Neutron Policy Reference¶
The following is an overview of all available policies in neutron. For a sample configuration file, refer to Sample Policy File.
neutron¶
context_is_adminDefault: role:adminRule for cloud admin access
ownerDefault: tenant_id:%(tenant_id)sRule for resource owner access
admin_or_ownerDefault: rule:context_is_admin or rule:ownerRule for admin or owner access
context_is_advsvcDefault: role:advsvcRule for advsvc role access
admin_or_network_ownerDefault: rule:context_is_admin or tenant_id:%(network:tenant_id)sRule for admin or network owner access
admin_owner_or_network_ownerDefault: rule:owner or rule:admin_or_network_ownerRule for resource owner, admin or network owner access
admin_onlyDefault: rule:context_is_adminRule for admin-only access
regular_userDefault: <empty string> Rule for regular user access
sharedDefault: field:networks:shared=TrueRule of shared network
defaultDefault: rule:admin_or_ownerDefault access rule
admin_or_ext_parent_ownerDefault: rule:context_is_admin or tenant_id:%(ext_parent:tenant_id)sRule for common parent owner check
shared_address_scopesDefault: field:address_scopes:shared=TrueDefinition of a shared address scope
create_address_scopeDefault: rule:regular_userOperations: - POST
/address-scopes
Create an address scope
- POST
create_address_scope:sharedDefault: rule:admin_onlyOperations: - POST
/address-scopes
Create a shared address scope
- POST
get_address_scopeDefault: rule:admin_or_owner or rule:shared_address_scopesOperations: - GET
/address-scopes - GET
/address-scopes/{id}
Get an address scope
- GET
update_address_scopeDefault: rule:admin_or_ownerOperations: - PUT
/address-scopes/{id}
Update an address scope
- PUT
update_address_scope:sharedDefault: rule:admin_onlyOperations: - PUT
/address-scopes/{id}
Update
sharedattribute of an address scope- PUT
delete_address_scopeDefault: rule:admin_or_ownerOperations: - DELETE
/address-scopes/{id}
Delete an address scope
- DELETE
get_agentDefault: rule:admin_onlyOperations: - GET
/agents - GET
/agents/{id}
Get an agent
- GET
update_agentDefault: rule:admin_onlyOperations: - PUT
/agents/{id}
Update an agent
- PUT
delete_agentDefault: rule:admin_onlyOperations: - DELETE
/agents/{id}
Delete an agent
- DELETE
create_dhcp-networkDefault: rule:admin_onlyOperations: - POST
/agents/{agent_id}/dhcp-networks
Add a network to a DHCP agent
- POST
get_dhcp-networksDefault: rule:admin_onlyOperations: - GET
/agents/{agent_id}/dhcp-networks
List networks on a DHCP agent
- GET
delete_dhcp-networkDefault: rule:admin_onlyOperations: - DELETE
/agents/{agent_id}/dhcp-networks/{network_id}
Remove a network from a DHCP agent
- DELETE
create_l3-routerDefault: rule:admin_onlyOperations: - POST
/agents/{agent_id}/l3-routers
Add a router to an L3 agent
- POST
get_l3-routersDefault: rule:admin_onlyOperations: - GET
/agents/{agent_id}/l3-routers
List routers on an L3 agent
- GET
delete_l3-routerDefault: rule:admin_onlyOperations: - DELETE
/agents/{agent_id}/l3-routers/{router_id}
Remove a router from an L3 agent
- DELETE
get_dhcp-agentsDefault: rule:admin_onlyOperations: - GET
/networks/{network_id}/dhcp-agents
List DHCP agents hosting a network
- GET
get_l3-agentsDefault: rule:admin_onlyOperations: - GET
/routers/{router_id}/l3-agents
List L3 agents hosting a router
- GET
get_agent-loadbalancersDefault: rule:admin_onlyOperations: - GET
/agents/{agent_id}/agent-loadbalancers
List load balancers on an LBaaS v2 agent
- GET
get_loadbalancer-hosting-agentDefault: rule:admin_onlyOperations: - GET
/lbaas/loadbalancers/{load_balancer_id}/loadbalancer-hosting-agent
List LBaaS v2 agents hosting a load balancer
- GET
get_auto_allocated_topologyDefault: rule:admin_or_ownerOperations: - GET
/auto-allocated-topology/{project_id}
Get a project’s auto-allocated topology
- GET
delete_auto_allocated_topologyDefault: rule:admin_or_ownerOperations: - DELETE
/auto-allocated-topology/{project_id}
Delete a project’s auto-allocated topology
- DELETE
get_availability_zoneDefault: rule:regular_userOperations: - GET
/availability_zones
List availability zones
- GET
create_flavorDefault: rule:admin_onlyOperations: - POST
/flavors
Create a flavor
- POST
get_flavorDefault: rule:regular_userOperations: - GET
/flavors - GET
/flavors/{id}
Get a flavor
- GET
update_flavorDefault: rule:admin_onlyOperations: - PUT
/flavors/{id}
Update a flavor
- PUT
delete_flavorDefault: rule:admin_onlyOperations: - DELETE
/flavors/{id}
Delete a flavor
- DELETE
create_service_profileDefault: rule:admin_onlyOperations: - POST
/service_profiles
Create a service profile
- POST
get_service_profileDefault: rule:admin_onlyOperations: - GET
/service_profiles - GET
/service_profiles/{id}
Get a service profile
- GET
update_service_profileDefault: rule:admin_onlyOperations: - PUT
/service_profiles/{id}
Update a service profile
- PUT
delete_service_profileDefault: rule:admin_onlyOperations: - DELETE
/service_profiles/{id}
Delete a service profile
- DELETE
get_flavor_service_profileDefault: rule:regular_userGet a flavor associated with a given service profiles. There is no corresponding GET operations in API currently. This rule is currently referred only in the DELETE of flavor_service_profile.
create_flavor_service_profileDefault: rule:admin_onlyOperations: - POST
/flavors/{flavor_id}/service_profiles
Associate a flavor with a service profile
- POST
delete_flavor_service_profileDefault: rule:admin_onlyOperations: - DELETE
/flavors/{flavor_id}/service_profiles/{profile_id}
Disassociate a flavor with a service profile
- DELETE
create_floatingipDefault: rule:regular_userOperations: - POST
/floatingips
Create a floating IP
- POST
create_floatingip:floating_ip_addressDefault: rule:admin_onlyOperations: - POST
/floatingips
Create a floating IP with a specific IP address
- POST
get_floatingipDefault: rule:admin_or_ownerOperations: - GET
/floatingips - GET
/floatingips/{id}
Get a floating IP
- GET
update_floatingipDefault: rule:admin_or_ownerOperations: - PUT
/floatingips/{id}
Update a floating IP
- PUT
delete_floatingipDefault: rule:admin_or_ownerOperations: - DELETE
/floatingips/{id}
Delete a floating IP
- DELETE
get_floatingip_poolDefault: rule:regular_userOperations: - GET
/floatingip_pools
Get floating IP pools
- GET
create_floatingip_port_forwardingDefault: rule:admin_or_ext_parent_ownerOperations: - POST
/floatingips/{floatingip_id}/port_forwardings
Create a floating IP port forwarding
- POST
get_floatingip_port_forwardingDefault: rule:admin_or_ext_parent_ownerOperations: - GET
/floatingips/{floatingip_id}/port_forwardings - GET
/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
Get a floating IP port forwarding
- GET
update_floatingip_port_forwardingDefault: rule:admin_or_ext_parent_ownerOperations: - PUT
/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
Update a floating IP port forwarding
- PUT
delete_floatingip_port_forwardingDefault: rule:admin_or_ext_parent_ownerOperations: - DELETE
/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}
Delete a floating IP port forwarding
- DELETE
get_loggable_resourceDefault: rule:admin_onlyOperations: - GET
/log/loggable-resources
Get loggable resources
- GET
create_logDefault: rule:admin_onlyOperations: - POST
/log/logs
Create a network log
- POST
get_logDefault: rule:admin_onlyOperations: - GET
/log/logs - GET
/log/logs/{id}
Get a network log
- GET
update_logDefault: rule:admin_onlyOperations: - PUT
/log/logs/{id}
Update a network log
- PUT
delete_logDefault: rule:admin_onlyOperations: - DELETE
/log/logs/{id}
Delete a network log
- DELETE
create_metering_labelDefault: rule:admin_onlyOperations: - POST
/metering/metering-labels
Create a metering label
- POST
get_metering_labelDefault: rule:admin_onlyOperations: - GET
/metering/metering-labels - GET
/metering/metering-labels/{id}
Get a metering label
- GET
delete_metering_labelDefault: rule:admin_onlyOperations: - DELETE
/metering/metering-labels/{id}
Delete a metering label
- DELETE
create_metering_label_ruleDefault: rule:admin_onlyOperations: - POST
/metering/metering-label-rules
Create a metering label rule
- POST
get_metering_label_ruleDefault: rule:admin_onlyOperations: - GET
/metering/metering-label-rules - GET
/metering/metering-label-rules/{id}
Get a metering label rule
- GET
delete_metering_label_ruleDefault: rule:admin_onlyOperations: - DELETE
/metering/metering-label-rules/{id}
Delete a metering label rule
- DELETE
externalDefault: field:networks:router:external=TrueDefinition of an external network
create_networkDefault: rule:regular_userOperations: - POST
/networks
Create a network
- POST
create_network:sharedDefault: rule:admin_onlyOperations: - POST
/networks
Create a shared network
- POST
create_network:router:externalDefault: rule:admin_onlyOperations: - POST
/networks
Create an external network
- POST
create_network:is_defaultDefault: rule:admin_onlyOperations: - POST
/networks
Specify
is_defaultattribute when creating a network- POST
create_network:port_security_enabledDefault: rule:regular_userOperations: - POST
/networks
Specify
port_security_enabledattribute when creating a network- POST
create_network:segmentsDefault: rule:admin_onlyOperations: - POST
/networks
Specify
segmentsattribute when creating a network- POST
create_network:provider:network_typeDefault: rule:admin_onlyOperations: - POST
/networks
Specify
provider:network_typewhen creating a network- POST
create_network:provider:physical_networkDefault: rule:admin_onlyOperations: - POST
/networks
Specify
provider:physical_networkwhen creating a network- POST
create_network:provider:segmentation_idDefault: rule:admin_onlyOperations: - POST
/networks
Specify
provider:segmentation_idwhen creating a network- POST
get_networkDefault: rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvcOperations: - GET
/networks - GET
/networks/{id}
Get a network
- GET
get_network:router:externalDefault: rule:regular_userOperations: - GET
/networks - GET
/networks/{id}
Get
router:externalattribute of a network- GET
get_network:segmentsDefault: rule:admin_onlyOperations: - GET
/networks - GET
/networks/{id}
Get
segmentsattribute of a network- GET
get_network:provider:network_typeDefault: rule:admin_onlyOperations: - GET
/networks - GET
/networks/{id}
Get
provider:network_typeattribute of a network- GET
get_network:provider:physical_networkDefault: rule:admin_onlyOperations: - GET
/networks - GET
/networks/{id}
Get
provider:physical_networkattribute of a network- GET
get_network:provider:segmentation_idDefault: rule:admin_onlyOperations: - GET
/networks - GET
/networks/{id}
Get
provider:segmentation_idattribute of a network- GET
update_networkDefault: rule:admin_or_ownerOperations: - PUT
/networks/{id}
Update a network
- PUT
update_network:segmentsDefault: rule:admin_onlyOperations: - PUT
/networks/{id}
Update
segmentsattribute of a network- PUT
update_network:sharedDefault: rule:admin_onlyOperations: - PUT
/networks/{id}
Update
sharedattribute of a network- PUT
update_network:provider:network_typeDefault: rule:admin_onlyOperations: - PUT
/networks/{id}
Update
provider:network_typeattribute of a network- PUT
update_network:provider:physical_networkDefault: rule:admin_onlyOperations: - PUT
/networks/{id}
Update
provider:physical_networkattribute of a network- PUT
update_network:provider:segmentation_idDefault: rule:admin_onlyOperations: - PUT
/networks/{id}
Update
provider:segmentation_idattribute of a network- PUT
update_network:router:externalDefault: rule:admin_onlyOperations: - PUT
/networks/{id}
Update
router:externalattribute of a network- PUT
update_network:is_defaultDefault: rule:admin_onlyOperations: - PUT
/networks/{id}
Update
is_defaultattribute of a network- PUT
update_network:port_security_enabledDefault: rule:admin_or_ownerOperations: - PUT
/networks/{id}
Update
port_security_enabledattribute of a network- PUT
delete_networkDefault: rule:admin_or_ownerOperations: - DELETE
/networks/{id}
Delete a network
- DELETE
get_network_ip_availabilityDefault: rule:admin_onlyOperations: - GET
/network-ip-availabilities - GET
/network-ip-availabilities/{network_id}
Get network IP availability
- GET
create_network_segment_rangeDefault: rule:admin_onlyOperations: - POST
/network_segment_ranges
Create a network segment range
- POST
get_network_segment_rangeDefault: rule:admin_onlyOperations: - GET
/network_segment_ranges - GET
/network_segment_ranges/{id}
Get a network segment range
- GET
update_network_segment_rangeDefault: rule:admin_onlyOperations: - PUT
/network_segment_ranges/{id}
Update a network segment range
- PUT
delete_network_segment_rangeDefault: rule:admin_onlyOperations: - DELETE
/network_segment_ranges/{id}
Delete a network segment range
- DELETE
network_deviceDefault: field:port:device_owner=~^network:Definition of port with network device_owner
admin_or_data_plane_intDefault: rule:context_is_admin or role:data_plane_integratorRule for data plane integration
create_portDefault: rule:regular_userOperations: - POST
/ports
Create a port
- POST
create_port:device_ownerDefault: not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_ownerOperations: - POST
/ports
Specify
device_ownerattribute when creting a port- POST
create_port:mac_addressDefault: rule:context_is_advsvc or rule:admin_or_network_ownerOperations: - POST
/ports
Specify
mac_addressattribute when creating a port- POST
create_port:fixed_ipsDefault: rule:context_is_advsvc or rule:admin_or_network_owner or rule:sharedOperations: - POST
/ports
Specify
fixed_ipsinformation when creating a port- POST
create_port:fixed_ips:ip_addressDefault: rule:context_is_advsvc or rule:admin_or_network_ownerOperations: - POST
/ports
Specify IP address in
fixed_ipswhen creating a port- POST
create_port:fixed_ips:subnet_idDefault: rule:context_is_advsvc or rule:admin_or_network_owner or rule:sharedOperations: - POST
/ports
Specify subnet ID in
fixed_ipswhen creating a port- POST
create_port:port_security_enabledDefault: rule:context_is_advsvc or rule:admin_or_network_ownerOperations: - POST
/ports
Specify
port_security_enabledattribute when creating a port- POST
create_port:binding:host_idDefault: rule:admin_onlyOperations: - POST
/ports
Specify
binding:host_idattribute when creating a port- POST
create_port:binding:profileDefault: rule:admin_onlyOperations: - POST
/ports
Specify
binding:profileattribute when creating a port- POST
create_port:binding:vnic_typeDefault: rule:regular_userOperations: - POST
/ports
Specify
binding:vnic_typeattribute when creating a port- POST
create_port:allowed_address_pairsDefault: rule:admin_or_network_ownerOperations: - POST
/ports
Specify
allowed_address_pairsattribute when creating a port- POST
create_port:allowed_address_pairs:mac_addressDefault: rule:admin_or_network_ownerOperations: - POST
/ports
Specify
mac_address` of `allowed_address_pairsattribute when creating a port- POST
create_port:allowed_address_pairs:ip_addressDefault: rule:admin_or_network_ownerOperations: - POST
/ports
Specify
ip_addressofallowed_address_pairsattribute when creating a port- POST
get_portDefault: rule:context_is_advsvc or rule:admin_owner_or_network_ownerOperations: - GET
/ports - GET
/ports/{id}
Get a port
- GET
get_port:binding:vif_typeDefault: rule:admin_onlyOperations: - GET
/ports - GET
/ports/{id}
Get
binding:vif_typeattribute of a port- GET
get_port:binding:vif_detailsDefault: rule:admin_onlyOperations: - GET
/ports - GET
/ports/{id}
Get
binding:vif_detailsattribute of a port- GET
get_port:binding:host_idDefault: rule:admin_onlyOperations: - GET
/ports - GET
/ports/{id}
Get
binding:host_idattribute of a port- GET
get_port:binding:profileDefault: rule:admin_onlyOperations: - GET
/ports - GET
/ports/{id}
Get
binding:profileattribute of a port- GET
get_port:resource_requestDefault: rule:admin_onlyOperations: - GET
/ports - GET
/ports/{id}
Get
resource_requestattribute of a port- GET
update_portDefault: rule:admin_or_owner or rule:context_is_advsvcOperations: - PUT
/ports/{id}
Update a port
- PUT
update_port:device_ownerDefault: not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_ownerOperations: - PUT
/ports/{id}
Update
device_ownerattribute of a port- PUT
update_port:mac_addressDefault: rule:admin_only or rule:context_is_advsvcOperations: - PUT
/ports/{id}
Update
mac_addressattribute of a port- PUT
update_port:fixed_ipsDefault: rule:context_is_advsvc or rule:admin_or_network_ownerOperations: - PUT
/ports/{id}
Specify
fixed_ipsinformation when updating a port- PUT
update_port:fixed_ips:ip_addressDefault: rule:context_is_advsvc or rule:admin_or_network_ownerOperations: - PUT
/ports/{id}
Specify IP address in
fixed_ipsinformation when updating a port- PUT
update_port:fixed_ips:subnet_idDefault: rule:context_is_advsvc or rule:admin_or_network_owner or rule:sharedOperations: - PUT
/ports/{id}
Specify subnet ID in
fixed_ipsinformation when updating a port- PUT
update_port:port_security_enabledDefault: rule:context_is_advsvc or rule:admin_or_network_ownerOperations: - PUT
/ports/{id}
Update
port_security_enabledattribute of a port- PUT
update_port:binding:host_idDefault: rule:admin_onlyOperations: - PUT
/ports/{id}
Update
binding:host_idattribute of a port- PUT
update_port:binding:profileDefault: rule:admin_onlyOperations: - PUT
/ports/{id}
Update
binding:profileattribute of a port- PUT
update_port:binding:vnic_typeDefault: rule:admin_or_owner or rule:context_is_advsvcOperations: - PUT
/ports/{id}
Update
binding:vnic_typeattribute of a port- PUT
update_port:allowed_address_pairsDefault: rule:admin_or_network_ownerOperations: - PUT
/ports/{id}
Update
allowed_address_pairsattribute of a port- PUT
update_port:allowed_address_pairs:mac_addressDefault: rule:admin_or_network_ownerOperations: - PUT
/ports/{id}
Update
mac_addressofallowed_address_pairsattribute of a port- PUT
update_port:allowed_address_pairs:ip_addressDefault: rule:admin_or_network_ownerOperations: - PUT
/ports/{id}
Update
ip_addressofallowed_address_pairsattribute of a port- PUT
update_port:data_plane_statusDefault: rule:admin_or_data_plane_intOperations: - PUT
/ports/{id}
Update
data_plane_statusattribute of a port- PUT
delete_portDefault: rule:context_is_advsvc or rule:admin_owner_or_network_ownerOperations: - DELETE
/ports/{id}
Delete a port
- DELETE
get_policyDefault: rule:regular_userOperations: - GET
/qos/policies - GET
/qos/policies/{id}
Get QoS policies
- GET
create_policyDefault: rule:admin_onlyOperations: - POST
/qos/policies
Create a QoS policy
- POST
update_policyDefault: rule:admin_onlyOperations: - PUT
/qos/policies/{id}
Update a QoS policy
- PUT
delete_policyDefault: rule:admin_onlyOperations: - DELETE
/qos/policies/{id}
Delete a QoS policy
- DELETE
get_rule_typeDefault: rule:regular_userOperations: - GET
/qos/rule-types - GET
/qos/rule-types/{rule_type}
Get available QoS rule types
- GET
get_policy_bandwidth_limit_ruleDefault: rule:regular_userOperations: - GET
/qos/policies/{policy_id}/bandwidth_limit_rules - GET
/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}
Get a QoS bandwidth limit rule
- GET
create_policy_bandwidth_limit_ruleDefault: rule:admin_onlyOperations: - POST
/qos/policies/{policy_id}/bandwidth_limit_rules
Create a QoS bandwidth limit rule
- POST
update_policy_bandwidth_limit_ruleDefault: rule:admin_onlyOperations: - PUT
/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}
Update a QoS bandwidth limit rule
- PUT
delete_policy_bandwidth_limit_ruleDefault: rule:admin_onlyOperations: - DELETE
/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}
Delete a QoS bandwidth limit rule
- DELETE
get_policy_dscp_marking_ruleDefault: rule:regular_userOperations: - GET
/qos/policies/{policy_id}/dscp_marking_rules - GET
/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}
Get a QoS DSCP marking rule
- GET
create_policy_dscp_marking_ruleDefault: rule:admin_onlyOperations: - POST
/qos/policies/{policy_id}/dscp_marking_rules
Create a QoS DSCP marking rule
- POST
update_policy_dscp_marking_ruleDefault: rule:admin_onlyOperations: - PUT
/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}
Update a QoS DSCP marking rule
- PUT
delete_policy_dscp_marking_ruleDefault: rule:admin_onlyOperations: - DELETE
/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}
Delete a QoS DSCP marking rule
- DELETE
get_policy_minimum_bandwidth_ruleDefault: rule:regular_userOperations: - GET
/qos/policies/{policy_id}/minimum_bandwidth_rules - GET
/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}
Get a QoS minimum bandwidth rule
- GET
create_policy_minimum_bandwidth_ruleDefault: rule:admin_onlyOperations: - POST
/qos/policies/{policy_id}/minimum_bandwidth_rules
Create a QoS minimum bandwidth rule
- POST
update_policy_minimum_bandwidth_ruleDefault: rule:admin_onlyOperations: - PUT
/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}
Update a QoS minimum bandwidth rule
- PUT
delete_policy_minimum_bandwidth_ruleDefault: rule:admin_onlyOperations: - DELETE
/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}
Delete a QoS minimum bandwidth rule
- DELETE
get_alias_bandwidth_limit_ruleDefault: rule:get_policy_bandwidth_limit_ruleOperations: - GET
/qos/alias_bandwidth_limit_rules/{rule_id}/
Get a QoS bandwidth limit rule through alias
- GET
update_alias_bandwidth_limit_ruleDefault: rule:update_policy_bandwidth_limit_ruleOperations: - PUT
/qos/alias_bandwidth_limit_rules/{rule_id}/
Update a QoS bandwidth limit rule through alias
- PUT
delete_alias_bandwidth_limit_ruleDefault: rule:delete_policy_bandwidth_limit_ruleOperations: - DELETE
/qos/alias_bandwidth_limit_rules/{rule_id}/
Delete a QoS bandwidth limit rule through alias
- DELETE
get_alias_dscp_marking_ruleDefault: rule:get_policy_dscp_marking_ruleOperations: - GET
/qos/alias_dscp_marking_rules/{rule_id}/
Get a QoS DSCP marking rule through alias
- GET
update_alias_dscp_marking_ruleDefault: rule:update_policy_dscp_marking_ruleOperations: - PUT
/qos/alias_dscp_marking_rules/{rule_id}/
Update a QoS DSCP marking rule through alias
- PUT
delete_alias_dscp_marking_ruleDefault: rule:delete_policy_dscp_marking_ruleOperations: - DELETE
/qos/alias_dscp_marking_rules/{rule_id}/
Delete a QoS DSCP marking rule through alias
- DELETE
get_alias_minimum_bandwidth_ruleDefault: rule:get_policy_minimum_bandwidth_ruleOperations: - GET
/qos/alias_minimum_bandwidth_rules/{rule_id}/
Get a QoS minimum bandwidth rule through alias
- GET
update_alias_minimum_bandwidth_ruleDefault: rule:update_policy_minimum_bandwidth_ruleOperations: - PUT
/qos/alias_minimum_bandwidth_rules/{rule_id}/
Update a QoS minimum bandwidth rule through alias
- PUT
delete_alias_minimum_bandwidth_ruleDefault: rule:delete_policy_minimum_bandwidth_ruleOperations: - DELETE
/qos/alias_minimum_bandwidth_rules/{rule_id}/
Delete a QoS minimum bandwidth rule through alias
- DELETE
restrict_wildcardDefault: (not field:rbac_policy:target_tenant=*) or rule:admin_onlyDefinition of a wildcard target_tenant
create_rbac_policyDefault: rule:regular_userOperations: - POST
/rbac-policies
Create an RBAC policy
- POST
create_rbac_policy:target_tenantDefault: rule:restrict_wildcardOperations: - POST
/rbac-policies
Specify
target_tenantwhen creating an RBAC policy- POST
update_rbac_policyDefault: rule:admin_or_ownerOperations: - PUT
/rbac-policies/{id}
Update an RBAC policy
- PUT
update_rbac_policy:target_tenantDefault: rule:restrict_wildcard and rule:admin_or_ownerOperations: - PUT
/rbac-policies/{id}
Update
target_tenantattribute of an RBAC policy- PUT
get_rbac_policyDefault: rule:admin_or_ownerOperations: - GET
/rbac-policies - GET
/rbac-policies/{id}
Get an RBAC policy
- GET
delete_rbac_policyDefault: rule:admin_or_ownerOperations: - DELETE
/rbac-policies/{id}
Delete an RBAC policy
- DELETE
create_routerDefault: rule:regular_userOperations: - POST
/routers
Create a router
- POST
create_router:distributedDefault: rule:admin_onlyOperations: - POST
/routers
Specify
distributedattribute when creating a router- POST
create_router:haDefault: rule:admin_onlyOperations: - POST
/routers
Specify
haattribute when creating a router- POST
create_router:external_gateway_infoDefault: rule:admin_or_ownerOperations: - POST
/routers
Specify
external_gateway_infoinformation when creating a router- POST
create_router:external_gateway_info:network_idDefault: rule:admin_or_ownerOperations: - POST
/routers
Specify
network_idinexternal_gateway_infoinformation when creating a router- POST
create_router:external_gateway_info:enable_snatDefault: rule:admin_onlyOperations: - POST
/routers
Specify
enable_snatinexternal_gateway_infoinformation when creating a router- POST
create_router:external_gateway_info:external_fixed_ipsDefault: rule:admin_onlyOperations: - POST
/routers
Specify
external_fixed_ipsinexternal_gateway_infoinformation when creating a router- POST
get_routerDefault: rule:admin_or_ownerOperations: - GET
/routers - GET
/routers/{id}
Get a router
- GET
get_router:distributedDefault: rule:admin_onlyOperations: - GET
/routers - GET
/routers/{id}
Get
distributedattribute of a router- GET
get_router:haDefault: rule:admin_onlyOperations: - GET
/routers - GET
/routers/{id}
Get
haattribute of a router- GET
update_routerDefault: rule:admin_or_ownerOperations: - PUT
/routers/{id}
Update a router
- PUT
update_router:distributedDefault: rule:admin_onlyOperations: - PUT
/routers/{id}
Update
distributedattribute of a router- PUT
update_router:haDefault: rule:admin_onlyOperations: - PUT
/routers/{id}
Update
haattribute of a router- PUT
update_router:external_gateway_infoDefault: rule:admin_or_ownerOperations: - PUT
/routers/{id}
Update
external_gateway_infoinformation of a router- PUT
update_router:external_gateway_info:network_idDefault: rule:admin_or_ownerOperations: - PUT
/routers/{id}
Update
network_idattribute ofexternal_gateway_infoinformation of a router- PUT
update_router:external_gateway_info:enable_snatDefault: rule:admin_onlyOperations: - PUT
/routers/{id}
Update
enable_snatattribute ofexternal_gateway_infoinformation of a router- PUT
update_router:external_gateway_info:external_fixed_ipsDefault: rule:admin_onlyOperations: - PUT
/routers/{id}
Update
external_fixed_ipsattribute ofexternal_gateway_infoinformation of a router- PUT
delete_routerDefault: rule:admin_or_ownerOperations: - DELETE
/routers/{id}
Delete a router
- DELETE
add_router_interfaceDefault: rule:admin_or_ownerOperations: - PUT
/routers/{id}/add_router_interface
Add an interface to a router
- PUT
remove_router_interfaceDefault: rule:admin_or_ownerOperations: - PUT
/routers/{id}/remove_router_interface
Remove an interface from a router
- PUT
admin_or_sg_ownerDefault: rule:context_is_admin or tenant_id:%(security_group:tenant_id)sRule for admin or security group owner access
admin_owner_or_sg_ownerDefault: rule:owner or rule:admin_or_sg_ownerRule for resource owner, admin or security group owner access
create_security_groupDefault: rule:admin_or_ownerOperations: - POST
/security-groups
Create a security group
- POST
get_security_groupDefault: rule:regular_userOperations: - GET
/security-groups - GET
/security-groups/{id}
Get a security group
- GET
update_security_groupDefault: rule:admin_or_ownerOperations: - PUT
/security-groups/{id}
Update a security group
- PUT
delete_security_groupDefault: rule:admin_or_ownerOperations: - DELETE
/security-groups/{id}
Delete a security group
- DELETE
create_security_group_ruleDefault: rule:admin_or_ownerOperations: - POST
/security-group-rules
Create a security group rule
- POST
get_security_group_ruleDefault: rule:admin_owner_or_sg_ownerOperations: - GET
/security-group-rules - GET
/security-group-rules/{id}
Get a security group rule
- GET
delete_security_group_ruleDefault: rule:admin_or_ownerOperations: - DELETE
/security-group-rules/{id}
Delete a security group rule
- DELETE
create_segmentDefault: rule:admin_onlyOperations: - POST
/segments
Create a segment
- POST
get_segmentDefault: rule:admin_onlyOperations: - GET
/segments - GET
/segments/{id}
Get a segment
- GET
update_segmentDefault: rule:admin_onlyOperations: - PUT
/segments/{id}
Update a segment
- PUT
delete_segmentDefault: rule:admin_onlyOperations: - DELETE
/segments/{id}
Delete a segment
- DELETE
get_service_providerDefault: rule:regular_userOperations: - GET
/service-providers
Get service providers
- GET
create_subnetDefault: rule:admin_or_network_ownerOperations: - POST
/subnets
Create a subnet
- POST
create_subnet:segment_idDefault: rule:admin_onlyOperations: - POST
/subnets
Specify
segment_idattribute when creating a subnet- POST
create_subnet:service_typesDefault: rule:admin_onlyOperations: - POST
/subnets
Specify
service_typesattribute when creating a subnet- POST
get_subnetDefault: rule:admin_or_owner or rule:sharedOperations: - GET
/subnets - GET
/subnets/{id}
Get a subnet
- GET
get_subnet:segment_idDefault: rule:admin_onlyOperations: - GET
/subnets - GET
/subnets/{id}
Get
segment_idattribute of a subnet- GET
update_subnetDefault: rule:admin_or_network_ownerOperations: - PUT
/subnets/{id}
Update a subnet
- PUT
update_subnet:segment_idDefault: rule:admin_onlyOperations: - PUT
/subnets/{id}
Update
segment_idattribute of a subnet- PUT
update_subnet:service_typesDefault: rule:admin_onlyOperations: - PUT
/subnets/{id}
Update
service_typesattribute of a subnet- PUT
delete_subnetDefault: rule:admin_or_network_ownerOperations: - DELETE
/subnets/{id}
Delete a subnet
- DELETE
shared_subnetpoolsDefault: field:subnetpools:shared=TrueDefinition of a shared subnetpool
create_subnetpoolDefault: rule:regular_userOperations: - POST
/subnetpools
Create a subnetpool
- POST
create_subnetpool:sharedDefault: rule:admin_onlyOperations: - POST
/subnetpools
Create a shared subnetpool
- POST
create_subnetpool:is_defaultDefault: rule:admin_onlyOperations: - POST
/subnetpools
Specify
is_defaultattribute when creating a subnetpool- POST
get_subnetpoolDefault: rule:admin_or_owner or rule:shared_subnetpoolsOperations: - GET
/subnetpools - GET
/subnetpools/{id}
Get a subnetpool
- GET
update_subnetpoolDefault: rule:admin_or_ownerOperations: - PUT
/subnetpools/{id}
Update a subnetpool
- PUT
update_subnetpool:is_defaultDefault: rule:admin_onlyOperations: - PUT
/subnetpools/{id}
Update
is_defaultattribute of a subnetpool- PUT
delete_subnetpoolDefault: rule:admin_or_ownerOperations: - DELETE
/subnetpools/{id}
Delete a subnetpool
- DELETE
onboard_network_subnetsDefault: rule:admin_or_ownerOperations: - Put
/subnetpools/{id}/onboard_network_subnets
Onboard existing subnet into a subnetpool
- Put
create_trunkDefault: rule:regular_userOperations: - POST
/trunks
Create a trunk
- POST
get_trunkDefault: rule:admin_or_ownerOperations: - GET
/trunks - GET
/trunks/{id}
Get a trunk
- GET
update_trunkDefault: rule:admin_or_ownerOperations: - PUT
/trunks/{id}
Update a trunk
- PUT
delete_trunkDefault: rule:admin_or_ownerOperations: - DELETE
/trunks/{id}
Delete a trunk
- DELETE
get_subportsDefault: rule:regular_userOperations: - GET
/trunks/{id}/get_subports
List subports attached to a trunk
- GET
add_subportsDefault: rule:admin_or_ownerOperations: - PUT
/trunks/{id}/add_subports
Add subports to a trunk
- PUT
remove_subportsDefault: rule:admin_or_ownerOperations: - PUT
/trunks/{id}/remove_subports
Delete subports from a trunk
- PUT
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.