diff --git a/aodh/Chart.yaml b/aodh/Chart.yaml index 421ecc5395..2d7d5f8525 100644 --- a/aodh/Chart.yaml +++ b/aodh/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v1 appVersion: v1.0.0 description: Openstack-Helm Aodh name: aodh -version: 0.2.5 +version: 0.2.6 home: https://docs.openstack.org/aodh/latest/ sources: - https://opendev.org/openstack/aodh diff --git a/aodh/values.yaml b/aodh/values.yaml index 9d2fe68ec0..f8d5eabaed 100644 --- a/aodh/values.yaml +++ b/aodh/values.yaml @@ -449,21 +449,7 @@ conf: filter:http_proxy_to_wsgi: paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory oslo_config_project: aodh - policy: - context_is_admin: 'role:admin' - segregation: 'rule:context_is_admin' - admin_or_owner: 'rule:context_is_admin or project_id:%(project_id)s' - default: 'rule:admin_or_owner' - telemetry:get_alarm: 'rule:admin_or_owner' - telemetry:get_alarms: 'rule:admin_or_owner' - telemetry:query_alarm: 'rule:admin_or_owner' - telemetry:create_alarm: '' - telemetry:change_alarm: 'rule:admin_or_owner' - telemetry:delete_alarm: 'rule:admin_or_owner' - telemetry:get_alarm_state: 'rule:admin_or_owner' - telemetry:change_alarm_state: 'rule:admin_or_owner' - telemetry:alarm_history: 'rule:admin_or_owner' - telemetry:query_alarm_history: 'rule:admin_or_owner' + policy: {} aodh: DEFAULT: debug: false diff --git a/ceilometer/Chart.yaml b/ceilometer/Chart.yaml index ea302c0085..845dad68f7 100644 --- a/ceilometer/Chart.yaml +++ b/ceilometer/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceilometer name: ceilometer -version: 0.2.6 +version: 0.2.7 home: https://docs.openstack.org/ceilometer/latest/ sources: - https://opendev.org/openstack/ceilometer diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index 0e146346fd..1106192477 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -1450,19 +1450,7 @@ conf: type: "gauge" publishers: - notifier:// - policy: - 'context_is_admin': 'role:admin' - 'segregation': 'rule:context_is_admin' - 'telemetry:compute_statistics': '' - 'telemetry:create_samples': '' - 'telemetry:events:index': '' - 'telemetry:events:show': '' - 'telemetry:get_meters': '' - 'telemetry:get_resource': '' - 'telemetry:get_resources': '' - 'telemetry:get_sample': '' - 'telemetry:get_samples': '' - 'telemetry:query_sample': '' + policy: {} audit_api_map: DEFAULT: target_endpoint_type: None diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml index 435b975c9a..e20765961a 100644 --- a/cinder/Chart.yaml +++ b/cinder/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Cinder name: cinder -version: 0.3.1 +version: 0.3.2 home: https://docs.openstack.org/cinder/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png sources: diff --git a/cinder/values.yaml b/cinder/values.yaml index 1036f4d22a..7633d97739 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -468,122 +468,7 @@ conf: filter:audit: paste.filter_factory: keystonemiddleware.audit:filter_factory audit_map_file: /etc/cinder/api_audit_map.conf - policy: - context_is_admin: role:admin - admin_or_owner: is_admin:True or project_id:%(project_id)s - default: rule:admin_or_owner - admin_api: is_admin:True - volume:create: '' - volume:delete: rule:admin_or_owner - volume:get: rule:admin_or_owner - volume:get_all: rule:admin_or_owner - volume:get_volume_metadata: rule:admin_or_owner - volume:create_volume_metadata: rule:admin_or_owner - volume:delete_volume_metadata: rule:admin_or_owner - volume:update_volume_metadata: rule:admin_or_owner - volume:get_volume_admin_metadata: rule:admin_api - volume:update_volume_admin_metadata: rule:admin_api - volume:get_snapshot: rule:admin_or_owner - volume:get_all_snapshots: rule:admin_or_owner - volume:create_snapshot: rule:admin_or_owner - volume:delete_snapshot: rule:admin_or_owner - volume:update_snapshot: rule:admin_or_owner - volume:get_snapshot_metadata: rule:admin_or_owner - volume:delete_snapshot_metadata: rule:admin_or_owner - volume:update_snapshot_metadata: rule:admin_or_owner - volume:extend: rule:admin_or_owner - volume:update_readonly_flag: rule:admin_or_owner - volume:retype: rule:admin_or_owner - volume:update: rule:admin_or_owner - volume_extension:types_manage: rule:admin_api - volume_extension:types_extra_specs: rule:admin_api - volume_extension:access_types_qos_specs_id: rule:admin_api - volume_extension:access_types_extra_specs: rule:admin_api - volume_extension:volume_type_access: rule:admin_or_owner - volume_extension:volume_type_access:addProjectAccess: rule:admin_api - volume_extension:volume_type_access:removeProjectAccess: rule:admin_api - volume_extension:volume_type_encryption: rule:admin_api - volume_extension:volume_encryption_metadata: rule:admin_or_owner - volume_extension:extended_snapshot_attributes: rule:admin_or_owner - volume_extension:volume_image_metadata: rule:admin_or_owner - volume_extension:quotas:show: '' - volume_extension:quotas:update: rule:admin_api - volume_extension:quotas:delete: rule:admin_api - volume_extension:quota_classes: rule:admin_api - volume_extension:quota_classes:validate_setup_for_nested_quota_use: rule:admin_api - volume_extension:volume_admin_actions:reset_status: rule:admin_api - volume_extension:snapshot_admin_actions:reset_status: rule:admin_api - volume_extension:backup_admin_actions:reset_status: rule:admin_api - volume_extension:volume_admin_actions:force_delete: rule:admin_api - volume_extension:volume_admin_actions:force_detach: rule:admin_api - volume_extension:snapshot_admin_actions:force_delete: rule:admin_api - volume_extension:backup_admin_actions:force_delete: rule:admin_api - volume_extension:volume_admin_actions:migrate_volume: rule:admin_api - volume_extension:volume_admin_actions:migrate_volume_completion: rule:admin_api - volume_extension:volume_actions:upload_public: rule:admin_api - volume_extension:volume_actions:upload_image: rule:admin_or_owner - volume_extension:volume_host_attribute: rule:admin_api - volume_extension:volume_tenant_attribute: rule:admin_or_owner - volume_extension:volume_mig_status_attribute: rule:admin_api - volume_extension:hosts: rule:admin_api - volume_extension:services:index: rule:admin_api - volume_extension:services:update: rule:admin_api - volume_extension:volume_manage: rule:admin_api - volume_extension:volume_unmanage: rule:admin_api - volume_extension:list_manageable: rule:admin_api - volume_extension:capabilities: rule:admin_api - volume:create_transfer: rule:admin_or_owner - volume:accept_transfer: '' - volume:delete_transfer: rule:admin_or_owner - volume:get_transfer: rule:admin_or_owner - volume:get_all_transfers: rule:admin_or_owner - volume_extension:replication:promote: rule:admin_api - volume_extension:replication:reenable: rule:admin_api - volume:failover_host: rule:admin_api - volume:freeze_host: rule:admin_api - volume:thaw_host: rule:admin_api - backup:create: '' - backup:delete: rule:admin_or_owner - backup:get: rule:admin_or_owner - backup:get_all: rule:admin_or_owner - backup:restore: rule:admin_or_owner - backup:backup-import: rule:admin_api - backup:backup-export: rule:admin_api - backup:update: rule:admin_or_owner - snapshot_extension:snapshot_actions:update_snapshot_status: '' - snapshot_extension:snapshot_manage: rule:admin_api - snapshot_extension:snapshot_unmanage: rule:admin_api - snapshot_extension:list_manageable: rule:admin_api - consistencygroup:create: group:nobody - consistencygroup:delete: group:nobody - consistencygroup:update: group:nobody - consistencygroup:get: group:nobody - consistencygroup:get_all: group:nobody - consistencygroup:create_cgsnapshot: group:nobody - consistencygroup:delete_cgsnapshot: group:nobody - consistencygroup:get_cgsnapshot: group:nobody - consistencygroup:get_all_cgsnapshots: group:nobody - group:group_types_manage: rule:admin_api - group:group_types_specs: rule:admin_api - group:access_group_types_specs: rule:admin_api - group:group_type_access: rule:admin_or_owner - group:create: '' - group:delete: rule:admin_or_owner - group:update: rule:admin_or_owner - group:get: rule:admin_or_owner - group:get_all: rule:admin_or_owner - group:create_group_snapshot: '' - group:delete_group_snapshot: rule:admin_or_owner - group:update_group_snapshot: rule:admin_or_owner - group:get_group_snapshot: rule:admin_or_owner - group:get_all_group_snapshots: rule:admin_or_owner - scheduler_extension:scheduler_stats:get_pools: rule:admin_api - message:delete: rule:admin_or_owner - message:get: rule:admin_or_owner - message:get_all: rule:admin_or_owner - clusters:get: rule:admin_api - clusters:get_all: rule:admin_api - clusters:update: rule:admin_api + policy: {} api_audit_map: DEFAULT: target_endpoint_type: None diff --git a/designate/Chart.yaml b/designate/Chart.yaml index 8f3971e1c8..56dc87027f 100644 --- a/designate/Chart.yaml +++ b/designate/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Designate name: designate -version: 0.2.7 +version: 0.2.8 home: https://docs.openstack.org/designate/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Designate/OpenStack_Project_Designate_vertical.jpg sources: diff --git a/designate/values.yaml b/designate/values.yaml index 7abd43d54e..ea2c2aaca0 100644 --- a/designate/values.yaml +++ b/designate/values.yaml @@ -441,112 +441,7 @@ conf: paste.filter_factory: designate.api.middleware:FaultWrapperMiddleware.factory filter:validation_API_v2: paste.filter_factory: designate.api.middleware:APIv2ValidationErrorMiddleware.factory - policy: - admin: role:admin or is_admin:True - primary_zone: target.zone_type:SECONDARY - owner: tenant:%(tenant_id)s - admin_or_owner: rule:admin or rule:owner - target: tenant:%(target_tenant_id)s - owner_or_target: rule:target or rule:owner - admin_or_owner_or_target: rule:owner_or_target or rule:admin - admin_or_target: rule:admin or rule:target - zone_primary_or_admin: ('PRIMARY':%(zone_type)s and rule:admin_or_owner) OR ('SECONDARY':%(zone_type)s AND is_admin:True) - default: rule:admin_or_owner - all_tenants: rule:admin - edit_managed_records: rule:admin - use_low_ttl: rule:admin - get_quotas: rule:admin_or_owner - get_quota: rule:admin_or_owner - set_quota: rule:admin - reset_quotas: rule:admin - create_tld: rule:admin - find_tlds: rule:admin - get_tld: rule:admin - update_tld: rule:admin - delete_tld: rule:admin - create_tsigkey: rule:admin - find_tsigkeys: rule:admin - get_tsigkey: rule:admin - update_tsigkey: rule:admin - delete_tsigkey: rule:admin - find_tenants: rule:admin - get_tenant: rule:admin - count_tenants: rule:admin - create_zone: rule:admin_or_owner - get_zones: rule:admin_or_owner - get_zone: rule:admin_or_owner - get_zone_servers: rule:admin_or_owner - find_zones: rule:admin_or_owner - find_zone: rule:admin_or_owner - update_zone: rule:admin_or_owner - delete_zone: rule:admin_or_owner - xfr_zone: rule:admin_or_owner - abandon_zone: rule:admin - count_zones: rule:admin_or_owner - count_zones_pending_notify: rule:admin_or_owner - purge_zones: rule:admin - touch_zone: rule:admin_or_owner - create_recordset: rule:zone_primary_or_admin - get_recordsets: rule:admin_or_owner - get_recordset: rule:admin_or_owner - find_recordsets: rule:admin_or_owner - find_recordset: rule:admin_or_owner - update_recordset: rule:zone_primary_or_admin - delete_recordset: rule:zone_primary_or_admin - count_recordset: rule:admin_or_owner - create_record: rule:admin_or_owner - get_records: rule:admin_or_owner - get_record: rule:admin_or_owner - find_records: rule:admin_or_owner - find_record: rule:admin_or_owner - update_record: rule:admin_or_owner - delete_record: rule:admin_or_owner - count_records: rule:admin_or_owner - use_sudo: rule:admin - create_blacklist: rule:admin - find_blacklist: rule:admin - find_blacklists: rule:admin - get_blacklist: rule:admin - update_blacklist: rule:admin - delete_blacklist: rule:admin - use_blacklisted_zone: rule:admin - create_pool: rule:admin - find_pools: rule:admin - find_pool: rule:admin - get_pool: rule:admin - update_pool: rule:admin - delete_pool: rule:admin - zone_create_forced_pool: rule:admin - diagnostics_ping: rule:admin - diagnostics_sync_zones: rule:admin - diagnostics_sync_zone: rule:admin - diagnostics_sync_record: rule:admin - create_zone_transfer_request: rule:admin_or_owner - get_zone_transfer_request: rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s - get_zone_transfer_request_detailed: rule:admin_or_owner - find_zone_transfer_requests: '@' - find_zone_transfer_request: '@' - update_zone_transfer_request: rule:admin_or_owner - delete_zone_transfer_request: rule:admin_or_owner - create_zone_transfer_accept: rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s - get_zone_transfer_accept: rule:admin_or_owner - find_zone_transfer_accepts: rule:admin - find_zone_transfer_accept: rule:admin - update_zone_transfer_accept: rule:admin - delete_zone_transfer_accept: rule:admin - create_zone_import: rule:admin_or_owner - find_zone_imports: rule:admin_or_owner - get_zone_import: rule:admin_or_owner - update_zone_import: rule:admin_or_owner - delete_zone_import: rule:admin_or_owner - zone_export: rule:admin_or_owner - create_zone_export: rule:admin_or_owner - find_zone_exports: rule:admin_or_owner - get_zone_export: rule:admin_or_owner - update_zone_export: rule:admin_or_owner - find_service_status: rule:admin - find_service_statuses: rule:admin - update_service_service_status: rule:admin + policy: {} designate: DEFAULT: debug: false diff --git a/glance/Chart.yaml b/glance/Chart.yaml index 6404c73d7d..7ce28411a1 100644 --- a/glance/Chart.yaml +++ b/glance/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Glance name: glance -version: 0.4.0 +version: 0.4.1 home: https://docs.openstack.org/glance/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png sources: diff --git a/glance/values.yaml b/glance/values.yaml index dfaac1521f..69f703e11e 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -189,61 +189,7 @@ conf: oslo_config_program: glance-api filter:http_proxy_to_wsgi: paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory - policy: - metadef_default: '' - metadef_admin: 'role:admin' - context_is_admin: role:admin - default: role:admin - add_image: '' - delete_image: '' - get_image: '' - get_images: '' - modify_image: '' - publicize_image: role:admin - copy_from: '' - download_image: '' - upload_image: '' - delete_image_location: '' - get_image_location: '' - set_image_location: '' - add_member: '' - delete_member: '' - get_member: '' - get_members: '' - modify_member: '' - manage_image_cache: role:admin - get_task: role:admin - get_tasks: role:admin - add_task: role:admin - modify_task: role:admin - deactivate: '' - reactivate: '' - get_metadef_namespace: rule:metadef_default - get_metadef_namespaces: rule:metadef_default - modify_metadef_namespace: rule:metadef_admin - add_metadef_namespace: rule:metadef_admin - delete_metadef_namespace: rule:metadef_admin - get_metadef_object: rule:metadef_default - get_metadef_objects: rule:metadef_default - modify_metadef_object: rule:metadef_admin - add_metadef_object: rule:metadef_admin - delete_metadef_object: rule:metadef_admin - list_metadef_resource_types: rule:metadef_default - get_metadef_resource_type: rule:metadef_default - add_metadef_resource_type_association: rule:metadef_admin - remove_metadef_resource_type_association: rule:metadef_admin - get_metadef_property: rule:metadef_default - get_metadef_properties: rule:metadef_default - modify_metadef_property: rule:metadef_admin - add_metadef_property: rule:metadef_admin - remove_metadef_property: rule:metadef_admin - get_metadef_tag: rule:metadef_default - get_metadef_tags: rule:metadef_default - modify_metadef_tag: rule:metadef_admin - add_metadef_tag: rule:metadef_admin - add_metadef_tags: rule:metadef_admin - delete_metadef_tag: rule:metadef_admin - delete_metadef_tags: rule:metadef_admin + policy: {} glance_sudoers: | # This sudoers file supports rootwrap for both Kolla and LOCI Images. Defaults !requiretty diff --git a/heat/Chart.yaml b/heat/Chart.yaml index 97cfd98293..05cd5adc25 100644 --- a/heat/Chart.yaml +++ b/heat/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Heat name: heat -version: 0.3.0 +version: 0.3.1 home: https://docs.openstack.org/heat/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png sources: diff --git a/heat/values.yaml b/heat/values.yaml index 3dd9fdac09..555af53a33 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -340,95 +340,7 @@ conf: paste.filter_factory: oslo_middleware.request_id:RequestId.factory filter:osprofiler: paste.filter_factory: osprofiler.web:WsgiMiddleware.factory - policy: - context_is_admin: role:admin and is_admin_project:True - project_admin: role:admin - deny_stack_user: not role:heat_stack_user - deny_everybody: "!" - cloudformation:ListStacks: rule:deny_stack_user - cloudformation:CreateStack: rule:deny_stack_user - cloudformation:DescribeStacks: rule:deny_stack_user - cloudformation:DeleteStack: rule:deny_stack_user - cloudformation:UpdateStack: rule:deny_stack_user - cloudformation:CancelUpdateStack: rule:deny_stack_user - cloudformation:DescribeStackEvents: rule:deny_stack_user - cloudformation:ValidateTemplate: rule:deny_stack_user - cloudformation:GetTemplate: rule:deny_stack_user - cloudformation:EstimateTemplateCost: rule:deny_stack_user - cloudformation:DescribeStackResource: '' - cloudformation:DescribeStackResources: rule:deny_stack_user - cloudformation:ListStackResources: rule:deny_stack_user - cloudwatch:DeleteAlarms: rule:deny_stack_user - cloudwatch:DescribeAlarmHistory: rule:deny_stack_user - cloudwatch:DescribeAlarms: rule:deny_stack_user - cloudwatch:DescribeAlarmsForMetric: rule:deny_stack_user - cloudwatch:DisableAlarmActions: rule:deny_stack_user - cloudwatch:EnableAlarmActions: rule:deny_stack_user - cloudwatch:GetMetricStatistics: rule:deny_stack_user - cloudwatch:ListMetrics: rule:deny_stack_user - cloudwatch:PutMetricAlarm: rule:deny_stack_user - cloudwatch:PutMetricData: '' - cloudwatch:SetAlarmState: rule:deny_stack_user - actions:action: rule:deny_stack_user - build_info:build_info: rule:deny_stack_user - events:index: rule:deny_stack_user - events:show: rule:deny_stack_user - resource:index: rule:deny_stack_user - resource:metadata: '' - resource:signal: '' - resource:mark_unhealthy: rule:deny_stack_user - resource:show: rule:deny_stack_user - stacks:abandon: rule:deny_stack_user - stacks:create: rule:deny_stack_user - stacks:delete: rule:deny_stack_user - stacks:detail: rule:deny_stack_user - stacks:export: rule:deny_stack_user - stacks:generate_template: rule:deny_stack_user - stacks:global_index: rule:deny_everybody - stacks:index: rule:deny_stack_user - stacks:list_resource_types: rule:deny_stack_user - stacks:list_template_versions: rule:deny_stack_user - stacks:list_template_functions: rule:deny_stack_user - stacks:lookup: '' - stacks:preview: rule:deny_stack_user - stacks:resource_schema: rule:deny_stack_user - stacks:show: rule:deny_stack_user - stacks:template: rule:deny_stack_user - stacks:environment: rule:deny_stack_user - stacks:files: rule:deny_stack_user - stacks:update: rule:deny_stack_user - stacks:update_patch: rule:deny_stack_user - stacks:preview_update: rule:deny_stack_user - stacks:preview_update_patch: rule:deny_stack_user - stacks:validate_template: rule:deny_stack_user - stacks:snapshot: rule:deny_stack_user - stacks:show_snapshot: rule:deny_stack_user - stacks:delete_snapshot: rule:deny_stack_user - stacks:list_snapshots: rule:deny_stack_user - stacks:restore_snapshot: rule:deny_stack_user - stacks:list_outputs: rule:deny_stack_user - stacks:show_output: rule:deny_stack_user - software_configs:global_index: rule:deny_everybody - software_configs:index: rule:deny_stack_user - software_configs:create: rule:deny_stack_user - software_configs:show: rule:deny_stack_user - software_configs:delete: rule:deny_stack_user - software_deployments:index: rule:deny_stack_user - software_deployments:create: rule:deny_stack_user - software_deployments:show: rule:deny_stack_user - software_deployments:update: rule:deny_stack_user - software_deployments:delete: rule:deny_stack_user - software_deployments:metadata: '' - service:index: rule:context_is_admin - resource_types:OS::Nova::Flavor: rule:project_admin - resource_types:OS::Cinder::EncryptedVolumeType: rule:project_admin - resource_types:OS::Cinder::VolumeType: rule:project_admin - resource_types:OS::Cinder::Quota: rule:project_admin - resource_types:OS::Manila::ShareType: rule:project_admin - resource_types:OS::Neutron::QoSPolicy: rule:project_admin - resource_types:OS::Neutron::QoSBandwidthLimitRule: rule:project_admin - resource_types:OS::Nova::HostAggregate: rule:project_admin - resource_types:OS::Cinder::QoSSpecs: rule:project_admin + policy: {} heat: DEFAULT: log_config_append: /etc/heat/logging.conf diff --git a/magnum/Chart.yaml b/magnum/Chart.yaml index 3f4ccf6d8d..37bdece4b4 100644 --- a/magnum/Chart.yaml +++ b/magnum/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Magnum name: magnum -version: 0.2.7 +version: 0.2.8 home: https://docs.openstack.org/magnum/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Magnum/OpenStack_Project_Magnum_vertical.png sources: diff --git a/magnum/values.yaml b/magnum/values.yaml index f4d042a192..4280f0babf 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -68,49 +68,7 @@ conf: paste.filter_factory: oslo_middleware:Healthcheck.factory backends: disable_by_file disable_by_file_path: /etc/magnum/healthcheck_disable - policy: - context_is_admin: role:admin - admin_or_owner: is_admin:True or project_id:%(project_id)s - default: rule:admin_or_owner - admin_api: rule:context_is_admin - admin_or_user: is_admin:True or user_id:%(user_id)s - cluster_user: user_id:%(trustee_user_id)s - deny_cluster_user: not domain_id:%(trustee_domain_id)s - bay:create: rule:deny_cluster_user - bay:delete: rule:deny_cluster_user - bay:detail: rule:deny_cluster_user - bay:get: rule:deny_cluster_user - bay:get_all: rule:deny_cluster_user - bay:update: rule:deny_cluster_user - baymodel:create: rule:deny_cluster_user - baymodel:delete: rule:deny_cluster_user - baymodel:detail: rule:deny_cluster_user - baymodel:get: rule:deny_cluster_user - baymodel:get_all: rule:deny_cluster_user - baymodel:update: rule:deny_cluster_user - baymodel:publish: rule:admin_or_owner - cluster:create: rule:deny_cluster_user - cluster:delete: rule:deny_cluster_user - cluster:detail: rule:deny_cluster_user - cluster:get: rule:deny_cluster_user - cluster:get_all: rule:deny_cluster_user - cluster:update: rule:deny_cluster_user - clustertemplate:create: rule:deny_cluster_user - clustertemplate:delete: rule:deny_cluster_user - clustertemplate:detail: rule:deny_cluster_user - clustertemplate:get: rule:deny_cluster_user - clustertemplate:get_all: rule:deny_cluster_user - clustertemplate:update: rule:deny_cluster_user - clustertemplate:publish: rule:admin_or_owner - rc:create: rule:default - rc:delete: rule:default - rc:detail: rule:default - rc:get: rule:default - rc:get_all: rule:default - rc:update: rule:default - certificate:create: rule:admin_or_user or rule:cluster_user - certificate:get: rule:admin_or_user or rule:cluster_user - magnum-service:get_all: rule:admin_api + policy: {} magnum: DEFAULT: log_config_append: /etc/magnum/logging.conf diff --git a/mistral/Chart.yaml b/mistral/Chart.yaml index 4ed1e11af3..21af26f770 100644 --- a/mistral/Chart.yaml +++ b/mistral/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Mistral name: mistral -version: 0.2.6 +version: 0.2.7 home: https://docs.openstack.org/mistral/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Mistral/OpenStack_Project_Mistral_vertical.png sources: diff --git a/mistral/values.yaml b/mistral/values.yaml index dd65149852..e22e2530a7 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -416,58 +416,7 @@ conf: - name: /tmp/rally-jobs/mistral_params.json template: | {"env": {"env_param": "env_param_value"}} - policy: - admin_only: is_admin:True - admin_or_owner: is_admin:True or project_id:%(project_id)s - default: rule:admin_or_owner - action_executions:delete: rule:admin_or_owner - action_execution:create: rule:admin_or_owner - action_executions:get: rule:admin_or_owner - action_executions:list: rule:admin_or_owner - action_executions:update: rule:admin_or_owner - actions:create: rule:admin_or_owner - actions:delete: rule:admin_or_owner - actions:get: rule:admin_or_owner - actions:list: rule:admin_or_owner - actions:update: rule:admin_or_owner - cron_triggers:create: rule:admin_or_owner - cron_triggers:delete: rule:admin_or_owner - cron_triggers:get: rule:admin_or_owner - cron_triggers:list: rule:admin_or_owner - environments:create: rule:admin_or_owner - environments:delete: rule:admin_or_owner - environments:get: rule:admin_or_owner - environments:list: rule:admin_or_owner - environments:update: rule:admin_or_owner - executions:create: rule:admin_or_owner - executions:delete: rule:admin_or_owner - executions:get: rule:admin_or_owner - executions:list: rule:admin_or_owner - executions:update: rule:admin_or_owner - members:create: rule:admin_or_owner - members:delete: rule:admin_or_owner - members:get: rule:admin_or_owner - members:list: rule:admin_or_owner - members:update: rule:admin_or_owner - services:list: rule:admin_or_owner - tasks:get: rule:admin_or_owner - tasks:list: rule:admin_or_owner - tasks:update: rule:admin_or_owner - workbooks:create: rule:admin_or_owner - workbooks:delete: rule:admin_or_owner - workbooks:get: rule:admin_or_owner - workbooks:list: rule:admin_or_owner - workbooks:update: rule:admin_or_owner - workflows:create: rule:admin_or_owner - workflows:delete: rule:admin_or_owner - workflows:get: rule:admin_or_owner - workflows:list: rule:admin_or_owner - workflows:update: rule:admin_or_owner - event_triggers:create: rule:admin_or_owner - event_triggers:delete: rule:admin_or_owner - event_triggers:get: rule:admin_or_owner - event_triggers:list: rule:admin_or_owner - event_triggers:update: rule:admin_or_owner + policy: {} mistral: DEFAULT: log_config_append: /etc/mistral/logging.conf diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml index a324603cd8..1c7435b86f 100644 --- a/neutron/Chart.yaml +++ b/neutron/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Neutron name: neutron -version: 0.3.0 +version: 0.3.1 home: https://docs.openstack.org/neutron/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/neutron/values.yaml b/neutron/values.yaml index f1eb8d1000..cc2d441a2b 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -1163,196 +1163,7 @@ conf: paste.app_factory: neutron.api.v2.router:APIRouter.factory filter:osprofiler: paste.filter_factory: osprofiler.web:WsgiMiddleware.factory - policy: - context_is_admin: role:admin - owner: tenant_id:%(tenant_id)s - admin_or_owner: rule:context_is_admin or rule:owner - context_is_advsvc: role:advsvc - admin_or_network_owner: rule:context_is_admin or tenant_id:%(network:tenant_id)s - admin_owner_or_network_owner: rule:owner or rule:admin_or_network_owner - admin_only: rule:context_is_admin - regular_user: '' - shared: field:networks:shared=True - shared_subnetpools: field:subnetpools:shared=True - shared_address_scopes: field:address_scopes:shared=True - external: field:networks:router:external=True - default: rule:admin_or_owner - create_subnet: rule:admin_or_network_owner - create_subnet:segment_id: rule:admin_only - create_subnet:service_types: rule:admin_only - get_subnet: rule:admin_or_owner or rule:shared - get_subnet:segment_id: rule:admin_only - update_subnet: rule:admin_or_network_owner - update_subnet:service_types: rule:admin_only - delete_subnet: rule:admin_or_network_owner - create_subnetpool: '' - create_subnetpool:shared: rule:admin_only - create_subnetpool:is_default: rule:admin_only - get_subnetpool: rule:admin_or_owner or rule:shared_subnetpools - update_subnetpool: rule:admin_or_owner - update_subnetpool:is_default: rule:admin_only - delete_subnetpool: rule:admin_or_owner - create_address_scope: '' - create_address_scope:shared: rule:admin_only - get_address_scope: rule:admin_or_owner or rule:shared_address_scopes - update_address_scope: rule:admin_or_owner - update_address_scope:shared: rule:admin_only - delete_address_scope: rule:admin_or_owner - create_network: '' - get_network: rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc - get_network:router:external: rule:regular_user - get_network:segments: rule:admin_only - get_network:provider:network_type: rule:admin_only - get_network:provider:physical_network: rule:admin_only - get_network:provider:segmentation_id: rule:admin_only - get_network:queue_id: rule:admin_only - get_network_ip_availabilities: rule:admin_only - get_network_ip_availability: rule:admin_only - create_network:shared: rule:admin_only - create_network:router:external: rule:admin_only - create_network:is_default: rule:admin_only - create_network:segments: rule:admin_only - create_network:provider:network_type: rule:admin_only - create_network:provider:physical_network: rule:admin_only - create_network:provider:segmentation_id: rule:admin_only - update_network: rule:admin_or_owner - update_network:segments: rule:admin_only - update_network:shared: rule:admin_only - update_network:provider:network_type: rule:admin_only - update_network:provider:physical_network: rule:admin_only - update_network:provider:segmentation_id: rule:admin_only - update_network:router:external: rule:admin_only - delete_network: rule:admin_or_owner - create_segment: rule:admin_only - get_segment: rule:admin_only - update_segment: rule:admin_only - delete_segment: rule:admin_only - network_device: 'field:port:device_owner=~^network:' - create_port: '' - create_port:device_owner: not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner - create_port:mac_address: rule:context_is_advsvc or rule:admin_or_network_owner - create_port:fixed_ips: rule:context_is_advsvc or rule:admin_or_network_owner - create_port:port_security_enabled: rule:context_is_advsvc or rule:admin_or_network_owner - create_port:binding:host_id: rule:admin_only - create_port:binding:profile: rule:admin_only - create_port:mac_learning_enabled: rule:context_is_advsvc or rule:admin_or_network_owner - create_port:allowed_address_pairs: rule:admin_or_network_owner - get_port: rule:context_is_advsvc or rule:admin_owner_or_network_owner - get_port:queue_id: rule:admin_only - get_port:binding:vif_type: rule:admin_only - get_port:binding:vif_details: rule:admin_only - get_port:binding:host_id: rule:admin_only - get_port:binding:profile: rule:admin_only - update_port: rule:admin_or_owner or rule:context_is_advsvc - update_port:device_owner: not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner - update_port:mac_address: rule:admin_only or rule:context_is_advsvc - update_port:fixed_ips: rule:context_is_advsvc or rule:admin_or_network_owner - update_port:port_security_enabled: rule:context_is_advsvc or rule:admin_or_network_owner - update_port:binding:host_id: rule:admin_only - update_port:binding:profile: rule:admin_only - update_port:mac_learning_enabled: rule:context_is_advsvc or rule:admin_or_network_owner - update_port:allowed_address_pairs: rule:admin_or_network_owner - delete_port: rule:context_is_advsvc or rule:admin_owner_or_network_owner - get_router:ha: rule:admin_only - create_router: rule:regular_user - create_router:external_gateway_info:enable_snat: rule:admin_only - create_router:distributed: rule:admin_only - create_router:ha: rule:admin_only - get_router: rule:admin_or_owner - get_router:distributed: rule:admin_only - update_router:external_gateway_info:enable_snat: rule:admin_only - update_router:distributed: rule:admin_only - update_router:ha: rule:admin_only - delete_router: rule:admin_or_owner - add_router_interface: rule:admin_or_owner - remove_router_interface: rule:admin_or_owner - create_router:external_gateway_info:external_fixed_ips: rule:admin_only - update_router:external_gateway_info:external_fixed_ips: rule:admin_only - insert_rule: rule:admin_or_owner - remove_rule: rule:admin_or_owner - create_qos_queue: rule:admin_only - get_qos_queue: rule:admin_only - update_agent: rule:admin_only - delete_agent: rule:admin_only - get_agent: rule:admin_only - create_dhcp-network: rule:admin_only - delete_dhcp-network: rule:admin_only - get_dhcp-networks: rule:admin_only - create_l3-router: rule:admin_only - delete_l3-router: rule:admin_only - get_l3-routers: rule:admin_only - get_dhcp-agents: rule:admin_only - get_l3-agents: rule:admin_only - get_loadbalancer-agent: rule:admin_only - get_loadbalancer-pools: rule:admin_only - get_agent-loadbalancers: rule:admin_only - get_loadbalancer-hosting-agent: rule:admin_only - create_floatingip: rule:regular_user - create_floatingip:floating_ip_address: rule:admin_only - update_floatingip: rule:admin_or_owner - delete_floatingip: rule:admin_or_owner - get_floatingip: rule:admin_or_owner - create_network_profile: rule:admin_only - update_network_profile: rule:admin_only - delete_network_profile: rule:admin_only - get_network_profiles: '' - get_network_profile: '' - update_policy_profiles: rule:admin_only - get_policy_profiles: '' - get_policy_profile: '' - create_metering_label: rule:admin_only - delete_metering_label: rule:admin_only - get_metering_label: rule:admin_only - create_metering_label_rule: rule:admin_only - delete_metering_label_rule: rule:admin_only - get_metering_label_rule: rule:admin_only - get_service_provider: rule:regular_user - get_lsn: rule:admin_only - create_lsn: rule:admin_only - create_flavor: rule:admin_only - update_flavor: rule:admin_only - delete_flavor: rule:admin_only - get_flavors: rule:regular_user - get_flavor: rule:regular_user - create_service_profile: rule:admin_only - update_service_profile: rule:admin_only - delete_service_profile: rule:admin_only - get_service_profiles: rule:admin_only - get_service_profile: rule:admin_only - get_policy: rule:regular_user - create_policy: rule:admin_only - update_policy: rule:admin_only - delete_policy: rule:admin_only - get_policy_bandwidth_limit_rule: rule:regular_user - create_policy_bandwidth_limit_rule: rule:admin_only - delete_policy_bandwidth_limit_rule: rule:admin_only - update_policy_bandwidth_limit_rule: rule:admin_only - get_policy_dscp_marking_rule: rule:regular_user - create_policy_dscp_marking_rule: rule:admin_only - delete_policy_dscp_marking_rule: rule:admin_only - update_policy_dscp_marking_rule: rule:admin_only - get_rule_type: rule:regular_user - get_policy_minimum_bandwidth_rule: rule:regular_user - create_policy_minimum_bandwidth_rule: rule:admin_only - delete_policy_minimum_bandwidth_rule: rule:admin_only - update_policy_minimum_bandwidth_rule: rule:admin_only - restrict_wildcard: "(not field:rbac_policy:target_tenant=*) or rule:admin_only" - create_rbac_policy: '' - create_rbac_policy:target_tenant: rule:restrict_wildcard - update_rbac_policy: rule:admin_or_owner - update_rbac_policy:target_tenant: rule:restrict_wildcard and rule:admin_or_owner - get_rbac_policy: rule:admin_or_owner - delete_rbac_policy: rule:admin_or_owner - create_flavor_service_profile: rule:admin_only - delete_flavor_service_profile: rule:admin_only - get_flavor_service_profile: rule:regular_user - get_auto_allocated_topology: rule:admin_or_owner - create_trunk: rule:regular_user - get_trunk: rule:admin_or_owner - delete_trunk: rule:admin_or_owner - get_subports: '' - add_subports: rule:admin_or_owner - remove_subports: rule:admin_or_owner + policy: {} api_audit_map: DEFAULT: target_endpoint_type: None diff --git a/placement/Chart.yaml b/placement/Chart.yaml index 3e4a864b9a..312ed00d9a 100644 --- a/placement/Chart.yaml +++ b/placement/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Placement name: placement -version: 0.3.1 +version: 0.3.2 home: https://docs.openstack.org/placement/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png sources: diff --git a/placement/values.yaml b/placement/values.yaml index 4456a9ecb2..ff33660c6c 100644 --- a/placement/values.yaml +++ b/placement/values.yaml @@ -73,44 +73,7 @@ conf: # - status a2enmod: null a2dismod: null - policy: - "context_is_admin": "role:admin" - "admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s" - "default": "rule:admin_or_owner" - "admin_api": "role:admin" - "placement:resource_providers:list": "rule:admin_api" - "placement:resource_providers:create": "rule:admin_api" - "placement:resource_providers:show": "rule:admin_api" - "placement:resource_providers:update": "rule:admin_api" - "placement:resource_providers:delete": "rule:admin_api" - "placement:resource_classes:list": "rule:admin_api" - "placement:resource_classes:create": "rule:admin_api" - "placement:resource_classes:show": "rule:admin_api" - "placement:resource_classes:update": "rule:admin_api" - "placement:resource_classes:delete": "rule:admin_api" - "placement:resource_providers:inventories:list": "rule:admin_api" - "placement:resource_providers:inventories:create": "rule:admin_api" - "placement:resource_providers:inventories:show": "rule:admin_api" - "placement:resource_providers:inventories:update": "rule:admin_api" - "placement:resource_providers:inventories:delete": "rule:admin_api" - "placement:resource_providers:aggregates:list": "rule:admin_api" - "placement:resource_providers:aggregates:update": "rule:admin_api" - "placement:resource_providers:usages": "rule:admin_api" - "placement:usages": "rule:admin_api" - "placement:traits:list": "rule:admin_api" - "placement:traits:show": "rule:admin_api" - "placement:traits:update": "rule:admin_api" - "placement:traits:delete": "rule:admin_api" - "placement:resource_providers:traits:list": "rule:admin_api" - "placement:resource_providers:traits:update": "rule:admin_api" - "placement:resource_providers:traits:delete": "rule:admin_api" - "placement:allocations:manage": "rule:admin_api" - "placement:allocations:list": "rule:admin_api" - "placement:allocations:update": "rule:admin_api" - "placement:allocations:delete": "rule:admin_api" - "placement:resource_providers:allocations:list": "rule:admin_api" - "placement:allocation_candidates:list": "rule:admin_api" - "placement:reshaper:reshape": "rule:admin_api" + policy: {} placement: DEFAULT: debug: false diff --git a/releasenotes/notes/aodh.yaml b/releasenotes/notes/aodh.yaml index c47f5737b2..3ac5191008 100644 --- a/releasenotes/notes/aodh.yaml +++ b/releasenotes/notes/aodh.yaml @@ -8,4 +8,5 @@ aodh: - 0.2.3 Enable taint toleration for Openstack services - 0.2.4 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1 - 0.2.5 Added OCI registry authentication + - 0.2.6 Remove default policy rules ... diff --git a/releasenotes/notes/ceilometer.yaml b/releasenotes/notes/ceilometer.yaml index 4b0ee540dd..8c0d112ecd 100644 --- a/releasenotes/notes/ceilometer.yaml +++ b/releasenotes/notes/ceilometer.yaml @@ -9,4 +9,5 @@ ceilometer: - 0.2.4 Update default image values to Wallaby - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.2.6 Added OCI registry authentication + - 0.2.7 Remove default policy rules ... diff --git a/releasenotes/notes/cinder.yaml b/releasenotes/notes/cinder.yaml index ed15dd28b2..de26fd54f7 100644 --- a/releasenotes/notes/cinder.yaml +++ b/releasenotes/notes/cinder.yaml @@ -51,4 +51,5 @@ cinder: - 0.2.32 Revert "Remove fixed node name from default values and add service cleaner cronjob" - 0.3.0 Remove support for Train and Ussuri - 0.3.1 Change ceph-config-helper image tag + - 0.3.2 Remove default policy rules ... diff --git a/releasenotes/notes/designate.yaml b/releasenotes/notes/designate.yaml index 459ac59e3a..d0610d6f9b 100644 --- a/releasenotes/notes/designate.yaml +++ b/releasenotes/notes/designate.yaml @@ -11,4 +11,5 @@ designate: - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.2.6 Added OCI registry authentication - 0.2.7 Use HTTP probe instead of TCP probe + - 0.2.8 Remove default policy rules ... diff --git a/releasenotes/notes/glance.yaml b/releasenotes/notes/glance.yaml index 6be540f5c8..6998bff3ab 100644 --- a/releasenotes/notes/glance.yaml +++ b/releasenotes/notes/glance.yaml @@ -34,4 +34,5 @@ glance: - 0.3.11 Use HTTP probe instead of TCP probe - 0.3.12 Add support for using Cinder as backend - 0.4.0 Remove support for Train and Ussuri + - 0.4.1 Remove default policy rules ... diff --git a/releasenotes/notes/heat.yaml b/releasenotes/notes/heat.yaml index 2db5812beb..540b2b3d04 100644 --- a/releasenotes/notes/heat.yaml +++ b/releasenotes/notes/heat.yaml @@ -26,4 +26,5 @@ heat: - 0.2.17 Use HTTP probe instead of TCP probe - 0.2.18 Change hook weight for bootstrap job - 0.3.0 Remove support for Train and Ussuri + - 0.3.1 Remove default policy rules ... diff --git a/releasenotes/notes/magnum.yaml b/releasenotes/notes/magnum.yaml index 2da90ade18..f93bdf3c27 100644 --- a/releasenotes/notes/magnum.yaml +++ b/releasenotes/notes/magnum.yaml @@ -11,4 +11,5 @@ magnum: - 0.2.5 Update default image values to wallaby - 0.2.6 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.2.7 Added OCI registry authentication + - 0.2.8 Remove default policy rules ... diff --git a/releasenotes/notes/mistral.yaml b/releasenotes/notes/mistral.yaml index 134139075b..99af32440a 100644 --- a/releasenotes/notes/mistral.yaml +++ b/releasenotes/notes/mistral.yaml @@ -10,4 +10,5 @@ mistral: - 0.2.4 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.2.5 Added OCI registry authentication - 0.2.6 Use HTTP probe instead of TCP probe + - 0.2.7 Remove default policy rules ... diff --git a/releasenotes/notes/neutron.yaml b/releasenotes/notes/neutron.yaml index da387333a4..3eaea36069 100644 --- a/releasenotes/notes/neutron.yaml +++ b/releasenotes/notes/neutron.yaml @@ -42,4 +42,5 @@ neutron: - 0.2.26 Use HTTP probe instead of TCP probe - 0.2.27 Distinguish between port number of internal endpoint and binding port number - 0.3.0 Remove support for Train and Ussuri + - 0.3.1 Remove default policy rules ... diff --git a/releasenotes/notes/placement.yaml b/releasenotes/notes/placement.yaml index cdd2ce37c2..8c604c27e2 100644 --- a/releasenotes/notes/placement.yaml +++ b/releasenotes/notes/placement.yaml @@ -24,4 +24,5 @@ placement: - 0.2.13 Support TLS endpoints - 0.3.0 Remove placement-migrate - 0.3.1 Remove support for Train and Ussuri + - 0.3.2 Remove default policy rules ... diff --git a/releasenotes/notes/senlin.yaml b/releasenotes/notes/senlin.yaml index 83a63cae4f..d5d64d20a6 100644 --- a/releasenotes/notes/senlin.yaml +++ b/releasenotes/notes/senlin.yaml @@ -10,4 +10,5 @@ senlin: - 0.2.5 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1 - 0.2.6 Add helm.sh/hook annotations for Jobs - 0.2.7 Added OCI registry authentication + - 0.2.8 Remove default policy rules ... diff --git a/senlin/Chart.yaml b/senlin/Chart.yaml index a7a71e0aad..b9c4e8b62c 100644 --- a/senlin/Chart.yaml +++ b/senlin/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Senlin name: senlin -version: 0.2.7 +version: 0.2.8 home: https://docs.openstack.org/senlin/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Senlin/OpenStack_Project_Senlin_vertical.png sources: diff --git a/senlin/values.yaml b/senlin/values.yaml index a0fcb54587..5bd7f45c9a 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -123,53 +123,7 @@ conf: senlin.filter_factory: senlin.api.middleware:webhook_filter filter:authtoken: paste.filter_factory: keystonemiddleware.auth_token:filter_factory - policy: - context_is_admin: role:admin - deny_everybody: "!" - build_info:build_info: '' - profile_types:index: '' - profile_types:get: '' - policy_types:index: '' - policy_types:get: '' - clusters:index: '' - clusters:create: '' - clusters:delete: '' - clusters:get: '' - clusters:action: '' - clusters:update: '' - clusters:collect: '' - profiles:index: '' - profiles:create: '' - profiles:get: '' - profiles:delete: '' - profiles:update: '' - profiles:validate: '' - nodes:index: '' - nodes:create: '' - nodes:get: '' - nodes:action: '' - nodes:update: '' - nodes:delete: '' - policies:index: '' - policies:create: '' - policies:get: '' - policies:update: '' - policies:delete: '' - policies:validate: '' - cluster_policies:index: '' - cluster_policies:attach: '' - cluster_policies:detach: '' - cluster_policies:update: '' - cluster_policies:get: '' - receivers:index: '' - receivers:create: '' - receivers:get: '' - receivers:delete: '' - actions:index: '' - actions:get: '' - events:index: '' - events:get: '' - webhooks:trigger: '' + policy: {} senlin: DEFAULT: log_config_append: /etc/senlin/logging.conf