neutron-fwaas policies

The following is an overview of all available policies in neutron-fwaas. For a sample configuration file, refer to Sample Neutron FWaaS Policy File.

neutron-fwaas

shared_firewall_groups
Default:

field:firewall_groups:shared=True

Definition of shared firewall groups

create_firewall_group
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • POST /fwaas/firewall_groups

Scope Types:

  • project

Create a firewall group

update_firewall_group
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • PUT /fwaas/firewall_groups/{id}

Scope Types:

  • project

Update a firewall group

delete_firewall_group
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • DELETE /fwaas/firewall_groups/{id}

Scope Types:

  • project

Delete a firewall group

create_firewall_group:shared
Default:

rule:admin_only

Operations:

  • POST /fwaas/firewall_groups

Scope Types:

  • project

Create a shared firewall group

update_firewall_group:shared
Default:

rule:admin_only

Operations:

  • PUT /fwaas/firewall_groups/{id}

Scope Types:

  • project

Update shared attribute of a firewall group

delete_firewall_group:shared
Default:

rule:admin_only

Operations:

  • DELETE /fwaas/firewall_groups/{id}

Scope Types:

  • project

Delete a shared firewall group

get_firewall_group
Default:

(rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared_firewall_groups

Operations:

  • GET /fwaas/firewall_groups

  • GET /fwaas/firewall_groups/{id}

Scope Types:

  • project

Get firewall groups

shared_firewall_policies
Default:

field:firewall_policies:shared=True

Definition of shared firewall policies

create_firewall_policy
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • POST /fwaas/firewall_policies

Scope Types:

  • project

Create a firewall policy

update_firewall_policy
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • PUT /fwaas/firewall_policies/{id}

Scope Types:

  • project

Update a firewall policy

delete_firewall_policy
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • DELETE /fwaas/firewall_policies/{id}

Scope Types:

  • project

Delete a firewall policy

create_firewall_policy:shared
Default:

rule:admin_only

Operations:

  • POST /fwaas/firewall_policies

Scope Types:

  • project

Create a shared firewall policy

update_firewall_policy:shared
Default:

rule:admin_only

Operations:

  • PUT /fwaas/firewall_policies/{id}

Scope Types:

  • project

Update shared attribute of a firewall policy

delete_firewall_policy:shared
Default:

rule:admin_only

Operations:

  • DELETE /fwaas/firewall_policies/{id}

Scope Types:

  • project

Delete a shread firewall policy

get_firewall_policy
Default:

(rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared_firewall_policies

Operations:

  • GET /fwaas/firewall_policies

  • GET /fwaas/firewall_policies/{id}

Scope Types:

  • project

Get firewall policies

shared_firewall_rules
Default:

field:firewall_rules:shared=True

Definition of shared firewall rules

create_firewall_rule
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • POST /fwaas/firewall_rules

Scope Types:

  • project

Create a firewall rule

update_firewall_rule
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • PUT /fwaas/firewall_rules/{id}

Scope Types:

  • project

Update a firewall rule

delete_firewall_rule
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • DELETE /fwaas/firewall_rules/{id}

Scope Types:

  • project

Delete a firewall rule

create_firewall_rule:shared
Default:

rule:admin_only

Operations:

  • POST /fwaas/firewall_rules

Scope Types:

  • project

Create a shared firewall rule

update_firewall_rule:shared
Default:

rule:admin_only

Operations:

  • PUT /fwaas/firewall_rules/{id}

Scope Types:

  • project

Update shared attribute of a firewall rule

delete_firewall_rule:shared
Default:

rule:admin_only

Operations:

  • DELETE /fwaas/firewall_rules/{id}

Scope Types:

  • project

Delete a shread firewall rule

get_firewall_rule
Default:

(rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared_firewall_rules

Operations:

  • GET /fwaas/firewall_rules

  • GET /fwaas/firewall_rules/{id}

Scope Types:

  • project

Get firewall rules

insert_rule
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • PUT /fwaas/firewall_policies/{id}/insert_rule

Scope Types:

  • project

Insert rule into a firewall policy

remove_rule
Default:

(rule:admin_only) or (role:member and project_id:%(project_id)s)

Operations:

  • PUT /fwaas/firewall_policies/{id}/remove_rule

Scope Types:

  • project

Remove rule from a firewall policy