Mistral Policy Configuration

Warning

JSON formatted policy file is deprecated since Mistral 12.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

Configuration

The following is an overview of all available policies in Mistral. For a sample configuration file, refer to policy.yaml.

mistral

actions:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/actions

Create a new action.

actions:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/actions

Delete the named action.

actions:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/actions/{action_id}

Return the named action.

actions:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/actions

Return all actions.

actions:publicize
Default:

rule:admin_or_owner

Operations:
  • POST /v2/actions

  • PUT /v2/actions

Make an action publicly available

actions:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/actions

Update one or more actions.

action_executions:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/action_executions

Create new action execution.

action_executions:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/action_executions

Delete the specified action execution.

action_executions:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/action_executions/{action_execution_id}

Return the specified action execution.

action_executions:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/action_executions

Return all tasks within the execution.

action_executions:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/action_executions

Update the specified action execution.

admin_only
Default:

is_admin:True

(no description provided)

admin_or_owner
Default:

is_admin:True or project_id:%(project_id)s

(no description provided)

code_sources:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/code_sources

Create a new code source.

code_sources:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/code_sources

Delete the named code source.

code_sources:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/code_sources/{action_id}

Return the named code source.

code_sources:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/code_sources

Return all code sources.

code_sources:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/code_sources

Update one or more code source.

dynamic_actions:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/dynamic_actions

Create a new dynamic action.

dynamic_actions:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/dynamic_actions

Delete the named dynamic action.

dynamic_actions:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/dynamic_actions/{action_id}

Return the named dynamic action.

dynamic_actions:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/dynamic_actions

Return all dynamic actions.

dynamic_actions:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/dynamic_actions

Update one or more dynamic actions.

cron_triggers:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/cron_triggers

Creates a new cron trigger.

cron_triggers:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/cron_triggers

Delete cron trigger.

cron_triggers:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/cron_triggers/{cron_trigger_id}

Returns the named cron trigger.

cron_triggers:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/cron_triggers

Return all cron triggers.

cron_triggers:list:all_projects
Default:

rule:admin_only

Operations:
  • GET /v2/cron_triggers

Return all cron triggers of all projects.

environments:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/environments

Create a new environment.

environments:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/environments/{environment_name}

Delete the named environment.

environments:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/environments/{environment_name}

Return the named environment.

environments:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/environments

Return all environments.

environments:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/environments

Update an environment.

event_triggers:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/event_triggers

Create a new event trigger.

event_triggers:create:public
Default:

rule:admin_only

Operations:
  • POST /v2/event_triggers

Create a new event trigger for public usage.

event_triggers:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/event_triggers/{event_trigger_id}

Delete event trigger.

event_triggers:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/event_triggers/{event_trigger_id}

Returns the specified event trigger.

event_triggers:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/event_triggers

Return all event triggers.

event_triggers:list:all_projects
Default:

rule:admin_only

Operations:
  • GET /v2/event_triggers

Return all event triggers from all projects.

event_triggers:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/event_triggers

Updates an existing event trigger.

executions:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/executions

Create a new execution.

executions:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/executions/{execution_id}

Delete the specified execution.

executions:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/executions/{execution_id}

Return the specified execution.

executions:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/executions

Return all executions.

executions:list:all_projects
Default:

rule:admin_only

Operations:
  • GET /v2/executions

Return all executions from all projects.

executions:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/executions

Update an execution.

members:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/members

Shares the resource to a new member.

members:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/members

Deletes a member from the member list of a resource.

members:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/members/{member_id}

Shows resource member details.

members:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/members

Return all members with whom the resource has been shared.

members:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/members

Sets the status for a resource member.

services:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/services

Return all Mistral services.

tasks:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/tasks/{task_id}

Return the specified task.

tasks:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/tasks

Return all tasks.

tasks:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/tasks

Update the specified task execution.

workbooks:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/workbooks

Create a new workbook.

workbooks:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/workbooks

Delete the named workbook.

workbooks:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/workbooks/{workbook_name}

Return the named workbook.

workbooks:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/workbooks

Return all workbooks.

workbooks:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/workbooks

Update an workbook.

workflows:create
Default:

rule:admin_or_owner

Operations:
  • POST /v2/workflows

Create a new workflow.

workflows:delete
Default:

rule:admin_or_owner

Operations:
  • DELETE /v2/workflows

Delete a workflow.

workflows:get
Default:

rule:admin_or_owner

Operations:
  • GET /v2/workflows/{workflow_id}

Return the named workflow.

workflows:list
Default:

rule:admin_or_owner

Operations:
  • GET /v2/workflows

Return a list of workflows.

workflows:list:all_projects
Default:

rule:admin_only

Operations:
  • GET /v2/workflows

Return a list of workflows from all projects.

workflows:publicize
Default:

rule:admin_or_owner

Operations:
  • POST /v2/workflows

  • PUT /v2/workflows

Make a workflow publicly available

workflows:update
Default:

rule:admin_or_owner

Operations:
  • PUT /v2/workflows

Update one or more workflows.