policy.yaml

Warning

JSON formatted policy file is deprecated since Mistral 12.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

Use the policy.yaml file to define additional access controls that apply to the Mistral services:

# Create a new action.
# POST  /v2/actions
#"actions:create": "rule:admin_or_owner"

# Delete the named action.
# DELETE  /v2/actions
#"actions:delete": "rule:admin_or_owner"

# Return the named action.
# GET  /v2/actions/{action_id}
#"actions:get": "rule:admin_or_owner"

# Return all actions.
# GET  /v2/actions
#"actions:list": "rule:admin_or_owner"

# Make an action publicly available
# POST  /v2/actions
# PUT  /v2/actions
#"actions:publicize": "rule:admin_or_owner"

# Update one or more actions.
# PUT  /v2/actions
#"actions:update": "rule:admin_or_owner"

# Create new action execution.
# POST  /v2/action_executions
#"action_executions:create": "rule:admin_or_owner"

# Delete the specified action execution.
# DELETE  /v2/action_executions
#"action_executions:delete": "rule:admin_or_owner"

# Return the specified action execution.
# GET  /v2/action_executions/{action_execution_id}
#"action_executions:get": "rule:admin_or_owner"

# Return all tasks within the execution.
# GET  /v2/action_executions
#"action_executions:list": "rule:admin_or_owner"

# Update the specified action execution.
# PUT  /v2/action_executions
#"action_executions:update": "rule:admin_or_owner"

#"admin_only": "is_admin:True"

#"admin_or_owner": "is_admin:True or project_id:%(project_id)s"

# Create a new code source.
# POST  /v2/code_sources
#"code_sources:create": "rule:admin_or_owner"

# Delete the named code source.
# DELETE  /v2/code_sources
#"code_sources:delete": "rule:admin_or_owner"

# Return the named code source.
# GET  /v2/code_sources/{action_id}
#"code_sources:get": "rule:admin_or_owner"

# Return all code sources.
# GET  /v2/code_sources
#"code_sources:list": "rule:admin_or_owner"

# Update one or more code source.
# PUT  /v2/code_sources
#"code_sources:update": "rule:admin_or_owner"

# Create a new dynamic action.
# POST  /v2/dynamic_actions
#"dynamic_actions:create": "rule:admin_or_owner"

# Delete the named dynamic action.
# DELETE  /v2/dynamic_actions
#"dynamic_actions:delete": "rule:admin_or_owner"

# Return the named dynamic action.
# GET  /v2/dynamic_actions/{action_id}
#"dynamic_actions:get": "rule:admin_or_owner"

# Return all dynamic actions.
# GET  /v2/dynamic_actions
#"dynamic_actions:list": "rule:admin_or_owner"

# Update one or more dynamic actions.
# PUT  /v2/dynamic_actions
#"dynamic_actions:update": "rule:admin_or_owner"

# Creates a new cron trigger.
# POST  /v2/cron_triggers
#"cron_triggers:create": "rule:admin_or_owner"

# Delete cron trigger.
# DELETE  /v2/cron_triggers
#"cron_triggers:delete": "rule:admin_or_owner"

# Returns the named cron trigger.
# GET  /v2/cron_triggers/{cron_trigger_id}
#"cron_triggers:get": "rule:admin_or_owner"

# Return all cron triggers.
# GET  /v2/cron_triggers
#"cron_triggers:list": "rule:admin_or_owner"

# Return all cron triggers of all projects.
# GET  /v2/cron_triggers
#"cron_triggers:list:all_projects": "rule:admin_only"

# Create a new environment.
# POST  /v2/environments
#"environments:create": "rule:admin_or_owner"

# Delete the named environment.
# DELETE  /v2/environments/{environment_name}
#"environments:delete": "rule:admin_or_owner"

# Return the named environment.
# GET  /v2/environments/{environment_name}
#"environments:get": "rule:admin_or_owner"

# Return all environments.
# GET  /v2/environments
#"environments:list": "rule:admin_or_owner"

# Update an environment.
# PUT  /v2/environments
#"environments:update": "rule:admin_or_owner"

# Create a new event trigger.
# POST  /v2/event_triggers
#"event_triggers:create": "rule:admin_or_owner"

# Create a new event trigger for public usage.
# POST  /v2/event_triggers
#"event_triggers:create:public": "rule:admin_only"

# Delete event trigger.
# DELETE  /v2/event_triggers/{event_trigger_id}
#"event_triggers:delete": "rule:admin_or_owner"

# Returns the specified event trigger.
# GET  /v2/event_triggers/{event_trigger_id}
#"event_triggers:get": "rule:admin_or_owner"

# Return all event triggers.
# GET  /v2/event_triggers
#"event_triggers:list": "rule:admin_or_owner"

# Return all event triggers from all projects.
# GET  /v2/event_triggers
#"event_triggers:list:all_projects": "rule:admin_only"

# Updates an existing event trigger.
# PUT  /v2/event_triggers
#"event_triggers:update": "rule:admin_or_owner"

# Create a new execution.
# POST  /v2/executions
#"executions:create": "rule:admin_or_owner"

# Delete the specified execution.
# DELETE  /v2/executions/{execution_id}
#"executions:delete": "rule:admin_or_owner"

# Return the specified execution.
# GET  /v2/executions/{execution_id}
#"executions:get": "rule:admin_or_owner"

# Return all executions.
# GET  /v2/executions
#"executions:list": "rule:admin_or_owner"

# Return all executions from all projects.
# GET  /v2/executions
#"executions:list:all_projects": "rule:admin_only"

# Update an execution.
# PUT  /v2/executions
#"executions:update": "rule:admin_or_owner"

# Shares the resource to a new member.
# POST  /v2/members
#"members:create": "rule:admin_or_owner"

# Deletes a member from the member list of a resource.
# DELETE  /v2/members
#"members:delete": "rule:admin_or_owner"

# Shows resource member details.
# GET  /v2/members/{member_id}
#"members:get": "rule:admin_or_owner"

# Return all members with whom the resource has been shared.
# GET  /v2/members
#"members:list": "rule:admin_or_owner"

# Sets the status for a resource member.
# PUT  /v2/members
#"members:update": "rule:admin_or_owner"

# Return all Mistral services.
# GET  /v2/services
#"services:list": "rule:admin_or_owner"

# Return the specified task.
# GET  /v2/tasks/{task_id}
#"tasks:get": "rule:admin_or_owner"

# Return all tasks.
# GET  /v2/tasks
#"tasks:list": "rule:admin_or_owner"

# Update the specified task execution.
# PUT  /v2/tasks
#"tasks:update": "rule:admin_or_owner"

# Create a new workbook.
# POST  /v2/workbooks
#"workbooks:create": "rule:admin_or_owner"

# Delete the named workbook.
# DELETE  /v2/workbooks
#"workbooks:delete": "rule:admin_or_owner"

# Return the named workbook.
# GET  /v2/workbooks/{workbook_name}
#"workbooks:get": "rule:admin_or_owner"

# Return all workbooks.
# GET  /v2/workbooks
#"workbooks:list": "rule:admin_or_owner"

# Update an workbook.
# PUT  /v2/workbooks
#"workbooks:update": "rule:admin_or_owner"

# Create a new workflow.
# POST  /v2/workflows
#"workflows:create": "rule:admin_or_owner"

# Delete a workflow.
# DELETE  /v2/workflows
#"workflows:delete": "rule:admin_or_owner"

# Return the named workflow.
# GET  /v2/workflows/{workflow_id}
#"workflows:get": "rule:admin_or_owner"

# Return a list of workflows.
# GET  /v2/workflows
#"workflows:list": "rule:admin_or_owner"

# Return a list of workflows from all projects.
# GET  /v2/workflows
#"workflows:list:all_projects": "rule:admin_only"

# Make a workflow publicly available
# POST  /v2/workflows
# PUT  /v2/workflows
#"workflows:publicize": "rule:admin_or_owner"

# Update one or more workflows.
# PUT  /v2/workflows
#"workflows:update": "rule:admin_or_owner"