PR#9: Revert "Updated roles to global/project, also changed reader to auditor" - openstack-access-policy

openstack-access-policy

#9 Revert "Updated roles to global/project, also changed reader to auditor"

Merged 5 years ago by admiyo. Opened 5 years ago by admiyo.

revert-auditor into master

Revert "Updated roles to global/project, also changed reader to auditor"

Adam Young • 5 years ago

b5995a6

common/common.yaml

file modified

+6 -15

		`@@ -1,23 +1,14 @@`
		`# COMMON`

		`- # A global auditor role, which is a read-only version of global_admin`
		`- global_auditor: "(role:auditor and is_admin_project:True)"`
		`+ # A global reader role, that is able to read things that don't have a project_id associated`
		`+ global_reader: "(role:global_reader and is_admin_project:True)"`

		`- # The specification for project scoped auditors, who should be able to read`
		`- # data in a project, but never modify it`
		`- project_auditor: "(role:auditor and project_id:%(project_id)s)"`
		`-`
		`- # A rule specifying that auditor role is required with either project or global scope`
		`- auditor: "(rule:global_auditor or rule:project_auditor)"`
		`+ # The specification for readers, who should only be able to read, never modify, data.`
		`+ # This rule incorporates other less strict reader specifications, so any reader`
		`+ reader: "((role:reader and project_id:%(project_id)s) or rule:global_reader)"`

		`# This is the default admin specification, able to control every part of the cloud without issue`
		`- global_admin: "(is_admin:True or (role:admin and is_admin_project:True))"`
		`-`
		`- # A project-scoped version of admin`
		`- project_admin: "(role:admin and project_id:%(project_id)s)"`
		`-`
		`- # A rule specifying that admin role is required with either project or global scope`
		`- admin: "(rule:project_admin or rule:global_admin)"`
		`+ admin: "(is_admin:True or role:admin and (is_admin_project:True or project_id:%(project_id)s))"`

		`# This is a helper role specification for members, since some deployers use "member", and some use "_member_"`
		`_member_role: "(role:Member or role:member or role:_member_)"`

patrole-base.log

file modified

+460 -460

		`@@ -1832,463 +1832,463 @@`
		`{"role": "Member", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`{"role": "Member", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`{"role": "Member", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_flavor_manage", "rules": "os_compute_api:os-flavor-manage:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_limits", "rules": "os_compute_api:limits", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_get_availability_zone_list_detail_rbac", "rules": "os_compute_api:os-availability-zone:detail", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_add_host_to_aggregate_rbac", "rules": "os_compute_api:os-aggregates:add_host", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_get_availability_zone_list_rbac", "rules": "os_compute_api:os-availability-zone:list", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_aggregate_rbac", "rules": "os_compute_api:os-aggregates:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_flavor_manage", "rules": "os_compute_api:os-flavor-manage:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_agents_rbac", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_aggregate_rbac", "rules": "os_compute_api:os-aggregates:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_aggregate_rbac", "rules": "os_compute_api:os-aggregates:index", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_add_flavor_access", "rules": "os_compute_api:os-flavor-access:add_tenant_access", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_floating_ips_bulk", "rules": "os_compute_api:os-floating-ips-bulk", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_remove_host_from_aggregate_rbac", "rules": "os_compute_api:os-aggregates:remove_host", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_flavor_access", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_floating_ip_pools", "rules": "os_compute_api:os-floating-ip-pools", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:show", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_flavors_details_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_set_metadata_on_aggregate_rbac", "rules": "os_compute_api:os-aggregates:set_metadata", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_remove_flavor_access", "rules": "os_compute_api:os-flavor-access:remove_tenant_access", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_aggregate_rbac", "rules": "os_compute_api:os-aggregates:show", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_instance_usage_audit_logs", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_flavor_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_aggregate_rbac", "rules": "os_compute_api:os-aggregates:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_instance_usage_audit_log", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_hosts", "rules": "os_compute_api:os-hosts", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_hypervisors", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_flavor_extra_specs", "rules": "os_compute_api:os-flavor-extra-specs:index", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-migrations:index", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_images", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_hypervisors_with_details", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_set_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_images_with_details", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_servers_on_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_search_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_unset_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_keypair", "rules": "os_compute_api:os-keypairs:create", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_keypair", "rules": "os_compute_api:os-keypairs:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_hypervisor_statistics", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_index_keypair", "rules": "os_compute_api:os-keypairs:index", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_hypervisor_uptime", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_get_flavor_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_keypair", "rules": "os_compute_api:os-keypairs:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_flavors_details_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_quota_set", "rules": "os_compute_api:os-quota-sets:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_default_quota_set", "rules": "os_compute_api:os-quota-sets:defaults", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_quota_set", "rules": "os_compute_api:os-quota-sets:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_image_metadata", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_quota_set_details", "rules": "os_compute_api:os-quota-sets:detail", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_quota_set", "rules": "os_compute_api:os-quota-sets:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_images_with_details", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_image_details", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_image_metadata_item", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_show_tenant_networks", "rules": "os_compute_api:os-tenant-networks", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_domain_config", "rules": "identity:create_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_domain_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_domain_group_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_domain_group_option_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_default_config_settings", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_default_group_config", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_default_group_option", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_domain_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_domain_group_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_domain_group_option_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_security_compliance_domain_config", "rules": "identity:get_security_compliance_domain_config", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_domain_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_domain_group_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_domain_group_option_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_authorize_request_token", "rules": "identity:authorize_request_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_get_access_token", "rules": "identity:get_access_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_get_access_token_role", "rules": "identity:get_access_token_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_access_token_roles", "rules": "identity:list_access_token_roles", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_access_tokens", "rules": "identity:list_access_tokens", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_revoke_access_token", "rules": "identity:delete_access_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_role_from_group_on_domain_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_role_from_group_on_project_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_role_inference_rule", "rules": "identity:check_implied_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_user_role_existence_on_domain", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_user_role_existence_on_project", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_group_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_group_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_role", "rules": "identity:create_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_role_inference_rule", "rules": "identity:create_implied_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_user_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_user_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role", "rules": "identity:delete_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_from_group_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_from_group_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_from_user_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_from_user_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_inference_rule", "rules": "identity:delete_implied_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_all_role_inference_rules", "rules": "identity:list_role_inference_rules", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_group_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_group_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_role_inferences_rules", "rules": "identity:list_implied_roles", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_roles", "rules": "identity:list_roles", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_user_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_user_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_role", "rules": "identity:get_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_role_inference_rule", "rules": "identity:get_implied_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_role", "rules": "identity:update_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_domain", "rules": "identity:create_domain", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_domain", "rules": "identity:delete_domain", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_service", "rules": "identity:create_service", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_domains", "rules": "identity:list_domains", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_service", "rules": "identity:delete_service", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_domain", "rules": "identity:get_domain", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_services", "rules": "identity:list_services", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_domain", "rules": "identity:update_domain", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_service", "rules": "identity:get_service", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_service", "rules": "identity:update_service", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_server_group", "rules": "os_compute_api:os-server-groups:create", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_consumer", "rules": "identity:create_consumer", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_server_group", "rules": "os_compute_api:os-server-groups:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_consumer", "rules": "identity:delete_consumer", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_metadef_namespace", "rules": "add_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_server_groups", "rules": "os_compute_api:os-server-groups:index", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_consumers", "rules": "identity:list_consumers", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_metadef_namespaces", "rules": "get_metadef_namespaces", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_consumer", "rules": "identity:get_consumer", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_server_group", "rules": "os_compute_api:os-server-groups:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_modify_metadef_namespace", "rules": "modify_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_consumer", "rules": "identity:update_consumer", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_add_metadef_resource_type", "rules": "add_metadef_resource_type_association", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_create", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_get_metadef_resource_type", "rules": "get_metadef_resource_type", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_delete", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_metadef_resource_types", "rules": "list_metadef_resource_types", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_list", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_show", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_add_image_member", "rules": "add_member", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_update", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image_member", "rules": "delete_member", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_image_members", "rules": "get_members", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_image_member", "rules": "get_member", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_reset_group_status", "rules": "group:reset_status", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_image_member", "rules": "modify_member", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_agent", "rules": "get_agent", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_manage_snapshot_rbac", "rules": "snapshot_extension:snapshot_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_agent", "rules": "update_agent", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_unmanage_snapshot_rbac", "rules": "snapshot_extension:snapshot_unmanage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_volume_summary", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_floating_ip", "rules": "create_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_floating_ip_floatingip_address", "rules": "create_floatingip:floating_ip_address", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_add_type_access", "rules": "volume_extension:volume_type_access:addProjectAccess", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_type_access", "rules": "volume_extension:volume_type_access", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_floating_ip", "rules": "delete_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_remove_type_access", "rules": "volume_extension:volume_type_access:removeProjectAccess", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_floating_ip", "rules": "get_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_floating_ip", "rules": "update_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_manage", "rules": "volume_extension:volume_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_unmanage", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network", "rules": "create_network", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_provider_network_type", "rules": "create_network:provider:network_type", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_provider_segmentation_id", "rules": "create_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_router_external", "rules": "create_network:router:external", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_shared", "rules": "create_network:shared", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_network", "rules": "delete_network", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_dhcp_agents_on_hosting_network", "rules": "get_dhcp-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network", "rules": "get_network", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_provider_network_type", "rules": "get_network:provider:network_type", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_provider_physical_network", "rules": "get_network:provider:physical_network", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_provider_segmentation_id", "rules": "get_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_router_external", "rules": "get_network:router:external", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_network", "rules": "update_network", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_network_router_external", "rules": "update_network:router:external", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_network_shared", "rules": "update_network:shared", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-services", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_subnets", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_endpoint_group", "rules": "identity:create_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_endpoint_group", "rules": "identity:delete_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_endpoint_groups", "rules": "identity:list_endpoint_groups", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_group", "rules": "group:create", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_endpoint_group", "rules": "identity:update_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_group", "rules": "group:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_policy", "rules": "identity:create_policy", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_groups", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_policy", "rules": "identity:delete_policy", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_groups_with_details", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_policies", "rules": "identity:list_policies", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_policy", "rules": "identity:get_policy", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_group", "rules": "group:get", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_policy", "rules": "identity:update_policy", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_group", "rules": "group:update", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_user", "rules": "identity:create_user", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_user", "rules": "identity:delete_user", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_own_user_group", "rules": "identity:list_groups_for_user", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_own_user_projects", "rules": "identity:list_user_projects", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_snapshot_metadata", "rules": "volume_extension:extended_snapshot_attributes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_users", "rules": "identity:list_users", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_snapshot_metadata_item", "rules": "volume:delete_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_own_user", "rules": "identity:get_user", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_snapshot_metadata", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_user", "rules": "identity:update_user", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_snapshot_metadata_for_volume_tenant", "rules": "volume_extension:volume_tenant_attribute", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_snapshot_metadata_item", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_metadef_object_in_namespace", "rules": "add_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_snapshot_metadata", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_metadef_objects_in_namespace", "rules": "get_metadef_objects", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_snapshot_metadata_item", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_metadef_object_in_namespace", "rules": "get_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_metadef_object_in_namespace", "rules": "modify_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_namespace_tag", "rules": "add_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_upload_public", "rules": "volume_extension:volume_actions:upload_public", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_namespace_tags", "rules": "add_metadef_tags", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_namespace_tags", "rules": "get_metadef_tags", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_namespace_tag", "rules": "get_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_namespace_tag", "rules": "modify_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_router_on_l3_agent", "rules": "create_l3-router", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_router_from_l3_agent", "rules": "delete_l3-router", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_routers_on_l3_agent", "rules": "get_l3-routers", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_subnetpool", "rules": "create_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_subnetpool_shared", "rules": "create_subnetpool:shared", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_subnetpool", "rules": "delete_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_subnetpool", "rules": "get_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_subnetpool", "rules": "update_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_subnetpool_is_default", "rules": "update_subnetpool:is_default", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_unmanage_volume", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_group_type_group_specs", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_force_delete", "rules": "volume_extension:volume_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_readonly_update", "rules": "volume:update_readonly_flag", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_group_type", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_region", "rules": "identity:create_region", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_reserve", "rules": "volume_extension:volume_actions:reserve", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_region", "rules": "identity:delete_region", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_reset_status", "rules": "volume_extension:volume_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_regions", "rules": "identity:list_regions", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_region", "rules": "identity:get_region", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_hosts", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_retype", "rules": "volume:retype", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_region", "rules": "identity:update_region", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_host", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_set_bootable", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_unreserve", "rules": "volume_extension:volume_actions:unreserve", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_token_existence_negative", "rules": "identity:check_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_metadata", "rules": "volume:create_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_token_negative", "rules": "identity:revoke_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_upload", "rules": "volume_extension:volume_actions:upload_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_token_negative", "rules": "identity:validate_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_metadata_item", "rules": "volume:delete_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_volume_metadata", "rules": "volume:get_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_add_md_properties", "rules": "add_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_get_md_properties", "rules": "get_metadef_properties", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_metadata", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_get_md_property", "rules": "get_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_metadata_item", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_modify_md_properties", "rules": "modify_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_service_providers", "rules": "get_service_provider", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_message", "rules": "message:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_messages", "rules": "message:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_message", "rules": "message:get", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_endpoint", "rules": "identity:create_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_endpoint", "rules": "identity:delete_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_endpoints", "rules": "identity:list_endpoints", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_endpoint", "rules": "identity:get_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_endpoint", "rules": "identity:update_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_add_user_group", "rules": "identity:add_user_to_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_user_group", "rules": "identity:check_user_in_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_group", "rules": "identity:create_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_snapshots", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_group", "rules": "identity:delete_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_volumes", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_groups", "rules": "identity:list_groups", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_user_group", "rules": "identity:list_users_in_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_remove_user_group", "rules": "identity:remove_user_from_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_group", "rules": "identity:get_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_group", "rules": "identity:update_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_auth_domain", "rules": "identity:get_auth_domains", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_auth_projects", "rules": "identity:get_auth_projects", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_project", "rules": "identity:create_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_project", "rules": "identity:delete_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_credential", "rules": "identity:create_credential", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_projects", "rules": "identity:list_projects", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_credential", "rules": "identity:delete_credential", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_project", "rules": "identity:get_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_credentials", "rules": "identity:list_credentials", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_project", "rules": "identity:update_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_credential", "rules": "identity:get_credential", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_credential", "rules": "identity:update_credential", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_role_assignments", "rules": "identity:list_role_assignments", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_role_assignments_for_tree", "rules": "identity:list_role_assignments_for_tree", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_add_endpoint_to_project", "rules": "identity:add_endpoint_to_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_endpoint_in_project", "rules": "identity:check_endpoint_in_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_token_exsitence", "rules": "identity:check_token", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_endpoints_in_project", "rules": "identity:list_endpoints_for_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_token", "rules": "identity:revoke_token", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_projects_for_endpoint", "rules": "identity:list_projects_for_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_token", "rules": "identity:validate_token", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_remove_endpoint_from_project", "rules": "identity:remove_endpoint_from_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_trust", "rules": "identity:create_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_add_dhcp_agent_to_network", "rules": "create_dhcp-network", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_trust_negative", "rules": "identity:create_trust", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_network_from_dhcp_agent", "rules": "delete_dhcp-network", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_trust", "rules": "identity:delete_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_roles_for_trust", "rules": "identity:list_roles_for_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_networks_hosted_by_one_dhcp_agent", "rules": "get_dhcp-networks", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_trusts", "rules": "identity:list_trusts", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_trust", "rules": "identity:get_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_segments", "rules": "create_network:segments", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_trust_role", "rules": "identity:get_role_for_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_segments", "rules": "get_network:segments", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_communitize_image", "rules": "communitize_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_network_segments", "rules": "update_network:segments", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_image", "rules": "add_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_deactivate_image", "rules": "deactivate", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port", "rules": "create_port", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_allowed_address_pairs", "rules": "create_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_binding_host_id", "rules": "create_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_download_image", "rules": "download_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_binding_profile", "rules": "create_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_publicize_image", "rules": "publicize_image", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_device_owner", "rules": "create_port:device_owner", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_reactivate_image", "rules": "reactivate", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_fixed_ips_ip_address", "rules": "create_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_image", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_image", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_mac_address", "rules": "create_port:mac_address", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_upload_image", "rules": "upload_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_security_enabled", "rules": "create_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_port", "rules": "delete_port", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port", "rules": "get_port", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_add_router_interface", "rules": "add_router_interface", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port_binding_host_id", "rules": "get_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port_binding_profile", "rules": "get_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_distributed_router", "rules": "create_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port_binding_vif_details", "rules": "get_port:binding:vif_details", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_high_availability_router", "rules": "create_router:ha", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port_binding_vif_type", "rules": "get_port:binding:vif_type", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_router", "rules": "create_router", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_router_enable_snat", "rules": "create_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port", "rules": "update_port", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_router_external_fixed_ips", "rules": "create_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_allowed_address_pairs", "rules": "update_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_router", "rules": "delete_router", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_binding_host_id", "rules": "update_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_binding_profile", "rules": "update_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_remove_router_interface", "rules": "remove_router_interface", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_device_owner", "rules": "update_port:device_owner", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_distributed_router", "rules": "get_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_fixed_ips_ip_address", "rules": "update_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_mac_address", "rules": "update_port:mac_address", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_high_availability_router", "rules": "get_router:ha", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_security_enabled", "rules": "update_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_router", "rules": "get_router", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_distributed_router", "rules": "update_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_high_availability_router", "rules": "update_router:ha", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router", "rules": "update_router", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router_enable_snat", "rules": "update_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router_external_fixed_ips", "rules": "update_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_security_group", "rules": "create_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router_external_gateway_info", "rules": "update_router:external_gateway_info", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_security_group_rule", "rules": "create_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_security_group", "rules": "delete_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router_external_gateway_info_network_id", "rules": "update_router:external_gateway_info:network_id", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_security_group_rule", "rules": "delete_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_security_group_rules", "rules": "get_security_group_rules", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_security_groups", "rules": "get_security_groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_security_group_rule", "rules": "get_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_security_groups", "rules": "get_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_back_end_capabilities", "rules": "volume_extension:capabilities", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_security_group", "rules": "update_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_associate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_limits", "rules": "limits_extension:used_limits", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_back_end_storage_pools", "rules": "scheduler_extension:scheduler_stats:get_pools", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_disassociate_all_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_disassociate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_association_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume", "rules": "volume:create", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume", "rules": "volume:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_set_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_qos", "rules": "volume_extension:qos_specs_manage:get", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_volume", "rules": "volume:get", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_unset_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_list", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_list_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_reset_snapshot_status", "rules": "volume_extension:snapshot_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_force_delete", "rules": "volume_extension:snapshot_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_snapshot_status", "rules": "snapshot_extension:snapshot_actions:update_snapshot_status", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_accept_volume_transfer", "rules": "volume:accept_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_transfer", "rules": "volume:create_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_transfer", "rules": "volume:delete_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_volume_transfer", "rules": "volume:get_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_quota_set", "rules": "volume_extension:quotas:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_volume_transfers", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_default_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_volume_transfers_details", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_quotas_usage_true", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_quota_set", "rules": "volume_extension:quotas:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_volume_types_extra_specs", "rules": "volume_extension:types_extra_specs:index", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_services", "rules": "volume_extension:services:index", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:show", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_create", "rules": "volume:create_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_delete", "rules": "volume:delete_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_get", "rules": "volume:get_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_update", "rules": "volume:update_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshots_get_all", "rules": "volume:get_all_snapshots", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_extend", "rules": "volume:extend", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_flavor_manage", "rules": "os_compute_api:os-flavor-manage:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_limits", "rules": "os_compute_api:limits", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_get_availability_zone_list_detail_rbac", "rules": "os_compute_api:os-availability-zone:detail", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_add_host_to_aggregate_rbac", "rules": "os_compute_api:os-aggregates:add_host", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_get_availability_zone_list_rbac", "rules": "os_compute_api:os-availability-zone:list", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_aggregate_rbac", "rules": "os_compute_api:os-aggregates:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_flavor_manage", "rules": "os_compute_api:os-flavor-manage:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_agents_rbac", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_aggregate_rbac", "rules": "os_compute_api:os-aggregates:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_aggregate_rbac", "rules": "os_compute_api:os-aggregates:index", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_add_flavor_access", "rules": "os_compute_api:os-flavor-access:add_tenant_access", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_floating_ips_bulk", "rules": "os_compute_api:os-floating-ips-bulk", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_remove_host_from_aggregate_rbac", "rules": "os_compute_api:os-aggregates:remove_host", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_flavor_access", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_floating_ip_pools", "rules": "os_compute_api:os-floating-ip-pools", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:show", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_flavors_details_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_set_metadata_on_aggregate_rbac", "rules": "os_compute_api:os-aggregates:set_metadata", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_remove_flavor_access", "rules": "os_compute_api:os-flavor-access:remove_tenant_access", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_aggregate_rbac", "rules": "os_compute_api:os-aggregates:show", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_instance_usage_audit_logs", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_flavor_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_aggregate_rbac", "rules": "os_compute_api:os-aggregates:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_instance_usage_audit_log", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_hosts", "rules": "os_compute_api:os-hosts", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_hypervisors", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_flavor_extra_specs", "rules": "os_compute_api:os-flavor-extra-specs:index", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-migrations:index", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_images", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_hypervisors_with_details", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_set_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_images_with_details", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_servers_on_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_search_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_unset_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_keypair", "rules": "os_compute_api:os-keypairs:create", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_keypair", "rules": "os_compute_api:os-keypairs:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_hypervisor_statistics", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_index_keypair", "rules": "os_compute_api:os-keypairs:index", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_hypervisor_uptime", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_get_flavor_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_keypair", "rules": "os_compute_api:os-keypairs:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_flavors_details_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_quota_set", "rules": "os_compute_api:os-quota-sets:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_default_quota_set", "rules": "os_compute_api:os-quota-sets:defaults", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_quota_set", "rules": "os_compute_api:os-quota-sets:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_image_metadata", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_quota_set_details", "rules": "os_compute_api:os-quota-sets:detail", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_quota_set", "rules": "os_compute_api:os-quota-sets:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_images_with_details", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_image_details", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_image_metadata_item", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_show_tenant_networks", "rules": "os_compute_api:os-tenant-networks", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_domain_config", "rules": "identity:create_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_domain_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_domain_group_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_domain_group_option_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_default_config_settings", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_default_group_config", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_default_group_option", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_domain_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_domain_group_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_domain_group_option_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_security_compliance_domain_config", "rules": "identity:get_security_compliance_domain_config", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_domain_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_domain_group_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_domain_group_option_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_authorize_request_token", "rules": "identity:authorize_request_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_get_access_token", "rules": "identity:get_access_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_get_access_token_role", "rules": "identity:get_access_token_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_access_token_roles", "rules": "identity:list_access_token_roles", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_access_tokens", "rules": "identity:list_access_tokens", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_revoke_access_token", "rules": "identity:delete_access_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_role_from_group_on_domain_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_role_from_group_on_project_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_role_inference_rule", "rules": "identity:check_implied_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_user_role_existence_on_domain", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_user_role_existence_on_project", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_group_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_group_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_role", "rules": "identity:create_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_role_inference_rule", "rules": "identity:create_implied_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_user_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_user_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role", "rules": "identity:delete_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_from_group_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_from_group_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_from_user_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_from_user_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_inference_rule", "rules": "identity:delete_implied_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_all_role_inference_rules", "rules": "identity:list_role_inference_rules", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_group_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_group_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_role_inferences_rules", "rules": "identity:list_implied_roles", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_roles", "rules": "identity:list_roles", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_user_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_user_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_role", "rules": "identity:get_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_role_inference_rule", "rules": "identity:get_implied_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_role", "rules": "identity:update_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_domain", "rules": "identity:create_domain", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_domain", "rules": "identity:delete_domain", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_service", "rules": "identity:create_service", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_domains", "rules": "identity:list_domains", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_service", "rules": "identity:delete_service", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_domain", "rules": "identity:get_domain", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_services", "rules": "identity:list_services", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_domain", "rules": "identity:update_domain", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_service", "rules": "identity:get_service", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_service", "rules": "identity:update_service", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_server_group", "rules": "os_compute_api:os-server-groups:create", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_consumer", "rules": "identity:create_consumer", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_server_group", "rules": "os_compute_api:os-server-groups:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_consumer", "rules": "identity:delete_consumer", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_metadef_namespace", "rules": "add_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_server_groups", "rules": "os_compute_api:os-server-groups:index", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_consumers", "rules": "identity:list_consumers", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_metadef_namespaces", "rules": "get_metadef_namespaces", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_consumer", "rules": "identity:get_consumer", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_server_group", "rules": "os_compute_api:os-server-groups:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_modify_metadef_namespace", "rules": "modify_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_consumer", "rules": "identity:update_consumer", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_add_metadef_resource_type", "rules": "add_metadef_resource_type_association", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_create", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_get_metadef_resource_type", "rules": "get_metadef_resource_type", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_delete", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_metadef_resource_types", "rules": "list_metadef_resource_types", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_list", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_show", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_add_image_member", "rules": "add_member", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_update", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image_member", "rules": "delete_member", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_image_members", "rules": "get_members", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_image_member", "rules": "get_member", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_reset_group_status", "rules": "group:reset_status", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_image_member", "rules": "modify_member", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_agent", "rules": "get_agent", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_manage_snapshot_rbac", "rules": "snapshot_extension:snapshot_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_agent", "rules": "update_agent", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_unmanage_snapshot_rbac", "rules": "snapshot_extension:snapshot_unmanage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_volume_summary", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_floating_ip", "rules": "create_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_floating_ip_floatingip_address", "rules": "create_floatingip:floating_ip_address", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_add_type_access", "rules": "volume_extension:volume_type_access:addProjectAccess", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_type_access", "rules": "volume_extension:volume_type_access", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_floating_ip", "rules": "delete_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_remove_type_access", "rules": "volume_extension:volume_type_access:removeProjectAccess", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_floating_ip", "rules": "get_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_floating_ip", "rules": "update_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_manage", "rules": "volume_extension:volume_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_unmanage", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network", "rules": "create_network", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_provider_network_type", "rules": "create_network:provider:network_type", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_provider_segmentation_id", "rules": "create_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_router_external", "rules": "create_network:router:external", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_shared", "rules": "create_network:shared", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_network", "rules": "delete_network", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_dhcp_agents_on_hosting_network", "rules": "get_dhcp-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network", "rules": "get_network", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_provider_network_type", "rules": "get_network:provider:network_type", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_provider_physical_network", "rules": "get_network:provider:physical_network", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_provider_segmentation_id", "rules": "get_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_router_external", "rules": "get_network:router:external", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_network", "rules": "update_network", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_network_router_external", "rules": "update_network:router:external", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_network_shared", "rules": "update_network:shared", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-services", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_subnets", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_endpoint_group", "rules": "identity:create_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_endpoint_group", "rules": "identity:delete_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_endpoint_groups", "rules": "identity:list_endpoint_groups", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_group", "rules": "group:create", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_endpoint_group", "rules": "identity:update_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_group", "rules": "group:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_policy", "rules": "identity:create_policy", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_groups", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_policy", "rules": "identity:delete_policy", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_groups_with_details", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_policies", "rules": "identity:list_policies", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_policy", "rules": "identity:get_policy", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_group", "rules": "group:get", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_policy", "rules": "identity:update_policy", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_group", "rules": "group:update", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_user", "rules": "identity:create_user", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_user", "rules": "identity:delete_user", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_own_user_group", "rules": "identity:list_groups_for_user", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_own_user_projects", "rules": "identity:list_user_projects", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_snapshot_metadata", "rules": "volume_extension:extended_snapshot_attributes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_users", "rules": "identity:list_users", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_snapshot_metadata_item", "rules": "volume:delete_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_own_user", "rules": "identity:get_user", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_snapshot_metadata", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_user", "rules": "identity:update_user", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_snapshot_metadata_for_volume_tenant", "rules": "volume_extension:volume_tenant_attribute", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_snapshot_metadata_item", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_metadef_object_in_namespace", "rules": "add_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_snapshot_metadata", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_metadef_objects_in_namespace", "rules": "get_metadef_objects", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_snapshot_metadata_item", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_metadef_object_in_namespace", "rules": "get_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_metadef_object_in_namespace", "rules": "modify_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_namespace_tag", "rules": "add_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_upload_public", "rules": "volume_extension:volume_actions:upload_public", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_namespace_tags", "rules": "add_metadef_tags", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_namespace_tags", "rules": "get_metadef_tags", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_namespace_tag", "rules": "get_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_namespace_tag", "rules": "modify_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_router_on_l3_agent", "rules": "create_l3-router", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_router_from_l3_agent", "rules": "delete_l3-router", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_routers_on_l3_agent", "rules": "get_l3-routers", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_subnetpool", "rules": "create_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_subnetpool_shared", "rules": "create_subnetpool:shared", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_subnetpool", "rules": "delete_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_subnetpool", "rules": "get_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_subnetpool", "rules": "update_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_subnetpool_is_default", "rules": "update_subnetpool:is_default", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_unmanage_volume", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_group_type_group_specs", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_force_delete", "rules": "volume_extension:volume_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_readonly_update", "rules": "volume:update_readonly_flag", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_group_type", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_region", "rules": "identity:create_region", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_reserve", "rules": "volume_extension:volume_actions:reserve", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_region", "rules": "identity:delete_region", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_reset_status", "rules": "volume_extension:volume_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_regions", "rules": "identity:list_regions", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_region", "rules": "identity:get_region", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_hosts", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_retype", "rules": "volume:retype", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_region", "rules": "identity:update_region", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_host", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_set_bootable", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_unreserve", "rules": "volume_extension:volume_actions:unreserve", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_token_existence_negative", "rules": "identity:check_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_metadata", "rules": "volume:create_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_token_negative", "rules": "identity:revoke_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_upload", "rules": "volume_extension:volume_actions:upload_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_token_negative", "rules": "identity:validate_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_metadata_item", "rules": "volume:delete_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_volume_metadata", "rules": "volume:get_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_add_md_properties", "rules": "add_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_get_md_properties", "rules": "get_metadef_properties", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_metadata", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_get_md_property", "rules": "get_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_metadata_item", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_modify_md_properties", "rules": "modify_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_service_providers", "rules": "get_service_provider", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_message", "rules": "message:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_messages", "rules": "message:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_message", "rules": "message:get", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_endpoint", "rules": "identity:create_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_endpoint", "rules": "identity:delete_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_endpoints", "rules": "identity:list_endpoints", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_endpoint", "rules": "identity:get_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_endpoint", "rules": "identity:update_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_add_user_group", "rules": "identity:add_user_to_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_user_group", "rules": "identity:check_user_in_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_group", "rules": "identity:create_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_snapshots", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_group", "rules": "identity:delete_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_volumes", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_groups", "rules": "identity:list_groups", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_user_group", "rules": "identity:list_users_in_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_remove_user_group", "rules": "identity:remove_user_from_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_group", "rules": "identity:get_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_group", "rules": "identity:update_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_auth_domain", "rules": "identity:get_auth_domains", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_auth_projects", "rules": "identity:get_auth_projects", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_project", "rules": "identity:create_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_project", "rules": "identity:delete_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_credential", "rules": "identity:create_credential", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_projects", "rules": "identity:list_projects", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_credential", "rules": "identity:delete_credential", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_project", "rules": "identity:get_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_credentials", "rules": "identity:list_credentials", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_project", "rules": "identity:update_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_credential", "rules": "identity:get_credential", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_credential", "rules": "identity:update_credential", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_role_assignments", "rules": "identity:list_role_assignments", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_role_assignments_for_tree", "rules": "identity:list_role_assignments_for_tree", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_add_endpoint_to_project", "rules": "identity:add_endpoint_to_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_endpoint_in_project", "rules": "identity:check_endpoint_in_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_token_exsitence", "rules": "identity:check_token", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_endpoints_in_project", "rules": "identity:list_endpoints_for_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_token", "rules": "identity:revoke_token", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_projects_for_endpoint", "rules": "identity:list_projects_for_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_token", "rules": "identity:validate_token", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_remove_endpoint_from_project", "rules": "identity:remove_endpoint_from_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_trust", "rules": "identity:create_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_add_dhcp_agent_to_network", "rules": "create_dhcp-network", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_trust_negative", "rules": "identity:create_trust", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_network_from_dhcp_agent", "rules": "delete_dhcp-network", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_trust", "rules": "identity:delete_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_roles_for_trust", "rules": "identity:list_roles_for_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_networks_hosted_by_one_dhcp_agent", "rules": "get_dhcp-networks", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_trusts", "rules": "identity:list_trusts", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_trust", "rules": "identity:get_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_segments", "rules": "create_network:segments", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_trust_role", "rules": "identity:get_role_for_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_segments", "rules": "get_network:segments", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_communitize_image", "rules": "communitize_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_network_segments", "rules": "update_network:segments", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_image", "rules": "add_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_deactivate_image", "rules": "deactivate", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port", "rules": "create_port", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_allowed_address_pairs", "rules": "create_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_binding_host_id", "rules": "create_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_download_image", "rules": "download_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_binding_profile", "rules": "create_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_publicize_image", "rules": "publicize_image", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_device_owner", "rules": "create_port:device_owner", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_reactivate_image", "rules": "reactivate", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_fixed_ips_ip_address", "rules": "create_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_image", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_image", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_mac_address", "rules": "create_port:mac_address", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_upload_image", "rules": "upload_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_security_enabled", "rules": "create_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_port", "rules": "delete_port", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port", "rules": "get_port", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_add_router_interface", "rules": "add_router_interface", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port_binding_host_id", "rules": "get_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port_binding_profile", "rules": "get_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_distributed_router", "rules": "create_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port_binding_vif_details", "rules": "get_port:binding:vif_details", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_high_availability_router", "rules": "create_router:ha", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port_binding_vif_type", "rules": "get_port:binding:vif_type", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_router", "rules": "create_router", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_router_enable_snat", "rules": "create_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port", "rules": "update_port", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_router_external_fixed_ips", "rules": "create_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_allowed_address_pairs", "rules": "update_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_router", "rules": "delete_router", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_binding_host_id", "rules": "update_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_binding_profile", "rules": "update_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_remove_router_interface", "rules": "remove_router_interface", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_device_owner", "rules": "update_port:device_owner", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_distributed_router", "rules": "get_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_fixed_ips_ip_address", "rules": "update_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_mac_address", "rules": "update_port:mac_address", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_high_availability_router", "rules": "get_router:ha", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_security_enabled", "rules": "update_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_router", "rules": "get_router", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_distributed_router", "rules": "update_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_high_availability_router", "rules": "update_router:ha", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router", "rules": "update_router", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router_enable_snat", "rules": "update_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router_external_fixed_ips", "rules": "update_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_security_group", "rules": "create_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router_external_gateway_info", "rules": "update_router:external_gateway_info", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_security_group_rule", "rules": "create_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_security_group", "rules": "delete_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router_external_gateway_info_network_id", "rules": "update_router:external_gateway_info:network_id", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_security_group_rule", "rules": "delete_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_security_group_rules", "rules": "get_security_group_rules", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_security_groups", "rules": "get_security_groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_security_group_rule", "rules": "get_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_security_groups", "rules": "get_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_back_end_capabilities", "rules": "volume_extension:capabilities", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_security_group", "rules": "update_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_associate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_limits", "rules": "limits_extension:used_limits", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_back_end_storage_pools", "rules": "scheduler_extension:scheduler_stats:get_pools", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_disassociate_all_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_disassociate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_association_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume", "rules": "volume:create", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume", "rules": "volume:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_set_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_qos", "rules": "volume_extension:qos_specs_manage:get", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_volume", "rules": "volume:get", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_unset_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_list", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_list_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_reset_snapshot_status", "rules": "volume_extension:snapshot_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_force_delete", "rules": "volume_extension:snapshot_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_snapshot_status", "rules": "snapshot_extension:snapshot_actions:update_snapshot_status", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_accept_volume_transfer", "rules": "volume:accept_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_transfer", "rules": "volume:create_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_transfer", "rules": "volume:delete_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_volume_transfer", "rules": "volume:get_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_quota_set", "rules": "volume_extension:quotas:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_volume_transfers", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_default_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_volume_transfers_details", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_quotas_usage_true", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_quota_set", "rules": "volume_extension:quotas:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_volume_types_extra_specs", "rules": "volume_extension:types_extra_specs:index", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_services", "rules": "volume_extension:services:index", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:show", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_create", "rules": "volume:create_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_delete", "rules": "volume:delete_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_get", "rules": "volume:get_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_update", "rules": "volume:update_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshots_get_all", "rules": "volume:get_all_snapshots", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_extend", "rules": "volume:extend", "expected": "Allowed", "actual": "Allowed"}`

patrole-new.log

file modified

+460 -460

		`@@ -1832,463 +1832,463 @@`
		`{"role": "Member", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`{"role": "Member", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`{"role": "Member", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_flavor_manage", "rules": "os_compute_api:os-flavor-manage:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_limits", "rules": "os_compute_api:limits", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_get_availability_zone_list_detail_rbac", "rules": "os_compute_api:os-availability-zone:detail", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_add_host_to_aggregate_rbac", "rules": "os_compute_api:os-aggregates:add_host", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_get_availability_zone_list_rbac", "rules": "os_compute_api:os-availability-zone:list", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_aggregate_rbac", "rules": "os_compute_api:os-aggregates:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_flavor_manage", "rules": "os_compute_api:os-flavor-manage:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_agents_rbac", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_aggregate_rbac", "rules": "os_compute_api:os-aggregates:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_aggregate_rbac", "rules": "os_compute_api:os-aggregates:index", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_add_flavor_access", "rules": "os_compute_api:os-flavor-access:add_tenant_access", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_floating_ips_bulk", "rules": "os_compute_api:os-floating-ips-bulk", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_remove_host_from_aggregate_rbac", "rules": "os_compute_api:os-aggregates:remove_host", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_flavor_access", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_floating_ip_pools", "rules": "os_compute_api:os-floating-ip-pools", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:show", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_flavors_details_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_set_metadata_on_aggregate_rbac", "rules": "os_compute_api:os-aggregates:set_metadata", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_remove_flavor_access", "rules": "os_compute_api:os-flavor-access:remove_tenant_access", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_aggregate_rbac", "rules": "os_compute_api:os-aggregates:show", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_instance_usage_audit_logs", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_flavor_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_aggregate_rbac", "rules": "os_compute_api:os-aggregates:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_instance_usage_audit_log", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_hosts", "rules": "os_compute_api:os-hosts", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_hypervisors", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_flavor_extra_specs", "rules": "os_compute_api:os-flavor-extra-specs:index", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-migrations:index", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_images", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_hypervisors_with_details", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_set_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_images_with_details", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_servers_on_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_search_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_unset_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_keypair", "rules": "os_compute_api:os-keypairs:create", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_keypair", "rules": "os_compute_api:os-keypairs:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_hypervisor_statistics", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_index_keypair", "rules": "os_compute_api:os-keypairs:index", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_hypervisor_uptime", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_get_flavor_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_keypair", "rules": "os_compute_api:os-keypairs:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_flavors_details_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_quota_set", "rules": "os_compute_api:os-quota-sets:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_default_quota_set", "rules": "os_compute_api:os-quota-sets:defaults", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_quota_set", "rules": "os_compute_api:os-quota-sets:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_image_metadata", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_quota_set_details", "rules": "os_compute_api:os-quota-sets:detail", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_quota_set", "rules": "os_compute_api:os-quota-sets:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_images_with_details", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_image_details", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_image_metadata_item", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_update_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_show_tenant_networks", "rules": "os_compute_api:os-tenant-networks", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_domain_config", "rules": "identity:create_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_domain_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_domain_group_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_domain_group_option_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_default_config_settings", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_default_group_config", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_default_group_option", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_domain_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_domain_group_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_domain_group_option_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_security_compliance_domain_config", "rules": "identity:get_security_compliance_domain_config", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_domain_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_domain_group_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_domain_group_option_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_authorize_request_token", "rules": "identity:authorize_request_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_get_access_token", "rules": "identity:get_access_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_get_access_token_role", "rules": "identity:get_access_token_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_access_token_roles", "rules": "identity:list_access_token_roles", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_access_tokens", "rules": "identity:list_access_tokens", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_revoke_access_token", "rules": "identity:delete_access_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_role_from_group_on_domain_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_role_from_group_on_project_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_role_inference_rule", "rules": "identity:check_implied_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_user_role_existence_on_domain", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_user_role_existence_on_project", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_group_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_group_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_role", "rules": "identity:create_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_role_inference_rule", "rules": "identity:create_implied_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_user_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_user_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role", "rules": "identity:delete_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_from_group_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_from_group_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_from_user_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_from_user_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_role_inference_rule", "rules": "identity:delete_implied_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_all_role_inference_rules", "rules": "identity:list_role_inference_rules", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_group_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_group_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_role_inferences_rules", "rules": "identity:list_implied_roles", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_roles", "rules": "identity:list_roles", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_user_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_user_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_role", "rules": "identity:get_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_role_inference_rule", "rules": "identity:get_implied_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_role", "rules": "identity:update_role", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_domain", "rules": "identity:create_domain", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_domain", "rules": "identity:delete_domain", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_service", "rules": "identity:create_service", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_domains", "rules": "identity:list_domains", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_service", "rules": "identity:delete_service", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_domain", "rules": "identity:get_domain", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_services", "rules": "identity:list_services", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_domain", "rules": "identity:update_domain", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_service", "rules": "identity:get_service", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_service", "rules": "identity:update_service", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_server_group", "rules": "os_compute_api:os-server-groups:create", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_consumer", "rules": "identity:create_consumer", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_server_group", "rules": "os_compute_api:os-server-groups:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_consumer", "rules": "identity:delete_consumer", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_metadef_namespace", "rules": "add_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_server_groups", "rules": "os_compute_api:os-server-groups:index", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_consumers", "rules": "identity:list_consumers", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_metadef_namespaces", "rules": "get_metadef_namespaces", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_consumer", "rules": "identity:get_consumer", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_server_group", "rules": "os_compute_api:os-server-groups:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_modify_metadef_namespace", "rules": "modify_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_consumer", "rules": "identity:update_consumer", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_add_metadef_resource_type", "rules": "add_metadef_resource_type_association", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_create", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_get_metadef_resource_type", "rules": "get_metadef_resource_type", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_delete", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_metadef_resource_types", "rules": "list_metadef_resource_types", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_list", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_show", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_add_image_member", "rules": "add_member", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_group_type_specs_update", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image_member", "rules": "delete_member", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_image_members", "rules": "get_members", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_image_member", "rules": "get_member", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_reset_group_status", "rules": "group:reset_status", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_image_member", "rules": "modify_member", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_agent", "rules": "get_agent", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_manage_snapshot_rbac", "rules": "snapshot_extension:snapshot_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_agent", "rules": "update_agent", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_unmanage_snapshot_rbac", "rules": "snapshot_extension:snapshot_unmanage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_volume_summary", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_floating_ip", "rules": "create_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_floating_ip_floatingip_address", "rules": "create_floatingip:floating_ip_address", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_add_type_access", "rules": "volume_extension:volume_type_access:addProjectAccess", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_type_access", "rules": "volume_extension:volume_type_access", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_floating_ip", "rules": "delete_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_remove_type_access", "rules": "volume_extension:volume_type_access:removeProjectAccess", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_floating_ip", "rules": "get_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_floating_ip", "rules": "update_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_manage", "rules": "volume_extension:volume_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_unmanage", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network", "rules": "create_network", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_provider_network_type", "rules": "create_network:provider:network_type", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_provider_segmentation_id", "rules": "create_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_router_external", "rules": "create_network:router:external", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_shared", "rules": "create_network:shared", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_network", "rules": "delete_network", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_dhcp_agents_on_hosting_network", "rules": "get_dhcp-agents", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network", "rules": "get_network", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_provider_network_type", "rules": "get_network:provider:network_type", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_provider_physical_network", "rules": "get_network:provider:physical_network", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_provider_segmentation_id", "rules": "get_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_router_external", "rules": "get_network:router:external", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_network", "rules": "update_network", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_network_router_external", "rules": "update_network:router:external", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_network_shared", "rules": "update_network:shared", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-services", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_subnets", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_endpoint_group", "rules": "identity:create_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_endpoint_group", "rules": "identity:delete_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_endpoint_groups", "rules": "identity:list_endpoint_groups", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_group", "rules": "group:create", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_endpoint_group", "rules": "identity:update_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_group", "rules": "group:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_policy", "rules": "identity:create_policy", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_groups", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_policy", "rules": "identity:delete_policy", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_groups_with_details", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_policies", "rules": "identity:list_policies", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_policy", "rules": "identity:get_policy", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_group", "rules": "group:get", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_policy", "rules": "identity:update_policy", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_group", "rules": "group:update", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_user", "rules": "identity:create_user", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_user", "rules": "identity:delete_user", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_own_user_group", "rules": "identity:list_groups_for_user", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_own_user_projects", "rules": "identity:list_user_projects", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_snapshot_metadata", "rules": "volume_extension:extended_snapshot_attributes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_users", "rules": "identity:list_users", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_snapshot_metadata_item", "rules": "volume:delete_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_own_user", "rules": "identity:get_user", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_snapshot_metadata", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_user", "rules": "identity:update_user", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_snapshot_metadata_for_volume_tenant", "rules": "volume_extension:volume_tenant_attribute", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_snapshot_metadata_item", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_metadef_object_in_namespace", "rules": "add_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_snapshot_metadata", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_metadef_objects_in_namespace", "rules": "get_metadef_objects", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_snapshot_metadata_item", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_metadef_object_in_namespace", "rules": "get_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_metadef_object_in_namespace", "rules": "modify_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_namespace_tag", "rules": "add_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_upload_public", "rules": "volume_extension:volume_actions:upload_public", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_namespace_tags", "rules": "add_metadef_tags", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_namespace_tags", "rules": "get_metadef_tags", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_namespace_tag", "rules": "get_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_namespace_tag", "rules": "modify_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_router_on_l3_agent", "rules": "create_l3-router", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_router_from_l3_agent", "rules": "delete_l3-router", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_routers_on_l3_agent", "rules": "get_l3-routers", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_subnetpool", "rules": "create_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_subnetpool_shared", "rules": "create_subnetpool:shared", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_subnetpool", "rules": "delete_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_subnetpool", "rules": "get_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_subnetpool", "rules": "update_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_subnetpool_is_default", "rules": "update_subnetpool:is_default", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_unmanage_volume", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_group_type_group_specs", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_force_delete", "rules": "volume_extension:volume_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_readonly_update", "rules": "volume:update_readonly_flag", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_group_type", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_region", "rules": "identity:create_region", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_reserve", "rules": "volume_extension:volume_actions:reserve", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_region", "rules": "identity:delete_region", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_reset_status", "rules": "volume_extension:volume_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_regions", "rules": "identity:list_regions", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_region", "rules": "identity:get_region", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_hosts", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_retype", "rules": "volume:retype", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_region", "rules": "identity:update_region", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_host", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_set_bootable", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_unreserve", "rules": "volume_extension:volume_actions:unreserve", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_token_existence_negative", "rules": "identity:check_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_metadata", "rules": "volume:create_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_token_negative", "rules": "identity:revoke_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_upload", "rules": "volume_extension:volume_actions:upload_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_token_negative", "rules": "identity:validate_token", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_metadata_item", "rules": "volume:delete_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_volume_metadata", "rules": "volume:get_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_add_md_properties", "rules": "add_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_get_md_properties", "rules": "get_metadef_properties", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_metadata", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_get_md_property", "rules": "get_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_metadata_item", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_modify_md_properties", "rules": "modify_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_service_providers", "rules": "get_service_provider", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_message", "rules": "message:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_messages", "rules": "message:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_message", "rules": "message:get", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_endpoint", "rules": "identity:create_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_endpoint", "rules": "identity:delete_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_endpoints", "rules": "identity:list_endpoints", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_endpoint", "rules": "identity:get_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_endpoint", "rules": "identity:update_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_create_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_add_user_group", "rules": "identity:add_user_to_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_user_group", "rules": "identity:check_user_in_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_delete_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_group", "rules": "identity:create_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_snapshots", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_group", "rules": "identity:delete_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_list_volumes", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_groups", "rules": "identity:list_groups", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_user_group", "rules": "identity:list_users_in_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "nova", "test": "test_show_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_remove_user_group", "rules": "identity:remove_user_from_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_group", "rules": "identity:get_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_group", "rules": "identity:update_group", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_auth_domain", "rules": "identity:get_auth_domains", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_auth_projects", "rules": "identity:get_auth_projects", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_project", "rules": "identity:create_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_project", "rules": "identity:delete_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_credential", "rules": "identity:create_credential", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_projects", "rules": "identity:list_projects", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_credential", "rules": "identity:delete_credential", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_project", "rules": "identity:get_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_credentials", "rules": "identity:list_credentials", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_project", "rules": "identity:update_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_credential", "rules": "identity:get_credential", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_update_credential", "rules": "identity:update_credential", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_role_assignments", "rules": "identity:list_role_assignments", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_role_assignments_for_tree", "rules": "identity:list_role_assignments_for_tree", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_add_endpoint_to_project", "rules": "identity:add_endpoint_to_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_endpoint_in_project", "rules": "identity:check_endpoint_in_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_check_token_exsitence", "rules": "identity:check_token", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_endpoints_in_project", "rules": "identity:list_endpoints_for_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_token", "rules": "identity:revoke_token", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_projects_for_endpoint", "rules": "identity:list_projects_for_endpoint", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_token", "rules": "identity:validate_token", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_remove_endpoint_from_project", "rules": "identity:remove_endpoint_from_project", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_trust", "rules": "identity:create_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_add_dhcp_agent_to_network", "rules": "create_dhcp-network", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_create_trust_negative", "rules": "identity:create_trust", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_network_from_dhcp_agent", "rules": "delete_dhcp-network", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_delete_trust", "rules": "identity:delete_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_roles_for_trust", "rules": "identity:list_roles_for_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_networks_hosted_by_one_dhcp_agent", "rules": "get_dhcp-networks", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_list_trusts", "rules": "identity:list_trusts", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_trust", "rules": "identity:get_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_network_segments", "rules": "create_network:segments", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "keystone", "test": "test_show_trust_role", "rules": "identity:get_role_for_trust", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_network_segments", "rules": "get_network:segments", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_communitize_image", "rules": "communitize_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_network_segments", "rules": "update_network:segments", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_image", "rules": "add_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_create_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_deactivate_image", "rules": "deactivate", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port", "rules": "create_port", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_allowed_address_pairs", "rules": "create_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_delete_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_binding_host_id", "rules": "create_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_download_image", "rules": "download_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_binding_profile", "rules": "create_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_publicize_image", "rules": "publicize_image", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_device_owner", "rules": "create_port:device_owner", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_reactivate_image", "rules": "reactivate", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_fixed_ips_ip_address", "rules": "create_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_show_image", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_update_image", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_mac_address", "rules": "create_port:mac_address", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "glance", "test": "test_upload_image", "rules": "upload_image", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_port_security_enabled", "rules": "create_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_port", "rules": "delete_port", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port", "rules": "get_port", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_add_router_interface", "rules": "add_router_interface", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port_binding_host_id", "rules": "get_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port_binding_profile", "rules": "get_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_distributed_router", "rules": "create_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port_binding_vif_details", "rules": "get_port:binding:vif_details", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_high_availability_router", "rules": "create_router:ha", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_port_binding_vif_type", "rules": "get_port:binding:vif_type", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_router", "rules": "create_router", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_router_enable_snat", "rules": "create_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port", "rules": "update_port", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_router_external_fixed_ips", "rules": "create_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_allowed_address_pairs", "rules": "update_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_router", "rules": "delete_router", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_binding_host_id", "rules": "update_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_binding_profile", "rules": "update_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_remove_router_interface", "rules": "remove_router_interface", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_device_owner", "rules": "update_port:device_owner", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_distributed_router", "rules": "get_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_fixed_ips_ip_address", "rules": "update_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_mac_address", "rules": "update_port:mac_address", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_high_availability_router", "rules": "get_router:ha", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_port_security_enabled", "rules": "update_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_router", "rules": "get_router", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_distributed_router", "rules": "update_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_high_availability_router", "rules": "update_router:ha", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router", "rules": "update_router", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router_enable_snat", "rules": "update_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router_external_fixed_ips", "rules": "update_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_security_group", "rules": "create_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router_external_gateway_info", "rules": "update_router:external_gateway_info", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_create_security_group_rule", "rules": "create_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_security_group", "rules": "delete_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_router_external_gateway_info_network_id", "rules": "update_router:external_gateway_info:network_id", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_delete_security_group_rule", "rules": "delete_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_security_group_rules", "rules": "get_security_group_rules", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_list_security_groups", "rules": "get_security_groups", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_security_group_rule", "rules": "get_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_show_security_groups", "rules": "get_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_back_end_capabilities", "rules": "volume_extension:capabilities", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "neutron", "test": "test_update_security_group", "rules": "update_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_associate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_limits", "rules": "limits_extension:used_limits", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_back_end_storage_pools", "rules": "scheduler_extension:scheduler_stats:get_pools", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_disassociate_all_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_disassociate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_association_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume", "rules": "volume:create", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume", "rules": "volume:delete", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_set_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_qos", "rules": "volume_extension:qos_specs_manage:get", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_volume", "rules": "volume:get", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_unset_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_list", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_list_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_reset_snapshot_status", "rules": "volume_extension:snapshot_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_force_delete", "rules": "volume_extension:snapshot_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_snapshot_status", "rules": "snapshot_extension:snapshot_actions:update_snapshot_status", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_accept_volume_transfer", "rules": "volume:accept_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_transfer", "rules": "volume:create_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_transfer", "rules": "volume:delete_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_get_volume_transfer", "rules": "volume:get_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_quota_set", "rules": "volume_extension:quotas:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_volume_transfers", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_default_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_volume_transfers_details", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_quotas_usage_true", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:create", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_quota_set", "rules": "volume_extension:quotas:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:delete", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_volume_types_extra_specs", "rules": "volume_extension:types_extra_specs:index", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_list_services", "rules": "volume_extension:services:index", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_show_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:show", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:update", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_create", "rules": "volume:create_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_delete", "rules": "volume:delete_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_get", "rules": "volume:get_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshot_update", "rules": "volume:update_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_snapshots_get_all", "rules": "volume:get_all_snapshots", "expected": "Allowed", "actual": "Allowed"}`
		`- {"role": "auditor", "service": "cinder", "test": "test_volume_extend", "rules": "volume:extend", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_flavor_manage", "rules": "os_compute_api:os-flavor-manage:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_limits", "rules": "os_compute_api:limits", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_get_availability_zone_list_detail_rbac", "rules": "os_compute_api:os-availability-zone:detail", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_add_host_to_aggregate_rbac", "rules": "os_compute_api:os-aggregates:add_host", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_get_availability_zone_list_rbac", "rules": "os_compute_api:os-availability-zone:list", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_aggregate_rbac", "rules": "os_compute_api:os-aggregates:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_flavor_manage", "rules": "os_compute_api:os-flavor-manage:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_agents_rbac", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_aggregate_rbac", "rules": "os_compute_api:os-aggregates:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_aggregate_rbac", "rules": "os_compute_api:os-aggregates:index", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_add_flavor_access", "rules": "os_compute_api:os-flavor-access:add_tenant_access", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_floating_ips_bulk", "rules": "os_compute_api:os-floating-ips-bulk", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_remove_host_from_aggregate_rbac", "rules": "os_compute_api:os-aggregates:remove_host", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_flavor_access", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_floating_ip_pools", "rules": "os_compute_api:os-floating-ip-pools", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:show", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_flavors_details_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_set_metadata_on_aggregate_rbac", "rules": "os_compute_api:os-aggregates:set_metadata", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_remove_flavor_access", "rules": "os_compute_api:os-flavor-access:remove_tenant_access", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_aggregate_rbac", "rules": "os_compute_api:os-aggregates:show", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_instance_usage_audit_logs", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_flavor_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_aggregate_rbac", "rules": "os_compute_api:os-aggregates:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_instance_usage_audit_log", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_hosts", "rules": "os_compute_api:os-hosts", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_hypervisors", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_flavor_extra_specs", "rules": "os_compute_api:os-flavor-extra-specs:index", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-migrations:index", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_images", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_hypervisors_with_details", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_set_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_images_with_details", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_servers_on_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_search_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_unset_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_keypair", "rules": "os_compute_api:os-keypairs:create", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_keypair", "rules": "os_compute_api:os-keypairs:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_hypervisor_statistics", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_index_keypair", "rules": "os_compute_api:os-keypairs:index", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_hypervisor_uptime", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_get_flavor_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_keypair", "rules": "os_compute_api:os-keypairs:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_flavors_details_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_quota_set", "rules": "os_compute_api:os-quota-sets:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_default_quota_set", "rules": "os_compute_api:os-quota-sets:defaults", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_quota_set", "rules": "os_compute_api:os-quota-sets:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_image_metadata", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_quota_set_details", "rules": "os_compute_api:os-quota-sets:detail", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_quota_set", "rules": "os_compute_api:os-quota-sets:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_images_with_details", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_image_details", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_image_metadata_item", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_update_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_show_tenant_networks", "rules": "os_compute_api:os-tenant-networks", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_domain_config", "rules": "identity:create_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_domain_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_domain_group_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_domain_group_option_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_default_config_settings", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_default_group_config", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_default_group_option", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_domain_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_domain_group_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_domain_group_option_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_security_compliance_domain_config", "rules": "identity:get_security_compliance_domain_config", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_domain_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_domain_group_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_domain_group_option_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_authorize_request_token", "rules": "identity:authorize_request_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_get_access_token", "rules": "identity:get_access_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_get_access_token_role", "rules": "identity:get_access_token_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_access_token_roles", "rules": "identity:list_access_token_roles", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_access_tokens", "rules": "identity:list_access_tokens", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_revoke_access_token", "rules": "identity:delete_access_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_role_from_group_on_domain_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_role_from_group_on_project_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_role_inference_rule", "rules": "identity:check_implied_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_user_role_existence_on_domain", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_user_role_existence_on_project", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_group_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_group_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_role", "rules": "identity:create_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_role_inference_rule", "rules": "identity:create_implied_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_user_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_user_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role", "rules": "identity:delete_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_from_group_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_from_group_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_from_user_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_from_user_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_role_inference_rule", "rules": "identity:delete_implied_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_all_role_inference_rules", "rules": "identity:list_role_inference_rules", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_group_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_group_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_role_inferences_rules", "rules": "identity:list_implied_roles", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_roles", "rules": "identity:list_roles", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_user_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_user_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_role", "rules": "identity:get_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_role_inference_rule", "rules": "identity:get_implied_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_role", "rules": "identity:update_role", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_domain", "rules": "identity:create_domain", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_domain", "rules": "identity:delete_domain", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_service", "rules": "identity:create_service", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_domains", "rules": "identity:list_domains", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_service", "rules": "identity:delete_service", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_domain", "rules": "identity:get_domain", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_services", "rules": "identity:list_services", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_domain", "rules": "identity:update_domain", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_service", "rules": "identity:get_service", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_service", "rules": "identity:update_service", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_server_group", "rules": "os_compute_api:os-server-groups:create", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_consumer", "rules": "identity:create_consumer", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_server_group", "rules": "os_compute_api:os-server-groups:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_consumer", "rules": "identity:delete_consumer", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_metadef_namespace", "rules": "add_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_server_groups", "rules": "os_compute_api:os-server-groups:index", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_consumers", "rules": "identity:list_consumers", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_metadef_namespaces", "rules": "get_metadef_namespaces", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_consumer", "rules": "identity:get_consumer", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_server_group", "rules": "os_compute_api:os-server-groups:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_modify_metadef_namespace", "rules": "modify_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_consumer", "rules": "identity:update_consumer", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_add_metadef_resource_type", "rules": "add_metadef_resource_type_association", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_create", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_get_metadef_resource_type", "rules": "get_metadef_resource_type", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_delete", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_metadef_resource_types", "rules": "list_metadef_resource_types", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_list", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_show", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_add_image_member", "rules": "add_member", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_group_type_specs_update", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image_member", "rules": "delete_member", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_image_members", "rules": "get_members", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_image_member", "rules": "get_member", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_reset_group_status", "rules": "group:reset_status", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_image_member", "rules": "modify_member", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_agent", "rules": "get_agent", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_manage_snapshot_rbac", "rules": "snapshot_extension:snapshot_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_agent", "rules": "update_agent", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_unmanage_snapshot_rbac", "rules": "snapshot_extension:snapshot_unmanage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_volume_summary", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_floating_ip", "rules": "create_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_floating_ip_floatingip_address", "rules": "create_floatingip:floating_ip_address", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_add_type_access", "rules": "volume_extension:volume_type_access:addProjectAccess", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_type_access", "rules": "volume_extension:volume_type_access", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_floating_ip", "rules": "delete_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_remove_type_access", "rules": "volume_extension:volume_type_access:removeProjectAccess", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_floating_ip", "rules": "get_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_floating_ip", "rules": "update_floatingip", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_manage", "rules": "volume_extension:volume_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_unmanage", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network", "rules": "create_network", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_provider_network_type", "rules": "create_network:provider:network_type", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_provider_segmentation_id", "rules": "create_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_router_external", "rules": "create_network:router:external", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_shared", "rules": "create_network:shared", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_network", "rules": "delete_network", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_dhcp_agents_on_hosting_network", "rules": "get_dhcp-agents", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network", "rules": "get_network", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_provider_network_type", "rules": "get_network:provider:network_type", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_provider_physical_network", "rules": "get_network:provider:physical_network", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_provider_segmentation_id", "rules": "get_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_router_external", "rules": "get_network:router:external", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_network", "rules": "update_network", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_network_router_external", "rules": "update_network:router:external", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_network_shared", "rules": "update_network:shared", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-services", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_subnets", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_endpoint_group", "rules": "identity:create_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_endpoint_group", "rules": "identity:delete_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_endpoint_groups", "rules": "identity:list_endpoint_groups", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_group", "rules": "group:create", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_endpoint_group", "rules": "identity:update_endpoint_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_group", "rules": "group:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_policy", "rules": "identity:create_policy", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_groups", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_policy", "rules": "identity:delete_policy", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_groups_with_details", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_policies", "rules": "identity:list_policies", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_policy", "rules": "identity:get_policy", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_group", "rules": "group:get", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_policy", "rules": "identity:update_policy", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_group", "rules": "group:update", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_user", "rules": "identity:create_user", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_user", "rules": "identity:delete_user", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_own_user_group", "rules": "identity:list_groups_for_user", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_own_user_projects", "rules": "identity:list_user_projects", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_snapshot_metadata", "rules": "volume_extension:extended_snapshot_attributes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_users", "rules": "identity:list_users", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_snapshot_metadata_item", "rules": "volume:delete_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_own_user", "rules": "identity:get_user", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_snapshot_metadata", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_user", "rules": "identity:update_user", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_snapshot_metadata_for_volume_tenant", "rules": "volume_extension:volume_tenant_attribute", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_snapshot_metadata_item", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_metadef_object_in_namespace", "rules": "add_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_snapshot_metadata", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_metadef_objects_in_namespace", "rules": "get_metadef_objects", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_snapshot_metadata_item", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_metadef_object_in_namespace", "rules": "get_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_metadef_object_in_namespace", "rules": "modify_metadef_object", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_namespace_tag", "rules": "add_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_upload_public", "rules": "volume_extension:volume_actions:upload_public", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_namespace_tags", "rules": "add_metadef_tags", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_namespace_tags", "rules": "get_metadef_tags", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_namespace_tag", "rules": "get_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_namespace_tag", "rules": "modify_metadef_tag", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_router_on_l3_agent", "rules": "create_l3-router", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_router_from_l3_agent", "rules": "delete_l3-router", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_routers_on_l3_agent", "rules": "get_l3-routers", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_subnetpool", "rules": "create_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_subnetpool_shared", "rules": "create_subnetpool:shared", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_subnetpool", "rules": "delete_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_subnetpool", "rules": "get_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_subnetpool", "rules": "update_subnetpool", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_subnetpool_is_default", "rules": "update_subnetpool:is_default", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_unmanage_volume", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_group_type_group_specs", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_force_delete", "rules": "volume_extension:volume_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_readonly_update", "rules": "volume:update_readonly_flag", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_group_type", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_region", "rules": "identity:create_region", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_reserve", "rules": "volume_extension:volume_actions:reserve", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_region", "rules": "identity:delete_region", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_reset_status", "rules": "volume_extension:volume_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_regions", "rules": "identity:list_regions", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_region", "rules": "identity:get_region", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_hosts", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_retype", "rules": "volume:retype", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_region", "rules": "identity:update_region", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_host", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_set_bootable", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_unreserve", "rules": "volume_extension:volume_actions:unreserve", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_token_existence_negative", "rules": "identity:check_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_metadata", "rules": "volume:create_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_token_negative", "rules": "identity:revoke_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_upload", "rules": "volume_extension:volume_actions:upload_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_token_negative", "rules": "identity:validate_token", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_metadata_item", "rules": "volume:delete_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_volume_metadata", "rules": "volume:get_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_add_md_properties", "rules": "add_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_get_md_properties", "rules": "get_metadef_properties", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_metadata", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_get_md_property", "rules": "get_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_metadata_item", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_modify_md_properties", "rules": "modify_metadef_property", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_service_providers", "rules": "get_service_provider", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_message", "rules": "message:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_messages", "rules": "message:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_message", "rules": "message:get", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_endpoint", "rules": "identity:create_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_endpoint", "rules": "identity:delete_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_endpoints", "rules": "identity:list_endpoints", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_endpoint", "rules": "identity:get_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_endpoint", "rules": "identity:update_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_create_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_add_user_group", "rules": "identity:add_user_to_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_user_group", "rules": "identity:check_user_in_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_delete_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_group", "rules": "identity:create_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_snapshots", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_group", "rules": "identity:delete_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_list_volumes", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_groups", "rules": "identity:list_groups", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_user_group", "rules": "identity:list_users_in_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "nova", "test": "test_show_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_remove_user_group", "rules": "identity:remove_user_from_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_group", "rules": "identity:get_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_group", "rules": "identity:update_group", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_auth_domain", "rules": "identity:get_auth_domains", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_auth_projects", "rules": "identity:get_auth_projects", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_project", "rules": "identity:create_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_project", "rules": "identity:delete_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_credential", "rules": "identity:create_credential", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_projects", "rules": "identity:list_projects", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_credential", "rules": "identity:delete_credential", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_project", "rules": "identity:get_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_credentials", "rules": "identity:list_credentials", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_project", "rules": "identity:update_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_credential", "rules": "identity:get_credential", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_update_credential", "rules": "identity:update_credential", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_role_assignments", "rules": "identity:list_role_assignments", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_role_assignments_for_tree", "rules": "identity:list_role_assignments_for_tree", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_add_endpoint_to_project", "rules": "identity:add_endpoint_to_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_endpoint_in_project", "rules": "identity:check_endpoint_in_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_check_token_exsitence", "rules": "identity:check_token", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_endpoints_in_project", "rules": "identity:list_endpoints_for_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_token", "rules": "identity:revoke_token", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_projects_for_endpoint", "rules": "identity:list_projects_for_endpoint", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_token", "rules": "identity:validate_token", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_remove_endpoint_from_project", "rules": "identity:remove_endpoint_from_project", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_trust", "rules": "identity:create_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_add_dhcp_agent_to_network", "rules": "create_dhcp-network", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_create_trust_negative", "rules": "identity:create_trust", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_network_from_dhcp_agent", "rules": "delete_dhcp-network", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_delete_trust", "rules": "identity:delete_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_roles_for_trust", "rules": "identity:list_roles_for_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_networks_hosted_by_one_dhcp_agent", "rules": "get_dhcp-networks", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_list_trusts", "rules": "identity:list_trusts", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_trust", "rules": "identity:get_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_network_segments", "rules": "create_network:segments", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "keystone", "test": "test_show_trust_role", "rules": "identity:get_role_for_trust", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_network_segments", "rules": "get_network:segments", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_communitize_image", "rules": "communitize_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_network_segments", "rules": "update_network:segments", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_image", "rules": "add_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_create_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_deactivate_image", "rules": "deactivate", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port", "rules": "create_port", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_allowed_address_pairs", "rules": "create_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_delete_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_binding_host_id", "rules": "create_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_download_image", "rules": "download_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_binding_profile", "rules": "create_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_publicize_image", "rules": "publicize_image", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_device_owner", "rules": "create_port:device_owner", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_reactivate_image", "rules": "reactivate", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_fixed_ips_ip_address", "rules": "create_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_show_image", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_update_image", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_mac_address", "rules": "create_port:mac_address", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "glance", "test": "test_upload_image", "rules": "upload_image", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_port_security_enabled", "rules": "create_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_port", "rules": "delete_port", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port", "rules": "get_port", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_add_router_interface", "rules": "add_router_interface", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port_binding_host_id", "rules": "get_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port_binding_profile", "rules": "get_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_distributed_router", "rules": "create_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port_binding_vif_details", "rules": "get_port:binding:vif_details", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_high_availability_router", "rules": "create_router:ha", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_port_binding_vif_type", "rules": "get_port:binding:vif_type", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_router", "rules": "create_router", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_router_enable_snat", "rules": "create_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port", "rules": "update_port", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_router_external_fixed_ips", "rules": "create_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_allowed_address_pairs", "rules": "update_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_router", "rules": "delete_router", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_binding_host_id", "rules": "update_port:binding:host_id", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_binding_profile", "rules": "update_port:binding:profile", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_remove_router_interface", "rules": "remove_router_interface", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_device_owner", "rules": "update_port:device_owner", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_distributed_router", "rules": "get_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_fixed_ips_ip_address", "rules": "update_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_mac_address", "rules": "update_port:mac_address", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_high_availability_router", "rules": "get_router:ha", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_port_security_enabled", "rules": "update_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_router", "rules": "get_router", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_distributed_router", "rules": "update_router:distributed", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_high_availability_router", "rules": "update_router:ha", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router", "rules": "update_router", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router_enable_snat", "rules": "update_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router_external_fixed_ips", "rules": "update_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_security_group", "rules": "create_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router_external_gateway_info", "rules": "update_router:external_gateway_info", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_create_security_group_rule", "rules": "create_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_security_group", "rules": "delete_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_router_external_gateway_info_network_id", "rules": "update_router:external_gateway_info:network_id", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_delete_security_group_rule", "rules": "delete_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_security_group_rules", "rules": "get_security_group_rules", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_list_security_groups", "rules": "get_security_groups", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_security_group_rule", "rules": "get_security_group_rule", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_show_security_groups", "rules": "get_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_back_end_capabilities", "rules": "volume_extension:capabilities", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "neutron", "test": "test_update_security_group", "rules": "update_security_group", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_associate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_limits", "rules": "limits_extension:used_limits", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_back_end_storage_pools", "rules": "scheduler_extension:scheduler_stats:get_pools", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_disassociate_all_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_disassociate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_association_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume", "rules": "volume:create", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume", "rules": "volume:delete", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_set_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_qos", "rules": "volume_extension:qos_specs_manage:get", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_volume", "rules": "volume:get", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_unset_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_list", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_list_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_reset_snapshot_status", "rules": "volume_extension:snapshot_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_force_delete", "rules": "volume_extension:snapshot_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_snapshot_status", "rules": "snapshot_extension:snapshot_actions:update_snapshot_status", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_accept_volume_transfer", "rules": "volume:accept_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_transfer", "rules": "volume:create_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_transfer", "rules": "volume:delete_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_get_volume_transfer", "rules": "volume:get_transfer", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_quota_set", "rules": "volume_extension:quotas:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_volume_transfers", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_default_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_volume_transfers_details", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_quotas_usage_true", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:create", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_quota_set", "rules": "volume_extension:quotas:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:delete", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_volume_types_extra_specs", "rules": "volume_extension:types_extra_specs:index", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_list_services", "rules": "volume_extension:services:index", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_show_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:show", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:update", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_create", "rules": "volume:create_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_delete", "rules": "volume:delete_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_get", "rules": "volume:get_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshot_update", "rules": "volume:update_snapshot", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_snapshots_get_all", "rules": "volume:get_all_snapshots", "expected": "Allowed", "actual": "Allowed"}`
		`+ {"role": "reader", "service": "cinder", "test": "test_volume_extend", "rules": "volume:extend", "expected": "Allowed", "actual": "Allowed"}`

services/aodh/policy.yaml

file modified

+4 -4

		`@@ -3,11 +3,11 @@`

		`# Get an alarm.`
		`# GET /v2/alarms/{alarm_id}`
		`- "telemetry:get_alarm": "rule:admin or rule:member or rule:auditor"`
		`+ "telemetry:get_alarm": "rule:admin or rule:member or rule:reader"`

		`# Get all alarms, based on the query provided.`
		`# GET /v2/alarms`
		`- "telemetry:get_alarms": "rule:admin or rule:member or rule:auditor"`
		`+ "telemetry:get_alarms": "rule:admin or rule:member or rule:reader"`

		`# Get all alarms, based on the query provided.`
		`# POST /v2/query/alarms`
		`@@ -27,7 +27,7 @@`

		`# Get the state of this alarm.`
		`# GET /v2/alarms/{alarm_id}/state`
		`- "telemetry:get_alarm_state": "rule:admin or rule:member or rule:auditor"`
		`+ "telemetry:get_alarm_state": "rule:admin or rule:member or rule:reader"`

		`# Set the state of this alarm.`
		`# PUT /v2/alarms/{alarm_id}/state`
		`@@ -35,7 +35,7 @@`

		`# Assembles the alarm history requested.`
		`# GET /v2/alarms/{alarm_id}/history`
		`- "telemetry:alarm_history": "rule:admin or rule:member or rule:auditor"`
		`+ "telemetry:alarm_history": "rule:admin or rule:member or rule:reader"`

		`# Define query for retrieving AlarmChange data.`
		`# POST /v2/query/alarms/history`

services/cinder/policy.yaml

file modified

+41 -41

		`@@ -24,11 +24,11 @@`

		`# List messages.`
		`# GET /messages`
		`- "message:get_all": "rule:admin or rule:member or rule:auditor"`
		`+ "message:get_all": "rule:admin or rule:member or rule:reader"`

		`# Show message.`
		`# GET /messages/{message_id}`
		`- "message:get": "rule:admin or rule:member or rule:auditor"`
		`+ "message:get": "rule:admin or rule:member or rule:reader"`

		`# Delete message.`
		`# DELETE /messages/{message_id}`
		`@@ -37,11 +37,11 @@`
		`# List clusters.`
		`# GET /clusters`
		`# GET /clusters/detail`
		`- "clusters:get_all": "rule:admin or rule:auditor"`
		`+ "clusters:get_all": "rule:admin or rule:reader"`

		`# Show cluster.`
		`# GET /clusters/{cluster_id}`
		`- "clusters:get": "rule:admin or rule:auditor"`
		`+ "clusters:get": "rule:admin or rule:reader"`

		`# Update cluster.`
		`# PUT /clusters/{cluster_id}`
		`@@ -54,7 +54,7 @@`
		`# Show snapshot's metadata or one specified metadata with a given key.`
		`# GET /snapshots/{snapshot_id}/metadata`
		`# GET /snapshots/{snapshot_id}/metadata/{key}`
		`- "volume:get_snapshot_metadata": "rule:admin or rule:member or rule:auditor"`
		`+ "volume:get_snapshot_metadata": "rule:admin or rule:member or rule:reader"`

		`# Update snapshot's metadata or one specified metadata with a given`
		`# key.`
		`@@ -69,12 +69,12 @@`
		`# List snapshots.`
		`# GET /snapshots`
		`# GET /snapshots/detail`
		`- "volume:get_all_snapshots": "rule:admin or rule:member or rule:auditor"`
		`+ "volume:get_all_snapshots": "rule:admin or rule:member or rule:reader"`

		`# List or show snapshots with extended attributes.`
		`# GET /snapshots/{snapshot_id}`
		`# GET /snapshots/detail`
		`- "volume_extension:extended_snapshot_attributes": "rule:admin or rule:member or rule:auditor"`
		`+ "volume_extension:extended_snapshot_attributes": "rule:admin or rule:member or rule:reader"`

		`# Create snapshot.`
		`# POST /snapshots`
		`@@ -82,7 +82,7 @@`

		`# Show snapshot.`
		`# GET /snapshots/{snapshot_id}`
		`- "volume:get_snapshot": "rule:admin or rule:member or rule:auditor"`
		`+ "volume:get_snapshot": "rule:admin or rule:member or rule:reader"`

		`# Update snapshot.`
		`# PUT /snapshots/{snapshot_id}`
		`@@ -107,7 +107,7 @@`
		`# List (in detail) of snapshots which are available to manage.`
		`# GET /manageable_snapshots`
		`# GET /manageable_snapshots/detail`
		`- "snapshot_extension:list_manageable": "rule:admin or rule:auditor"`
		`+ "snapshot_extension:list_manageable": "rule:admin or rule:reader"`

		`# Manage an existing snapshot.`
		`# POST /manageable_snapshots`
		`@@ -120,12 +120,12 @@`
		`# List backups.`
		`# GET /backups`
		`# GET /backups/detail`
		`- "backup:get_all": "rule:admin or rule:member or rule:auditor"`
		`+ "backup:get_all": "rule:admin or rule:member or rule:reader"`

		`# List backups or show backup with project attributes.`
		`# GET /backups/{backup_id}`
		`# GET /backups/detail`
		`- "backup:backup_project_attribute": "rule:admin or rule:auditor"`
		`+ "backup:backup_project_attribute": "rule:admin or rule:reader"`

		`# Create backup.`
		`# POST /backups`
		`@@ -133,7 +133,7 @@`

		`# Show backup.`
		`# GET /backups/{backup_id}`
		`- "backup:get": "rule:admin or rule:member or rule:auditor"`
		`+ "backup:get": "rule:admin or rule:member or rule:reader"`

		`# Update backup.`
		`# PUT /backups/{backup_id}`
		`@@ -166,7 +166,7 @@`
		`# List groups.`
		`# GET /groups`
		`# GET /groups/detail`
		`- "group:get_all": "rule:admin or rule:member or rule:auditor"`
		`+ "group:get_all": "rule:admin or rule:member or rule:reader"`

		`# Create group.`
		`# POST /groups`
		`@@ -174,7 +174,7 @@`

		`# Show group.`
		`# GET /groups/{group_id}`
		`- "group:get": "rule:admin or rule:member or rule:auditor"`
		`+ "group:get": "rule:admin or rule:member or rule:reader"`

		`# Update group.`
		`# PUT /groups/{group_id}`
		`@@ -188,7 +188,7 @@`

		`# Show group type with type specs attributes.`
		`# GET /group_types/{group_type_id}`
		`- "group:access_group_types_specs": "rule:admin or rule:auditor"`
		`+ "group:access_group_types_specs": "rule:admin or rule:reader"`

		`# Create, show, update and delete group type spec.`
		`# GET /group_types/{group_type_id}/group_specs/{g_spec_id}`
		`@@ -201,7 +201,7 @@`
		`# List group snapshots.`
		`# GET /group_snapshots`
		`# GET /group_snapshots/detail`
		`- "group:get_all_group_snapshots": "rule:admin or rule:member or rule:auditor"`
		`+ "group:get_all_group_snapshots": "rule:admin or rule:member or rule:reader"`

		`# Create group snapshot.`
		`# POST /group_snapshots`
		`@@ -209,7 +209,7 @@`

		`# Show group snapshot.`
		`# GET /group_snapshots/{group_snapshot_id}`
		`- "group:get_group_snapshot": "rule:admin or rule:member or rule:auditor"`
		`+ "group:get_group_snapshot": "rule:admin or rule:member or rule:reader"`

		`# Delete group snapshot.`
		`# DELETE /group_snapshots/{group_snapshot_id}`
		`@@ -217,7 +217,7 @@`

		`# Update group snapshot.`
		`# PUT /group_snapshots/{group_snapshot_id}`
		`- "group:update_group_snapshot": "rule:admin or rule:member or rule:auditor"`
		`+ "group:update_group_snapshot": "rule:admin or rule:member or rule:reader"`

		`# Reset status of group snapshot.`
		`# POST /group_snapshots/{g_snapshot_id}/action (reset_status)`
		`@@ -250,11 +250,11 @@`
		`# List qos specs or list all associations.`
		`# GET /qos-specs`
		`# GET /qos-specs/{qos_id}/associations`
		`- "volume_extension:qos_specs_manage:get_all": "rule:admin or rule:auditor"`
		`+ "volume_extension:qos_specs_manage:get_all": "rule:admin or rule:reader"`

		`# Show qos specs.`
		`# GET /qos-specs/{qos_id}`
		`- "volume_extension:qos_specs_manage:get": "rule:admin or rule:auditor"`
		`+ "volume_extension:qos_specs_manage:get": "rule:admin or rule:reader"`

		`# Create qos specs.`
		`# POST /qos-specs`
		`@@ -265,7 +265,7 @@`
		`# GET /qos-specs/{qos_id}/disassociate_all`
		`# GET /qos-specs/{qos_id}/associate`
		`# GET /qos-specs/{qos_id}/disassociate`
		`- "volume_extension:qos_specs_manage:update": "rule:admin or rule:auditor"`
		`+ "volume_extension:qos_specs_manage:update": "rule:admin or rule:reader"`

		`# delete qos specs or unset one specified qos key.`
		`# DELETE /qos-specs/{qos_id}`
		`@@ -281,7 +281,7 @@`
		`# GET /os-quota-sets/{project_id}`
		`# GET /os-quota-sets/{project_id}/default`
		`# GET /os-quota-sets/{project_id}?usage=True`
		`- "volume_extension:quotas:show": "rule:admin or rule:member or rule:auditor"`
		`+ "volume_extension:quotas:show": "rule:admin or rule:member or rule:reader"`

		`# Update project quota.`
		`# PUT /os-quota-sets/{project_id}`
		`@@ -293,15 +293,15 @@`

		`# Validate setup for nested quota.`
		`# GET /os-quota-sets/validate_setup_for_nested_quota_use`
		`- "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin or rule:auditor"`
		`+ "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin or rule:reader"`

		`# Show backend capabilities.`
		`# GET /capabilities/{host_name}`
		`- "volume_extension:capabilities": "rule:admin or rule:auditor"`
		`+ "volume_extension:capabilities": "rule:admin or rule:reader"`

		`# List all services.`
		`# GET /os-services`
		`- "volume_extension:services:index": "rule:admin or rule:auditor"`
		`+ "volume_extension:services:index": "rule:admin or rule:reader"`

		`# Update service, including failover_host, thaw, freeze, disable,`
		`# enable, set-log and get-log actions.`
		`@@ -322,7 +322,7 @@`

		`# List all backend pools.`
		`# GET /scheduler-stats/get_pools`
		`- "scheduler_extension:scheduler_stats:get_pools": "rule:admin or rule:auditor"`
		`+ "scheduler_extension:scheduler_stats:get_pools": "rule:admin or rule:reader"`

		`# List, update or show hosts for a project.`
		`# GET /os-hosts`
		`@@ -332,12 +332,12 @@`

		`# Show limits with used limit attributes.`
		`# GET /limits`
		`- "limits_extension:used_limits": "rule:admin or rule:member or rule:auditor"`
		`+ "limits_extension:used_limits": "rule:admin or rule:member or rule:reader"`

		`# List (in detail) of volumes which are available to manage.`
		`# GET /manageable_volumes`
		`# GET /manageable_volumes/detail`
		`- "volume_extension:list_manageable": "rule:admin or rule:auditor"`
		`+ "volume_extension:list_manageable": "rule:admin or rule:reader"`

		`# Manage existing volumes.`
		`# POST /manageable_volumes`
		`@@ -364,12 +364,12 @@`
		`# List or show volume type with access type extra specs attribute.`
		`# GET /types/{type_id}`
		`# GET /types`
		`- "volume_extension:access_types_extra_specs": "rule:admin or rule:auditor"`
		`+ "volume_extension:access_types_extra_specs": "rule:admin or rule:reader"`

		`# List or show volume type with access type qos specs id attribute.`
		`# GET /types/{type_id}`
		`# GET /types`
		`- "volume_extension:access_types_qos_specs_id": "rule:admin or rule:auditor"`
		`+ "volume_extension:access_types_qos_specs_id": "rule:admin or rule:reader"`

		`# Volume type access related APIs.`
		`# GET /types`
		`@@ -471,7 +471,7 @@`
		`# GET /os-volume-transfer/detail`
		`# GET /volume_transfers`
		`# GET /volume_transfers/detail`
		`- "volume:get_all_transfers": "rule:admin or rule:member or rule:auditor"`
		`+ "volume:get_all_transfers": "rule:admin or rule:member or rule:reader"`

		`# Create a volume transfer.`
		`# POST /os-volume-transfer`
		`@@ -481,7 +481,7 @@`
		`# Show one specified volume transfer.`
		`# GET /os-volume-transfer/{transfer_id}`
		`# GET /volume_transfers/{transfer_id}`
		`- "volume:get_transfer": "rule:admin or rule:member or rule:auditor"`
		`+ "volume:get_transfer": "rule:admin or rule:member or rule:reader"`

		`# Accept a volume transfer.`
		`# POST /os-volume-transfer/{transfer_id}/accept`
		`@@ -496,7 +496,7 @@`
		`# Show volume's metadata or one specified metadata with a given key.`
		`# GET /volumes/{volume_id}/metadata`
		`# GET /volumes/{volume_id}/metadata/{key}`
		`- "volume:get_volume_metadata": "rule:admin or rule:member or rule:auditor"`
		`+ "volume:get_volume_metadata": "rule:admin or rule:member or rule:reader"`

		`# Create volume metadata.`
		`# POST /volumes/{volume_id}/metadata`
		`@@ -527,7 +527,7 @@`

		`# List type extra specs.`
		`# GET /types/{type_id}/extra_specs`
		`- "volume_extension:types_extra_specs:index": "rule:admin or rule:auditor"`
		`+ "volume_extension:types_extra_specs:index": "rule:admin or rule:reader"`

		`# Create type extra specs.`
		`# POST /types/{type_id}/extra_specs`
		`@@ -535,7 +535,7 @@`

		`# Show one specified type extra specs.`
		`# GET /types/{type_id}/extra_specs/{extra_spec_key}`
		`- "volume_extension:types_extra_specs:show": "rule:admin or rule:auditor"`
		`+ "volume_extension:types_extra_specs:show": "rule:admin or rule:reader"`

		`# Update type extra specs.`
		`# PUT /types/{type_id}/extra_specs/{extra_spec_key}`
		`@@ -555,13 +555,13 @@`

		`# Show volume.`
		`# GET /volumes/{volume_id}`
		`- "volume:get": "rule:admin or rule:member or rule:auditor"`
		`+ "volume:get": "rule:admin or rule:member or rule:reader"`

		`# List volumes or get summary of volumes.`
		`# GET /volumes`
		`# GET /volumes/detail`
		`# GET /volumes/summary`
		`- "volume:get_all": "rule:admin or rule:member or rule:auditor"`
		`+ "volume:get_all": "rule:admin or rule:member or rule:reader"`

		`# Update volume.`
		`# PUT /volumes`
		`@@ -578,22 +578,22 @@`
		`# List or show volume with host attribute.`
		`# GET /volumes/{volume_id}`
		`# GET /volumes/detail`
		`- "volume_extension:volume_host_attribute": "rule:admin or rule:auditor"`
		`+ "volume_extension:volume_host_attribute": "rule:admin or rule:reader"`

		`# List or show volume with tenant attribute.`
		`# GET /volumes/{volume_id}`
		`# GET /volumes/detail`
		`- "volume_extension:volume_tenant_attribute": "rule:admin or rule:member or rule:auditor"`
		`+ "volume_extension:volume_tenant_attribute": "rule:admin or rule:member or rule:reader"`

		`# List or show volume with migration status attribute.`
		`# GET /volumes/{volume_id}`
		`# GET /volumes/detail`
		`- "volume_extension:volume_mig_status_attribute": "rule:admin or rule:auditor"`
		`+ "volume_extension:volume_mig_status_attribute": "rule:admin or rule:reader"`

		`# Show volume's encryption metadata.`
		`# GET /volumes/{volume_id}/encryption`
		`# GET /volumes/{volume_id}/encryption/{encryption_key}`
		`- "volume_extension:volume_encryption_metadata": "rule:admin or rule:member or rule:auditor"`
		`+ "volume_extension:volume_encryption_metadata": "rule:admin or rule:member or rule:reader"`

		`# Create multiattach capable volume.`
		`# POST /volumes`

services/glance/policy.yaml

file modified

+4 -4

		`@@ -14,18 +14,18 @@`
		`# GET /v1/images`
		`# GET /v1/images/detail`
		`# GET /v2/images`
		`- "get_images": "rule:admin or rule:member_or_public or rule:auditor"`
		`+ "get_images": "rule:admin or rule:member_or_public or rule:reader"`

		`# Retrieve a specific image entity`
		`# HEAD /v1/images/<IMAGE_ID>`
		`# GET /v1/images/<IMAGE_ID>`
		`# GET /v2/images/<IMAGE_ID>`
		`- "get_image": "rule:admin or rule:member_or_public or rule:auditor"`
		`+ "get_image": "rule:admin or rule:member_or_public or rule:reader"`

		`# Download binary image data`
		`# GET /v1/images/<IMAGE_ID>`
		`# GET /v2/images/<IMAGE_ID>/file`
		`- "download_image": "rule:admin or rule:member_or_public or rule:auditor"`
		`+ "download_image": "rule:admin or rule:member_or_public or rule:reader"`

		`# Upload binary image data`
		`# POST /v1/images`
		`@@ -72,7 +72,7 @@`
		`# List the members of an image`
		`# GET /v1/images/<IMAGE_ID>/members`
		`# GET /v2/images/<IMAGE_ID>/members`
		`- "get_members": "rule:admin or rule:member_or_public or rule:auditor"`
		`+ "get_members": "rule:admin or rule:member_or_public or rule:reader"`

		`# Delete a membership of an image`
		`# DELETE /v1/images/<IMAGE_ID>/members/<MEMBER_ID>`

services/gnocchi/policy.yaml

file modified

+14 -14

		`@@ -11,39 +11,39 @@`

		`# RULES:`

		`- "get status": "rule:admin or rule:auditor"`
		`+ "get status": "rule:admin or rule:reader"`

		`"create resource": "rule:admin or rule:member_or_creator"`
		`- "get resource": "rule:admin or rule:member_or_creator or rule:auditor"`
		`+ "get resource": "rule:admin or rule:member_or_creator or rule:reader"`
		`"update resource": "rule:admin or rule:member_or_creator"`
		`"delete resource": "rule:admin or rule:member_or_creator"`
		`"delete resources": "rule:admin or rule:member_or_creator"`
		`- "list resource": "rule:admin or rule:member_or_creator or rule:auditor"`
		`- "search resource": "rule:admin or rule:member_or_creator or rule:auditor"`
		`+ "list resource": "rule:admin or rule:member_or_creator or rule:reader"`
		`+ "search resource": "rule:admin or rule:member_or_creator or rule:reader"`

		`"create resource type": "rule:admin"`
		`"delete resource type": "rule:admin"`
		`"update resource type": "rule:admin"`
		`- "list resource type": "rule:admin or rule:member_or_creator or rule:auditor"`
		`- "get resource type": "rule:admin or rule:member_or_creator or rule:auditor"`
		`+ "list resource type": "rule:admin or rule:member_or_creator or rule:reader"`
		`+ "get resource type": "rule:admin or rule:member_or_creator or rule:reader"`

		`- "get archive policy": "rule:admin or rule:member_or_creator or rule:auditor"`
		`- "list archive policy": "rule:admin or rule:member_or_creator or rule:auditor"`
		`+ "get archive policy": "rule:admin or rule:member_or_creator or rule:reader"`
		`+ "list archive policy": "rule:admin or rule:member_or_creator or rule:reader"`
		`"create archive policy": "rule:admin"`
		`"update archive policy": "rule:admin"`
		`"delete archive policy": "rule:admin"`

		`"create archive policy rule": "rule:admin"`
		`- "get archive policy rule": "rule:admin or rule:member_or_creator or rule:auditor"`
		`- "list archive policy rule": "rule:admin or rule:member_or_creator or rule:auditor"`
		`+ "get archive policy rule": "rule:admin or rule:member_or_creator or rule:reader"`
		`+ "list archive policy rule": "rule:admin or rule:member_or_creator or rule:reader"`
		`"update archive policy rule": "rule:admin"`
		`"delete archive policy rule": "rule:admin"`

		`"create metric": "rule:admin or rule:member_or_creator"`
		`"delete metric": "rule:admin or rule:member_or_creator"`
		`- "get metric": "rule:admin or rule:member_or_creator or rule:auditor"`
		`- "search metric": "rule:admin or rule:member_or_creator or rule:auditor"`
		`- "list metric": "rule:admin or rule:member_or_creator or rule:auditor"`
		`+ "get metric": "rule:admin or rule:member_or_creator or rule:reader"`
		`+ "search metric": "rule:admin or rule:member_or_creator or rule:reader"`
		`+ "list metric": "rule:admin or rule:member_or_creator or rule:reader"`

		`- "get measures": "rule:admin or rule:member_or_creator or rule:auditor"`
		`+ "get measures": "rule:admin or rule:member_or_creator or rule:reader"`
		`"post measures": "rule:admin or rule:member_or_creator"`

services/heat/policy.yaml

file modified

+32 -32

		`@@ -19,18 +19,18 @@`

		`# Show build information.`
		`# GET /v1/{tenant_id}/build_info`
		`- "build_info:build_info": "rule:admin or rule:member or rule:auditor"`
		`+ "build_info:build_info": "rule:admin or rule:member or rule:reader"`

		`### Policy Rules defined in heat.policies.cloudformation`

		`#`
		`- "cloudformation:ListStacks": "rule:admin or rule:member or rule:auditor"`
		`+ "cloudformation:ListStacks": "rule:admin or rule:member or rule:reader"`

		`#`
		`"cloudformation:CreateStack": "rule:admin or rule:member"`

		`#`
		`- "cloudformation:DescribeStacks": "rule:admin or rule:member or rule:auditor"`
		`+ "cloudformation:DescribeStacks": "rule:admin or rule:member or rule:reader"`

		`#`
		`"cloudformation:DeleteStack": "rule:admin or rule:member"`
		`@@ -42,7 +42,7 @@`
		`"cloudformation:CancelUpdateStack": "rule:admin or rule:member"`

		`#`
		`- "cloudformation:DescribeStackEvents": "rule:admin or rule:member or rule:auditor"`
		`+ "cloudformation:DescribeStackEvents": "rule:admin or rule:member or rule:reader"`

		`#`
		`"cloudformation:ValidateTemplate": "rule:admin or rule:member"`
		`@@ -51,40 +51,40 @@`
		`"cloudformation:GetTemplate": "rule:admin or rule:member"`

		`#`
		`- "cloudformation:EstimateTemplateCost": "rule:admin or rule:member or rule:auditor"`
		`+ "cloudformation:EstimateTemplateCost": "rule:admin or rule:member or rule:reader"`

		`#`
		`- "cloudformation:DescribeStackResource": "rule:admin or rule:member or rule:auditor"`
		`+ "cloudformation:DescribeStackResource": "rule:admin or rule:member or rule:reader"`

		`#`
		`- "cloudformation:DescribeStackResources": "rule:admin or rule:member or rule:auditor"`
		`+ "cloudformation:DescribeStackResources": "rule:admin or rule:member or rule:reader"`

		`#`
		`- "cloudformation:ListStackResources": "rule:admin or rule:member or rule:auditor"`
		`+ "cloudformation:ListStackResources": "rule:admin or rule:member or rule:reader"`

		`### Policy Rules defined in heat.policies.events`

		`# List events.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events`
		`- "events:index": "rule:admin or rule:member or rule:auditor"`
		`+ "events:index": "rule:admin or rule:member or rule:reader"`

		`# Show event.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events/{event_id}`
		`- "events:show": "rule:admin or rule:member or rule:auditor"`
		`+ "events:show": "rule:admin or rule:member or rule:reader"`

		`### Policy Rules defined in heat.policies.resource`

		`# List resources.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources`
		`- "resource:index": "rule:admin or rule:member or rule:auditor"`
		`+ "resource:index": "rule:admin or rule:member or rule:reader"`

		`# Show resource metadata.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/metadata`
		`- "resource:metadata": "rule:admin or rule:member or rule:auditor"`
		`+ "resource:metadata": "rule:admin or rule:member or rule:reader"`

		`# Signal resource.`
		`# POST /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/signal`
		`- "resource:signal": "rule:admin or rule:member or rule:auditor"`
		`+ "resource:signal": "rule:admin or rule:member or rule:reader"`

		`# Mark resource as unhealthy.`
		`# PATCH /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name_or_physical_id}`
		`@@ -92,7 +92,7 @@`

		`# Show resource.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}`
		`- "resource:show": "rule:admin or rule:member or rule:auditor"`
		`+ "resource:show": "rule:admin or rule:member or rule:reader"`

		`### Policy Rules defined in heat.policies.resource_types`

		`@@ -144,7 +144,7 @@`
		`### Policy Rules defined in heat.policies.service`

		`#`
		`- "service:index": "rule:admin or rule:auditor"`
		`+ "service:index": "rule:admin or rule:reader"`

		`### Policy Rules defined in heat.policies.software_configs`

		`@@ -154,7 +154,7 @@`

		`# List configs.`
		`# GET /v1/{tenant_id}/software_configs`
		`- "software_configs:index": "rule:admin or rule:member or rule:auditor"`
		`+ "software_configs:index": "rule:admin or rule:member or rule:reader"`

		`# Create config.`
		`# POST /v1/{tenant_id}/software_configs`
		`@@ -162,7 +162,7 @@`

		`# Show config details.`
		`# GET /v1/{tenant_id}/software_configs/{config_id}`
		`- "software_configs:show": "rule:admin or rule:member or rule:auditor"`
		`+ "software_configs:show": "rule:admin or rule:member or rule:reader"`

		`# Delete config.`
		`# DELETE /v1/{tenant_id}/software_configs/{config_id}`
		`@@ -172,7 +172,7 @@`

		`# List deployments.`
		`# GET /v1/{tenant_id}/software_deployments`
		`- "software_deployments:index": "rule:admin or rule:member or rule:auditor"`
		`+ "software_deployments:index": "rule:admin or rule:member or rule:reader"`

		`# Create deployment.`
		`# POST /v1/{tenant_id}/software_deployments`
		`@@ -180,7 +180,7 @@`

		`# Show deployment details.`
		`# GET /v1/{tenant_id}/software_deployments/{deployment_id}`
		`- "software_deployments:show": "rule:admin or rule:member or rule:auditor"`
		`+ "software_deployments:show": "rule:admin or rule:member or rule:reader"`

		`# Update deployment.`
		`# PUT /v1/{tenant_id}/software_deployments/{deployment_id}`
		`@@ -192,7 +192,7 @@`

		`# Show server configuration metadata.`
		`# GET /v1/{tenant_id}/software_deployments/metadata/{server_id}`
		`- "software_deployments:metadata": "rule:admin or rule:member or rule:auditor"`
		`+ "software_deployments:metadata": "rule:admin or rule:member or rule:reader"`

		`### Policy Rules defined in heat.policies.stacks`

		`@@ -210,15 +210,15 @@`

		`# List stacks in detail.`
		`# GET /v1/{tenant_id}/stacks`
		`- "stacks:detail": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:detail": "rule:admin or rule:member or rule:reader"`

		`# Export stack.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/export`
		`- "stacks:export": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:export": "rule:admin or rule:member or rule:reader"`

		`# Generate stack template.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template`
		`- "stacks:generate_template": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:generate_template": "rule:admin or rule:member or rule:reader"`

		`# List stacks globally.`
		`# GET /v1/{tenant_id}/stacks`
		`@@ -226,23 +226,23 @@`

		`# List stacks.`
		`# GET /v1/{tenant_id}/stacks`
		`- "stacks:index": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:index": "rule:admin or rule:member or rule:reader"`

		`# List resource types.`
		`# GET /v1/{tenant_id}/resource_types`
		`- "stacks:list_resource_types": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:list_resource_types": "rule:admin or rule:member or rule:reader"`

		`# List template versions.`
		`# GET /v1/{tenant_id}/template_versions`
		`- "stacks:list_template_versions": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:list_template_versions": "rule:admin or rule:member or rule:reader"`

		`# List template functions.`
		`# GET /v1/{tenant_id}/template_versions/{template_version}/functions`
		`- "stacks:list_template_functions": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:list_template_functions": "rule:admin or rule:member or rule:reader"`

		`# Find stack.`
		`# GET /v1/{tenant_id}/stacks/{stack_identity}`
		`- "stacks:lookup": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:lookup": "rule:admin or rule:member or rule:reader"`

		`# Preview stack.`
		`# POST /v1/{tenant_id}/stacks/preview`
		`@@ -250,11 +250,11 @@`

		`# Show resource type schema.`
		`# GET /v1/{tenant_id}/resource_types/{type_name}`
		`- "stacks:resource_schema": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:resource_schema": "rule:admin or rule:member or rule:reader"`

		`# Show stack.`
		`# GET /v1/{tenant_id}/stacks/{stack_identity}`
		`- "stacks:show": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:show": "rule:admin or rule:member or rule:reader"`

		`# Get stack template.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template`
		`@@ -294,7 +294,7 @@`

		`# Show snapshot.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}`
		`- "stacks:show_snapshot": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:show_snapshot": "rule:admin or rule:member or rule:reader"`

		`# Delete snapshot.`
		`# DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}`
		`@@ -302,7 +302,7 @@`

		`# List snapshots.`
		`# GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots`
		`- "stacks:list_snapshots": "rule:admin or rule:member or rule:auditor"`
		`+ "stacks:list_snapshots": "rule:admin or rule:member or rule:reader"`

		`# Restore snapshot.`
		`# POST /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}/restore`

services/keystone/policy.yaml

file modified

+66 -66

		`@@ -4,12 +4,12 @@`
		`# Show application credential details.`
		`# GET /v3/users/{user_id}/application_credentials/{application_credential_id}`
		`# HEAD /v3/users/{user_id}/application_credentials/{application_credential_id}`
		`- "identity:get_application_credential": "rule:admin or rule:owner or rule:auditor"`
		`+ "identity:get_application_credential": "rule:admin or rule:owner or rule:reader"`

		`# List application credentials for a user.`
		`# GET /v3/users/{user_id}/application_credentials`
		`# HEAD /v3/users/{user_id}/application_credentials`
		`- "identity:list_application_credentials": "rule:admin or rule:owner or rule:auditor"`
		`+ "identity:list_application_credentials": "rule:admin or rule:owner or rule:reader"`

		`# Create an application credential.`
		`# POST /v3/users/{user_id}/application_credentials`
		`@@ -117,12 +117,12 @@`
		`# Show domain details.`
		`# GET /v3/domains/{domain_id}`
		`# Intended scope(s): system`
		`- "identity:get_domain": "rule:admin or token.project.domain.id:%(target.domain.id)s or rule:auditor"`
		`+ "identity:get_domain": "rule:admin or token.project.domain.id:%(target.domain.id)s or rule:reader"`

		`# List domains.`
		`# GET /v3/domains`
		`# Intended scope(s): system`
		`- "identity:list_domains": "rule:admin or rule:auditor"`
		`+ "identity:list_domains": "rule:admin or rule:reader"`

		`# Create domain.`
		`# POST /v3/domains`
		`@@ -154,7 +154,7 @@`
		`# GET /v3/domains/{domain_id}/config/{group}/{option}`
		`# HEAD /v3/domains/{domain_id}/config/{group}/{option}`
		`# Intended scope(s): system`
		`- "identity:get_domain_config": "rule:admin or rule:auditor"`
		`+ "identity:get_domain_config": "rule:admin or rule:reader"`

		`# Get security compliance domain configuration for either a domain or`
		`# a specific option in a domain.`
		`@@ -190,11 +190,11 @@`
		`# GET /v3/domains/config/{group}/{option}/default`
		`# HEAD /v3/domains/config/{group}/{option}/default`
		`# Intended scope(s): system`
		`- "identity:get_domain_config_default": "rule:admin or rule:auditor"`
		`+ "identity:get_domain_config_default": "rule:admin or rule:reader"`

		`# Show ec2 credential details.`
		`# GET /v3/users/{user_id}/credentials/OS-EC2/{credential_id}`
		`- "identity:ec2_get_credential": "rule:admin or (rule:owner and user_id:%(target.credential.user_id)s) or rule:auditor"`
		`+ "identity:ec2_get_credential": "rule:admin or (rule:owner and user_id:%(target.credential.user_id)s) or rule:reader"`

		`# List ec2 credentials.`
		`# GET /v3/users/{user_id}/credentials/OS-EC2`
		`@@ -211,12 +211,12 @@`
		`# Show endpoint details.`
		`# GET /v3/endpoints/{endpoint_id}`
		`# Intended scope(s): system`
		`- "identity:get_endpoint": "rule:admin or rule:auditor"`
		`+ "identity:get_endpoint": "rule:admin or rule:reader"`

		`# List endpoints.`
		`# GET /v3/endpoints`
		`# Intended scope(s): system`
		`- "identity:list_endpoints": "rule:admin or rule:auditor"`
		`+ "identity:list_endpoints": "rule:admin or rule:reader"`

		`# Create endpoint.`
		`# POST /v3/endpoints`
		`@@ -241,13 +241,13 @@`
		`# List endpoint groups.`
		`# GET /v3/OS-EP-FILTER/endpoint_groups`
		`# Intended scope(s): system`
		`- "identity:list_endpoint_groups": "rule:admin or rule:auditor"`
		`+ "identity:list_endpoint_groups": "rule:admin or rule:reader"`

		`# Get endpoint group.`
		`# GET /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}`
		`# HEAD /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}`
		`# Intended scope(s): system`
		`- "identity:get_endpoint_group": "rule:admin or rule:auditor"`
		`+ "identity:get_endpoint_group": "rule:admin or rule:reader"`

		`# Update endpoint group.`
		`# PATCH /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}`
		`@@ -262,23 +262,23 @@`
		`# List all projects associated with a specific endpoint group.`
		`# GET /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects`
		`# Intended scope(s): system`
		`- "identity:list_projects_associated_with_endpoint_group": "rule:admin or rule:auditor"`
		`+ "identity:list_projects_associated_with_endpoint_group": "rule:admin or rule:reader"`

		`# List all endpoints associated with an endpoint group.`
		`# GET /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints`
		`# Intended scope(s): system`
		`- "identity:list_endpoints_associated_with_endpoint_group": "rule:admin or rule:auditor"`
		`+ "identity:list_endpoints_associated_with_endpoint_group": "rule:admin or rule:reader"`

		`# Check if an endpoint group is associated with a project.`
		`# GET /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}`
		`# HEAD /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}`
		`# Intended scope(s): system`
		`- "identity:get_endpoint_group_in_project": "rule:admin or rule:auditor"`
		`+ "identity:get_endpoint_group_in_project": "rule:admin or rule:reader"`

		`# List endpoint groups associated with a specific project.`
		`# GET /v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups`
		`# Intended scope(s): system`
		`- "identity:list_endpoint_groups_for_project": "rule:admin or rule:auditor"`
		`+ "identity:list_endpoint_groups_for_project": "rule:admin or rule:reader"`

		`# Allow a project to access an endpoint group.`
		`# PUT /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}`
		`@@ -312,7 +312,7 @@`
		`# HEAD /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects`
		`# GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects`
		`# Intended scope(s): system`
		`- "identity:check_grant": "rule:admin or rule:auditor"`
		`+ "identity:check_grant": "rule:admin or rule:reader"`

		`# List roles granted to an actor on a target. A target can be either a`
		`# domain or a project. An actor can be either a user or a group. For`
		`@@ -330,7 +330,7 @@`
		`# GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects`
		`# GET /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects`
		`# Intended scope(s): system`
		`- "identity:list_grants": "rule:admin or rule:auditor"`
		`+ "identity:list_grants": "rule:admin or rule:reader"`

		`# Create a role grant between a target and an actor. A target can be`
		`# either a domain or a project. An actor can be either a user or a`
		`@@ -369,12 +369,12 @@`
		`# List all grants a specific user has on the system.`
		`# ['HEAD', 'GET'] /v3/system/users/{user_id}/roles`
		`# Intended scope(s): system`
		`- "identity:list_system_grants_for_user": "rule:admin or rule:auditor"`
		`+ "identity:list_system_grants_for_user": "rule:admin or rule:reader"`

		`# Check if a user has a role on the system.`
		`# ['HEAD', 'GET'] /v3/system/users/{user_id}/roles/{role_id}`
		`# Intended scope(s): system`
		`- "identity:check_system_grant_for_user": "rule:admin or rule:auditor"`
		`+ "identity:check_system_grant_for_user": "rule:admin or rule:reader"`

		`# Grant a user a role on the system.`
		`# ['PUT'] /v3/system/users/{user_id}/roles/{role_id}`
		`@@ -389,12 +389,12 @@`
		`# List all grants a specific group has on the system.`
		`# ['HEAD', 'GET'] /v3/system/groups/{group_id}/roles`
		`# Intended scope(s): system`
		`- "identity:list_system_grants_for_group": "rule:admin or rule:auditor"`
		`+ "identity:list_system_grants_for_group": "rule:admin or rule:reader"`

		`# Check if a group has a role on the system.`
		`# ['HEAD', 'GET'] /v3/system/groups/{group_id}/roles/{role_id}`
		`# Intended scope(s): system`
		`- "identity:check_system_grant_for_group": "rule:admin or rule:auditor"`
		`+ "identity:check_system_grant_for_group": "rule:admin or rule:reader"`

		`# Grant a group a role on the system.`
		`# ['PUT'] /v3/system/groups/{group_id}/roles/{role_id}`
		`@@ -410,19 +410,19 @@`
		`# GET /v3/groups/{group_id}`
		`# HEAD /v3/groups/{group_id}`
		`# Intended scope(s): system`
		`- "identity:get_group": "rule:admin or rule:auditor"`
		`+ "identity:get_group": "rule:admin or rule:reader"`

		`# List groups.`
		`# GET /v3/groups`
		`# HEAD /v3/groups`
		`# Intended scope(s): system`
		`- "identity:list_groups": "rule:admin or rule:auditor"`
		`+ "identity:list_groups": "rule:admin or rule:reader"`

		`# List groups to which a user belongs.`
		`# GET /v3/users/{user_id}/groups`
		`# HEAD /v3/users/{user_id}/groups`
		`# Intended scope(s): system`
		`- "identity:list_groups_for_user": "rule:admin or rule:owner or rule:auditor"`
		`+ "identity:list_groups_for_user": "rule:admin or rule:owner or rule:reader"`

		`# Create group.`
		`# POST /v3/groups`
		`@@ -443,7 +443,7 @@`
		`# GET /v3/groups/{group_id}/users`
		`# HEAD /v3/groups/{group_id}/users`
		`# Intended scope(s): system`
		`- "identity:list_users_in_group": "rule:admin or rule:auditor"`
		`+ "identity:list_users_in_group": "rule:admin or rule:reader"`

		`# Remove user from group.`
		`# DELETE /v3/groups/{group_id}/users/{user_id}`
		`@@ -454,7 +454,7 @@`
		`# HEAD /v3/groups/{group_id}/users/{user_id}`
		`# GET /v3/groups/{group_id}/users/{user_id}`
		`# Intended scope(s): system`
		`- "identity:check_user_in_group": "rule:admin or rule:auditor"`
		`+ "identity:check_user_in_group": "rule:admin or rule:reader"`

		`# Add user to group.`
		`# PUT /v3/groups/{group_id}/users/{user_id}`
		`@@ -470,13 +470,13 @@`
		`# GET /v3/OS-FEDERATION/identity_providers`
		`# HEAD /v3/OS-FEDERATION/identity_providers`
		`# Intended scope(s): system`
		`- "identity:list_identity_providers": "rule:admin or rule:auditor"`
		`+ "identity:list_identity_providers": "rule:admin or rule:reader"`

		`# Get identity provider.`
		`# GET /v3/OS-FEDERATION/identity_providers/{idp_id}`
		`# HEAD /v3/OS-FEDERATION/identity_providers/{idp_id}`
		`# Intended scope(s): system`
		`- "identity:get_identity_provider": "rule:admin or rule:auditor"`
		`+ "identity:get_identity_provider": "rule:admin or rule:reader"`

		`# Update identity provider.`
		`# PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}`
		`@@ -494,7 +494,7 @@`
		`# role.`
		`# GET /v3/roles/{prior_role_id}/implies/{implied_role_id}`
		`# Intended scope(s): system`
		`- "identity:get_implied_role": "rule:admin or rule:auditor"`
		`+ "identity:get_implied_role": "rule:admin or rule:reader"`

		`# List associations between two roles. When a relationship exists`
		`# between a prior role and an implied role and the prior role is`
		`@@ -504,7 +504,7 @@`
		`# GET /v3/roles/{prior_role_id}/implies`
		`# HEAD /v3/roles/{prior_role_id}/implies`
		`# Intended scope(s): system`
		`- "identity:list_implied_roles": "rule:admin or rule:auditor"`
		`+ "identity:list_implied_roles": "rule:admin or rule:reader"`

		`# Create an association between two roles. When a relationship exists`
		`# between a prior role and an implied role and the prior role is`
		`@@ -528,14 +528,14 @@`
		`# GET /v3/role_inferences`
		`# HEAD /v3/role_inferences`
		`# Intended scope(s): system`
		`- "identity:list_role_inference_rules": "rule:admin or rule:auditor"`
		`+ "identity:list_role_inference_rules": "rule:admin or rule:reader"`

		`# Check an association between two roles. When a relationship exists`
		`# between a prior role and an implied role and the prior role is`
		`# assigned to a user, the user also assumes the implied role.`
		`# HEAD /v3/roles/{prior_role_id}/implies/{implied_role_id}`
		`# Intended scope(s): system`
		`- "identity:check_implied_role": "rule:admin or rule:auditor"`
		`+ "identity:check_implied_role": "rule:admin or rule:reader"`

		`# Get limit enforcement model.`
		`# GET /v3/limits/model`
		`@@ -579,13 +579,13 @@`
		`# GET /v3/OS-FEDERATION/mappings/{mapping_id}`
		`# HEAD /v3/OS-FEDERATION/mappings/{mapping_id}`
		`# Intended scope(s): system`
		`- "identity:get_mapping": "rule:admin or rule:auditor"`
		`+ "identity:get_mapping": "rule:admin or rule:reader"`

		`# List federated mappings.`
		`# GET /v3/OS-FEDERATION/mappings`
		`# HEAD /v3/OS-FEDERATION/mappings`
		`# Intended scope(s): system`
		`- "identity:list_mappings": "rule:admin or rule:auditor"`
		`+ "identity:list_mappings": "rule:admin or rule:reader"`

		`# Delete a federated mapping.`
		`# DELETE /v3/OS-FEDERATION/mappings/{mapping_id}`
		`@@ -600,12 +600,12 @@`
		`# Show policy details.`
		`# GET /v3/policy/{policy_id}`
		`# Intended scope(s): system`
		`- "identity:get_policy": "rule:admin or rule:auditor"`
		`+ "identity:get_policy": "rule:admin or rule:reader"`

		`# List policies.`
		`# GET /v3/policies`
		`# Intended scope(s): system`
		`- "identity:list_policies": "rule:admin or rule:auditor"`
		`+ "identity:list_policies": "rule:admin or rule:reader"`

		`# Create policy.`
		`# POST /v3/policies`
		`@@ -631,7 +631,7 @@`
		`# GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}`
		`# HEAD /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}`
		`# Intended scope(s): system`
		`- "identity:check_policy_association_for_endpoint": "rule:admin or rule:auditor"`
		`+ "identity:check_policy_association_for_endpoint": "rule:admin or rule:reader"`

		`# Delete policy association for endpoint.`
		`# DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}`
		`@@ -647,7 +647,7 @@`
		`# GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}`
		`# HEAD /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}`
		`# Intended scope(s): system`
		`- "identity:check_policy_association_for_service": "rule:admin or rule:auditor"`
		`+ "identity:check_policy_association_for_service": "rule:admin or rule:reader"`

		`# Delete policy association for service.`
		`# DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}`
		`@@ -663,7 +663,7 @@`
		`# GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}`
		`# HEAD /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}`
		`# Intended scope(s): system`
		`- "identity:check_policy_association_for_region_and_service": "rule:admin or rule:auditor"`
		`+ "identity:check_policy_association_for_region_and_service": "rule:admin or rule:reader"`

		`# Delete policy association for region and service.`
		`# DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}`
		`@@ -674,25 +674,25 @@`
		`# GET /v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy`
		`# HEAD /v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy`
		`# Intended scope(s): system`
		`- "identity:get_policy_for_endpoint": "rule:admin or rule:auditor"`
		`+ "identity:get_policy_for_endpoint": "rule:admin or rule:reader"`

		`# List endpoints for policy.`
		`# GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints`
		`# Intended scope(s): system`
		`- "identity:list_endpoints_for_policy": "rule:admin or rule:auditor"`
		`+ "identity:list_endpoints_for_policy": "rule:admin or rule:reader"`

		`# Show project details.`
		`# GET /v3/projects/{project_id}`
		`- "identity:get_project": "rule:admin or project_id:%(target.project.id)s or rule:auditor"`
		`+ "identity:get_project": "rule:admin or project_id:%(target.project.id)s or rule:reader"`

		`# List projects.`
		`# GET /v3/projects`
		`# Intended scope(s): system`
		`- "identity:list_projects": "rule:admin or rule:auditor"`
		`+ "identity:list_projects": "rule:admin or rule:reader"`

		`# List projects for user.`
		`# GET /v3/users/{user_id}/projects`
		`- "identity:list_user_projects": "rule:admin or rule:owner or rule:auditor"`
		`+ "identity:list_user_projects": "rule:admin or rule:owner or rule:reader"`

		`# Create project.`
		`# POST /v3/projects`
		`@@ -712,12 +712,12 @@`
		`# List tags for a project.`
		`# GET /v3/projects/{project_id}/tags`
		`# HEAD /v3/projects/{project_id}/tags`
		`- "identity:list_project_tags": "rule:admin or project_id:%(target.project.id)s or rule:auditor"`
		`+ "identity:list_project_tags": "rule:admin or project_id:%(target.project.id)s or rule:reader"`

		`# Check if project contains a tag.`
		`# GET /v3/projects/{project_id}/tags/{value}`
		`# HEAD /v3/projects/{project_id}/tags/{value}`
		`- "identity:get_project_tag": "rule:admin or project_id:%(target.project.id)s or rule:auditor"`
		`+ "identity:get_project_tag": "rule:admin or project_id:%(target.project.id)s or rule:reader"`

		`# Replace all tags on a project with the new set of tags.`
		`# PUT /v3/projects/{project_id}/tags`
		`@@ -742,7 +742,7 @@`
		`# List projects allowed to access an endpoint.`
		`# GET /v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects`
		`# Intended scope(s): system`
		`- "identity:list_projects_for_endpoint": "rule:admin or rule:auditor"`
		`+ "identity:list_projects_for_endpoint": "rule:admin or rule:reader"`

		`# Allow project to access an endpoint.`
		`# PUT /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}`
		`@@ -753,12 +753,12 @@`
		`# GET /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}`
		`# HEAD /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}`
		`# Intended scope(s): system`
		`- "identity:check_endpoint_in_project": "rule:admin or rule:auditor"`
		`+ "identity:check_endpoint_in_project": "rule:admin or rule:reader"`

		`# List the endpoints a project is allowed to access.`
		`# GET /v3/OS-EP-FILTER/projects/{project_id}/endpoints`
		`# Intended scope(s): system`
		`- "identity:list_endpoints_for_project": "rule:admin or rule:auditor"`
		`+ "identity:list_endpoints_for_project": "rule:admin or rule:reader"`

		`# Remove access to an endpoint from a project that has previously been`
		`# given explicit access.`
		`@@ -779,12 +779,12 @@`
		`# Get federated protocol.`
		`# GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}`
		`# Intended scope(s): system`
		`- "identity:get_protocol": "rule:admin or rule:auditor"`
		`+ "identity:get_protocol": "rule:admin or rule:reader"`

		`# List federated protocols.`
		`# GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols`
		`# Intended scope(s): system`
		`- "identity:list_protocols": "rule:admin or rule:auditor"`
		`+ "identity:list_protocols": "rule:admin or rule:reader"`

		`# Delete federated protocol.`
		`# DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}`
		`@@ -849,19 +849,19 @@`
		`# List revocation events.`
		`# GET /v3/OS-REVOKE/events`
		`# Intended scope(s): system`
		`- "identity:list_revoke_events": "rule:admin or rule:service_role or rule:auditor"`
		`+ "identity:list_revoke_events": "rule:admin or rule:service_role or rule:reader"`

		`# Show role details.`
		`# GET /v3/roles/{role_id}`
		`# HEAD /v3/roles/{role_id}`
		`# Intended scope(s): system`
		`- "identity:get_role": "rule:admin or rule:auditor"`
		`+ "identity:get_role": "rule:admin or rule:reader"`

		`# List roles.`
		`# GET /v3/roles`
		`# HEAD /v3/roles`
		`# Intended scope(s): system`
		`- "identity:list_roles": "rule:admin or rule:auditor"`
		`+ "identity:list_roles": "rule:admin or rule:reader"`

		`# Create role.`
		`# POST /v3/roles`
		`@@ -882,13 +882,13 @@`
		`# GET /v3/roles/{role_id}`
		`# HEAD /v3/roles/{role_id}`
		`# Intended scope(s): system`
		`- "identity:get_domain_role": "rule:admin or rule:auditor"`
		`+ "identity:get_domain_role": "rule:admin or rule:reader"`

		`# List domain roles.`
		`# GET /v3/roles?domain_id={domain_id}`
		`# HEAD /v3/roles?domain_id={domain_id}`
		`# Intended scope(s): system`
		`- "identity:list_domain_roles": "rule:admin or rule:auditor"`
		`+ "identity:list_domain_roles": "rule:admin or rule:reader"`

		`# Create domain role.`
		`# POST /v3/roles`
		`@@ -909,23 +909,23 @@`
		`# GET /v3/role_assignments`
		`# HEAD /v3/role_assignments`
		`# Intended scope(s): system`
		`- "identity:list_role_assignments": "rule:admin or rule:auditor"`
		`+ "identity:list_role_assignments": "rule:admin or rule:reader"`

		`# List all role assignments for a given tree of hierarchical projects.`
		`# GET /v3/role_assignments?include_subtree`
		`# HEAD /v3/role_assignments?include_subtree`
		`# Intended scope(s): project`
		`- "identity:list_role_assignments_for_tree": "rule:admin or rule:auditor"`
		`+ "identity:list_role_assignments_for_tree": "rule:admin or rule:reader"`

		`# Show service details.`
		`# GET /v3/services/{service_id}`
		`# Intended scope(s): system`
		`- "identity:get_service": "rule:admin or rule:auditor"`
		`+ "identity:get_service": "rule:admin or rule:reader"`

		`# List services.`
		`# GET /v3/services`
		`# Intended scope(s): system`
		`- "identity:list_services": "rule:admin or rule:auditor"`
		`+ "identity:list_services": "rule:admin or rule:reader"`

		`# Create service.`
		`# POST /v3/services`
		`@@ -951,13 +951,13 @@`
		`# GET /v3/OS-FEDERATION/service_providers`
		`# HEAD /v3/OS-FEDERATION/service_providers`
		`# Intended scope(s): system`
		`- "identity:list_service_providers": "rule:admin or rule:auditor"`
		`+ "identity:list_service_providers": "rule:admin or rule:reader"`

		`# Get federated service provider.`
		`# GET /v3/OS-FEDERATION/service_providers/{service_provider_id}`
		`# HEAD /v3/OS-FEDERATION/service_providers/{service_provider_id}`
		`# Intended scope(s): system`
		`- "identity:get_service_provider": "rule:admin or rule:auditor"`
		`+ "identity:get_service_provider": "rule:admin or rule:reader"`

		`# Update federated service provider.`
		`# PATCH /v3/OS-FEDERATION/service_providers/{service_provider_id}`
		`@@ -972,7 +972,7 @@`
		`# List revoked PKI tokens.`
		`# GET /v3/auth/tokens/OS-PKI/revoked`
		`# Intended scope(s): system, project`
		`- "identity:revocation_list": "rule:admin or rule:service_role or rule:auditor"`
		`+ "identity:revocation_list": "rule:admin or rule:service_role or rule:reader"`

		`# Check a token.`
		`# HEAD /v3/auth/tokens`
		`@@ -980,7 +980,7 @@`

		`# Validate a token.`
		`# GET /v3/auth/tokens`
		`- "identity:validate_token": "rule:admin or rule:service_role or rule:token_subject or rule:auditor"`
		`+ "identity:validate_token": "rule:admin or rule:service_role or rule:token_subject or rule:reader"`

		`# Revoke a token.`
		`# DELETE /v3/auth/tokens`
		`@@ -1023,13 +1023,13 @@`
		`# Show user details.`
		`# GET /v3/users/{user_id}`
		`# HEAD /v3/users/{user_id}`
		`- "identity:get_user": "rule:admin or rule:owner or rule:auditor"`
		`+ "identity:get_user": "rule:admin or rule:owner or rule:reader"`

		`# List users.`
		`# GET /v3/users`
		`# HEAD /v3/users`
		`# Intended scope(s): system`
		`- "identity:list_users": "rule:admin or rule:auditor"`
		`+ "identity:list_users": "rule:admin or rule:reader"`

		`# List all projects a user has access to via role assignments.`
		`# GET /v3/auth/projects`

services/manila/policy.yaml

file modified

+57 -57

		`@@ -7,7 +7,7 @@`
		`# GET /os-availability-zone`
		`# GET /availability-zone`
		`#`
		`- "availability_zone:index": "rule:default or rule:auditor"`
		`+ "availability_zone:index": "rule:default or rule:reader"`

		`### Policy Rules defined in manila.policies.base`

		`@@ -16,13 +16,13 @@`
		`# Get details of a given message.`
		`# GET /messages/{message_id}`
		`#`
		`- "message:get": "rule:default or rule:auditor"`
		`+ "message:get": "rule:default or rule:reader"`

		`# Get all messages.`
		`# GET /messages`
		`# GET /messages?{query}`
		`#`
		`- "message:get_all": "rule:default or rule:auditor"`
		`+ "message:get_all": "rule:default or rule:reader"`

		`# Delete a message.`
		`# DELETE /messages/{message_id}`
		`@@ -41,7 +41,7 @@`
		`# GET /quota-class-sets/{class_name}`
		`# GET /os-quota-class-sets/{class_name}`
		`#`
		`- "quota_class_set:show": "rule:defaul or rule:auditort"`
		`+ "quota_class_set:show": "rule:defaul or rule:readert"`

		`### Policy Rules defined in manila.policies.quota_set`

		`@@ -58,7 +58,7 @@`
		`# GET /quota-sets/{tenant_id}/defaults`
		`# GET /os-quota-sets/{tenant_id}/defaults`
		`#`
		`- "quota_set:show": "rule:default or rule:auditor"`
		`+ "quota_set:show": "rule:default or rule:reader"`

		`# Delete quota for a tenant/user or tenant/share-type. The quota will revert back to default (Admin only).`
		`# DELETE /quota-sets/{tenant_id}`
		`@@ -75,13 +75,13 @@`
		`# GET /scheduler-stats/pools`
		`# GET /scheduler-stats/pools?{query}`
		`#`
		`- "scheduler_stats:pools:index": "rule:admin or rule:auditor"`
		`+ "scheduler_stats:pools:index": "rule:admin or rule:reader"`

		`# Get detailed information regarding backends (and storage pools) known to the scheduler.`
		`# GET /scheduler-stats/pools/detail?{query}`
		`# GET /scheduler-stats/pools/detail`
		`#`
		`- "scheduler_stats:pools:detail": "rule:admin or rule:auditor"`
		`+ "scheduler_stats:pools:detail": "rule:admin or rule:reader"`

		`### Policy Rules defined in manila.policies.security_service`

		`@@ -93,19 +93,19 @@`
		`# Get details of a security service.`
		`# GET /security-services/{security_service_id}`
		`#`
		`- "security_service:show": "rule:default or rule:auditor"`
		`+ "security_service:show": "rule:default or rule:reader"`

		`# Get details of all security services.`
		`# GET /security-services/detail?{query}`
		`# GET /security-services/detail`
		`#`
		`- "security_service:detail": "rule:default or rule:auditor"`
		`+ "security_service:detail": "rule:default or rule:reader"`

		`# Get all security services.`
		`# GET /security-services`
		`# GET /security-services?{query}`
		`#`
		`- "security_service:index": "rule:default or rule:auditor"`
		`+ "security_service:index": "rule:default or rule:reader"`

		`# Update a security service.`
		`# PUT /security-services/{security_service_id}`
		`@@ -121,7 +121,7 @@`
		`# GET /security-services?all_tenants=1`
		`# GET /security-services/detail?all_tenants=1`
		`#`
		`- "security_service:get_all_security_services": "rule:admin or rule:auditor"`
		`+ "security_service:get_all_security_services": "rule:admin or rule:reader"`

		`### Policy Rules defined in manila.policies.service`

		`@@ -131,7 +131,7 @@`
		`# GET /services`
		`# GET /services?{query}`
		`#`
		`- "service:index": "rule:admin or rule:auditor"`
		`+ "service:index": "rule:admin or rule:reader"`

		`# Enable/Disable scheduling for a service.`
		`# PUT /os-services/disable`
		`@@ -150,12 +150,12 @@`
		`# Get all export locations of a given share.`
		`# GET /shares/{share_id}/export_locations`
		`#`
		`- "share_export_location:index": "rule:default or rule:auditor"`
		`+ "share_export_location:index": "rule:default or rule:reader"`

		`# Get details about the requested export location.`
		`# GET /shares/{share_id}/export_locations/{export_location_id}`
		`#`
		`- "share_export_location:show": "rule:default or rule:auditor"`
		`+ "share_export_location:show": "rule:default or rule:reader"`

		`### Policy Rules defined in manila.policies.share_group`

		`@@ -167,7 +167,7 @@`
		`# Get details of a share group.`
		`# GET /share-groups/{share_group_id}`
		`#`
		`- "share_group:get": "rule:default or rule:auditor"`
		`+ "share_group:get": "rule:default or rule:reader"`

		`# Get all share groups.`
		`# GET /share-groups`
		`@@ -175,7 +175,7 @@`
		`# GET /share-groups?{query}`
		`# GET /share-groups/detail?{query}`
		`#`
		`- "share_group:get_all": "rule:default or rule:auditor"`
		`+ "share_group:get_all": "rule:default or rule:reader"`

		`# Update share group.`
		`# PUT /share-groups/{share_group_id}`
		`@@ -207,7 +207,7 @@`
		`# Get details of a share group snapshot.`
		`# GET /share-group-snapshots/{share_group_snapshot_id}`
		`#`
		`- "share_group_snapshot:get": "rule:default or rule:auditor"`
		`+ "share_group_snapshot:get": "rule:default or rule:reader"`

		`# Get all share group snapshots.`
		`# GET /share-group-snapshots`
		`@@ -215,7 +215,7 @@`
		`# GET /share-group-snapshots/{query}`
		`# GET /share-group-snapshots/detail?{query}`
		`#`
		`- "share_group_snapshot:get_all": "rule:default or rule:auditor"`
		`+ "share_group_snapshot:get_all": "rule:default or rule:reader"`

		`# Update a share group snapshot.`
		`# PUT /share-group-snapshots/{share_group_snapshot_id}`
		`@@ -248,17 +248,17 @@`
		`# GET /share-group-types`
		`# GET /share-group-types?is_public=all`
		`#`
		`- "share_group_type:index": "rule:default or rule:auditor"`
		`+ "share_group_type:index": "rule:default or rule:reader"`

		`# Get details regarding the specified share group type.`
		`# GET /share-group-types/{share_group_type_id}`
		`#`
		`- "share_group_type:show": "rule:default or rule:auditor"`
		`+ "share_group_type:show": "rule:default or rule:reader"`

		`# Get the default share group type.`
		`# GET /share-group-types/default`
		`#`
		`- "share_group_type:default": "rule:default or rule:auditor"`
		`+ "share_group_type:default": "rule:default or rule:reader"`

		`# Delete an existing group type.`
		`# DELETE /share-group-types/{share_group_type_id}`
		`@@ -268,7 +268,7 @@`
		`# Get project access by share group type.`
		`# POST /share-group-types/{share_group_type_id}/access`
		`#`
		`- "share_group_type:list_project_access": "rule:admin or rule:auditor"`
		`+ "share_group_type:list_project_access": "rule:admin or rule:reader"`

		`# Allow project to use the share group type.`
		`# POST /share-group-types/{share_group_type_id}/action`
		`@@ -290,12 +290,12 @@`
		`# Get share group type specs.`
		`# GET /share-group-types/{share_group_type_id}/group-specs`
		`#`
		`- "share_group_types_spec:index": "rule:admin or rule:auditor"`
		`+ "share_group_types_spec:index": "rule:admin or rule:reader"`

		`# Get details of a share group type spec.`
		`# GET /share-group-types/{share_group_type_id}/group-specs/{key}`
		`#`
		`- "share_group_types_spec:show": "rule:admin or rule:auditor"`
		`+ "share_group_types_spec:show": "rule:admin or rule:reader"`

		`# Update a share group type spec.`
		`# PUT /share-group-types/{share_group_type_id}/group-specs/{key}`
		`@@ -321,19 +321,19 @@`
		`# Get details of a share network.`
		`# GET /share-networks/{share_network_id}`
		`#`
		`- "share_network:show": "rule:default or rule:auditor"`
		`+ "share_network:show": "rule:default or rule:reader"`

		`# Get all share networks.`
		`# GET /share-networks`
		`# GET /share-networks?{query}`
		`#`
		`- "share_network:index": "rule:default or rule:auditor"`
		`+ "share_network:index": "rule:default or rule:reader"`

		`# Get details of share networks .`
		`# GET /share-networks/detail?{query}`
		`# GET /share-networks/detail`
		`#`
		`- "share_network:detail": "rule:default or rule:auditor"`
		`+ "share_network:detail": "rule:default or rule:reader"`

		`# Update a share network.`
		`# PUT /share-networks/{share_network_id}`
		`@@ -359,7 +359,7 @@`
		`# GET /share-networks?all_tenants=1`
		`# GET /share-networks/detail?all_tenants=1`
		`#`
		`- "share_network:get_all_share_networks": "rule:admin or rule:auditor"`
		`+ "share_network:get_all_share_networks": "rule:admin or rule:reader"`

		`### Policy Rules defined in manila.policies.share_replica`

		`@@ -373,12 +373,12 @@`
		`# GET /share-replicas/detail`
		`# GET /share-replicas/detail?share_id={share_id}`
		`#`
		`- "share_replica:get_all": "rule:default or rule:auditor"`
		`+ "share_replica:get_all": "rule:default or rule:reader"`

		`# Get details of a share replica.`
		`# GET /share-replicas/{share_replica_id}`
		`#`
		`- "share_replica:show": "rule:default or rule:auditor"`
		`+ "share_replica:show": "rule:default or rule:reader"`

		`# Delete a share replica.`
		`# DELETE /share-replicas/{share_replica_id}`
		`@@ -416,17 +416,17 @@`
		`# GET /share-servers`
		`# GET /share-servers?{query}`
		`#`
		`- "share_server:index": "rule:admin or rule:auditor"`
		`+ "share_server:index": "rule:admin or rule:reader"`

		`# Show share server.`
		`# GET /share-servers/{server_id}`
		`#`
		`- "share_server:show": "rule:admin or rule:auditor"`
		`+ "share_server:show": "rule:admin or rule:reader"`

		`# Get share server details.`
		`# GET /share-servers/{server_id}/details`
		`#`
		`- "share_server:details": "rule:admin or rule:auditor"`
		`+ "share_server:details": "rule:admin or rule:reader"`

		`# Delete share server.`
		`# DELETE /share-servers/{server_id}`
		`@@ -438,7 +438,7 @@`
		`# Get share snapshot.`
		`# GET /snapshots/{snapshot_id}`
		`#`
		`- "share_snapshot:get_snapshot": "rule:default or rule:auditor"`
		`+ "share_snapshot:get_snapshot": "rule:default or rule:reader"`

		`# Get all share snapshots.`
		`# GET /snapshots`
		`@@ -446,7 +446,7 @@`
		`# GET /snapshots?{query}`
		`# GET /snapshots/detail?{query}`
		`#`
		`- "share_snapshot:get_all_snapshots": "rule:default or rule:auditor"`
		`+ "share_snapshot:get_all_snapshots": "rule:default or rule:reader"`

		`# Force Delete a share snapshot.`
		`# DELETE /snapshots/{snapshot_id}`
		`@@ -471,7 +471,7 @@`
		`# List access rules of a share snapshot.`
		`# GET /snapshots/{snapshot_id}/access-list`
		`#`
		`- "share_snapshot:access_list": "rule:default or rule:auditor"`
		`+ "share_snapshot:access_list": "rule:default or rule:reader"`

		`# Allow access to a share snapshot.`
		`# POST /snapshots/{snapshot_id}/action`
		`@@ -488,31 +488,31 @@`
		`# List export locations of a share snapshot.`
		`# GET /snapshots/{snapshot_id}/export-locations/`
		`#`
		`- "share_snapshot_export_location:index": "rule:default or rule:auditor"`
		`+ "share_snapshot_export_location:index": "rule:default or rule:reader"`

		`# Get details of a specified export location of a share snapshot.`
		`# GET /snapshots/{snapshot_id}/export-locations/{export_location_id}`
		`#`
		`- "share_snapshot_export_location:show": "rule:default or rule:auditor"`
		`+ "share_snapshot_export_location:show": "rule:default or rule:reader"`

		`### Policy Rules defined in manila.policies.share_snapshot_instance`

		`# Get share snapshot instance.`
		`# GET /snapshot-instances/{snapshot_instance_id}`
		`#`
		`- "share_snapshot_instance:show": "rule:admin or rule:auditor"`
		`+ "share_snapshot_instance:show": "rule:admin or rule:reader"`

		`# Get all share snapshot instances.`
		`# GET /snapshot-instances`
		`# GET /snapshot-instances?{query}`
		`#`
		`- "share_snapshot_instance:index": "rule:admin or rule:auditor"`
		`+ "share_snapshot_instance:index": "rule:admin or rule:reader"`

		`# Get details of share snapshot instances.`
		`# GET /snapshot-instances/detail`
		`# GET /snapshot-instances/detail?{query}`
		`#`
		`- "share_snapshot_instance:detail": "rule:admin or rule:auditor"`
		`+ "share_snapshot_instance:detail": "rule:admin or rule:reader"`

		`# Reset share snapshot instance's status.`
		`# POST /snapshot-instances/{snapshot_instance_id}/action`
		`@@ -524,12 +524,12 @@`
		`# List export locations of a share snapshot instance.`
		`# GET /snapshot-instances/{snapshot_instance_id}/export-locations`
		`#`
		`- "share_snapshot_instance_export_location:index": "rule:admin or rule:auditor"`
		`+ "share_snapshot_instance_export_location:index": "rule:admin or rule:reader"`

		`# Show details of a specified export location of a share snapshot instance.`
		`# GET /snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}`
		`#`
		`- "share_snapshot_instance_export_location:show": "rule:admin or rule:auditor"`
		`+ "share_snapshot_instance_export_location:show": "rule:admin or rule:reader"`

		`### Policy Rules defined in manila.policies.share_type`

		`@@ -541,18 +541,18 @@`
		`# Get share type.`
		`# GET /types/{share_type_id}`
		`#`
		`- "share_type:show": "rule:default or rule:auditor"`
		`+ "share_type:show": "rule:default or rule:reader"`

		`# List share types.`
		`# GET /types`
		`# GET /types?is_public=all`
		`#`
		`- "share_type:index": "rule:default or rule:auditor"`
		`+ "share_type:index": "rule:default or rule:reader"`

		`# Get default share type.`
		`# GET /types/default`
		`#`
		`- "share_type:default": "rule:default or rule:auditor"`
		`+ "share_type:default": "rule:default or rule:reader"`

		`# Delete share type.`
		`# DELETE /types/{share_type_id}`
		`@@ -562,7 +562,7 @@`
		`# List share type project access.`
		`# GET /types/{share_type_id}`
		`#`
		`- "share_type:list_project_access": "rule:admin or rule:auditor"`
		`+ "share_type:list_project_access": "rule:admin or rule:reader"`

		`# Add share type to project.`
		`# POST /types/{share_type_id}/action`
		`@@ -584,12 +584,12 @@`
		`# Get share type extra specs of a given share type.`
		`# GET /types/{share_type_id}/extra_specs`
		`#`
		`- "share_types_extra_spec:show": "rule:admin or rule:auditor"`
		`+ "share_types_extra_spec:show": "rule:admin or rule:reader"`

		`# Get details of a share type extra spec.`
		`# GET /types/{share_type_id}/extra_specs/{extra_spec_id}`
		`#`
		`- "share_types_extra_spec:index": "rule:admin or rule:auditor"`
		`+ "share_types_extra_spec:index": "rule:admin or rule:reader"`

		`# Update share type extra spec.`
		`# PUT /types/{share_type_id}/extra_specs`
		`@@ -611,13 +611,13 @@`
		`# Get share.`
		`# GET /shares/{share_id}`
		`#`
		`- "share:get": "rule:default or rule:auditor"`
		`+ "share:get": "rule:default or rule:reader"`

		`# List shares.`
		`# GET /shares`
		`# GET /shares/detail`
		`#`
		`- "share:get_all": "rule:default or rule:auditor"`
		`+ "share:get_all": "rule:default or rule:reader"`

		`# Update share.`
		`# PUT /shares`
		`@@ -653,23 +653,23 @@`
		`# GET /shares`
		`# GET /shares/detail`
		`#`
		`- "share:list_by_host": "rule:admin or rule:auditor"`
		`+ "share:list_by_host": "rule:admin or rule:reader"`

		`# List share by server id.`
		`# GET /shares`
		`# GET /shares/detail`
		`#`
		`- "share:list_by_share_server_id": "rule:admin or rule:auditor"`
		`+ "share:list_by_share_server_id": "rule:admin or rule:reader"`

		`# Get share access rule, it under deny access operation.`
		`# POST /shares/{share_id}/action`
		`#`
		`- "share:access_get": "rule:default or rule:auditor"`
		`+ "share:access_get": "rule:default or rule:reader"`

		`# List share access rules.`
		`# GET /shares/{share_id}/action`
		`#`
		`- "share:access_get_all": "rule:default or rule:auditor"`
		`+ "share:access_get_all": "rule:default or rule:reader"`

		`# Extend share.`
		`# POST /shares/{share_id}/action`
		`@@ -699,7 +699,7 @@`
		`# Retrieve share migration progress for a given share.`
		`# POST /shares/{share_id}/action`
		`#`
		`- "share:migration_get_progress": "rule:admin or rule:auditor"`
		`+ "share:migration_get_progress": "rule:admin or rule:reader"`

		`# Reset task state.`
		`# POST /shares/{share_id}/action`
		`@@ -749,4 +749,4 @@`
		`# Get share metadata.`
		`# GET /shares/{share_id}/metadata`
		`#`
		`- "share:get_share_metadata": "rule:default or rule:auditor"`
		`+ "share:get_share_metadata": "rule:default or rule:reader"`

services/neutron/policy.json

file modified

+65 -65

		`@@ -1,6 +1,6 @@`
		`{`
		`- "global_auditor": "(role:global_auditor and is_admin_project:True )",`
		`- "auditor": "((role:auditor and project_id:%(project_id)s) or rule:global_auditor)",`
		`+ "global_reader": "(role:global_reader and is_admin_project:True )",`
		`+ "reader": "((role:reader and project_id:%(project_id)s) or rule:global_reader)",`
		`"_member_role": "(role:Member or role:member or role:_member_ and project_id:%(project_id)s)",`
		`"member": "(rule:_member_role and project_id:%(project_id)s)",`
		`"admin": "(is_admin:True or role:admin and (is_admin_project:True or project_id:%(project_id)s)",`
		`@@ -16,34 +16,34 @@`
		`"create_subnet": "rule:admin or rule:network_owner",`
		`"create_subnet:segment_id": "rule:admin",`
		`"create_subnet:service_types": "rule:admin",`
		`- "get_subnet": "rule:admin or rule:member or rule:shared or rule:auditor",`
		`- "get_subnet:segment_id": "rule:admin or rule:auditor",`
		`+ "get_subnet": "rule:admin or rule:member or rule:shared or rule:reader",`
		`+ "get_subnet:segment_id": "rule:admin or rule:reader",`
		`"update_subnet": "rule:admin or rule:network_owner",`
		`"update_subnet:service_types": "rule:admin",`
		`"delete_subnet": "rule:admin or rule:network_owner",`
		`"create_subnetpool": "rule:admin or rule:member",`
		`"create_subnetpool:shared": "rule:admin",`
		`"create_subnetpool:is_default": "rule:admin",`
		`- "get_subnetpool": "rule:admin or rule:member or rule:shared_subnetpools or rule:auditor",`
		`+ "get_subnetpool": "rule:admin or rule:member or rule:shared_subnetpools or rule:reader",`
		`"update_subnetpool": "rule:admin or rule:member",`
		`"update_subnetpool:is_default": "rule:admin",`
		`"delete_subnetpool": "rule:admin or rule:member",`
		`"create_address_scope": "rule:admin or rule:member",`
		`"create_address_scope:shared": "rule:admin",`
		`- "get_address_scope": "rule:admin or rule:member or rule:shared_address_scopes or rule:auditor",`
		`+ "get_address_scope": "rule:admin or rule:member or rule:shared_address_scopes or rule:reader",`
		`"update_address_scope": "rule:admin or rule:member",`
		`"update_address_scope:shared": "rule:admin",`
		`"delete_address_scope": "rule:admin or rule:member",`
		`"create_network": "rule:admin or rule:member",`
		`- "get_network": "rule:admin or rule:member or rule:shared or rule:external or rule:context_is_advsvc or rule:auditor",`
		`- "get_network:router:external": "rule:admin or rule:member or rule:auditor",`
		`- "get_network:segments": "rule:admin or rule:auditor",`
		`- "get_network:provider:network_type": "rule:admin or rule:auditor",`
		`- "get_network:provider:physical_network": "rule:admin or rule:auditor",`
		`- "get_network:provider:segmentation_id": "rule:admin or rule:auditor",`
		`- "get_network:queue_id": "rule:admin or rule:auditor",`
		`- "get_network_ip_availabilities": "rule:admin or rule:auditor",`
		`- "get_network_ip_availability": "rule:admin or rule:auditor",`
		`+ "get_network": "rule:admin or rule:member or rule:shared or rule:external or rule:context_is_advsvc or rule:reader",`
		`+ "get_network:router:external": "rule:admin or rule:member or rule:reader",`
		`+ "get_network:segments": "rule:admin or rule:reader",`
		`+ "get_network:provider:network_type": "rule:admin or rule:reader",`
		`+ "get_network:provider:physical_network": "rule:admin or rule:reader",`
		`+ "get_network:provider:segmentation_id": "rule:admin or rule:reader",`
		`+ "get_network:queue_id": "rule:admin or rule:reader",`
		`+ "get_network_ip_availabilities": "rule:admin or rule:reader",`
		`+ "get_network_ip_availability": "rule:admin or rule:reader",`
		`"create_network:shared": "rule:admin",`
		`"create_network:router:external": "rule:admin",`
		`"create_network:is_default": "rule:admin",`
		`@@ -60,7 +60,7 @@`
		`"update_network:router:external": "rule:admin",`
		`"delete_network": "rule:admin or rule:member",`
		`"create_segment": "rule:admin",`
		`- "get_segment": "rule:admin or rule:auditor",`
		`+ "get_segment": "rule:admin or rule:reader",`
		`"update_segment": "rule:admin",`
		`"delete_segment": "rule:admin",`
		`"network_device": "field:port:device_owner=~^network:",`
		`@@ -74,12 +74,12 @@`
		`"create_port:binding:profile": "rule:admin",`
		`"create_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin or rule:network_owner",`
		`"create_port:allowed_address_pairs": "rule:admin or rule:network_owner",`
		`- "get_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner or rule:auditor",`
		`- "get_port:queue_id": "rule:admin or rule:auditor",`
		`- "get_port:binding:vif_type": "rule:admin or rule:auditor",`
		`- "get_port:binding:vif_details": "rule:admin or rule:auditor",`
		`- "get_port:binding:host_id": "rule:admin or rule:auditor",`
		`- "get_port:binding:profile": "rule:admin or rule:auditor",`
		`+ "get_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner or rule:reader",`
		`+ "get_port:queue_id": "rule:admin or rule:reader",`
		`+ "get_port:binding:vif_type": "rule:admin or rule:reader",`
		`+ "get_port:binding:vif_details": "rule:admin or rule:reader",`
		`+ "get_port:binding:host_id": "rule:admin or rule:reader",`
		`+ "get_port:binding:profile": "rule:admin or rule:reader",`
		`"update_port": "rule:admin or rule:member or rule:context_is_advsvc",`
		`"update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin or rule:network_owner",`
		`"update_port:mac_address": "rule:admin or rule:context_is_advsvc",`
		`@@ -92,13 +92,13 @@`
		`"update_port:allowed_address_pairs": "rule:admin or rule:network_owner",`
		`"update_port:data_plane_status": "rule:admin_or_data_plane_int",`
		`"delete_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner",`
		`- "get_router:ha": "rule:admin or rule:auditor",`
		`+ "get_router:ha": "rule:admin or rule:reader",`
		`"create_router": "rule:admin or rule:member",`
		`"create_router:external_gateway_info:enable_snat": "rule:admin",`
		`"create_router:distributed": "rule:admin",`
		`"create_router:ha": "rule:admin",`
		`- "get_router": "rule:admin or rule:member or rule:auditor",`
		`- "get_router:distributed": "rule:admin or rule:auditor",`
		`+ "get_router": "rule:admin or rule:member or rule:reader",`
		`+ "get_router:distributed": "rule:admin or rule:reader",`
		`"update_router": "rule:admin or rule:member",`
		`"update_router:external_gateway_info": "rule:admin or rule:member",`
		`"update_router:external_gateway_info:network_id": "rule:admin or rule:member",`
		`@@ -111,68 +111,68 @@`
		`"create_router:external_gateway_info:external_fixed_ips": "rule:admin",`
		`"update_router:external_gateway_info:external_fixed_ips": "rule:admin",`
		`"create_qos_queue": "rule:admin",`
		`- "get_qos_queue": "rule:admin or rule:auditor",`
		`+ "get_qos_queue": "rule:admin or rule:reader",`
		`"update_agent": "rule:admin",`
		`"delete_agent": "rule:admin",`
		`- "get_agent": "rule:admin or rule:auditor",`
		`+ "get_agent": "rule:admin or rule:reader",`
		`"create_dhcp-network": "rule:admin",`
		`"delete_dhcp-network": "rule:admin",`
		`- "get_dhcp-networks": "rule:admin or rule:auditor",`
		`+ "get_dhcp-networks": "rule:admin or rule:reader",`
		`"create_l3-router": "rule:admin",`
		`"delete_l3-router": "rule:admin",`
		`- "get_l3-routers": "rule:admin or rule:auditor",`
		`- "get_dhcp-agents": "rule:admin or rule:auditor",`
		`- "get_l3-agents": "rule:admin or rule:auditor",`
		`- "get_loadbalancer-agent": "rule:admin or rule:auditor",`
		`- "get_loadbalancer-pools": "rule:admin or rule:auditor",`
		`- "get_agent-loadbalancers": "rule:admin or rule:auditor",`
		`- "get_loadbalancer-hosting-agent": "rule:admin or rule:auditor",`
		`+ "get_l3-routers": "rule:admin or rule:reader",`
		`+ "get_dhcp-agents": "rule:admin or rule:reader",`
		`+ "get_l3-agents": "rule:admin or rule:reader",`
		`+ "get_loadbalancer-agent": "rule:admin or rule:reader",`
		`+ "get_loadbalancer-pools": "rule:admin or rule:reader",`
		`+ "get_agent-loadbalancers": "rule:admin or rule:reader",`
		`+ "get_loadbalancer-hosting-agent": "rule:admin or rule:reader",`
		`"create_floatingip": "rule:admin or rule:member",`
		`"create_floatingip:floating_ip_address": "rule:admin",`
		`"update_floatingip": "rule:admin or rule:member",`
		`"delete_floatingip": "rule:admin or rule:member",`
		`- "get_floatingip": "rule:admin or rule:member or rule:auditor",`
		`+ "get_floatingip": "rule:admin or rule:member or rule:reader",`
		`"create_network_profile": "rule:admin",`
		`"update_network_profile": "rule:admin",`
		`"delete_network_profile": "rule:admin",`
		`- "get_network_profiles": "rule:admin or rule:member or rule:auditor",`
		`- "get_network_profile": "rule:admin or rule:member or rule:auditor",`
		`+ "get_network_profiles": "rule:admin or rule:member or rule:reader",`
		`+ "get_network_profile": "rule:admin or rule:member or rule:reader",`
		`"update_policy_profiles": "rule:admin",`
		`- "get_policy_profiles": "rule:admin or rule:member or rule:auditor",`
		`- "get_policy_profile": "rule:admin or rule:member or rule:auditor",`
		`+ "get_policy_profiles": "rule:admin or rule:member or rule:reader",`
		`+ "get_policy_profile": "rule:admin or rule:member or rule:reader",`
		`"create_metering_label": "rule:admin",`
		`"delete_metering_label": "rule:admin",`
		`- "get_metering_label": "rule:admin or rule:auditor",`
		`+ "get_metering_label": "rule:admin or rule:reader",`
		`"create_metering_label_rule": "rule:admin",`
		`"delete_metering_label_rule": "rule:admin",`
		`- "get_metering_label_rule": "rule:admin or rule:auditor",`
		`- "get_service_provider": "rule:admin or rule:member or rule:auditor",`
		`- "get_lsn": "rule:admin or rule:auditor",`
		`+ "get_metering_label_rule": "rule:admin or rule:reader",`
		`+ "get_service_provider": "rule:admin or rule:member or rule:reader",`
		`+ "get_lsn": "rule:admin or rule:reader",`
		`"create_lsn": "rule:admin",`
		`"create_flavor": "rule:admin",`
		`"update_flavor": "rule:admin",`
		`"delete_flavor": "rule:admin",`
		`- "get_flavors": "rule:admin or rule:member or rule:auditor",`
		`- "get_flavor": "rule:admin or rule:member or rule:auditor",`
		`+ "get_flavors": "rule:admin or rule:member or rule:reader",`
		`+ "get_flavor": "rule:admin or rule:member or rule:reader",`
		`"create_service_profile": "rule:admin",`
		`"update_service_profile": "rule:admin",`
		`"delete_service_profile": "rule:admin",`
		`- "get_service_profiles": "rule:admin or rule:auditor",`
		`- "get_service_profile": "rule:admin or rule:auditor",`
		`- "get_policy": "rule:admin or rule:member or rule:auditor",`
		`+ "get_service_profiles": "rule:admin or rule:reader",`
		`+ "get_service_profile": "rule:admin or rule:reader",`
		`+ "get_policy": "rule:admin or rule:member or rule:reader",`
		`"create_policy": "rule:admin",`
		`"update_policy": "rule:admin",`
		`"delete_policy": "rule:admin",`
		`- "get_policy_bandwidth_limit_rule": "rule:admin or rule:member or rule:auditor",`
		`+ "get_policy_bandwidth_limit_rule": "rule:admin or rule:member or rule:reader",`
		`"create_policy_bandwidth_limit_rule": "rule:admin",`
		`"delete_policy_bandwidth_limit_rule": "rule:admin",`
		`"update_policy_bandwidth_limit_rule": "rule:admin",`
		`- "get_policy_dscp_marking_rule": "rule:admin or rule:member or rule:auditor",`
		`+ "get_policy_dscp_marking_rule": "rule:admin or rule:member or rule:reader",`
		`"create_policy_dscp_marking_rule": "rule:admin",`
		`"delete_policy_dscp_marking_rule": "rule:admin",`
		`"update_policy_dscp_marking_rule": "rule:admin",`
		`- "get_rule_type": "rule:admin or rule:member or rule:auditor",`
		`- "get_policy_minimum_bandwidth_rule": "rule:admin or rule:member or rule:auditor",`
		`+ "get_rule_type": "rule:admin or rule:member or rule:reader",`
		`+ "get_policy_minimum_bandwidth_rule": "rule:admin or rule:member or rule:reader",`
		`"create_policy_minimum_bandwidth_rule": "rule:admin",`
		`"delete_policy_minimum_bandwidth_rule": "rule:admin",`
		`"update_policy_minimum_bandwidth_rule": "rule:admin",`
		`@@ -181,31 +181,31 @@`
		`"create_rbac_policy:target_tenant": "rule:restrict_wildcard",`
		`"update_rbac_policy": "rule:admin or rule:member",`
		`"update_rbac_policy:target_tenant": "rule:restrict_wildcard and rule:admin or rule:member",`
		`- "get_rbac_policy": "rule:admin or rule:member or rule:auditor",`
		`+ "get_rbac_policy": "rule:admin or rule:member or rule:reader",`
		`"delete_rbac_policy": "rule:admin or rule:member",`
		`"create_flavor_service_profile": "rule:admin",`
		`"delete_flavor_service_profile": "rule:admin",`
		`- "get_flavor_service_profile": "rule:admin or rule:member or rule:auditor",`
		`- "get_auto_allocated_topology": "rule:admin or rule:member or rule:auditor",`
		`+ "get_flavor_service_profile": "rule:admin or rule:member or rule:reader",`
		`+ "get_auto_allocated_topology": "rule:admin or rule:member or rule:reader",`
		`"create_trunk": "rule:admin or rule:member",`
		`- "get_trunk": "rule:admin or rule:member or rule:auditor",`
		`+ "get_trunk": "rule:admin or rule:member or rule:reader",`
		`"delete_trunk": "rule:admin or rule:member",`
		`- "get_subports": "rule:admin or rule:member or rule:auditor",`
		`+ "get_subports": "rule:admin or rule:member or rule:reader",`
		`"add_subports": "rule:admin or rule:member",`
		`"remove_subports": "rule:admin or rule:member",`
		`- "get_security_groups": "rule:admin or rule:member or rule:auditor",`
		`- "get_security_group": "rule:admin or rule:member or rule:auditor",`
		`+ "get_security_groups": "rule:admin or rule:member or rule:reader",`
		`+ "get_security_group": "rule:admin or rule:member or rule:reader",`
		`"create_security_group": "rule:admin or rule:member",`
		`"update_security_group": "rule:admin or rule:member",`
		`"delete_security_group": "rule:admin or rule:member",`
		`- "get_security_group_rules": "rule:admin or rule:member or rule:auditor",`
		`- "get_security_group_rule": "rule:admin or rule:member or rule:auditor",`
		`+ "get_security_group_rules": "rule:admin or rule:member or rule:reader",`
		`+ "get_security_group_rule": "rule:admin or rule:member or rule:reader",`
		`"create_security_group_rule": "rule:admin or rule:member",`
		`"delete_security_group_rule": "rule:admin or rule:member",`
		`- "get_loggable_resources": "rule:admin or rule:auditor",`
		`+ "get_loggable_resources": "rule:admin or rule:reader",`
		`"create_log": "rule:admin",`
		`"update_log": "rule:admin",`
		`"delete_log": "rule:admin",`
		`- "get_logs": "rule:admin or rule:auditor",`
		`- "get_log": "rule:admin or rule:auditor"`
		`+ "get_logs": "rule:admin or rule:reader",`
		`+ "get_log": "rule:admin or rule:reader"`
		`}`

services/neutron/policy.yaml

file modified

+63 -63

		`@@ -20,8 +20,8 @@`
		`"create_subnet": "rule:admin or rule:network_owner"`
		`"create_subnet:segment_id": "rule:admin"`
		`"create_subnet:service_types": "rule:admin"`
		`- "get_subnet": "rule:admin or rule:member or rule:shared or rule:auditor"`
		`- "get_subnet:segment_id": "rule:admin or rule:auditor"`
		`+ "get_subnet": "rule:admin or rule:member or rule:shared or rule:reader"`
		`+ "get_subnet:segment_id": "rule:admin or rule:reader"`
		`"update_subnet": "rule:admin or rule:network_owner"`
		`"update_subnet:service_types": "rule:admin"`
		`"delete_subnet": "rule:admin or rule:network_owner"`
		`@@ -29,28 +29,28 @@`
		`"create_subnetpool": "rule:admin or rule:member"`
		`"create_subnetpool:shared": "rule:admin"`
		`"create_subnetpool:is_default": "rule:admin"`
		`- "get_subnetpool": "rule:admin or rule:member or rule:shared_subnetpools or rule:auditor"`
		`+ "get_subnetpool": "rule:admin or rule:member or rule:shared_subnetpools or rule:reader"`
		`"update_subnetpool": "rule:admin or rule:member"`
		`"update_subnetpool:is_default": "rule:admin"`
		`"delete_subnetpool": "rule:admin or rule:member"`

		`"create_address_scope": "rule:admin or rule:member"`
		`"create_address_scope:shared": "rule:admin"`
		`- "get_address_scope": "rule:admin or rule:member or rule:shared_address_scopes or rule:auditor"`
		`+ "get_address_scope": "rule:admin or rule:member or rule:shared_address_scopes or rule:reader"`
		`"update_address_scope": "rule:admin or rule:member"`
		`"update_address_scope:shared": "rule:admin"`
		`"delete_address_scope": "rule:admin or rule:member"`

		`"create_network": "rule:admin or rule:member"`
		`- "get_network": "rule:admin or rule:member or rule:shared or rule:external or rule:context_is_advsvc or rule:auditor"`
		`- "get_network:router:external": "rule:admin or rule:member or rule:auditor"`
		`- "get_network:segments": "rule:admin or rule:auditor"`
		`- "get_network:provider:network_type": "rule:admin or rule:auditor"`
		`- "get_network:provider:physical_network": "rule:admin or rule:auditor"`
		`- "get_network:provider:segmentation_id": "rule:admin or rule:auditor"`
		`- "get_network:queue_id": "rule:admin or rule:auditor"`
		`- "get_network_ip_availabilities": "rule:admin or rule:auditor"`
		`- "get_network_ip_availability": "rule:admin or rule:auditor"`
		`+ "get_network": "rule:admin or rule:member or rule:shared or rule:external or rule:context_is_advsvc or rule:reader"`
		`+ "get_network:router:external": "rule:admin or rule:member or rule:reader"`
		`+ "get_network:segments": "rule:admin or rule:reader"`
		`+ "get_network:provider:network_type": "rule:admin or rule:reader"`
		`+ "get_network:provider:physical_network": "rule:admin or rule:reader"`
		`+ "get_network:provider:segmentation_id": "rule:admin or rule:reader"`
		`+ "get_network:queue_id": "rule:admin or rule:reader"`
		`+ "get_network_ip_availabilities": "rule:admin or rule:reader"`
		`+ "get_network_ip_availability": "rule:admin or rule:reader"`
		`"create_network:shared": "rule:admin"`
		`"create_network:router:external": "rule:admin"`
		`"create_network:is_default": "rule:admin"`
		`@@ -68,7 +68,7 @@`
		`"delete_network": "rule:admin or rule:member"`

		`"create_segment": "rule:admin"`
		`- "get_segment": "rule:admin or rule:auditor"`
		`+ "get_segment": "rule:admin or rule:reader"`
		`"update_segment": "rule:admin"`
		`"delete_segment": "rule:admin"`

		`@@ -83,12 +83,12 @@`
		`"create_port:binding:profile": "rule:admin"`
		`"create_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin or rule:network_owner"`
		`"create_port:allowed_address_pairs": "rule:admin or rule:network_owner"`
		`- "get_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner or rule:auditor"`
		`- "get_port:queue_id": "rule:admin or rule:auditor"`
		`- "get_port:binding:vif_type": "rule:admin or rule:auditor"`
		`- "get_port:binding:vif_details": "rule:admin or rule:auditor"`
		`- "get_port:binding:host_id": "rule:admin or rule:auditor"`
		`- "get_port:binding:profile": "rule:admin or rule:auditor"`
		`+ "get_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner or rule:reader"`
		`+ "get_port:queue_id": "rule:admin or rule:reader"`
		`+ "get_port:binding:vif_type": "rule:admin or rule:reader"`
		`+ "get_port:binding:vif_details": "rule:admin or rule:reader"`
		`+ "get_port:binding:host_id": "rule:admin or rule:reader"`
		`+ "get_port:binding:profile": "rule:admin or rule:reader"`
		`"update_port": "rule:admin or rule:member or rule:context_is_advsvc"`
		`"update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin or rule:network_owner"`
		`"update_port:mac_address": "rule:admin or rule:context_is_advsvc"`
		`@@ -102,13 +102,13 @@`
		`"update_port:data_plane_status": "rule:admin_or_data_plane_int"`
		`"delete_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner"`

		`- "get_router:ha": "rule:admin or rule:auditor"`
		`+ "get_router:ha": "rule:admin or rule:reader"`
		`"create_router": "rule:admin or rule:member"`
		`"create_router:external_gateway_info:enable_snat": "rule:admin"`
		`"create_router:distributed": "rule:admin"`
		`"create_router:ha": "rule:admin"`
		`- "get_router": "rule:admin or rule:member or rule:auditor"`
		`- "get_router:distributed": "rule:admin or rule:auditor"`
		`+ "get_router": "rule:admin or rule:member or rule:reader"`
		`+ "get_router:distributed": "rule:admin or rule:reader"`
		`"update_router": "rule:admin or rule:member"`
		`"update_router:external_gateway_info": "rule:admin or rule:member"`
		`"update_router:external_gateway_info:network_id": "rule:admin or rule:member"`
		`@@ -124,77 +124,77 @@`
		`"update_router:external_gateway_info:external_fixed_ips": "rule:admin"`

		`"create_qos_queue": "rule:admin"`
		`- "get_qos_queue": "rule:admin or rule:auditor"`
		`+ "get_qos_queue": "rule:admin or rule:reader"`

		`"update_agent": "rule:admin"`
		`"delete_agent": "rule:admin"`
		`- "get_agent": "rule:admin or rule:auditor"`
		`+ "get_agent": "rule:admin or rule:reader"`

		`"create_dhcp-network": "rule:admin"`
		`"delete_dhcp-network": "rule:admin"`
		`- "get_dhcp-networks": "rule:admin or rule:auditor"`
		`+ "get_dhcp-networks": "rule:admin or rule:reader"`
		`"create_l3-router": "rule:admin"`
		`"delete_l3-router": "rule:admin"`
		`- "get_l3-routers": "rule:admin or rule:auditor"`
		`- "get_dhcp-agents": "rule:admin or rule:auditor"`
		`- "get_l3-agents": "rule:admin or rule:auditor"`
		`- "get_loadbalancer-agent": "rule:admin or rule:auditor"`
		`- "get_loadbalancer-pools": "rule:admin or rule:auditor"`
		`- "get_agent-loadbalancers": "rule:admin or rule:auditor"`
		`- "get_loadbalancer-hosting-agent": "rule:admin or rule:auditor"`
		`+ "get_l3-routers": "rule:admin or rule:reader"`
		`+ "get_dhcp-agents": "rule:admin or rule:reader"`
		`+ "get_l3-agents": "rule:admin or rule:reader"`
		`+ "get_loadbalancer-agent": "rule:admin or rule:reader"`
		`+ "get_loadbalancer-pools": "rule:admin or rule:reader"`
		`+ "get_agent-loadbalancers": "rule:admin or rule:reader"`
		`+ "get_loadbalancer-hosting-agent": "rule:admin or rule:reader"`

		`"create_floatingip": "rule:admin or rule:member"`
		`"create_floatingip:floating_ip_address": "rule:admin"`
		`"update_floatingip": "rule:admin or rule:member"`
		`"delete_floatingip": "rule:admin or rule:member"`
		`- "get_floatingip": "rule:admin or rule:member or rule:auditor"`
		`+ "get_floatingip": "rule:admin or rule:member or rule:reader"`

		`"create_network_profile": "rule:admin"`
		`"update_network_profile": "rule:admin"`
		`"delete_network_profile": "rule:admin"`
		`- "get_network_profiles": "rule:admin or rule:member or rule:auditor"`
		`- "get_network_profile": "rule:admin or rule:member or rule:auditor"`
		`+ "get_network_profiles": "rule:admin or rule:member or rule:reader"`
		`+ "get_network_profile": "rule:admin or rule:member or rule:reader"`
		`"update_policy_profiles": "rule:admin"`
		`- "get_policy_profiles": "rule:admin or rule:member or rule:auditor"`
		`- "get_policy_profile": "rule:admin or rule:member or rule:auditor"`
		`+ "get_policy_profiles": "rule:admin or rule:member or rule:reader"`
		`+ "get_policy_profile": "rule:admin or rule:member or rule:reader"`

		`"create_metering_label": "rule:admin"`
		`"delete_metering_label": "rule:admin"`
		`- "get_metering_label": "rule:admin or rule:auditor"`
		`+ "get_metering_label": "rule:admin or rule:reader"`

		`"create_metering_label_rule": "rule:admin"`
		`"delete_metering_label_rule": "rule:admin"`
		`- "get_metering_label_rule": "rule:admin or rule:auditor"`
		`+ "get_metering_label_rule": "rule:admin or rule:reader"`

		`- "get_service_provider": "rule:admin or rule:member or rule:auditor"`
		`- "get_lsn": "rule:admin or rule:auditor"`
		`+ "get_service_provider": "rule:admin or rule:member or rule:reader"`
		`+ "get_lsn": "rule:admin or rule:reader"`
		`"create_lsn": "rule:admin"`

		`"create_flavor": "rule:admin"`
		`"update_flavor": "rule:admin"`
		`"delete_flavor": "rule:admin"`
		`- "get_flavors": "rule:admin or rule:member or rule:auditor"`
		`- "get_flavor": "rule:admin or rule:member or rule:auditor"`
		`+ "get_flavors": "rule:admin or rule:member or rule:reader"`
		`+ "get_flavor": "rule:admin or rule:member or rule:reader"`
		`"create_service_profile": "rule:admin"`
		`"update_service_profile": "rule:admin"`
		`"delete_service_profile": "rule:admin"`
		`- "get_service_profiles": "rule:admin or rule:auditor"`
		`- "get_service_profile": "rule:admin or rule:auditor"`
		`+ "get_service_profiles": "rule:admin or rule:reader"`
		`+ "get_service_profile": "rule:admin or rule:reader"`

		`- "get_policy": "rule:admin or rule:member or rule:auditor"`
		`+ "get_policy": "rule:admin or rule:member or rule:reader"`
		`"create_policy": "rule:admin"`
		`"update_policy": "rule:admin"`
		`"delete_policy": "rule:admin"`
		`- "get_policy_bandwidth_limit_rule": "rule:admin or rule:member or rule:auditor"`
		`+ "get_policy_bandwidth_limit_rule": "rule:admin or rule:member or rule:reader"`
		`"create_policy_bandwidth_limit_rule": "rule:admin"`
		`"delete_policy_bandwidth_limit_rule": "rule:admin"`
		`"update_policy_bandwidth_limit_rule": "rule:admin"`
		`- "get_policy_dscp_marking_rule": "rule:admin or rule:member or rule:auditor"`
		`+ "get_policy_dscp_marking_rule": "rule:admin or rule:member or rule:reader"`
		`"create_policy_dscp_marking_rule": "rule:admin"`
		`"delete_policy_dscp_marking_rule": "rule:admin"`
		`"update_policy_dscp_marking_rule": "rule:admin"`
		`- "get_rule_type": "rule:admin or rule:member or rule:auditor"`
		`- "get_policy_minimum_bandwidth_rule": "rule:admin or rule:member or rule:auditor"`
		`+ "get_rule_type": "rule:admin or rule:member or rule:reader"`
		`+ "get_policy_minimum_bandwidth_rule": "rule:admin or rule:member or rule:reader"`
		`"create_policy_minimum_bandwidth_rule": "rule:admin"`
		`"delete_policy_minimum_bandwidth_rule": "rule:admin"`
		`"update_policy_minimum_bandwidth_rule": "rule:admin"`
		`@@ -204,34 +204,34 @@`
		`"create_rbac_policy:target_tenant": "rule:restrict_wildcard"`
		`"update_rbac_policy": "rule:admin or rule:member"`
		`"update_rbac_policy:target_tenant": "rule:restrict_wildcard and rule:admin or rule:member"`
		`- "get_rbac_policy": "rule:admin or rule:member or rule:auditor"`
		`+ "get_rbac_policy": "rule:admin or rule:member or rule:reader"`
		`"delete_rbac_policy": "rule:admin or rule:member"`

		`"create_flavor_service_profile": "rule:admin"`
		`"delete_flavor_service_profile": "rule:admin"`
		`- "get_flavor_service_profile": "rule:admin or rule:member or rule:auditor"`
		`- "get_auto_allocated_topology": "rule:admin or rule:member or rule:auditor"`
		`+ "get_flavor_service_profile": "rule:admin or rule:member or rule:reader"`
		`+ "get_auto_allocated_topology": "rule:admin or rule:member or rule:reader"`

		`"create_trunk": "rule:admin or rule:member"`
		`- "get_trunk": "rule:admin or rule:member or rule:auditor"`
		`+ "get_trunk": "rule:admin or rule:member or rule:reader"`
		`"delete_trunk": "rule:admin or rule:member"`
		`- "get_subports": "rule:admin or rule:member or rule:auditor"`
		`+ "get_subports": "rule:admin or rule:member or rule:reader"`
		`"add_subports": "rule:admin or rule:member"`
		`"remove_subports": "rule:admin or rule:member"`

		`- "get_security_groups": "rule:admin or rule:member or rule:auditor"`
		`- "get_security_group": "rule:admin or rule:member or rule:auditor"`
		`+ "get_security_groups": "rule:admin or rule:member or rule:reader"`
		`+ "get_security_group": "rule:admin or rule:member or rule:reader"`
		`"create_security_group": "rule:admin or rule:member"`
		`"update_security_group": "rule:admin or rule:member"`
		`"delete_security_group": "rule:admin or rule:member"`
		`- "get_security_group_rules": "rule:admin or rule:member or rule:auditor"`
		`- "get_security_group_rule": "rule:admin or rule:member or rule:auditor"`
		`+ "get_security_group_rules": "rule:admin or rule:member or rule:reader"`
		`+ "get_security_group_rule": "rule:admin or rule:member or rule:reader"`
		`"create_security_group_rule": "rule:admin or rule:member"`
		`"delete_security_group_rule": "rule:admin or rule:member"`

		`- "get_loggable_resources": "rule:admin or rule:auditor"`
		`+ "get_loggable_resources": "rule:admin or rule:reader"`
		`"create_log": "rule:admin"`
		`"update_log": "rule:admin"`
		`"delete_log": "rule:admin"`
		`- "get_logs": "rule:admin or rule:auditor"`
		`- "get_log": "rule:admin or rule:auditor"`
		`+ "get_logs": "rule:admin or rule:reader"`
		`+ "get_log": "rule:admin or rule:reader"`

services/nova/policy.yaml

file modified

+51 -51

		`@@ -50,7 +50,7 @@`

		`# List all aggregates`
		`# GET /os-aggregates`
		`- "os_compute_api:os-aggregates:index": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-aggregates:index": "rule:admin or rule:reader"`

		`# Delete an aggregate`
		`# DELETE /os-aggregates/{aggregate_id}`
		`@@ -58,7 +58,7 @@`

		`# Show details for an aggregate`
		`# GET /os-aggregates/{aggregate_id}`
		`- "os_compute_api:os-aggregates:show": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-aggregates:show": "rule:admin or rule:reader"`

		`# Create an assisted volume snapshot`
		`# POST /os-assisted-volume-snapshots`
		`@@ -72,7 +72,7 @@`
		`# a server`
		`# GET /servers/{server_id}/os-interface`
		`# GET /servers/{server_id}/os-interface/{port_id}`
		`- "os_compute_api:os-attach-interfaces": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-attach-interfaces": "rule:admin or rule:member or rule:reader"`

		`# Attach an interface to a server`
		`# POST /servers/{server_id}/os-interface`
		`@@ -84,18 +84,18 @@`

		`# List availability zone information without host information`
		`# GET /os-availability-zone`
		`- "os_compute_api:os-availability-zone:list": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-availability-zone:list": "rule:admin or rule:member or rule:reader"`

		`# List detailed availability zone information with host information`
		`# GET /os-availability-zone/detail`
		`- "os_compute_api:os-availability-zone:detail": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-availability-zone:detail": "rule:admin or rule:reader"`

		`# List and show details of bare metal nodes.`
		`#`
		`# These APIs are proxy calls to the Ironic service and are deprecated.`
		`# GET /os-baremetal-nodes`
		`# GET /os-baremetal-nodes/{node_id}`
		`- "os_compute_api:os-baremetal-nodes": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-baremetal-nodes": "rule:admin or rule:reader"`

		`# Update an existing cell`
		`# PUT /os-cells/{cell_id}`
		`@@ -111,7 +111,7 @@`
		`# GET /os-cells/info`
		`# GET /os-cells/capacities`
		`# GET /os-cells/{cell_id}`
		`- "os_compute_api:os-cells": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-cells": "rule:admin or rule:reader"`

		`# Sync instances info in all cells`
		`# POST /os-cells/sync_instances`
		`@@ -145,11 +145,11 @@`
		`# Show console connection information for a given console`
		`# authentication token`
		`# GET /os-console-auth-tokens/{console_token}`
		`- "os_compute_api:os-console-auth-tokens": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-console-auth-tokens": "rule:admin or rule:reader"`

		`# Show console output for a server`
		`# POST /servers/{server_id}/action (os-getConsoleOutput)`
		`- "os_compute_api:os-console-output": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-console-output": "rule:admin or rule:member or rule:reader"`

		`# Create a console for a server instance`
		`# POST /servers/{server_id}/consoles`
		`@@ -157,7 +157,7 @@`

		`# Show console details for a server instance`
		`# GET /servers/{server_id}/consoles/{console_id}`
		`- "os_compute_api:os-consoles:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-consoles:show": "rule:admin or rule:member or rule:reader"`

		`# Delete a console for a server instance`
		`# DELETE /servers/{server_id}/consoles/{console_id}`
		`@@ -165,7 +165,7 @@`

		`# List all consoles for a server instance`
		`# GET /servers/{server_id}/consoles`
		`- "os_compute_api:os-consoles:index": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-consoles:index": "rule:admin or rule:member or rule:reader"`

		`# Create a back up of a server`
		`# POST /servers/{server_id}/action (createBackup)`
		`@@ -208,7 +208,7 @@`
		# - ``OS-EXT-SRV-ATTR:user_data`` (since microversion 2.3)
		`# GET /servers/{id}`
		`# GET /servers/detail`
		`- "os_compute_api:os-extended-server-attributes": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-extended-server-attributes": "rule:admin or rule:member or rule:reader"`

		`# DEPRECATED`
		`# "os_compute_api:os-extended-status" has been deprecated since 17.0.0.`
		`@@ -225,7 +225,7 @@`
		# - ``OS-EXT-STS:power_state``
		`# GET /servers/{id}`
		`# GET /servers/detail`
		`- "os_compute_api:os-extended-status": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-extended-status": "rule:admin or rule:member or rule:reader"`

		`# DEPRECATED`
		`# "os_compute_api:os-extended-volumes" has been deprecated since 17.0.0.`
		`@@ -237,13 +237,13 @@`
		`# server`
		`# GET /servers/{id}`
		`# GET /servers/detail`
		`- "os_compute_api:os-extended-volumes": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-extended-volumes": "rule:admin or rule:member or rule:reader"`

		`# List available extensions and show information for an extension by`
		`# alias`
		`# GET /extensions`
		`# GET /extensions/{alias}`
		`- "os_compute_api:extensions": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:extensions": "rule:admin or rule:member or rule:reader"`

		`# Add flavor access to a tenant`
		`# POST /flavors/{flavor_id}/action (addTenantAccess)`
		`@@ -277,7 +277,7 @@`

		`# Show an extra spec for a flavor`
		`# GET /flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}`
		`- "os_compute_api:os-flavor-extra-specs:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-flavor-extra-specs:show": "rule:admin or rule:member or rule:reader"`

		`# Create extra specs for a flavor`
		`# POST /flavors/{flavor_id}/os-extra_specs/`
		`@@ -343,7 +343,7 @@`

		`# List floating IP pools. This API is deprecated.`
		`# GET /os-floating-ip-pools`
		`- "os_compute_api:os-floating-ip-pools": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-floating-ip-pools": "rule:admin or rule:member or rule:reader"`

		`# Manage a project's floating IPs. These APIs are all deprecated.`
		`# POST /servers/{server_id}/action (addFloatingIp)`
		`@@ -399,7 +399,7 @@`
		`# GET /os-hypervisors/{hypervisor_id}/uptime`
		`# GET /os-hypervisors/{hypervisor_hostname_pattern}/search`
		`# GET /os-hypervisors/{hypervisor_hostname_pattern}/servers`
		`- "os_compute_api:os-hypervisors": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-hypervisors": "rule:admin or rule:reader"`

		`# DEPRECATED`
		`# "os_compute_api:image-size" has been deprecated since 17.0.0.`
		`@@ -410,7 +410,7 @@`
		`# Add 'OS-EXT-IMG-SIZE:size' attribute in the image response.`
		`# GET /images/{id}`
		`# GET /images/detail`
		`- "os_compute_api:image-size": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:image-size": "rule:admin or rule:member or rule:reader"`

		`# Add events details in action details for a server.`
		`#`
		`@@ -422,26 +422,26 @@`
		`# host identifier and, if policy enforcement passes, the name of`
		`# the host.`
		`# GET /servers/{server_id}/os-instance-actions/{request_id}`
		`- "os_compute_api:os-instance-actions:events": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-instance-actions:events": "rule:admin or rule:reader"`

		`# List actions and show action details for a server.`
		`# GET /servers/{server_id}/os-instance-actions`
		`# GET /servers/{server_id}/os-instance-actions/{request_id}`
		`- "os_compute_api:os-instance-actions": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-instance-actions": "rule:admin or rule:member or rule:reader"`

		`# List all usage audits and that occurred before a specified time for`
		`# all servers on all compute hosts where usage auditing is configured`
		`# GET /os-instance_usage_audit_log`
		`# GET /os-instance_usage_audit_log/{before_timestamp}`
		`- "os_compute_api:os-instance-usage-audit-log": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-instance-usage-audit-log": "rule:admin or rule:reader"`

		`# Show IP addresses details for a network label of a server`
		`# GET /servers/{server_id}/ips/{network_label}`
		`- "os_compute_api:ips:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:ips:show": "rule:admin or rule:member or rule:reader"`

		`# List IP addresses that are assigned to a server`
		`# GET /servers/{server_id}/ips`
		`- "os_compute_api:ips:index": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:ips:index": "rule:admin or rule:member or rule:reader"`

		`# List all keypairs`
		`# GET /os-keypairs`
		`@@ -472,7 +472,7 @@`

		`# Show rate and absolute limits for the project`
		`# GET /limits`
		`- "os_compute_api:limits": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:limits": "rule:admin or rule:member or rule:reader"`

		`# Lock a server`
		`# POST /servers/{server_id}/action (lock)`
		`@@ -499,7 +499,7 @@`

		`# List migrations`
		`# GET /os-migrations`
		`- "os_compute_api:os-migrations:index": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-migrations:index": "rule:admin or rule:reader"`

		`# Add or remove a fixed IP address from a server.`
		`#`
		`@@ -525,7 +525,7 @@`
		`# deprecated.`
		`# GET /os-networks`
		`# GET /os-networks/{network_id}`
		`- "os_compute_api:os-networks:view": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-networks:view": "rule:admin or rule:member or rule:reader"`

		`# Associate or disassociate a network from a host or project.`
		`#`
		`@@ -545,7 +545,7 @@`

		`# List quotas for specific quota classs`
		`# GET /os-quota-class-sets/{quota_class}`
		`- "os_compute_api:os-quota-class-sets:show": "rule:admin or quota_class:%(quota_class)s or rule:auditor"`
		`+ "os_compute_api:os-quota-class-sets:show": "rule:admin or quota_class:%(quota_class)s or rule:reader"`

		`# Update quotas for specific quota class`
		`# PUT /os-quota-class-sets/{quota_class}`
		`@@ -561,7 +561,7 @@`

		`# Show a quota`
		`# GET /os-quota-sets/{tenant_id}`
		`- "os_compute_api:os-quota-sets:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-quota-sets:show": "rule:admin or rule:member or rule:reader"`

		`# Revert quotas to defaults`
		`# DELETE /os-quota-sets/{tenant_id}`
		`@@ -569,7 +569,7 @@`

		`# Show the detail of quota`
		`# GET /os-quota-sets/{tenant_id}/detail`
		`- "os_compute_api:os-quota-sets:detail": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-quota-sets:detail": "rule:admin or rule:member or rule:reader"`

		`# Generate a URL to access remove server console`
		`# POST /servers/{server_id}/action (os-getRDPConsole)`
		`@@ -631,7 +631,7 @@`

		`# Show the usage data for a server`
		`# GET /servers/{server_id}/diagnostics`
		`- "os_compute_api:os-server-diagnostics": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-server-diagnostics": "rule:admin or rule:member or rule:reader"`

		`# Create one or more external events`
		`# POST /os-server-external-events`
		`@@ -650,19 +650,19 @@`

		`# List all server groups`
		`# GET /os-server-groups`
		`- "os_compute_api:os-server-groups:index": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-server-groups:index": "rule:admin or rule:member or rule:reader"`

		`# Show details of a server group`
		`# GET /os-server-groups/{server_group_id}`
		`- "os_compute_api:os-server-groups:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-server-groups:show": "rule:admin or rule:member or rule:reader"`

		`# List all metadata of a server`
		`# GET /servers/{server_id}/metadata`
		`- "os_compute_api:server-metadata:index": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:server-metadata:index": "rule:admin or rule:member or rule:reader"`

		`# Show metadata for a server`
		`# GET /servers/{server_id}/metadata/{key}`
		`- "os_compute_api:server-metadata:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:server-metadata:show": "rule:admin or rule:member or rule:reader"`

		`# Create metadata for a server`
		`# POST /servers/{server_id}/metadata`
		`@@ -691,7 +691,7 @@`

		`# List all tags for given server`
		`# GET /servers/{server_id}/tags`
		`- "os_compute_api:os-server-tags:index": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-server-tags:index": "rule:admin or rule:member or rule:reader"`

		`# Replace all tags on specified server with the new set of tags.`
		`# PUT /servers/{server_id}/tags`
		`@@ -707,7 +707,7 @@`

		`# Check tag existence on the server.`
		`# GET /servers/{server_id}/tags/{tag}`
		`- "os_compute_api:os-server-tags:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-server-tags:show": "rule:admin or rule:member or rule:reader"`

		`# DEPRECATED`
		`# "os_compute_api:os-server-usage" has been deprecated since 17.0.0.`
		`@@ -723,32 +723,32 @@`
		`# 'os_compute_api:servers:detail' for GET /servers/detail passes`
		`# GET /servers/{id}`
		`# GET /servers/detail`
		`- "os_compute_api:os-server-usage": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-server-usage": "rule:admin or rule:member or rule:reader"`

		`# List all servers`
		`# GET /servers`
		`- "os_compute_api:servers:index": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:servers:index": "rule:admin or rule:member or rule:reader"`

		`# List all servers with detailed information`
		`# GET /servers/detail`
		`- "os_compute_api:servers:detail": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:servers:detail": "rule:admin or rule:member or rule:reader"`

		`# List all servers for all projects`
		`# GET /servers`
		`- "os_compute_api:servers:index:get_all_tenants": "rule:admin or rule:global_auditor"`
		`+ "os_compute_api:servers:index:get_all_tenants": "rule:admin or rule:global_reader"`

		`# List all servers with detailed information for all projects`
		`# GET /servers/detail`
		`- "os_compute_api:servers:detail:get_all_tenants": "rule:admin or rule:auditor"`
		`+ "os_compute_api:servers:detail:get_all_tenants": "rule:admin or rule:reader"`

		`# Show a server`
		`# GET /servers/{server_id}`
		`- "os_compute_api:servers:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:servers:show": "rule:admin or rule:member or rule:reader"`

		`# Show a server with additional host status information`
		`# GET /servers/{server_id}`
		`# GET /servers/detail`
		`- "os_compute_api:servers:show:host_status": "rule:admin or rule:auditor"`
		`+ "os_compute_api:servers:show:host_status": "rule:admin or rule:reader"`

		`# Create a server`
		`# POST /servers`
		`@@ -858,7 +858,7 @@`

		`# Show details for an in-progress live migration for a given server`
		`# GET /servers/{server_id}/migrations/{migration_id}`
		`- "os_compute_api:servers:migrations:show": "rule:admin or rule:auditor"`
		`+ "os_compute_api:servers:migrations:show": "rule:admin or rule:reader"`

		`# Force an in-progress live migration for a given server to complete`
		`# POST /servers/{server_id}/migrations/{migration_id}/action (force_complete)`
		`@@ -870,7 +870,7 @@`

		`# Lists in-progress live migrations for a given server`
		`# GET /servers/{server_id}/migrations`
		`- "os_compute_api:servers:migrations:index": "rule:admin or rule:auditor"`
		`+ "os_compute_api:servers:migrations:index": "rule:admin or rule:reader"`

		`# List all running Compute services in a region, enables or disable`
		`# scheduling for a Compute service, logs disabled Compute service`
		`@@ -899,11 +899,11 @@`

		`# Show usage statistics for a specific tenant`
		`# GET /os-simple-tenant-usage/{tenant_id}`
		`- "os_compute_api:os-simple-tenant-usage:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-simple-tenant-usage:show": "rule:admin or rule:member or rule:reader"`

		`# List per tenant usage statistics for all tenants`
		`# GET /os-simple-tenant-usage`
		`- "os_compute_api:os-simple-tenant-usage:list": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-simple-tenant-usage:list": "rule:admin or rule:reader"`

		`# Resume suspended server`
		`# POST /servers/{server_id}/action (resume)`
		`@@ -929,7 +929,7 @@`
		`# project limits. And this check is performed only after the check`
		`# os_compute_api:limits passes`
		`# GET /limits`
		`- "os_compute_api:os-used-limits": "rule:admin or rule:auditor"`
		`+ "os_compute_api:os-used-limits": "rule:admin or rule:reader"`

		`# Manage volumes for use with the Compute API.`
		`#`
		`@@ -950,7 +950,7 @@`

		`# List volume attachments for an instance`
		`# GET /servers/{server_id}/os-volume_attachments`
		`- "os_compute_api:os-volumes-attachments:index": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-volumes-attachments:index": "rule:admin or rule:member or rule:reader"`

		`# Attach a volume to an instance`
		`# POST /servers/{server_id}/os-volume_attachments`
		`@@ -958,7 +958,7 @@`

		`# Show details of a volume attachment`
		`# GET /servers/{server_id}/os-volume_attachments/{attachment_id}`
		`- "os_compute_api:os-volumes-attachments:show": "rule:admin or rule:member or rule:auditor"`
		`+ "os_compute_api:os-volumes-attachments:show": "rule:admin or rule:member or rule:reader"`

		`# Update a volume attachment`
		`# PUT /servers/{server_id}/os-volume_attachments/{attachment_id}`

services/panko/policy.yaml

file modified

+3 -3

		`@@ -5,16 +5,16 @@`
		`# GET /v2/events`
		`# GET /v2/events/{message_id}`
		`#`
		`- "segregation": "rule:admin or rule:member or rule:auditor"`
		`+ "segregation": "rule:admin or rule:member or rule:reader"`

		`### Policy Rules defined in panko.policies.telemetry`

		`# Return all events matching the query filters.`
		`# GET /v2/events`
		`#`
		`- "telemetry:events:index": "rule:admin or rule:member or rule:auditor"`
		`+ "telemetry:events:index": "rule:admin or rule:member or rule:reader"`

		`# Return a single event with the given message id.`
		`# GET /v2/events/{message_id}`
		`#`
		`- "telemetry:events:show": "rule:admin or rule:member or rule:auditor"`
		`+ "telemetry:events:show": "rule:admin or rule:member or rule:reader"`

tests/auth_token_reader/access.json ~~tests/auth_token_auditor/access.json~~

file renamed