusters/detail

列出集群。

clusters:get

默认值:

rule:admin_api

操作:

GET /clusters/{cluster_id}

显示集群。

clusters:update

默认值:

rule:admin_api

操作:

PUT /clusters/{cluster_id}

更新集群。

workers:cleanup

默认值:

rule:admin_api

操作:

POST /workers/cleanup

清理工作节点。

volume:get_snapshot_metadata

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /snapshots/{snapshot_id}/metadata
GET /snapshots/{snapshot_id}/metadata/{key}

显示快照的元数据或具有给定键的指定元数据。

volume:update_snapshot_metadata

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /snapshots/{snapshot_id}/metadata
PUT /snapshots/{snapshot_id}/metadata/{key}

更新快照的元数据或具有给定键的指定元数据。

volume:delete_snapshot_metadata

默认值:

rule:xena_system_admin_or_project_member

操作:

DELETE /snapshots/{snapshot_id}/metadata/{key}

删除快照具有给定键的指定元数据。

volume:get_all_snapshots

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /snapshots
GET /snapshots/detail

列出快照。

volume_extension:extended_snapshot_attributes

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /snapshots/{snapshot_id}
GET /snapshots/detail

列出或显示具有扩展属性的快照。

volume:create_snapshot

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /snapshots

创建快照。

volume:get_snapshot

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /snapshots/{snapshot_id}

显示快照。

volume:update_snapshot

默认值:

rule:xena_system_admin_or_project_member

操作:

PUT /snapshots/{snapshot_id}

更新快照。

volume:delete_snapshot

默认值:

rule:xena_system_admin_or_project_member

操作:

DELETE /snapshots/{snapshot_id}

删除快照。

volume_extension:snapshot_admin_actions:reset_status

默认值:

rule:admin_api

操作:

POST /snapshots/{snapshot_id}/action (os-reset_status)

重置快照的状态。

snapshot_extension:snapshot_actions:update_snapshot_status

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /snapshots/{snapshot_id}/action (update_snapshot_status)

更新快照的数据库字段。

volume_extension:snapshot_admin_actions:force_delete

默认值:

rule:admin_api

操作:

POST /snapshots/{snapshot_id}/action (os-force_delete)

强制删除快照。

snapshot_extension:list_manageable

默认值:

rule:admin_api

操作:

GET /manageable_snapshots
GET /manageable_snapshots/detail

列出（详细）可管理的快照。

snapshot_extension:snapshot_manage

默认值:

rule:admin_api

操作:

POST /manageable_snapshots

管理现有的快照。

snapshot_extension:snapshot_unmanage

默认值:

rule:admin_api

操作:

POST /snapshots/{snapshot_id}/action (os-unmanage)

停止管理快照。

backup:get_all

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /backups
GET /backups/detail

列出备份。

backup:backup_project_attribute

默认值:

rule:admin_api

操作:

GET /backups/{backup_id}
GET /backups/detail

列出备份或显示具有项目属性的备份。

backup:create

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /backups

创建备份。

backup:get

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /backups/{backup_id}

显示备份。

backup:update

默认值:

rule:xena_system_admin_or_project_member

操作:

PUT /backups/{backup_id}

更新备份。

backup:delete

默认值:

rule:xena_system_admin_or_project_member

操作:

DELETE /backups/{backup_id}

删除备份。

backup:restore

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /backups/{backup_id}/restore

恢复备份。

backup:backup-import

默认值:

rule:admin_api

操作:

POST /backups/{backup_id}/import_record

导入备份。

backup:export-import

默认值:

rule:admin_api

操作:

POST /backups/{backup_id}/export_record

导出备份。

volume_extension:backup_admin_actions:reset_status

默认值:

rule:admin_api

操作:

POST /backups/{backup_id}/action (os-reset_status)

重置备份的状态。

volume_extension:backup_admin_actions:force_delete

默认值:

rule:admin_api

操作:

POST /backups/{backup_id}/action (os-force_delete)

强制删除备份。

group:get_all

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /groups
GET /groups/detail

列出组。

group:create

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /groups

创建组。

group:get

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /groups/{group_id}

显示群组。

group:update

默认值:

rule:xena_system_admin_or_project_member

操作:

PUT /groups/{group_id}

更新组。

group:group_project_attribute

默认值:

rule:admin_api

操作:

GET /groups/{group_id}
GET /groups/detail

列出群组或显示具有项目属性的群组。

group:group_types:create

默认值:

rule:admin_api

操作:

POST /group_types/

创建一个组类型。

group:group_types:update

默认值:

rule:admin_api

操作:

PUT /group_types/{group_type_id}

更新群组类型。

group:group_types:delete

默认值:

rule:admin_api

操作:

DELETE /group_types/{group_type_id}

删除群组类型。

group:access_group_types_specs

默认值:

rule:admin_api

操作:

GET /group_types/{group_type_id}

显示具有类型规范属性的群组类型。

group:group_types_specs:get

默认值:

rule:admin_api

操作:

GET /group_types/{group_type_id}/group_specs/{g_spec_id}

显示群组类型规范。

group:group_types_specs:get_all

默认值:

rule:admin_api

操作:

GET /group_types/{group_type_id}/group_specs

列出群组类型规范。

group:group_types_specs:create

默认值:

rule:admin_api

操作:

POST /group_types/{group_type_id}/group_specs

创建群组类型规范。

group:group_types_specs:update

默认值:

rule:admin_api

操作:

PUT /group_types/{group_type_id}/group_specs/{g_spec_id}

更新群组类型规范。

group:group_types_specs:delete

默认值:

rule:admin_api

操作:

DELETE /group_types/{group_type_id}/group_specs/{g_spec_id}

删除群组类型规范。

group:get_all_group_snapshots

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /group_snapshots
GET /group_snapshots/detail

列出群组快照。

group:create_group_snapshot

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /group_snapshots

创建群组快照。

group:get_group_snapshot

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /group_snapshots/{group_snapshot_id}

显示群组快照。

group:delete_group_snapshot

默认值:

rule:xena_system_admin_or_project_member

操作:

DELETE /group_snapshots/{group_snapshot_id}

删除群组快照。

group:update_group_snapshot

默认值:

rule:xena_system_admin_or_project_member

操作:

PUT /group_snapshots/{group_snapshot_id}

更新群组快照。

group:group_snapshot_project_attribute

默认值:

rule:admin_api

操作:

GET /group_snapshots/{group_snapshot_id}
GET /group_snapshots/detail

列出群组快照或显示具有项目属性的群组快照。

group:reset_group_snapshot_status

默认值:

rule:admin_api

操作:

POST /group_snapshots/{g_snapshot_id}/action (reset_status)

重置群组快照的状态。

group:delete

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /groups/{group_id}/action (delete)

删除组。

group:reset_status

默认值:

rule:admin_api

操作:

POST /groups/{group_id}/action (reset_status)

重置群组的状态。

group:enable_replication

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /groups/{group_id}/action (enable_replication)

启用复制。

group:disable_replication

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /groups/{group_id}/action (disable_replication)

禁用复制。

group:failover_replication

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /groups/{group_id}/action (failover_replication)

故障转移复制。

group:list_replication_targets

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /groups/{group_id}/action (list_replication_targets)

列出故障转移复制。

volume_extension:qos_specs_manage:get_all

默认值:

rule:admin_api

操作:

GET /qos-specs
GET /qos-specs/{qos_id}/associations

列出 QoS 规范或列出所有关联。

volume_extension:qos_specs_manage:get

默认值:

rule:admin_api

操作:

GET /qos-specs/{qos_id}

显示 QoS 规范。

volume_extension:qos_specs_manage:create

默认值:

rule:admin_api

操作:

POST /qos-specs

创建 QoS 规范。

volume_extension:qos_specs_manage:update

默认值:

rule:admin_api

操作:

PUT /qos-specs/{qos_id}
GET /qos-specs/{qos_id}/disassociate_all
GET /qos-specs/{qos_id}/associate
GET /qos-specs/{qos_id}/disassociate

更新 QoS 规范（包括更新关联）。

volume_extension:qos_specs_manage:delete

默认值:

rule:admin_api

操作:

DELETE /qos-specs/{qos_id}
PUT /qos-specs/{qos_id}/delete_keys

删除 QoS 规范或取消设置指定的 QoS 键。

volume_extension:quota_classes:get

默认值:

rule:admin_api

操作:

GET /os-quota-class-sets/{project_id}

显示项目配额类。

volume_extension:quota_classes:update

默认值:

rule:admin_api

操作:

PUT /os-quota-class-sets/{project_id}

更新项目配额类。

volume_extension:quotas:show

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /os-quota-sets/{project_id}
GET /os-quota-sets/{project_id}/default
GET /os-quota-sets/{project_id}?usage=True

显示项目配额（包括使用情况和默认值）。

volume_extension:quotas:update

默认值:

rule:admin_api

操作:

PUT /os-quota-sets/{project_id}

更新项目配额。

volume_extension:quotas:delete

默认值:

rule:admin_api

操作:

DELETE /os-quota-sets/{project_id}

删除项目配额。

volume_extension:capabilities

默认值:

rule:admin_api

操作:

GET /capabilities/{host_name}

显示后端功能。

volume_extension:services:index

默认值:

rule:admin_api

操作:

GET /os-services

列出所有服务。

volume_extension:services:update

默认值:

rule:admin_api

操作:

PUT /os-services/{action}

更新服务，包括 failover_host、thaw、freeze、disable、enable、set-log 和 get-log 操作。

volume:freeze_host

默认值:

rule:admin_api

操作:

PUT /os-services/freeze

冻结后端主机。

volume:thaw_host

默认值:

rule:admin_api

操作:

PUT /os-services/thaw

解冻后端主机。

volume:failover_host

默认值:

rule:admin_api

操作:

PUT /os-services/failover_host

故障转移后端主机。

scheduler_extension:scheduler_stats:get_pools

默认值:

rule:admin_api

操作:

GET /scheduler-stats/get_pools

列出所有后端池。

volume_extension:hosts

默认值:

rule:admin_api

操作:

GET /os-hosts
PUT /os-hosts/{host_name}
GET /os-hosts/{host_id}

列出、更新或显示项目的宿主机。

limits_extension:used_limits

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /limits

显示带有已用限制属性的限制。

volume_extension:list_manageable

默认值:

rule:admin_api

操作:

GET /manageable_volumes
GET /manageable_volumes/detail

列出可管理的卷（详细信息）。

volume_extension:volume_manage

默认值:

rule:admin_api

操作:

POST /manageable_volumes

管理现有卷。

volume_extension:volume_unmanage

默认值:

rule:admin_api

操作:

POST /volumes/{volume_id}/action (os-unmanage)

停止管理卷。

volume_extension:type_create

默认值:

rule:admin_api

操作:

POST /types

创建卷类型。

volume_extension:type_update

默认值:

rule:admin_api

操作:

PUT /types

更新卷类型。

volume_extension:type_delete

默认值:

rule:admin_api

操作:

DELETE /types

删除卷类型。

volume_extension:type_get

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /types/{type_id}

获取特定的卷类型。

volume_extension:type_get_all

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /types/

列出卷类型。

volume_extension:access_types_extra_specs

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /types/{type_id}
GET /types

在卷类型列表或显示请求中包含卷类型的 extra_specs 属性。调用这些接口的能力受其他策略控制。

volume_extension:access_types_qos_specs_id

默认值:

rule:admin_api

操作:

GET /types/{type_id}
GET /types

在卷类型列表或显示请求中包含卷类型的 QoS 规范 ID 属性。调用这些接口的能力受其他策略控制。

volume_extension:volume_type_encryption

默认值:: rule:admin_api

已弃用：此规则将在 Yoga 版本中移除。

volume_extension:volume_type_encryption:create

默认值:

rule:admin_api

操作:

POST /types/{type_id}/encryption

创建卷类型加密。

volume_extension:volume_type_encryption:get

默认值:

rule:admin_api

操作:

GET /types/{type_id}/encryption
GET /types/{type_id}/encryption/{key}

显示卷类型的加密类型，显示加密规范项。

volume_extension:volume_type_encryption:update

默认值:

rule:admin_api

操作:

PUT /types/{type_id}/encryption/{encryption_id}

更新卷类型加密。

volume_extension:volume_type_encryption:delete

默认值:

rule:admin_api

操作:

DELETE /types/{type_id}/encryption/{encryption_id}

删除卷类型加密。

volume_extension:volume_type_access

默认值:

rule:xena_system_admin_or_project_member

操作:

GET /types
GET /types/{type_id}
POST /types

在这些 API 调用的响应中添加布尔字段 ‘os-volume-type-access:is_public’。调用这些接口的能力受其他策略控制。

volume_extension:volume_type_access:addProjectAccess

默认值:

rule:admin_api

操作:

POST /types/{type_id}/action (addProjectAccess)

为项目添加卷类型访问权限。

volume_extension:volume_type_access:removeProjectAccess

默认值:

rule:admin_api

操作:

POST /types/{type_id}/action (removeProjectAccess)

移除项目的卷类型访问权限。

volume_extension:volume_type_access:get_all_for_type

默认值:

rule:admin_api

操作:

GET /types/{type_id}/os-volume-type-access

列出私有卷类型访问详情，即列出具有此卷类型访问权限的项目。

volume:extend

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-extend)

扩展卷。

volume:extend_attached_volume

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-extend)

扩展已挂载的卷。

volume_extension:volume_admin_actions:extend_volume_completion

默认值:

rule:admin_api

操作:

POST /volumes/{volume_id}/action (os-extend_volume_completion)

完成卷扩展操作。

volume:revert_to_snapshot

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (revert)

将卷恢复到快照。

volume_extension:volume_admin_actions:reset_status

默认值:

rule:admin_api

操作:

POST /volumes/{volume_id}/action (os-reset_status)

重置卷的状态。

volume:retype

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-retype)

重新类型化卷。

volume:update_readonly_flag

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-update_readonly_flag)

更新卷的只读标志。

volume_extension:volume_admin_actions:force_delete

默认值:

rule:admin_api

操作:

POST /volumes/{volume_id}/action (os-force_delete)

强制删除卷。

volume_extension:volume_actions:upload_public

默认值:

rule:admin_api

操作:

POST /volumes/{volume_id}/action (os-volume_upload_image)

以公共可见性将卷上传到镜像。

volume_extension:volume_actions:upload_image

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-volume_upload_image)

上传卷到镜像。

volume_extension:volume_admin_actions:force_detach

默认值:

rule:admin_api

操作:

POST /volumes/{volume_id}/action (os-force_detach)

强制卸载卷。

volume_extension:volume_admin_actions:migrate_volume

默认值:

rule:admin_api

操作:

POST /volumes/{volume_id}/action (os-migrate_volume)

将卷迁移到指定的宿主机。

volume_extension:volume_admin_actions:migrate_volume_completion

默认值:

rule:admin_api

操作:

POST /volumes/{volume_id}/action (os-migrate_volume_completion)

完成卷迁移。

volume_extension:volume_actions:initialize_connection

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-initialize_connection)

初始化卷连接。

volume_extension:volume_actions:terminate_connection

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-terminate_connection)

终止卷连接。

volume_extension:volume_actions:roll_detaching

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-roll_detaching)

将卷状态回滚到“使用中”。

volume_extension:volume_actions:reserve

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-reserve)

标记卷为已保留。

volume_extension:volume_actions:unreserve

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-unreserve)

取消标记卷为已保留。

volume_extension:volume_actions:begin_detaching

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-begin_detaching)

开始卸载卷。

volume_extension:volume_actions:attach

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-attach)

添加连接元数据。

volume_extension:volume_actions:detach

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-detach)

清除连接元数据。

volume:reimage

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-reimage)

重新镜像处于“可用”或“错误”状态的卷。

volume:reimage_reserved

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-reimage)

重新镜像处于“已保留”状态的卷。

volume:get_all_transfers

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /os-volume-transfer
GET /os-volume-transfer/detail
GET /volume_transfers
GET /volume-transfers/detail

列出卷传输。

volume:create_transfer

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /os-volume-transfer
POST /volume_transfers

创建一个卷传输。

volume:get_transfer

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /os-volume-transfer/{transfer_id}
GET /volume-transfers/{transfer_id}

显示指定的卷传输。

volume:accept_transfer

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /os-volume-transfer/{transfer_id}/accept
POST /volume-transfers/{transfer_id}/accept

接受卷传输。

volume:delete_transfer

默认值:

rule:xena_system_admin_or_project_member

操作:

DELETE /os-volume-transfer/{transfer_id}
DELETE /volume-transfers/{transfer_id}

删除卷传输。

volume:get_volume_metadata

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /volumes/{volume_id}/metadata
GET /volumes/{volume_id}/metadata/{key}
POST /volumes/{volume_id}/action (os-show_image_metadata)

显示卷的元数据或具有给定键的特定元数据。

volume:create_volume_metadata

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/metadata

创建卷元数据。

volume:update_volume_metadata

默认值:

rule:xena_system_admin_or_project_member

操作:

PUT /volumes/{volume_id}/metadata
PUT /volumes/{volume_id}/metadata/{key}

替换卷的元数据字典或使用给定的键更新单个元数据。

volume:delete_volume_metadata

默认值:

rule:xena_system_admin_or_project_member

操作:

DELETE /volumes/{volume_id}/metadata/{key}

删除具有给定键的卷的元数据。

volume_extension:volume_image_metadata:show

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /volumes/detail
GET /volumes/{volume_id}

在卷详细信息响应中包含卷的镜像元数据。调用这些接口的能力受其他策略控制。

volume_extension:volume_image_metadata:set

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-set_image_metadata)

设置卷的镜像元数据

volume_extension:volume_image_metadata:remove

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes/{volume_id}/action (os-unset_image_metadata)

从卷中移除特定的镜像元数据

volume:update_volume_admin_metadata

默认值:

rule:admin_api

操作:

POST /volumes/{volume_id}/action (os-update_readonly_flag)
POST /volumes/{volume_id}/action (os-attach)

更新卷管理员元数据。需要此权限才能完成这些 API 调用，尽管调用这些接口的能力受其他策略控制。

volume_extension:types_extra_specs:index

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /types/{type_id}/extra_specs

列出类型附加规范。

volume_extension:types_extra_specs:create

默认值:

rule:admin_api

操作:

POST /types/{type_id}/extra_specs

创建类型附加规范。

volume_extension:types_extra_specs:show

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /types/{type_id}/extra_specs/{extra_spec_key}

显示一个指定的类型附加规范。

volume_extension:types_extra_specs:read_sensitive

默认值:

rule:admin_api

操作:

GET /types
GET /types/{type_id}
GET /types/{type_id}/extra_specs
GET /types/{type_id}/extra_specs/{extra_spec_key}

在显示附加规范的各种卷类型响应中包含可能泄露部署敏感信息的 extra_specs 字段。调用这些接口的能力受其他策略控制。

volume_extension:types_extra_specs:update

默认值:

rule:admin_api

操作:

PUT /types/{type_id}/extra_specs/{extra_spec_key}

更新类型附加规范。

volume_extension:types_extra_specs:delete

默认值:

rule:admin_api

操作:

DELETE /types/{type_id}/extra_specs/{extra_spec_key}

删除类型附加规范。

volume:create

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes

创建卷。

volume:create_from_image

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes

从镜像创建卷。

volume:get

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /volumes/{volume_id}

显示卷。

volume:get_all

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /volumes
GET /volumes/detail
GET /volumes/summary

列出卷或获取卷的摘要。

volume:update

默认值:

rule:xena_system_admin_or_project_member

操作:

PUT /volumes
POST /volumes/{volume_id}/action (os-set_bootable)

更新卷或更新卷的可引导状态。

volume:delete

默认值:

rule:xena_system_admin_or_project_member

操作:

DELETE /volumes/{volume_id}

删除卷。

volume:force_delete

默认值:

rule:admin_api

操作:

DELETE /volumes/{volume_id}

强制删除卷。

volume_extension:volume_host_attribute

默认值:

rule:admin_api

操作:

GET /volumes/{volume_id}
GET /volumes/detail

列出或显示带有宿主机属性的卷。

volume_extension:volume_tenant_attribute

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /volumes/{volume_id}
GET /volumes/detail

列出或显示带有租户属性的卷。

volume_extension:volume_mig_status_attribute

默认值:

rule:admin_api

操作:

GET /volumes/{volume_id}
GET /volumes/detail

列出或显示带有迁移状态属性的卷。

volume_extension:volume_encryption_metadata

默认值:

rule:xena_system_admin_or_project_reader

操作:

GET /volumes/{volume_id}/encryption
GET /volumes/{volume_id}/encryption/{encryption_key}

显示卷的加密元数据。

volume:multiattach

默认值:

rule:xena_system_admin_or_project_member

操作:

POST /volumes

创建支持多重连接的卷。

volume_extension:default_set_or_update

默认值:

rule:admin_api

操作:

PUT /default-types

设置或更新默认卷类型。

volume_extension:default_get

默认值:

rule:admin_api

操作:

GET /default-types/{project-id}

获取默认类型。

volume_extension:default_get_all

默认值:

rule:admin_api

操作:

GET /default-types/

获取所有默认类型。警告：更改此设置可能会暴露有关云部署的过多信息。

volume_extension:default_unset

默认值:

rule:admin_api

操作:

DELETE /default-types/{project-id}

取消设置默认类型。

策略配置

策略配置¶

配置¶

cinder¶

cinder 27.0.1.dev5

页面内容