This file is indexed.

/etc/cinder/policy.json is in cinder-common 1:2014.1-0ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
{
    "context_is_admin": [["role:admin"]],
    "admin_or_owner":  [["is_admin:True"], ["project_id:%(project_id)s"]],
    "default": [["rule:admin_or_owner"]],

    "admin_api": [["is_admin:True"]],

    "volume:create": [],
    "volume:get_all": [],
    "volume:get_volume_metadata": [],
    "volume:get_volume_admin_metadata": [["rule:admin_api"]],
    "volume:delete_volume_admin_metadata": [["rule:admin_api"]],
    "volume:update_volume_admin_metadata": [["rule:admin_api"]],
    "volume:get_snapshot": [],
    "volume:get_all_snapshots": [],
    "volume:extend": [],
    "volume:update_readonly_flag": [],
    "volume:retype": [],

    "volume_extension:types_manage": [["rule:admin_api"]],
    "volume_extension:types_extra_specs": [["rule:admin_api"]],
    "volume_extension:volume_type_encryption": [["rule:admin_api"]],
    "volume_extension:volume_encryption_metadata": [["rule:admin_or_owner"]],
    "volume_extension:extended_snapshot_attributes": [],
    "volume_extension:volume_image_metadata": [],

    "volume_extension:quotas:show": [],
    "volume_extension:quotas:update": [["rule:admin_api"]],
    "volume_extension:quota_classes": [],

    "volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]],
    "volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]],
    "volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]],
    "volume_extension:snapshot_admin_actions:force_delete": [["rule:admin_api"]],
    "volume_extension:volume_admin_actions:migrate_volume": [["rule:admin_api"]],
    "volume_extension:volume_admin_actions:migrate_volume_completion": [["rule:admin_api"]],

    "volume_extension:volume_host_attribute": [["rule:admin_api"]],
    "volume_extension:volume_tenant_attribute": [["rule:admin_or_owner"]],
    "volume_extension:volume_mig_status_attribute": [["rule:admin_api"]],
    "volume_extension:hosts": [["rule:admin_api"]],
    "volume_extension:services": [["rule:admin_api"]],
    "volume:services": [["rule:admin_api"]],

    "volume:create_transfer": [],
    "volume:accept_transfer": [],
    "volume:delete_transfer": [],
    "volume:get_all_transfers": [],

    "backup:create" : [],
    "backup:delete": [],
    "backup:get": [],
    "backup:get_all": [],
    "backup:restore": [],
    "backup:backup-import": [["rule:admin_api"]],
    "backup:backup-export": [["rule:admin_api"]],

    "snapshot_extension:snapshot_actions:update_snapshot_status": []
}