From b5995a63f67fc6524d50f3489fa91e746c641c17 Mon Sep 17 00:00:00 2001
From: Adam Young <ayoung@redhat.com>
Date: Dec 15 2018 02:44:03 +0000
Subject: Revert "Updated roles to global/project, also changed reader to auditor"


This reverts commit 83b0d2256c37c1830b8e87f956eefa7acda80d57.

---

diff --git a/common/common.yaml b/common/common.yaml
index 9790326..9a38aa8 100644
--- a/common/common.yaml
+++ b/common/common.yaml
@@ -1,23 +1,14 @@
 # COMMON
 
-# A global auditor role, which is a read-only version of global_admin
-global_auditor: "(role:auditor and is_admin_project:True)"
+# A global reader role, that is able to read things that don't have a project_id associated
+global_reader: "(role:global_reader and is_admin_project:True)"
 
-# The specification for project scoped auditors, who should be able to read
-# data in a project, but never modify it
-project_auditor: "(role:auditor and project_id:%(project_id)s)"
-
-# A rule specifying that auditor role is required with either project or global scope
-auditor: "(rule:global_auditor or rule:project_auditor)"
+# The specification for readers, who should only be able to read, never modify, data.
+# This rule incorporates other less strict reader specifications, so any reader
+reader: "((role:reader and project_id:%(project_id)s) or rule:global_reader)"
 
 # This is the default admin specification, able to control every part of the cloud without issue
-global_admin: "(is_admin:True or (role:admin and is_admin_project:True))"
-
-# A project-scoped version of admin
-project_admin: "(role:admin and project_id:%(project_id)s)"
-
-# A rule specifying that admin role is required with either project or global scope
-admin: "(rule:project_admin or rule:global_admin)"
+admin: "(is_admin:True or role:admin  and (is_admin_project:True or  project_id:%(project_id)s))"
 
 # This is a helper role specification for members, since some deployers use "member", and some use "_member_"
 _member_role: "(role:Member or role:member or role:_member_)"
diff --git a/patrole-base.log b/patrole-base.log
index ae55c56..0063427 100644
--- a/patrole-base.log
+++ b/patrole-base.log
@@ -1832,463 +1832,463 @@
 {"role": "Member", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
 {"role": "Member", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
 {"role": "Member", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_flavor_manage", "rules": "os_compute_api:os-flavor-manage:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_limits", "rules": "os_compute_api:limits", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_get_availability_zone_list_detail_rbac", "rules": "os_compute_api:os-availability-zone:detail", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_add_host_to_aggregate_rbac", "rules": "os_compute_api:os-aggregates:add_host", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_get_availability_zone_list_rbac", "rules": "os_compute_api:os-availability-zone:list", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_create_aggregate_rbac", "rules": "os_compute_api:os-aggregates:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_flavor_manage", "rules": "os_compute_api:os-flavor-manage:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_agents_rbac", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_aggregate_rbac", "rules": "os_compute_api:os-aggregates:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_update_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_aggregate_rbac", "rules": "os_compute_api:os-aggregates:index", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_add_flavor_access", "rules": "os_compute_api:os-flavor-access:add_tenant_access", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_floating_ips_bulk", "rules": "os_compute_api:os-floating-ips-bulk", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_remove_host_from_aggregate_rbac", "rules": "os_compute_api:os-aggregates:remove_host", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_flavor_access", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_floating_ip_pools", "rules": "os_compute_api:os-floating-ip-pools", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:show", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_flavors_details_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_set_metadata_on_aggregate_rbac", "rules": "os_compute_api:os-aggregates:set_metadata", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_update_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_remove_flavor_access", "rules": "os_compute_api:os-flavor-access:remove_tenant_access", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_aggregate_rbac", "rules": "os_compute_api:os-aggregates:show", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_instance_usage_audit_logs", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_flavor_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_update_aggregate_rbac", "rules": "os_compute_api:os-aggregates:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_instance_usage_audit_log", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_hosts", "rules": "os_compute_api:os-hosts", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_hypervisors", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_flavor_extra_specs", "rules": "os_compute_api:os-flavor-extra-specs:index", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-migrations:index", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_images", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_hypervisors_with_details", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_set_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_images_with_details", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_servers_on_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_search_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_unset_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_keypair", "rules": "os_compute_api:os-keypairs:create", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_update_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_keypair", "rules": "os_compute_api:os-keypairs:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_hypervisor_statistics", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_index_keypair", "rules": "os_compute_api:os-keypairs:index", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_hypervisor_uptime", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_get_flavor_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_keypair", "rules": "os_compute_api:os-keypairs:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_flavors_details_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_create_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_delete_quota_set", "rules": "os_compute_api:os-quota-sets:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_default_quota_set", "rules": "os_compute_api:os-quota-sets:defaults", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_quota_set", "rules": "os_compute_api:os-quota-sets:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_image_metadata", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_quota_set_details", "rules": "os_compute_api:os-quota-sets:detail", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_update_quota_set", "rules": "os_compute_api:os-quota-sets:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_list_images_with_details", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_image_details", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_create_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_image_metadata_item", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_delete_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_update_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_show_tenant_networks", "rules": "os_compute_api:os-tenant-networks", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_domain_config", "rules": "identity:create_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_domain_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_domain_group_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_domain_group_option_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_default_config_settings", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_default_group_config", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_default_group_option", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_domain_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_domain_group_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_domain_group_option_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_security_compliance_domain_config", "rules": "identity:get_security_compliance_domain_config", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_domain_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_domain_group_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_domain_group_option_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_authorize_request_token", "rules": "identity:authorize_request_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_get_access_token", "rules": "identity:get_access_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_get_access_token_role", "rules": "identity:get_access_token_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_access_token_roles", "rules": "identity:list_access_token_roles", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_access_tokens", "rules": "identity:list_access_tokens", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_revoke_access_token", "rules": "identity:delete_access_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_role_from_group_on_domain_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_role_from_group_on_project_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_role_inference_rule", "rules": "identity:check_implied_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_user_role_existence_on_domain", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_user_role_existence_on_project", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_group_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_group_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_role", "rules": "identity:create_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_role_inference_rule", "rules": "identity:create_implied_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_user_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_user_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role", "rules": "identity:delete_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_from_group_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_from_group_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_from_user_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_from_user_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_inference_rule", "rules": "identity:delete_implied_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_all_role_inference_rules", "rules": "identity:list_role_inference_rules", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_group_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_group_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_role_inferences_rules", "rules": "identity:list_implied_roles", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_roles", "rules": "identity:list_roles", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_user_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_user_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_role", "rules": "identity:get_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_role_inference_rule", "rules": "identity:get_implied_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_role", "rules": "identity:update_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_domain", "rules": "identity:create_domain", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_domain", "rules": "identity:delete_domain", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_service", "rules": "identity:create_service", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_domains", "rules": "identity:list_domains", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_service", "rules": "identity:delete_service", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_domain", "rules": "identity:get_domain", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_services", "rules": "identity:list_services", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_domain", "rules": "identity:update_domain", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_service", "rules": "identity:get_service", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_service", "rules": "identity:update_service", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_server_group", "rules": "os_compute_api:os-server-groups:create", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_consumer", "rules": "identity:create_consumer", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_server_group", "rules": "os_compute_api:os-server-groups:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_consumer", "rules": "identity:delete_consumer", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_create_metadef_namespace", "rules": "add_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_server_groups", "rules": "os_compute_api:os-server-groups:index", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_consumers", "rules": "identity:list_consumers", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_list_metadef_namespaces", "rules": "get_metadef_namespaces", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_consumer", "rules": "identity:get_consumer", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_server_group", "rules": "os_compute_api:os-server-groups:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_modify_metadef_namespace", "rules": "modify_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_consumer", "rules": "identity:update_consumer", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_add_metadef_resource_type", "rules": "add_metadef_resource_type_association", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_create", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_get_metadef_resource_type", "rules": "get_metadef_resource_type", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_delete", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_list_metadef_resource_types", "rules": "list_metadef_resource_types", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_list", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_show", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_add_image_member", "rules": "add_member", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_update", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image_member", "rules": "delete_member", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_image_members", "rules": "get_members", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_image_member", "rules": "get_member", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_reset_group_status", "rules": "group:reset_status", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_update_image_member", "rules": "modify_member", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_agent", "rules": "get_agent", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_manage_snapshot_rbac", "rules": "snapshot_extension:snapshot_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_agent", "rules": "update_agent", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_unmanage_snapshot_rbac", "rules": "snapshot_extension:snapshot_unmanage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_volume_summary", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_floating_ip", "rules": "create_floatingip", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_floating_ip_floatingip_address", "rules": "create_floatingip:floating_ip_address", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_add_type_access", "rules": "volume_extension:volume_type_access:addProjectAccess", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_type_access", "rules": "volume_extension:volume_type_access", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_floating_ip", "rules": "delete_floatingip", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_remove_type_access", "rules": "volume_extension:volume_type_access:removeProjectAccess", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_floating_ip", "rules": "get_floatingip", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_floating_ip", "rules": "update_floatingip", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_manage", "rules": "volume_extension:volume_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_unmanage", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network", "rules": "create_network", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_provider_network_type", "rules": "create_network:provider:network_type", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_provider_segmentation_id", "rules": "create_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_router_external", "rules": "create_network:router:external", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_shared", "rules": "create_network:shared", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_network", "rules": "delete_network", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_dhcp_agents_on_hosting_network", "rules": "get_dhcp-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network", "rules": "get_network", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_provider_network_type", "rules": "get_network:provider:network_type", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_provider_physical_network", "rules": "get_network:provider:physical_network", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_provider_segmentation_id", "rules": "get_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_router_external", "rules": "get_network:router:external", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_network", "rules": "update_network", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_network_router_external", "rules": "update_network:router:external", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_network_shared", "rules": "update_network:shared", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-services", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_list_subnets", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_check_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_endpoint_group", "rules": "identity:create_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_endpoint_group", "rules": "identity:delete_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_endpoint_groups", "rules": "identity:list_endpoint_groups", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_group", "rules": "group:create", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_endpoint_group", "rules": "identity:update_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_group", "rules": "group:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_policy", "rules": "identity:create_policy", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_groups", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_policy", "rules": "identity:delete_policy", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_groups_with_details", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_policies", "rules": "identity:list_policies", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_policy", "rules": "identity:get_policy", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_group", "rules": "group:get", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_policy", "rules": "identity:update_policy", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_group", "rules": "group:update", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_user", "rules": "identity:create_user", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_user", "rules": "identity:delete_user", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_own_user_group", "rules": "identity:list_groups_for_user", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_own_user_projects", "rules": "identity:list_user_projects", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_snapshot_metadata", "rules": "volume_extension:extended_snapshot_attributes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_users", "rules": "identity:list_users", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_snapshot_metadata_item", "rules": "volume:delete_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_own_user", "rules": "identity:get_user", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_get_snapshot_metadata", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_user", "rules": "identity:update_user", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_get_snapshot_metadata_for_volume_tenant", "rules": "volume_extension:volume_tenant_attribute", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_snapshot_metadata_item", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_create_metadef_object_in_namespace", "rules": "add_metadef_object", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_snapshot_metadata", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_metadef_objects_in_namespace", "rules": "get_metadef_objects", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_snapshot_metadata_item", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_metadef_object_in_namespace", "rules": "get_metadef_object", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_metadef_object_in_namespace", "rules": "modify_metadef_object", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_create_namespace_tag", "rules": "add_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_upload_public", "rules": "volume_extension:volume_actions:upload_public", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_create_namespace_tags", "rules": "add_metadef_tags", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_namespace_tags", "rules": "get_metadef_tags", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_namespace_tag", "rules": "get_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_namespace_tag", "rules": "modify_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_router_on_l3_agent", "rules": "create_l3-router", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_router_from_l3_agent", "rules": "delete_l3-router", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_list_routers_on_l3_agent", "rules": "get_l3-routers", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_subnetpool", "rules": "create_subnetpool", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_subnetpool_shared", "rules": "create_subnetpool:shared", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_subnetpool", "rules": "delete_subnetpool", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_subnetpool", "rules": "get_subnetpool", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_subnetpool", "rules": "update_subnetpool", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_subnetpool_is_default", "rules": "update_subnetpool:is_default", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_unmanage_volume", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_group_type_group_specs", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_force_delete", "rules": "volume_extension:volume_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_readonly_update", "rules": "volume:update_readonly_flag", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_group_type", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_region", "rules": "identity:create_region", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_reserve", "rules": "volume_extension:volume_actions:reserve", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_region", "rules": "identity:delete_region", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_reset_status", "rules": "volume_extension:volume_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_regions", "rules": "identity:list_regions", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_region", "rules": "identity:get_region", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_hosts", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_retype", "rules": "volume:retype", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_region", "rules": "identity:update_region", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_host", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_set_bootable", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_unreserve", "rules": "volume_extension:volume_actions:unreserve", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_check_token_existence_negative", "rules": "identity:check_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_metadata", "rules": "volume:create_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_token_negative", "rules": "identity:revoke_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_upload", "rules": "volume_extension:volume_actions:upload_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_token_negative", "rules": "identity:validate_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_metadata_item", "rules": "volume:delete_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_volume_metadata", "rules": "volume:get_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_add_md_properties", "rules": "add_metadef_property", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_get_md_properties", "rules": "get_metadef_properties", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_metadata", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_get_md_property", "rules": "get_metadef_property", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_metadata_item", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_modify_md_properties", "rules": "modify_metadef_property", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_service_providers", "rules": "get_service_provider", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_message", "rules": "message:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_messages", "rules": "message:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_message", "rules": "message:get", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_endpoint", "rules": "identity:create_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_endpoint", "rules": "identity:delete_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_endpoints", "rules": "identity:list_endpoints", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_endpoint", "rules": "identity:get_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_endpoint", "rules": "identity:update_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_delete_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_add_user_group", "rules": "identity:add_user_to_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_user_group", "rules": "identity:check_user_in_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_group", "rules": "identity:create_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_snapshots", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_group", "rules": "identity:delete_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_volumes", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_groups", "rules": "identity:list_groups", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_user_group", "rules": "identity:list_users_in_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_remove_user_group", "rules": "identity:remove_user_from_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_group", "rules": "identity:get_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_group", "rules": "identity:update_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_auth_domain", "rules": "identity:get_auth_domains", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_auth_projects", "rules": "identity:get_auth_projects", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_project", "rules": "identity:create_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_project", "rules": "identity:delete_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_credential", "rules": "identity:create_credential", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_projects", "rules": "identity:list_projects", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_credential", "rules": "identity:delete_credential", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_project", "rules": "identity:get_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_credentials", "rules": "identity:list_credentials", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_project", "rules": "identity:update_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_credential", "rules": "identity:get_credential", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_credential", "rules": "identity:update_credential", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_role_assignments", "rules": "identity:list_role_assignments", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_role_assignments_for_tree", "rules": "identity:list_role_assignments_for_tree", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_add_endpoint_to_project", "rules": "identity:add_endpoint_to_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_endpoint_in_project", "rules": "identity:check_endpoint_in_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_token_exsitence", "rules": "identity:check_token", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_endpoints_in_project", "rules": "identity:list_endpoints_for_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_token", "rules": "identity:revoke_token", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_projects_for_endpoint", "rules": "identity:list_projects_for_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_token", "rules": "identity:validate_token", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_remove_endpoint_from_project", "rules": "identity:remove_endpoint_from_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_trust", "rules": "identity:create_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_add_dhcp_agent_to_network", "rules": "create_dhcp-network", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_trust_negative", "rules": "identity:create_trust", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_network_from_dhcp_agent", "rules": "delete_dhcp-network", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_trust", "rules": "identity:delete_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_roles_for_trust", "rules": "identity:list_roles_for_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_networks_hosted_by_one_dhcp_agent", "rules": "get_dhcp-networks", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_trusts", "rules": "identity:list_trusts", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_trust", "rules": "identity:get_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_segments", "rules": "create_network:segments", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_trust_role", "rules": "identity:get_role_for_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_segments", "rules": "get_network:segments", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_communitize_image", "rules": "communitize_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_network_segments", "rules": "update_network:segments", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_create_image", "rules": "add_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_create_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_deactivate_image", "rules": "deactivate", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port", "rules": "create_port", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_allowed_address_pairs", "rules": "create_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_binding_host_id", "rules": "create_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_download_image", "rules": "download_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_binding_profile", "rules": "create_port:binding:profile", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_publicize_image", "rules": "publicize_image", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_device_owner", "rules": "create_port:device_owner", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_reactivate_image", "rules": "reactivate", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_fixed_ips_ip_address", "rules": "create_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_image", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_image", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_mac_address", "rules": "create_port:mac_address", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_upload_image", "rules": "upload_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_security_enabled", "rules": "create_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_port", "rules": "delete_port", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port", "rules": "get_port", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_add_router_interface", "rules": "add_router_interface", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port_binding_host_id", "rules": "get_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port_binding_profile", "rules": "get_port:binding:profile", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_distributed_router", "rules": "create_router:distributed", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port_binding_vif_details", "rules": "get_port:binding:vif_details", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_high_availability_router", "rules": "create_router:ha", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port_binding_vif_type", "rules": "get_port:binding:vif_type", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_router", "rules": "create_router", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_router_enable_snat", "rules": "create_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port", "rules": "update_port", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_router_external_fixed_ips", "rules": "create_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_allowed_address_pairs", "rules": "update_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_router", "rules": "delete_router", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_binding_host_id", "rules": "update_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_binding_profile", "rules": "update_port:binding:profile", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_remove_router_interface", "rules": "remove_router_interface", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_device_owner", "rules": "update_port:device_owner", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_distributed_router", "rules": "get_router:distributed", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_fixed_ips_ip_address", "rules": "update_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_mac_address", "rules": "update_port:mac_address", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_high_availability_router", "rules": "get_router:ha", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_security_enabled", "rules": "update_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_router", "rules": "get_router", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_distributed_router", "rules": "update_router:distributed", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_high_availability_router", "rules": "update_router:ha", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router", "rules": "update_router", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router_enable_snat", "rules": "update_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router_external_fixed_ips", "rules": "update_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_security_group", "rules": "create_security_group", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router_external_gateway_info", "rules": "update_router:external_gateway_info", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_security_group_rule", "rules": "create_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_security_group", "rules": "delete_security_group", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router_external_gateway_info_network_id", "rules": "update_router:external_gateway_info:network_id", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_security_group_rule", "rules": "delete_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_security_group_rules", "rules": "get_security_group_rules", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_security_groups", "rules": "get_security_groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_security_group_rule", "rules": "get_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_security_groups", "rules": "get_security_group", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_back_end_capabilities", "rules": "volume_extension:capabilities", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_security_group", "rules": "update_security_group", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_associate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_limits", "rules": "limits_extension:used_limits", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_back_end_storage_pools", "rules": "scheduler_extension:scheduler_stats:get_pools", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_disassociate_all_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_disassociate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_get_association_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume", "rules": "volume:create", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume", "rules": "volume:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_set_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_qos", "rules": "volume_extension:qos_specs_manage:get", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_get_volume", "rules": "volume:get", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_unset_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_list", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_list_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_reset_snapshot_status", "rules": "volume_extension:snapshot_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_force_delete", "rules": "volume_extension:snapshot_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_snapshot_status", "rules": "snapshot_extension:snapshot_actions:update_snapshot_status", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_accept_volume_transfer", "rules": "volume:accept_transfer", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_transfer", "rules": "volume:create_transfer", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_transfer", "rules": "volume:delete_transfer", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_get_volume_transfer", "rules": "volume:get_transfer", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_quota_set", "rules": "volume_extension:quotas:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_volume_transfers", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_default_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_volume_transfers_details", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_quotas_usage_true", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_quota_set", "rules": "volume_extension:quotas:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_volume_types_extra_specs", "rules": "volume_extension:types_extra_specs:index", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_services", "rules": "volume_extension:services:index", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:show", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_create", "rules": "volume:create_snapshot", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_delete", "rules": "volume:delete_snapshot", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_get", "rules": "volume:get_snapshot", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_update", "rules": "volume:update_snapshot", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshots_get_all", "rules": "volume:get_all_snapshots", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_extend", "rules": "volume:extend", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_create_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_flavor_manage", "rules": "os_compute_api:os-flavor-manage:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_limits", "rules": "os_compute_api:limits", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_get_availability_zone_list_detail_rbac", "rules": "os_compute_api:os-availability-zone:detail", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_add_host_to_aggregate_rbac", "rules": "os_compute_api:os-aggregates:add_host", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_get_availability_zone_list_rbac", "rules": "os_compute_api:os-availability-zone:list", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_create_aggregate_rbac", "rules": "os_compute_api:os-aggregates:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_flavor_manage", "rules": "os_compute_api:os-flavor-manage:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_agents_rbac", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_aggregate_rbac", "rules": "os_compute_api:os-aggregates:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_update_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_aggregate_rbac", "rules": "os_compute_api:os-aggregates:index", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_add_flavor_access", "rules": "os_compute_api:os-flavor-access:add_tenant_access", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_floating_ips_bulk", "rules": "os_compute_api:os-floating-ips-bulk", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_remove_host_from_aggregate_rbac", "rules": "os_compute_api:os-aggregates:remove_host", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_flavor_access", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_floating_ip_pools", "rules": "os_compute_api:os-floating-ip-pools", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:show", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_flavors_details_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_set_metadata_on_aggregate_rbac", "rules": "os_compute_api:os-aggregates:set_metadata", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_update_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_remove_flavor_access", "rules": "os_compute_api:os-flavor-access:remove_tenant_access", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_aggregate_rbac", "rules": "os_compute_api:os-aggregates:show", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_instance_usage_audit_logs", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_flavor_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_update_aggregate_rbac", "rules": "os_compute_api:os-aggregates:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_instance_usage_audit_log", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_hosts", "rules": "os_compute_api:os-hosts", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_hypervisors", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_flavor_extra_specs", "rules": "os_compute_api:os-flavor-extra-specs:index", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-migrations:index", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_images", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_hypervisors_with_details", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_set_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_images_with_details", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_servers_on_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_search_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_unset_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_keypair", "rules": "os_compute_api:os-keypairs:create", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_update_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_keypair", "rules": "os_compute_api:os-keypairs:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_hypervisor_statistics", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_index_keypair", "rules": "os_compute_api:os-keypairs:index", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_hypervisor_uptime", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_get_flavor_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_keypair", "rules": "os_compute_api:os-keypairs:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_flavors_details_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_create_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_delete_quota_set", "rules": "os_compute_api:os-quota-sets:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_default_quota_set", "rules": "os_compute_api:os-quota-sets:defaults", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_delete_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_quota_set", "rules": "os_compute_api:os-quota-sets:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_image_metadata", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_quota_set_details", "rules": "os_compute_api:os-quota-sets:detail", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_update_quota_set", "rules": "os_compute_api:os-quota-sets:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_list_images_with_details", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_image_details", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_create_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_image_metadata_item", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_delete_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_update_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_show_tenant_networks", "rules": "os_compute_api:os-tenant-networks", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_domain_config", "rules": "identity:create_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_domain_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_domain_group_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_domain_group_option_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_default_config_settings", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_default_group_config", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_default_group_option", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_domain_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_domain_group_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_domain_group_option_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_security_compliance_domain_config", "rules": "identity:get_security_compliance_domain_config", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_domain_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_domain_group_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_domain_group_option_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_authorize_request_token", "rules": "identity:authorize_request_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_get_access_token", "rules": "identity:get_access_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_get_access_token_role", "rules": "identity:get_access_token_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_access_token_roles", "rules": "identity:list_access_token_roles", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_access_tokens", "rules": "identity:list_access_tokens", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_revoke_access_token", "rules": "identity:delete_access_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_role_from_group_on_domain_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_role_from_group_on_project_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_role_inference_rule", "rules": "identity:check_implied_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_user_role_existence_on_domain", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_user_role_existence_on_project", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_group_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_group_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_role", "rules": "identity:create_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_role_inference_rule", "rules": "identity:create_implied_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_user_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_user_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role", "rules": "identity:delete_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_from_group_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_from_group_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_from_user_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_from_user_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_inference_rule", "rules": "identity:delete_implied_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_all_role_inference_rules", "rules": "identity:list_role_inference_rules", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_group_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_group_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_role_inferences_rules", "rules": "identity:list_implied_roles", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_roles", "rules": "identity:list_roles", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_user_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_user_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_role", "rules": "identity:get_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_role_inference_rule", "rules": "identity:get_implied_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_role", "rules": "identity:update_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_domain", "rules": "identity:create_domain", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_domain", "rules": "identity:delete_domain", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_service", "rules": "identity:create_service", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_domains", "rules": "identity:list_domains", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_service", "rules": "identity:delete_service", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_domain", "rules": "identity:get_domain", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_services", "rules": "identity:list_services", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_domain", "rules": "identity:update_domain", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_service", "rules": "identity:get_service", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_service", "rules": "identity:update_service", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_server_group", "rules": "os_compute_api:os-server-groups:create", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_consumer", "rules": "identity:create_consumer", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_server_group", "rules": "os_compute_api:os-server-groups:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_delete_consumer", "rules": "identity:delete_consumer", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_create_metadef_namespace", "rules": "add_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_server_groups", "rules": "os_compute_api:os-server-groups:index", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_consumers", "rules": "identity:list_consumers", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_list_metadef_namespaces", "rules": "get_metadef_namespaces", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_consumer", "rules": "identity:get_consumer", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_server_group", "rules": "os_compute_api:os-server-groups:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_modify_metadef_namespace", "rules": "modify_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_consumer", "rules": "identity:update_consumer", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_add_metadef_resource_type", "rules": "add_metadef_resource_type_association", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_create", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_get_metadef_resource_type", "rules": "get_metadef_resource_type", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_delete", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_list_metadef_resource_types", "rules": "list_metadef_resource_types", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_list", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_show", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_add_image_member", "rules": "add_member", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_update", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_delete_image_member", "rules": "delete_member", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_image_members", "rules": "get_members", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_image_member", "rules": "get_member", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_reset_group_status", "rules": "group:reset_status", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_update_image_member", "rules": "modify_member", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_agent", "rules": "get_agent", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_manage_snapshot_rbac", "rules": "snapshot_extension:snapshot_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_agent", "rules": "update_agent", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_unmanage_snapshot_rbac", "rules": "snapshot_extension:snapshot_unmanage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_volume_summary", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_floating_ip", "rules": "create_floatingip", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_floating_ip_floatingip_address", "rules": "create_floatingip:floating_ip_address", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_add_type_access", "rules": "volume_extension:volume_type_access:addProjectAccess", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_type_access", "rules": "volume_extension:volume_type_access", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_floating_ip", "rules": "delete_floatingip", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_remove_type_access", "rules": "volume_extension:volume_type_access:removeProjectAccess", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_floating_ip", "rules": "get_floatingip", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_floating_ip", "rules": "update_floatingip", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_manage", "rules": "volume_extension:volume_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_unmanage", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_network", "rules": "create_network", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_provider_network_type", "rules": "create_network:provider:network_type", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_provider_segmentation_id", "rules": "create_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_router_external", "rules": "create_network:router:external", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_shared", "rules": "create_network:shared", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_network", "rules": "delete_network", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_dhcp_agents_on_hosting_network", "rules": "get_dhcp-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_network", "rules": "get_network", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_provider_network_type", "rules": "get_network:provider:network_type", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_provider_physical_network", "rules": "get_network:provider:physical_network", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_provider_segmentation_id", "rules": "get_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_router_external", "rules": "get_network:router:external", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_network", "rules": "update_network", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_network_router_external", "rules": "update_network:router:external", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_network_shared", "rules": "update_network:shared", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-services", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_list_subnets", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_check_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_endpoint_group", "rules": "identity:create_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_endpoint_group", "rules": "identity:delete_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_endpoint_groups", "rules": "identity:list_endpoint_groups", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_group", "rules": "group:create", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_endpoint_group", "rules": "identity:update_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_group", "rules": "group:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_policy", "rules": "identity:create_policy", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_groups", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_delete_policy", "rules": "identity:delete_policy", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_groups_with_details", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_policies", "rules": "identity:list_policies", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_policy", "rules": "identity:get_policy", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_group", "rules": "group:get", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_policy", "rules": "identity:update_policy", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_group", "rules": "group:update", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_user", "rules": "identity:create_user", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_user", "rules": "identity:delete_user", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_own_user_group", "rules": "identity:list_groups_for_user", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_own_user_projects", "rules": "identity:list_user_projects", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_snapshot_metadata", "rules": "volume_extension:extended_snapshot_attributes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_users", "rules": "identity:list_users", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_snapshot_metadata_item", "rules": "volume:delete_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_own_user", "rules": "identity:get_user", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_get_snapshot_metadata", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_user", "rules": "identity:update_user", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_get_snapshot_metadata_for_volume_tenant", "rules": "volume_extension:volume_tenant_attribute", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_snapshot_metadata_item", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_create_metadef_object_in_namespace", "rules": "add_metadef_object", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_snapshot_metadata", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_metadef_objects_in_namespace", "rules": "get_metadef_objects", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_snapshot_metadata_item", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_metadef_object_in_namespace", "rules": "get_metadef_object", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_metadef_object_in_namespace", "rules": "modify_metadef_object", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_create_namespace_tag", "rules": "add_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_upload_public", "rules": "volume_extension:volume_actions:upload_public", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_create_namespace_tags", "rules": "add_metadef_tags", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_namespace_tags", "rules": "get_metadef_tags", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_namespace_tag", "rules": "get_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_namespace_tag", "rules": "modify_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_router_on_l3_agent", "rules": "create_l3-router", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_delete_router_from_l3_agent", "rules": "delete_l3-router", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_list_routers_on_l3_agent", "rules": "get_l3-routers", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_subnetpool", "rules": "create_subnetpool", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_subnetpool_shared", "rules": "create_subnetpool:shared", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_delete_subnetpool", "rules": "delete_subnetpool", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_subnetpool", "rules": "get_subnetpool", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_subnetpool", "rules": "update_subnetpool", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_subnetpool_is_default", "rules": "update_subnetpool:is_default", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_unmanage_volume", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_group_type_group_specs", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_force_delete", "rules": "volume_extension:volume_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_readonly_update", "rules": "volume:update_readonly_flag", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_group_type", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_region", "rules": "identity:create_region", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_reserve", "rules": "volume_extension:volume_actions:reserve", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_region", "rules": "identity:delete_region", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_reset_status", "rules": "volume_extension:volume_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_regions", "rules": "identity:list_regions", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_region", "rules": "identity:get_region", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_hosts", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_retype", "rules": "volume:retype", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_region", "rules": "identity:update_region", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_host", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_set_bootable", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_unreserve", "rules": "volume_extension:volume_actions:unreserve", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_check_token_existence_negative", "rules": "identity:check_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_metadata", "rules": "volume:create_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_delete_token_negative", "rules": "identity:revoke_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_upload", "rules": "volume_extension:volume_actions:upload_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_token_negative", "rules": "identity:validate_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_metadata_item", "rules": "volume:delete_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_volume_metadata", "rules": "volume:get_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_add_md_properties", "rules": "add_metadef_property", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_get_md_properties", "rules": "get_metadef_properties", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_metadata", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_get_md_property", "rules": "get_metadef_property", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_metadata_item", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_modify_md_properties", "rules": "modify_metadef_property", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_service_providers", "rules": "get_service_provider", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_message", "rules": "message:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_messages", "rules": "message:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_message", "rules": "message:get", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_endpoint", "rules": "identity:create_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_endpoint", "rules": "identity:delete_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_endpoints", "rules": "identity:list_endpoints", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_endpoint", "rules": "identity:get_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_endpoint", "rules": "identity:update_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_delete_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_add_user_group", "rules": "identity:add_user_to_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_user_group", "rules": "identity:check_user_in_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_group", "rules": "identity:create_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_snapshots", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_delete_group", "rules": "identity:delete_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_volumes", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_groups", "rules": "identity:list_groups", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_user_group", "rules": "identity:list_users_in_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_remove_user_group", "rules": "identity:remove_user_from_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_group", "rules": "identity:get_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_group", "rules": "identity:update_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_auth_domain", "rules": "identity:get_auth_domains", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_auth_projects", "rules": "identity:get_auth_projects", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_project", "rules": "identity:create_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_project", "rules": "identity:delete_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_credential", "rules": "identity:create_credential", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_projects", "rules": "identity:list_projects", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_credential", "rules": "identity:delete_credential", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_project", "rules": "identity:get_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_credentials", "rules": "identity:list_credentials", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_project", "rules": "identity:update_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_credential", "rules": "identity:get_credential", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_credential", "rules": "identity:update_credential", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_role_assignments", "rules": "identity:list_role_assignments", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_role_assignments_for_tree", "rules": "identity:list_role_assignments_for_tree", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_add_endpoint_to_project", "rules": "identity:add_endpoint_to_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_endpoint_in_project", "rules": "identity:check_endpoint_in_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_token_exsitence", "rules": "identity:check_token", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_endpoints_in_project", "rules": "identity:list_endpoints_for_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_token", "rules": "identity:revoke_token", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_projects_for_endpoint", "rules": "identity:list_projects_for_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_token", "rules": "identity:validate_token", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_remove_endpoint_from_project", "rules": "identity:remove_endpoint_from_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_trust", "rules": "identity:create_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_add_dhcp_agent_to_network", "rules": "create_dhcp-network", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_trust_negative", "rules": "identity:create_trust", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_delete_network_from_dhcp_agent", "rules": "delete_dhcp-network", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_trust", "rules": "identity:delete_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_roles_for_trust", "rules": "identity:list_roles_for_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_networks_hosted_by_one_dhcp_agent", "rules": "get_dhcp-networks", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_trusts", "rules": "identity:list_trusts", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_trust", "rules": "identity:get_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_segments", "rules": "create_network:segments", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_trust_role", "rules": "identity:get_role_for_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_segments", "rules": "get_network:segments", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_communitize_image", "rules": "communitize_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_network_segments", "rules": "update_network:segments", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_create_image", "rules": "add_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_create_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_deactivate_image", "rules": "deactivate", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port", "rules": "create_port", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_allowed_address_pairs", "rules": "create_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_delete_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_binding_host_id", "rules": "create_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_download_image", "rules": "download_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_binding_profile", "rules": "create_port:binding:profile", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_publicize_image", "rules": "publicize_image", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_device_owner", "rules": "create_port:device_owner", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_reactivate_image", "rules": "reactivate", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_fixed_ips_ip_address", "rules": "create_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_image", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_image", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_mac_address", "rules": "create_port:mac_address", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_upload_image", "rules": "upload_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_security_enabled", "rules": "create_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_port", "rules": "delete_port", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_port", "rules": "get_port", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_add_router_interface", "rules": "add_router_interface", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_port_binding_host_id", "rules": "get_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_port_binding_profile", "rules": "get_port:binding:profile", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_distributed_router", "rules": "create_router:distributed", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_port_binding_vif_details", "rules": "get_port:binding:vif_details", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_high_availability_router", "rules": "create_router:ha", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_port_binding_vif_type", "rules": "get_port:binding:vif_type", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_router", "rules": "create_router", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_router_enable_snat", "rules": "create_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port", "rules": "update_port", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_router_external_fixed_ips", "rules": "create_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_allowed_address_pairs", "rules": "update_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_router", "rules": "delete_router", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_binding_host_id", "rules": "update_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_binding_profile", "rules": "update_port:binding:profile", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_remove_router_interface", "rules": "remove_router_interface", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_device_owner", "rules": "update_port:device_owner", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_distributed_router", "rules": "get_router:distributed", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_fixed_ips_ip_address", "rules": "update_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_mac_address", "rules": "update_port:mac_address", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_high_availability_router", "rules": "get_router:ha", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_security_enabled", "rules": "update_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_router", "rules": "get_router", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_distributed_router", "rules": "update_router:distributed", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_high_availability_router", "rules": "update_router:ha", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_router", "rules": "update_router", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_router_enable_snat", "rules": "update_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_router_external_fixed_ips", "rules": "update_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_security_group", "rules": "create_security_group", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_router_external_gateway_info", "rules": "update_router:external_gateway_info", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_security_group_rule", "rules": "create_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_security_group", "rules": "delete_security_group", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_router_external_gateway_info_network_id", "rules": "update_router:external_gateway_info:network_id", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_security_group_rule", "rules": "delete_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_security_group_rules", "rules": "get_security_group_rules", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_security_groups", "rules": "get_security_groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_security_group_rule", "rules": "get_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_security_groups", "rules": "get_security_group", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_back_end_capabilities", "rules": "volume_extension:capabilities", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_security_group", "rules": "update_security_group", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_associate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_limits", "rules": "limits_extension:used_limits", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_back_end_storage_pools", "rules": "scheduler_extension:scheduler_stats:get_pools", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_disassociate_all_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_disassociate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_get_association_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume", "rules": "volume:create", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume", "rules": "volume:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_set_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_qos", "rules": "volume_extension:qos_specs_manage:get", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_get_volume", "rules": "volume:get", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_unset_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_list", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_list_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_reset_snapshot_status", "rules": "volume_extension:snapshot_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_force_delete", "rules": "volume_extension:snapshot_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_snapshot_status", "rules": "snapshot_extension:snapshot_actions:update_snapshot_status", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_accept_volume_transfer", "rules": "volume:accept_transfer", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_transfer", "rules": "volume:create_transfer", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_transfer", "rules": "volume:delete_transfer", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_get_volume_transfer", "rules": "volume:get_transfer", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_delete_quota_set", "rules": "volume_extension:quotas:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_volume_transfers", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_default_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_volume_transfers_details", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_quotas_usage_true", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_quota_set", "rules": "volume_extension:quotas:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_volume_types_extra_specs", "rules": "volume_extension:types_extra_specs:index", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_services", "rules": "volume_extension:services:index", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:show", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_create", "rules": "volume:create_snapshot", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_delete", "rules": "volume:delete_snapshot", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_get", "rules": "volume:get_snapshot", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_update", "rules": "volume:update_snapshot", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_snapshots_get_all", "rules": "volume:get_all_snapshots", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_extend", "rules": "volume:extend", "expected": "Allowed", "actual": "Allowed"}
diff --git a/patrole-new.log b/patrole-new.log
index ae55c56..0063427 100644
--- a/patrole-new.log
+++ b/patrole-new.log
@@ -1832,463 +1832,463 @@
 {"role": "Member", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
 {"role": "Member", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
 {"role": "Member", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_flavor_manage", "rules": "os_compute_api:os-flavor-manage:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_limits", "rules": "os_compute_api:limits", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_get_availability_zone_list_detail_rbac", "rules": "os_compute_api:os-availability-zone:detail", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_add_host_to_aggregate_rbac", "rules": "os_compute_api:os-aggregates:add_host", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_get_availability_zone_list_rbac", "rules": "os_compute_api:os-availability-zone:list", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_create_aggregate_rbac", "rules": "os_compute_api:os-aggregates:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_flavor_manage", "rules": "os_compute_api:os-flavor-manage:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_agents_rbac", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_aggregate_rbac", "rules": "os_compute_api:os-aggregates:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_update_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_aggregate_rbac", "rules": "os_compute_api:os-aggregates:index", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_add_flavor_access", "rules": "os_compute_api:os-flavor-access:add_tenant_access", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_floating_ips_bulk", "rules": "os_compute_api:os-floating-ips-bulk", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_remove_host_from_aggregate_rbac", "rules": "os_compute_api:os-aggregates:remove_host", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_flavor_access", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_floating_ip_pools", "rules": "os_compute_api:os-floating-ip-pools", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:show", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_flavors_details_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_set_metadata_on_aggregate_rbac", "rules": "os_compute_api:os-aggregates:set_metadata", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_update_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_remove_flavor_access", "rules": "os_compute_api:os-flavor-access:remove_tenant_access", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_aggregate_rbac", "rules": "os_compute_api:os-aggregates:show", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_instance_usage_audit_logs", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_flavor_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_update_aggregate_rbac", "rules": "os_compute_api:os-aggregates:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_instance_usage_audit_log", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_hosts", "rules": "os_compute_api:os-hosts", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_hypervisors", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_flavor_extra_specs", "rules": "os_compute_api:os-flavor-extra-specs:index", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-migrations:index", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_images", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_hypervisors_with_details", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_set_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_images_with_details", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_servers_on_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_search_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_unset_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_keypair", "rules": "os_compute_api:os-keypairs:create", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_update_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_keypair", "rules": "os_compute_api:os-keypairs:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_hypervisor_statistics", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_index_keypair", "rules": "os_compute_api:os-keypairs:index", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_hypervisor_uptime", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_get_flavor_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_keypair", "rules": "os_compute_api:os-keypairs:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_flavors_details_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_create_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_delete_quota_set", "rules": "os_compute_api:os-quota-sets:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_default_quota_set", "rules": "os_compute_api:os-quota-sets:defaults", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_quota_set", "rules": "os_compute_api:os-quota-sets:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_image_metadata", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_quota_set_details", "rules": "os_compute_api:os-quota-sets:detail", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_update_quota_set", "rules": "os_compute_api:os-quota-sets:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_list_images_with_details", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_image_details", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_create_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_image_metadata_item", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_delete_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_show_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_update_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_show_tenant_networks", "rules": "os_compute_api:os-tenant-networks", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_domain_config", "rules": "identity:create_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_domain_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_domain_group_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_domain_group_option_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_default_config_settings", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_default_group_config", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_default_group_option", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_domain_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_domain_group_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_domain_group_option_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_security_compliance_domain_config", "rules": "identity:get_security_compliance_domain_config", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_domain_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_domain_group_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_domain_group_option_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_authorize_request_token", "rules": "identity:authorize_request_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_get_access_token", "rules": "identity:get_access_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_get_access_token_role", "rules": "identity:get_access_token_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_access_token_roles", "rules": "identity:list_access_token_roles", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_access_tokens", "rules": "identity:list_access_tokens", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_revoke_access_token", "rules": "identity:delete_access_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_role_from_group_on_domain_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_role_from_group_on_project_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_role_inference_rule", "rules": "identity:check_implied_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_user_role_existence_on_domain", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_user_role_existence_on_project", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_group_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_group_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_role", "rules": "identity:create_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_role_inference_rule", "rules": "identity:create_implied_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_user_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_user_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role", "rules": "identity:delete_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_from_group_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_from_group_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_from_user_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_from_user_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_role_inference_rule", "rules": "identity:delete_implied_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_all_role_inference_rules", "rules": "identity:list_role_inference_rules", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_group_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_group_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_role_inferences_rules", "rules": "identity:list_implied_roles", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_roles", "rules": "identity:list_roles", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_user_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_user_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_role", "rules": "identity:get_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_role_inference_rule", "rules": "identity:get_implied_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_role", "rules": "identity:update_role", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_domain", "rules": "identity:create_domain", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_domain", "rules": "identity:delete_domain", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_service", "rules": "identity:create_service", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_domains", "rules": "identity:list_domains", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_service", "rules": "identity:delete_service", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_domain", "rules": "identity:get_domain", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_services", "rules": "identity:list_services", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_domain", "rules": "identity:update_domain", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_service", "rules": "identity:get_service", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_service", "rules": "identity:update_service", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_server_group", "rules": "os_compute_api:os-server-groups:create", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_consumer", "rules": "identity:create_consumer", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_server_group", "rules": "os_compute_api:os-server-groups:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_consumer", "rules": "identity:delete_consumer", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_create_metadef_namespace", "rules": "add_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_server_groups", "rules": "os_compute_api:os-server-groups:index", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_consumers", "rules": "identity:list_consumers", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_list_metadef_namespaces", "rules": "get_metadef_namespaces", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_consumer", "rules": "identity:get_consumer", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_server_group", "rules": "os_compute_api:os-server-groups:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_modify_metadef_namespace", "rules": "modify_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_consumer", "rules": "identity:update_consumer", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_add_metadef_resource_type", "rules": "add_metadef_resource_type_association", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_create", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_get_metadef_resource_type", "rules": "get_metadef_resource_type", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_delete", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_list_metadef_resource_types", "rules": "list_metadef_resource_types", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_list", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_show", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_add_image_member", "rules": "add_member", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_group_type_specs_update", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image_member", "rules": "delete_member", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_image_members", "rules": "get_members", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_image_member", "rules": "get_member", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_reset_group_status", "rules": "group:reset_status", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_update_image_member", "rules": "modify_member", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_agent", "rules": "get_agent", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_manage_snapshot_rbac", "rules": "snapshot_extension:snapshot_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_agent", "rules": "update_agent", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_unmanage_snapshot_rbac", "rules": "snapshot_extension:snapshot_unmanage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_volume_summary", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_floating_ip", "rules": "create_floatingip", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_floating_ip_floatingip_address", "rules": "create_floatingip:floating_ip_address", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_add_type_access", "rules": "volume_extension:volume_type_access:addProjectAccess", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_type_access", "rules": "volume_extension:volume_type_access", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_floating_ip", "rules": "delete_floatingip", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_remove_type_access", "rules": "volume_extension:volume_type_access:removeProjectAccess", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_floating_ip", "rules": "get_floatingip", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_floating_ip", "rules": "update_floatingip", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_manage", "rules": "volume_extension:volume_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_unmanage", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network", "rules": "create_network", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_provider_network_type", "rules": "create_network:provider:network_type", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_provider_segmentation_id", "rules": "create_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_router_external", "rules": "create_network:router:external", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_shared", "rules": "create_network:shared", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_network", "rules": "delete_network", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_dhcp_agents_on_hosting_network", "rules": "get_dhcp-agents", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network", "rules": "get_network", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_provider_network_type", "rules": "get_network:provider:network_type", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_provider_physical_network", "rules": "get_network:provider:physical_network", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_provider_segmentation_id", "rules": "get_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_router_external", "rules": "get_network:router:external", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_network", "rules": "update_network", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_network_router_external", "rules": "update_network:router:external", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_network_shared", "rules": "update_network:shared", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-services", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_list_subnets", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_check_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_endpoint_group", "rules": "identity:create_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_endpoint_group", "rules": "identity:delete_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_endpoint_groups", "rules": "identity:list_endpoint_groups", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_group", "rules": "group:create", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_endpoint_group", "rules": "identity:update_endpoint_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_group", "rules": "group:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_policy", "rules": "identity:create_policy", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_groups", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_policy", "rules": "identity:delete_policy", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_groups_with_details", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_policies", "rules": "identity:list_policies", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_policy", "rules": "identity:get_policy", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_group", "rules": "group:get", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_policy", "rules": "identity:update_policy", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_group", "rules": "group:update", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_user", "rules": "identity:create_user", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_user", "rules": "identity:delete_user", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_own_user_group", "rules": "identity:list_groups_for_user", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_own_user_projects", "rules": "identity:list_user_projects", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_snapshot_metadata", "rules": "volume_extension:extended_snapshot_attributes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_users", "rules": "identity:list_users", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_snapshot_metadata_item", "rules": "volume:delete_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_own_user", "rules": "identity:get_user", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_get_snapshot_metadata", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_user", "rules": "identity:update_user", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_get_snapshot_metadata_for_volume_tenant", "rules": "volume_extension:volume_tenant_attribute", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_snapshot_metadata_item", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_create_metadef_object_in_namespace", "rules": "add_metadef_object", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_snapshot_metadata", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_metadef_objects_in_namespace", "rules": "get_metadef_objects", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_snapshot_metadata_item", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_metadef_object_in_namespace", "rules": "get_metadef_object", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_metadef_object_in_namespace", "rules": "modify_metadef_object", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_create_namespace_tag", "rules": "add_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_upload_public", "rules": "volume_extension:volume_actions:upload_public", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_create_namespace_tags", "rules": "add_metadef_tags", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_list_namespace_tags", "rules": "get_metadef_tags", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_namespace_tag", "rules": "get_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_namespace_tag", "rules": "modify_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_router_on_l3_agent", "rules": "create_l3-router", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_router_from_l3_agent", "rules": "delete_l3-router", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_list_routers_on_l3_agent", "rules": "get_l3-routers", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_subnetpool", "rules": "create_subnetpool", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_subnetpool_shared", "rules": "create_subnetpool:shared", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_subnetpool", "rules": "delete_subnetpool", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_subnetpool", "rules": "get_subnetpool", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_subnetpool", "rules": "update_subnetpool", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_subnetpool_is_default", "rules": "update_subnetpool:is_default", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_unmanage_volume", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_group_type_group_specs", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_force_delete", "rules": "volume_extension:volume_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_readonly_update", "rules": "volume:update_readonly_flag", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_group_type", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_region", "rules": "identity:create_region", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_reserve", "rules": "volume_extension:volume_actions:reserve", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_region", "rules": "identity:delete_region", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_reset_status", "rules": "volume_extension:volume_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_regions", "rules": "identity:list_regions", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_region", "rules": "identity:get_region", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_hosts", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_retype", "rules": "volume:retype", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_update_region", "rules": "identity:update_region", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_host", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_set_bootable", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_unreserve", "rules": "volume_extension:volume_actions:unreserve", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_check_token_existence_negative", "rules": "identity:check_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_metadata", "rules": "volume:create_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_token_negative", "rules": "identity:revoke_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_upload", "rules": "volume_extension:volume_actions:upload_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_token_negative", "rules": "identity:validate_token", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_metadata_item", "rules": "volume:delete_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_volume_metadata", "rules": "volume:get_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_add_md_properties", "rules": "add_metadef_property", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_get_md_properties", "rules": "get_metadef_properties", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_metadata", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_get_md_property", "rules": "get_metadef_property", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_metadata_item", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_modify_md_properties", "rules": "modify_metadef_property", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_service_providers", "rules": "get_service_provider", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_message", "rules": "message:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_messages", "rules": "message:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_message", "rules": "message:get", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_endpoint", "rules": "identity:create_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_endpoint", "rules": "identity:delete_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_endpoints", "rules": "identity:list_endpoints", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_endpoint", "rules": "identity:get_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_endpoint", "rules": "identity:update_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_create_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "nova", "test": "test_delete_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_add_user_group", "rules": "identity:add_user_to_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_user_group", "rules": "identity:check_user_in_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_delete_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_group", "rules": "identity:create_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_snapshots", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_group", "rules": "identity:delete_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_list_volumes", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_groups", "rules": "identity:list_groups", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_user_group", "rules": "identity:list_users_in_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "nova", "test": "test_show_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_remove_user_group", "rules": "identity:remove_user_from_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_group", "rules": "identity:get_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_group", "rules": "identity:update_group", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_auth_domain", "rules": "identity:get_auth_domains", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_auth_projects", "rules": "identity:get_auth_projects", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_create_project", "rules": "identity:create_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_project", "rules": "identity:delete_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_credential", "rules": "identity:create_credential", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_projects", "rules": "identity:list_projects", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_credential", "rules": "identity:delete_credential", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_project", "rules": "identity:get_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_credentials", "rules": "identity:list_credentials", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_project", "rules": "identity:update_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_credential", "rules": "identity:get_credential", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_update_credential", "rules": "identity:update_credential", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_role_assignments", "rules": "identity:list_role_assignments", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_role_assignments_for_tree", "rules": "identity:list_role_assignments_for_tree", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_add_endpoint_to_project", "rules": "identity:add_endpoint_to_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_endpoint_in_project", "rules": "identity:check_endpoint_in_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_check_token_exsitence", "rules": "identity:check_token", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_endpoints_in_project", "rules": "identity:list_endpoints_for_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_token", "rules": "identity:revoke_token", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_projects_for_endpoint", "rules": "identity:list_projects_for_endpoint", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_token", "rules": "identity:validate_token", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_remove_endpoint_from_project", "rules": "identity:remove_endpoint_from_project", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_trust", "rules": "identity:create_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_add_dhcp_agent_to_network", "rules": "create_dhcp-network", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_create_trust_negative", "rules": "identity:create_trust", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_network_from_dhcp_agent", "rules": "delete_dhcp-network", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_delete_trust", "rules": "identity:delete_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_list_roles_for_trust", "rules": "identity:list_roles_for_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_networks_hosted_by_one_dhcp_agent", "rules": "get_dhcp-networks", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_list_trusts", "rules": "identity:list_trusts", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "keystone", "test": "test_show_trust", "rules": "identity:get_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_network_segments", "rules": "create_network:segments", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "keystone", "test": "test_show_trust_role", "rules": "identity:get_role_for_trust", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_network_segments", "rules": "get_network:segments", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_communitize_image", "rules": "communitize_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_network_segments", "rules": "update_network:segments", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_create_image", "rules": "add_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_create_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_deactivate_image", "rules": "deactivate", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port", "rules": "create_port", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_allowed_address_pairs", "rules": "create_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_delete_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_binding_host_id", "rules": "create_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_download_image", "rules": "download_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_binding_profile", "rules": "create_port:binding:profile", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_publicize_image", "rules": "publicize_image", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_device_owner", "rules": "create_port:device_owner", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_reactivate_image", "rules": "reactivate", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_fixed_ips_ip_address", "rules": "create_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_show_image", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_update_image", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_mac_address", "rules": "create_port:mac_address", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "glance", "test": "test_upload_image", "rules": "upload_image", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_port_security_enabled", "rules": "create_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_port", "rules": "delete_port", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port", "rules": "get_port", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_add_router_interface", "rules": "add_router_interface", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port_binding_host_id", "rules": "get_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port_binding_profile", "rules": "get_port:binding:profile", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_distributed_router", "rules": "create_router:distributed", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port_binding_vif_details", "rules": "get_port:binding:vif_details", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_high_availability_router", "rules": "create_router:ha", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_port_binding_vif_type", "rules": "get_port:binding:vif_type", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_router", "rules": "create_router", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_router_enable_snat", "rules": "create_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port", "rules": "update_port", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_router_external_fixed_ips", "rules": "create_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_allowed_address_pairs", "rules": "update_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_router", "rules": "delete_router", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_binding_host_id", "rules": "update_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_binding_profile", "rules": "update_port:binding:profile", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_remove_router_interface", "rules": "remove_router_interface", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_device_owner", "rules": "update_port:device_owner", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_distributed_router", "rules": "get_router:distributed", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_fixed_ips_ip_address", "rules": "update_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_mac_address", "rules": "update_port:mac_address", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_show_high_availability_router", "rules": "get_router:ha", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_port_security_enabled", "rules": "update_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_router", "rules": "get_router", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_distributed_router", "rules": "update_router:distributed", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_high_availability_router", "rules": "update_router:ha", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router", "rules": "update_router", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router_enable_snat", "rules": "update_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router_external_fixed_ips", "rules": "update_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_create_security_group", "rules": "create_security_group", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router_external_gateway_info", "rules": "update_router:external_gateway_info", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_create_security_group_rule", "rules": "create_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_security_group", "rules": "delete_security_group", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_update_router_external_gateway_info_network_id", "rules": "update_router:external_gateway_info:network_id", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_delete_security_group_rule", "rules": "delete_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_security_group_rules", "rules": "get_security_group_rules", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_list_security_groups", "rules": "get_security_groups", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_security_group_rule", "rules": "get_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "neutron", "test": "test_show_security_groups", "rules": "get_security_group", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_show_back_end_capabilities", "rules": "volume_extension:capabilities", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "neutron", "test": "test_update_security_group", "rules": "update_security_group", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_associate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_limits", "rules": "limits_extension:used_limits", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_back_end_storage_pools", "rules": "scheduler_extension:scheduler_stats:get_pools", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_disassociate_all_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_disassociate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_get_association_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume", "rules": "volume:create", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume", "rules": "volume:delete", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_set_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_qos", "rules": "volume_extension:qos_specs_manage:get", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_get_volume", "rules": "volume:get", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_unset_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_list", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_list_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_reset_snapshot_status", "rules": "volume_extension:snapshot_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_force_delete", "rules": "volume_extension:snapshot_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_snapshot_status", "rules": "snapshot_extension:snapshot_actions:update_snapshot_status", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_accept_volume_transfer", "rules": "volume:accept_transfer", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_transfer", "rules": "volume:create_transfer", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_transfer", "rules": "volume:delete_transfer", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_get_volume_transfer", "rules": "volume:get_transfer", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_quota_set", "rules": "volume_extension:quotas:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_volume_transfers", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_default_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_volume_transfers_details", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_list_quotas_usage_true", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:create", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_quota_set", "rules": "volume_extension:quotas:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:delete", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_volume_types_extra_specs", "rules": "volume_extension:types_extra_specs:index", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_list_services", "rules": "volume_extension:services:index", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_show_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:show", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:update", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_create", "rules": "volume:create_snapshot", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_delete", "rules": "volume:delete_snapshot", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_get", "rules": "volume:get_snapshot", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshot_update", "rules": "volume:update_snapshot", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_snapshots_get_all", "rules": "volume:get_all_snapshots", "expected": "Allowed", "actual": "Allowed"}
-{"role": "auditor", "service": "cinder", "test": "test_volume_extend", "rules": "volume:extend", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_create_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_flavor_manage", "rules": "os_compute_api:os-flavor-manage:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_limits", "rules": "os_compute_api:limits", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_get_availability_zone_list_detail_rbac", "rules": "os_compute_api:os-availability-zone:detail", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_add_host_to_aggregate_rbac", "rules": "os_compute_api:os-aggregates:add_host", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_get_availability_zone_list_rbac", "rules": "os_compute_api:os-availability-zone:list", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_create_aggregate_rbac", "rules": "os_compute_api:os-aggregates:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_flavor_manage", "rules": "os_compute_api:os-flavor-manage:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_agents_rbac", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_aggregate_rbac", "rules": "os_compute_api:os-aggregates:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_update_agent", "rules": "os_compute_api:os-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_aggregate_rbac", "rules": "os_compute_api:os-aggregates:index", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_add_flavor_access", "rules": "os_compute_api:os-flavor-access:add_tenant_access", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_floating_ips_bulk", "rules": "os_compute_api:os-floating-ips-bulk", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_floating_ips", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_remove_host_from_aggregate_rbac", "rules": "os_compute_api:os-aggregates:remove_host", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_flavor_access", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_floating_ip_pools", "rules": "os_compute_api:os-floating-ip-pools", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:show", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_flavors_details_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_set_metadata_on_aggregate_rbac", "rules": "os_compute_api:os-aggregates:set_metadata", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_floating_ip", "rules": "os_compute_api:os-floating-ips", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_update_quota_class_set", "rules": "os_compute_api:os-quota-class-sets:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_remove_flavor_access", "rules": "os_compute_api:os-flavor-access:remove_tenant_access", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_aggregate_rbac", "rules": "os_compute_api:os-aggregates:show", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_instance_usage_audit_logs", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_flavor_contains_is_public_key", "rules": "os_compute_api:os-flavor-access", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_update_aggregate_rbac", "rules": "os_compute_api:os-aggregates:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_instance_usage_audit_log", "rules": "os_compute_api:os-instance-usage-audit-log", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_hosts", "rules": "os_compute_api:os-hosts", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_hypervisors", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_flavor_extra_specs", "rules": "os_compute_api:os-flavor-extra-specs:index", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-migrations:index", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_images", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_hypervisors_with_details", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_set_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_images_with_details", "rules": "os_compute_api:image-size", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_servers_on_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_search_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_unset_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_keypair", "rules": "os_compute_api:os-keypairs:create", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_hypervisor", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_update_flavor_extra_spec", "rules": "os_compute_api:os-flavor-extra-specs:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_keypair", "rules": "os_compute_api:os-keypairs:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_hypervisor_statistics", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_index_keypair", "rules": "os_compute_api:os-keypairs:index", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_hypervisor_uptime", "rules": "os_compute_api:os-hypervisors", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_get_flavor_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_keypair", "rules": "os_compute_api:os-keypairs:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_flavors_details_rxtx", "rules": "os_compute_api:os-flavor-rxtx", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_create_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_delete_quota_set", "rules": "os_compute_api:os-quota-sets:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_default_quota_set", "rules": "os_compute_api:os-quota-sets:defaults", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_delete_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_quota_set", "rules": "os_compute_api:os-quota-sets:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_image_metadata", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_quota_set_details", "rules": "os_compute_api:os-quota-sets:detail", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_update_quota_set", "rules": "os_compute_api:os-quota-sets:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_list_images_with_details", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_image_details", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_create_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_image_metadata_item", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_delete_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_image_metadata", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_image_metadata_item", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_show_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_update_security_groups", "rules": "os_compute_api:os-security-groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_show_tenant_networks", "rules": "os_compute_api:os-tenant-networks", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_domain_config", "rules": "identity:create_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_domain_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_domain_group_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_domain_group_option_config", "rules": "identity:delete_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_default_config_settings", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_default_group_config", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_default_group_option", "rules": "identity:get_domain_config_default", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_domain_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_domain_group_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_domain_group_option_config", "rules": "identity:get_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_security_compliance_domain_config", "rules": "identity:get_security_compliance_domain_config", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_domain_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_domain_group_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_domain_group_option_config", "rules": "identity:update_domain_config", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_authorize_request_token", "rules": "identity:authorize_request_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_get_access_token", "rules": "identity:get_access_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_get_access_token_role", "rules": "identity:get_access_token_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_access_token_roles", "rules": "identity:list_access_token_roles", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_access_tokens", "rules": "identity:list_access_tokens", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_revoke_access_token", "rules": "identity:delete_access_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_role_from_group_on_domain_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_role_from_group_on_project_existence", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_role_inference_rule", "rules": "identity:check_implied_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_user_role_existence_on_domain", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_user_role_existence_on_project", "rules": "identity:check_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_group_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_group_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_role", "rules": "identity:create_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_role_inference_rule", "rules": "identity:create_implied_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_user_role_on_domain", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_user_role_on_project", "rules": "identity:create_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role", "rules": "identity:delete_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_from_group_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_from_group_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_from_user_on_domain", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_from_user_on_project", "rules": "identity:revoke_grant", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_role_inference_rule", "rules": "identity:delete_implied_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_all_role_inference_rules", "rules": "identity:list_role_inference_rules", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_group_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_group_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_role_inferences_rules", "rules": "identity:list_implied_roles", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_roles", "rules": "identity:list_roles", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_user_roles_on_domain", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_user_roles_on_project", "rules": "identity:list_grants", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_role", "rules": "identity:get_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_role_inference_rule", "rules": "identity:get_implied_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_role", "rules": "identity:update_role", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_domain", "rules": "identity:create_domain", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_domain", "rules": "identity:delete_domain", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_service", "rules": "identity:create_service", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_domains", "rules": "identity:list_domains", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_service", "rules": "identity:delete_service", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_domain", "rules": "identity:get_domain", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_services", "rules": "identity:list_services", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_domain", "rules": "identity:update_domain", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_service", "rules": "identity:get_service", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_service", "rules": "identity:update_service", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_server_group", "rules": "os_compute_api:os-server-groups:create", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_consumer", "rules": "identity:create_consumer", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_server_group", "rules": "os_compute_api:os-server-groups:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_delete_consumer", "rules": "identity:delete_consumer", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_create_metadef_namespace", "rules": "add_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_server_groups", "rules": "os_compute_api:os-server-groups:index", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_consumers", "rules": "identity:list_consumers", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_list_metadef_namespaces", "rules": "get_metadef_namespaces", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_consumer", "rules": "identity:get_consumer", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_server_group", "rules": "os_compute_api:os-server-groups:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_modify_metadef_namespace", "rules": "modify_metadef_namespace", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_consumer", "rules": "identity:update_consumer", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_add_metadef_resource_type", "rules": "add_metadef_resource_type_association", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_create", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_get_metadef_resource_type", "rules": "get_metadef_resource_type", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_delete", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_list_metadef_resource_types", "rules": "list_metadef_resource_types", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_list", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_show", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_add_image_member", "rules": "add_member", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_group_type_specs_update", "rules": "group:group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_delete_image_member", "rules": "delete_member", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_image_members", "rules": "get_members", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_image_member", "rules": "get_member", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_reset_group_status", "rules": "group:reset_status", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_update_image_member", "rules": "modify_member", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_agent", "rules": "get_agent", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_manage_snapshot_rbac", "rules": "snapshot_extension:snapshot_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_agent", "rules": "update_agent", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_unmanage_snapshot_rbac", "rules": "snapshot_extension:snapshot_unmanage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_volume_summary", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_floating_ip", "rules": "create_floatingip", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_floating_ip_floatingip_address", "rules": "create_floatingip:floating_ip_address", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_add_type_access", "rules": "volume_extension:volume_type_access:addProjectAccess", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_type_access", "rules": "volume_extension:volume_type_access", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_floating_ip", "rules": "delete_floatingip", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_remove_type_access", "rules": "volume_extension:volume_type_access:removeProjectAccess", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_floating_ip", "rules": "get_floatingip", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_floating_ip", "rules": "update_floatingip", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_manage", "rules": "volume_extension:volume_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_unmanage", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_network", "rules": "create_network", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_provider_network_type", "rules": "create_network:provider:network_type", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_provider_segmentation_id", "rules": "create_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_router_external", "rules": "create_network:router:external", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_shared", "rules": "create_network:shared", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_network", "rules": "delete_network", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_dhcp_agents_on_hosting_network", "rules": "get_dhcp-agents", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_network", "rules": "get_network", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_provider_network_type", "rules": "get_network:provider:network_type", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_provider_physical_network", "rules": "get_network:provider:physical_network", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_provider_segmentation_id", "rules": "get_network:provider:segmentation_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_router_external", "rules": "get_network:router:external", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_network", "rules": "update_network", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_network_router_external", "rules": "update_network:router:external", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_network_shared", "rules": "update_network:shared", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_subnet", "rules": "create_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_subnet", "rules": "delete_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_list_services", "rules": "os_compute_api:os-services", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_list_subnets", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_subnet", "rules": "get_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_check_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_subnet", "rules": "update_subnet", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_endpoint_group", "rules": "identity:create_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_endpoint_group", "rules": "identity:delete_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_endpoint_groups", "rules": "identity:list_endpoint_groups", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_endpoint_group", "rules": "identity:get_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_group", "rules": "group:create", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_endpoint_group", "rules": "identity:update_endpoint_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_group", "rules": "group:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_policy", "rules": "identity:create_policy", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_groups", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_delete_policy", "rules": "identity:delete_policy", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_groups_with_details", "rules": "group:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_policies", "rules": "identity:list_policies", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_policy", "rules": "identity:get_policy", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_group", "rules": "group:get", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_policy", "rules": "identity:update_policy", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_group", "rules": "group:update", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_user", "rules": "identity:create_user", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_user", "rules": "identity:delete_user", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_own_user_group", "rules": "identity:list_groups_for_user", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_own_user_projects", "rules": "identity:list_user_projects", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_snapshot_metadata", "rules": "volume_extension:extended_snapshot_attributes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_users", "rules": "identity:list_users", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_snapshot_metadata_item", "rules": "volume:delete_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_own_user", "rules": "identity:get_user", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_get_snapshot_metadata", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_user", "rules": "identity:update_user", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_get_snapshot_metadata_for_volume_tenant", "rules": "volume_extension:volume_tenant_attribute", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_snapshot_metadata_item", "rules": "volume:get_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_create_metadef_object_in_namespace", "rules": "add_metadef_object", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_snapshot_metadata", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_metadef_objects_in_namespace", "rules": "get_metadef_objects", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_snapshot_metadata_item", "rules": "volume:update_snapshot_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_metadef_object_in_namespace", "rules": "get_metadef_object", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_metadef_object_in_namespace", "rules": "modify_metadef_object", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_create_namespace_tag", "rules": "add_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_upload_public", "rules": "volume_extension:volume_actions:upload_public", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_create_namespace_tags", "rules": "add_metadef_tags", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_list_namespace_tags", "rules": "get_metadef_tags", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_namespace_tag", "rules": "get_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_namespace_tag", "rules": "modify_metadef_tag", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_router_on_l3_agent", "rules": "create_l3-router", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_delete_router_from_l3_agent", "rules": "delete_l3-router", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_list_routers_on_l3_agent", "rules": "get_l3-routers", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_subnetpool", "rules": "create_subnetpool", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_subnetpool_shared", "rules": "create_subnetpool:shared", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_delete_subnetpool", "rules": "delete_subnetpool", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_subnetpool", "rules": "get_subnetpool", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_subnetpool", "rules": "update_subnetpool", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_subnetpool_is_default", "rules": "update_subnetpool:is_default", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_type_encryption", "rules": "volume_extension:volume_type_encryption", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_unmanage_volume", "rules": "volume_extension:volume_unmanage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_group_type_group_specs", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_force_delete", "rules": "volume_extension:volume_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_readonly_update", "rules": "volume:update_readonly_flag", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_group_type", "rules": "group:access_group_types_specs", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_region", "rules": "identity:create_region", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_reserve", "rules": "volume_extension:volume_actions:reserve", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_group_type", "rules": "group:group_types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_region", "rules": "identity:delete_region", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_reset_status", "rules": "volume_extension:volume_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_regions", "rules": "identity:list_regions", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_region", "rules": "identity:get_region", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_hosts", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_retype", "rules": "volume:retype", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_update_region", "rules": "identity:update_region", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_host", "rules": "volume_extension:hosts", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_set_bootable", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_unreserve", "rules": "volume_extension:volume_actions:unreserve", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_check_token_existence_negative", "rules": "identity:check_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_metadata", "rules": "volume:create_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_delete_token_negative", "rules": "identity:revoke_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_upload", "rules": "volume_extension:volume_actions:upload_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_token_negative", "rules": "identity:validate_token", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_metadata_item", "rules": "volume:delete_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_volume_metadata", "rules": "volume:get_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_add_md_properties", "rules": "add_metadef_property", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_get_md_properties", "rules": "get_metadef_properties", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_metadata", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_get_md_property", "rules": "get_metadef_property", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_metadata_item", "rules": "volume:update_volume_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_modify_md_properties", "rules": "modify_metadef_property", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_service_providers", "rules": "get_service_provider", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_quota_class_set", "rules": "volume_extension:quota_classes", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_message", "rules": "message:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_messages", "rules": "message:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_message", "rules": "message:get", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_endpoint", "rules": "identity:create_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_endpoint", "rules": "identity:delete_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_endpoints", "rules": "identity:list_endpoints", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_endpoint", "rules": "identity:get_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_endpoint", "rules": "identity:update_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_create_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "nova", "test": "test_delete_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_add_user_group", "rules": "identity:add_user_to_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_user_group", "rules": "identity:check_user_in_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_delete_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_group", "rules": "identity:create_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_snapshots", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_delete_group", "rules": "identity:delete_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_list_volumes", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_groups", "rules": "identity:list_groups", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_snapshot", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_user_group", "rules": "identity:list_users_in_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "nova", "test": "test_show_volume", "rules": "os_compute_api:os-volumes", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_remove_user_group", "rules": "identity:remove_user_from_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_group", "rules": "identity:get_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_group", "rules": "identity:update_group", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_auth_domain", "rules": "identity:get_auth_domains", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_auth_projects", "rules": "identity:get_auth_projects", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_create_project", "rules": "identity:create_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_project", "rules": "identity:delete_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_credential", "rules": "identity:create_credential", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_projects", "rules": "identity:list_projects", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_credential", "rules": "identity:delete_credential", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_project", "rules": "identity:get_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_credentials", "rules": "identity:list_credentials", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_project", "rules": "identity:update_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_credential", "rules": "identity:get_credential", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_update_credential", "rules": "identity:update_credential", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_role_assignments", "rules": "identity:list_role_assignments", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_role_assignments_for_tree", "rules": "identity:list_role_assignments_for_tree", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_add_endpoint_to_project", "rules": "identity:add_endpoint_to_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_endpoint_in_project", "rules": "identity:check_endpoint_in_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_check_token_exsitence", "rules": "identity:check_token", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_endpoints_in_project", "rules": "identity:list_endpoints_for_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_token", "rules": "identity:revoke_token", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_projects_for_endpoint", "rules": "identity:list_projects_for_endpoint", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_token", "rules": "identity:validate_token", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_remove_endpoint_from_project", "rules": "identity:remove_endpoint_from_project", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_trust", "rules": "identity:create_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_add_dhcp_agent_to_network", "rules": "create_dhcp-network", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_create_trust_negative", "rules": "identity:create_trust", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_delete_network_from_dhcp_agent", "rules": "delete_dhcp-network", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_delete_trust", "rules": "identity:delete_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_list_roles_for_trust", "rules": "identity:list_roles_for_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_networks_hosted_by_one_dhcp_agent", "rules": "get_dhcp-networks", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_list_trusts", "rules": "identity:list_trusts", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "keystone", "test": "test_show_trust", "rules": "identity:get_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_network_segments", "rules": "create_network:segments", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "keystone", "test": "test_show_trust_role", "rules": "identity:get_role_for_trust", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_network_segments", "rules": "get_network:segments", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_communitize_image", "rules": "communitize_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_network_segments", "rules": "update_network:segments", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_create_image", "rules": "add_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_create_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_deactivate_image", "rules": "deactivate", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port", "rules": "create_port", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_delete_image", "rules": "delete_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_allowed_address_pairs", "rules": "create_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_delete_image_tag", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_binding_host_id", "rules": "create_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_download_image", "rules": "download_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_binding_profile", "rules": "create_port:binding:profile", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "glance", "test": "test_list_images", "rules": "get_images", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_publicize_image", "rules": "publicize_image", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_device_owner", "rules": "create_port:device_owner", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_reactivate_image", "rules": "reactivate", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_fixed_ips_ip_address", "rules": "create_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_show_image", "rules": "get_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_update_image", "rules": "modify_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_mac_address", "rules": "create_port:mac_address", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "glance", "test": "test_upload_image", "rules": "upload_image", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_port_security_enabled", "rules": "create_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_port", "rules": "delete_port", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_port", "rules": "get_port", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_add_router_interface", "rules": "add_router_interface", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_port_binding_host_id", "rules": "get_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_port_binding_profile", "rules": "get_port:binding:profile", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_distributed_router", "rules": "create_router:distributed", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_port_binding_vif_details", "rules": "get_port:binding:vif_details", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_high_availability_router", "rules": "create_router:ha", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_port_binding_vif_type", "rules": "get_port:binding:vif_type", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_router", "rules": "create_router", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_router_enable_snat", "rules": "create_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port", "rules": "update_port", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_router_external_fixed_ips", "rules": "create_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_allowed_address_pairs", "rules": "update_port:allowed_address_pairs", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_router", "rules": "delete_router", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_binding_host_id", "rules": "update_port:binding:host_id", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_binding_profile", "rules": "update_port:binding:profile", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_remove_router_interface", "rules": "remove_router_interface", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_device_owner", "rules": "update_port:device_owner", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_distributed_router", "rules": "get_router:distributed", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_fixed_ips_ip_address", "rules": "update_port:fixed_ips:ip_address", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_mac_address", "rules": "update_port:mac_address", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_show_high_availability_router", "rules": "get_router:ha", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_port_security_enabled", "rules": "update_port:port_security_enabled", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_router", "rules": "get_router", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_distributed_router", "rules": "update_router:distributed", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_high_availability_router", "rules": "update_router:ha", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_router", "rules": "update_router", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_router_enable_snat", "rules": "update_router:external_gateway_info:enable_snat", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_router_external_fixed_ips", "rules": "update_router:external_gateway_info:external_fixed_ips", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_create_security_group", "rules": "create_security_group", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_router_external_gateway_info", "rules": "update_router:external_gateway_info", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_create_security_group_rule", "rules": "create_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_security_group", "rules": "delete_security_group", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_update_router_external_gateway_info_network_id", "rules": "update_router:external_gateway_info:network_id", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_delete_security_group_rule", "rules": "delete_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_security_group_rules", "rules": "get_security_group_rules", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_list_security_groups", "rules": "get_security_groups", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_security_group_rule", "rules": "get_security_group_rule", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "neutron", "test": "test_show_security_groups", "rules": "get_security_group", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_show_back_end_capabilities", "rules": "volume_extension:capabilities", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "neutron", "test": "test_update_security_group", "rules": "update_security_group", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_associate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_limits", "rules": "limits_extension:used_limits", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_qos_with_consumer", "rules": "volume_extension:qos_specs_manage:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_back_end_storage_pools", "rules": "scheduler_extension:scheduler_stats:get_pools", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_disassociate_all_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_disassociate_qos", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_get_association_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume", "rules": "volume:create", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_qos", "rules": "volume_extension:qos_specs_manage:get_all", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume", "rules": "volume:delete", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_set_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_qos", "rules": "volume_extension:qos_specs_manage:get", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_get_volume", "rules": "volume:get", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume", "rules": "volume:update", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_unset_qos_key", "rules": "volume_extension:qos_specs_manage:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_volume_list", "rules": "volume:get_all", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_list_image_metadata", "rules": "volume_extension:volume_image_metadata", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_reset_snapshot_status", "rules": "volume_extension:snapshot_admin_actions:reset_status", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_force_delete", "rules": "volume_extension:snapshot_admin_actions:force_delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_snapshot_status", "rules": "snapshot_extension:snapshot_actions:update_snapshot_status", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_accept_volume_transfer", "rules": "volume:accept_transfer", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_transfer", "rules": "volume:create_transfer", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_transfer", "rules": "volume:delete_transfer", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_get_volume_transfer", "rules": "volume:get_transfer", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_delete_quota_set", "rules": "volume_extension:quotas:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_volume_transfers", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_default_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_volume_transfers_details", "rules": "volume:get_all_transfers", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_quotas", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_list_quotas_usage_true", "rules": "volume_extension:quotas:show", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:create", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_quota_set", "rules": "volume_extension:quotas:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:delete", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_volume_types_extra_specs", "rules": "volume_extension:types_extra_specs:index", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_list_services", "rules": "volume_extension:services:index", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_show_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:show", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_type_extra_specs", "rules": "volume_extension:types_extra_specs:update", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_create", "rules": "volume:create_snapshot", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_create_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_delete_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_delete", "rules": "volume:delete_snapshot", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_update_volume_type", "rules": "volume_extension:types_manage", "expected": "Denied", "actual": "Denied"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_get", "rules": "volume:get_snapshot", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_snapshot_update", "rules": "volume:update_snapshot", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_snapshots_get_all", "rules": "volume:get_all_snapshots", "expected": "Allowed", "actual": "Allowed"}
+{"role": "reader", "service": "cinder", "test": "test_volume_extend", "rules": "volume:extend", "expected": "Allowed", "actual": "Allowed"}
diff --git a/services/aodh/policy.yaml b/services/aodh/policy.yaml
index ac0b59f..58b6977 100644
--- a/services/aodh/policy.yaml
+++ b/services/aodh/policy.yaml
@@ -3,11 +3,11 @@
 
 # Get an alarm.
 # GET  /v2/alarms/{alarm_id}
-"telemetry:get_alarm": "rule:admin or rule:member or rule:auditor"
+"telemetry:get_alarm": "rule:admin or rule:member or rule:reader"
 
 # Get all alarms, based on the query provided.
 # GET  /v2/alarms
-"telemetry:get_alarms": "rule:admin or rule:member or rule:auditor"
+"telemetry:get_alarms": "rule:admin or rule:member or rule:reader"
 
 # Get all alarms, based on the query provided.
 # POST  /v2/query/alarms
@@ -27,7 +27,7 @@
 
 # Get the state of this alarm.
 # GET  /v2/alarms/{alarm_id}/state
-"telemetry:get_alarm_state": "rule:admin or rule:member or rule:auditor"
+"telemetry:get_alarm_state": "rule:admin or rule:member or rule:reader"
 
 # Set the state of this alarm.
 # PUT  /v2/alarms/{alarm_id}/state
@@ -35,7 +35,7 @@
 
 # Assembles the alarm history requested.
 # GET  /v2/alarms/{alarm_id}/history
-"telemetry:alarm_history": "rule:admin or rule:member or rule:auditor"
+"telemetry:alarm_history": "rule:admin or rule:member or rule:reader"
 
 # Define query for retrieving AlarmChange data.
 # POST  /v2/query/alarms/history
diff --git a/services/cinder/policy.yaml b/services/cinder/policy.yaml
index 53352db..e1d3ba3 100644
--- a/services/cinder/policy.yaml
+++ b/services/cinder/policy.yaml
@@ -24,11 +24,11 @@
 
 # List messages.
 # GET  /messages
-"message:get_all": "rule:admin or rule:member or rule:auditor"
+"message:get_all": "rule:admin or rule:member or rule:reader"
 
 # Show message.
 # GET  /messages/{message_id}
-"message:get": "rule:admin or rule:member or rule:auditor"
+"message:get": "rule:admin or rule:member or rule:reader"
 
 # Delete message.
 # DELETE  /messages/{message_id}
@@ -37,11 +37,11 @@
 # List clusters.
 # GET  /clusters
 # GET  /clusters/detail
-"clusters:get_all": "rule:admin or rule:auditor"
+"clusters:get_all": "rule:admin or rule:reader"
 
 # Show cluster.
 # GET  /clusters/{cluster_id}
-"clusters:get": "rule:admin or rule:auditor"
+"clusters:get": "rule:admin or rule:reader"
 
 # Update cluster.
 # PUT  /clusters/{cluster_id}
@@ -54,7 +54,7 @@
 # Show snapshot's metadata or one specified metadata with a given key.
 # GET  /snapshots/{snapshot_id}/metadata
 # GET  /snapshots/{snapshot_id}/metadata/{key}
-"volume:get_snapshot_metadata": "rule:admin or rule:member or rule:auditor"
+"volume:get_snapshot_metadata": "rule:admin or rule:member or rule:reader"
 
 # Update snapshot's metadata or one specified metadata with a given
 # key.
@@ -69,12 +69,12 @@
 # List snapshots.
 # GET  /snapshots
 # GET  /snapshots/detail
-"volume:get_all_snapshots": "rule:admin or rule:member or rule:auditor"
+"volume:get_all_snapshots": "rule:admin or rule:member or rule:reader"
 
 # List or show snapshots with extended attributes.
 # GET  /snapshots/{snapshot_id}
 # GET  /snapshots/detail
-"volume_extension:extended_snapshot_attributes": "rule:admin or rule:member or rule:auditor"
+"volume_extension:extended_snapshot_attributes": "rule:admin or rule:member or rule:reader"
 
 # Create snapshot.
 # POST  /snapshots
@@ -82,7 +82,7 @@
 
 # Show snapshot.
 # GET  /snapshots/{snapshot_id}
-"volume:get_snapshot": "rule:admin or rule:member or rule:auditor"
+"volume:get_snapshot": "rule:admin or rule:member or rule:reader"
 
 # Update snapshot.
 # PUT  /snapshots/{snapshot_id}
@@ -107,7 +107,7 @@
 # List (in detail) of snapshots which are available to manage.
 # GET  /manageable_snapshots
 # GET  /manageable_snapshots/detail
-"snapshot_extension:list_manageable": "rule:admin or rule:auditor"
+"snapshot_extension:list_manageable": "rule:admin or rule:reader"
 
 # Manage an existing snapshot.
 # POST  /manageable_snapshots
@@ -120,12 +120,12 @@
 # List backups.
 # GET  /backups
 # GET  /backups/detail
-"backup:get_all": "rule:admin or rule:member or rule:auditor"
+"backup:get_all": "rule:admin or rule:member or rule:reader"
 
 # List backups or show backup with project attributes.
 # GET  /backups/{backup_id}
 # GET  /backups/detail
-"backup:backup_project_attribute": "rule:admin or rule:auditor"
+"backup:backup_project_attribute": "rule:admin or rule:reader"
 
 # Create backup.
 # POST  /backups
@@ -133,7 +133,7 @@
 
 # Show backup.
 # GET  /backups/{backup_id}
-"backup:get": "rule:admin or rule:member or rule:auditor"
+"backup:get": "rule:admin or rule:member or rule:reader"
 
 # Update backup.
 # PUT  /backups/{backup_id}
@@ -166,7 +166,7 @@
 # List groups.
 # GET  /groups
 # GET  /groups/detail
-"group:get_all": "rule:admin or rule:member or rule:auditor"
+"group:get_all": "rule:admin or rule:member or rule:reader"
 
 # Create group.
 # POST  /groups
@@ -174,7 +174,7 @@
 
 # Show group.
 # GET  /groups/{group_id}
-"group:get": "rule:admin or rule:member or rule:auditor"
+"group:get": "rule:admin or rule:member or rule:reader"
 
 # Update group.
 # PUT  /groups/{group_id}
@@ -188,7 +188,7 @@
 
 # Show group type with type specs attributes.
 # GET  /group_types/{group_type_id}
-"group:access_group_types_specs": "rule:admin or rule:auditor"
+"group:access_group_types_specs": "rule:admin or rule:reader"
 
 # Create, show, update and delete group type spec.
 # GET  /group_types/{group_type_id}/group_specs/{g_spec_id}
@@ -201,7 +201,7 @@
 # List group snapshots.
 # GET  /group_snapshots
 # GET  /group_snapshots/detail
-"group:get_all_group_snapshots": "rule:admin or rule:member or rule:auditor"
+"group:get_all_group_snapshots": "rule:admin or rule:member or rule:reader"
 
 # Create group snapshot.
 # POST  /group_snapshots
@@ -209,7 +209,7 @@
 
 # Show group snapshot.
 # GET  /group_snapshots/{group_snapshot_id}
-"group:get_group_snapshot": "rule:admin or rule:member or rule:auditor"
+"group:get_group_snapshot": "rule:admin or rule:member or rule:reader"
 
 # Delete group snapshot.
 # DELETE  /group_snapshots/{group_snapshot_id}
@@ -217,7 +217,7 @@
 
 # Update group snapshot.
 # PUT  /group_snapshots/{group_snapshot_id}
-"group:update_group_snapshot": "rule:admin or rule:member or rule:auditor"
+"group:update_group_snapshot": "rule:admin or rule:member or rule:reader"
 
 # Reset status of group snapshot.
 # POST  /group_snapshots/{g_snapshot_id}/action (reset_status)
@@ -250,11 +250,11 @@
 # List qos specs or list all associations.
 # GET  /qos-specs
 # GET  /qos-specs/{qos_id}/associations
-"volume_extension:qos_specs_manage:get_all": "rule:admin or rule:auditor"
+"volume_extension:qos_specs_manage:get_all": "rule:admin or rule:reader"
 
 # Show qos specs.
 # GET  /qos-specs/{qos_id}
-"volume_extension:qos_specs_manage:get": "rule:admin or rule:auditor"
+"volume_extension:qos_specs_manage:get": "rule:admin or rule:reader"
 
 # Create qos specs.
 # POST  /qos-specs
@@ -265,7 +265,7 @@
 # GET  /qos-specs/{qos_id}/disassociate_all
 # GET  /qos-specs/{qos_id}/associate
 # GET  /qos-specs/{qos_id}/disassociate
-"volume_extension:qos_specs_manage:update": "rule:admin or rule:auditor"
+"volume_extension:qos_specs_manage:update": "rule:admin or rule:reader"
 
 # delete qos specs or unset one specified qos key.
 # DELETE  /qos-specs/{qos_id}
@@ -281,7 +281,7 @@
 # GET  /os-quota-sets/{project_id}
 # GET  /os-quota-sets/{project_id}/default
 # GET  /os-quota-sets/{project_id}?usage=True
-"volume_extension:quotas:show": "rule:admin or rule:member or rule:auditor"
+"volume_extension:quotas:show": "rule:admin or rule:member or rule:reader"
 
 # Update project quota.
 # PUT  /os-quota-sets/{project_id}
@@ -293,15 +293,15 @@
 
 # Validate setup for nested quota.
 # GET  /os-quota-sets/validate_setup_for_nested_quota_use
-"volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin or rule:auditor"
+"volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin or rule:reader"
 
 # Show backend capabilities.
 # GET  /capabilities/{host_name}
-"volume_extension:capabilities": "rule:admin or rule:auditor"
+"volume_extension:capabilities": "rule:admin or rule:reader"
 
 # List all services.
 # GET  /os-services
-"volume_extension:services:index": "rule:admin or rule:auditor"
+"volume_extension:services:index": "rule:admin or rule:reader"
 
 # Update service, including failover_host, thaw, freeze, disable,
 # enable, set-log and get-log actions.
@@ -322,7 +322,7 @@
 
 # List all backend pools.
 # GET  /scheduler-stats/get_pools
-"scheduler_extension:scheduler_stats:get_pools": "rule:admin or rule:auditor"
+"scheduler_extension:scheduler_stats:get_pools": "rule:admin or rule:reader"
 
 # List, update or show hosts for a project.
 # GET  /os-hosts
@@ -332,12 +332,12 @@
 
 # Show limits with used limit attributes.
 # GET  /limits
-"limits_extension:used_limits": "rule:admin or rule:member or rule:auditor"
+"limits_extension:used_limits": "rule:admin or rule:member or rule:reader"
 
 # List (in detail) of volumes which are available to manage.
 # GET  /manageable_volumes
 # GET  /manageable_volumes/detail
-"volume_extension:list_manageable": "rule:admin or rule:auditor"
+"volume_extension:list_manageable": "rule:admin or rule:reader"
 
 # Manage existing volumes.
 # POST  /manageable_volumes
@@ -364,12 +364,12 @@
 # List or show volume type with access type extra specs attribute.
 # GET  /types/{type_id}
 # GET  /types
-"volume_extension:access_types_extra_specs": "rule:admin or rule:auditor"
+"volume_extension:access_types_extra_specs": "rule:admin or rule:reader"
 
 # List or show volume type with access type qos specs id attribute.
 # GET  /types/{type_id}
 # GET  /types
-"volume_extension:access_types_qos_specs_id": "rule:admin or rule:auditor"
+"volume_extension:access_types_qos_specs_id": "rule:admin or rule:reader"
 
 # Volume type access related APIs.
 # GET  /types
@@ -471,7 +471,7 @@
 # GET  /os-volume-transfer/detail
 # GET  /volume_transfers
 # GET  /volume_transfers/detail
-"volume:get_all_transfers": "rule:admin or rule:member or rule:auditor"
+"volume:get_all_transfers": "rule:admin or rule:member or rule:reader"
 
 # Create a volume transfer.
 # POST  /os-volume-transfer
@@ -481,7 +481,7 @@
 # Show one specified volume transfer.
 # GET  /os-volume-transfer/{transfer_id}
 # GET  /volume_transfers/{transfer_id}
-"volume:get_transfer": "rule:admin or rule:member or rule:auditor"
+"volume:get_transfer": "rule:admin or rule:member or rule:reader"
 
 # Accept a volume transfer.
 # POST  /os-volume-transfer/{transfer_id}/accept
@@ -496,7 +496,7 @@
 # Show volume's metadata or one specified metadata with a given key.
 # GET  /volumes/{volume_id}/metadata
 # GET  /volumes/{volume_id}/metadata/{key}
-"volume:get_volume_metadata": "rule:admin or rule:member or rule:auditor"
+"volume:get_volume_metadata": "rule:admin or rule:member or rule:reader"
 
 # Create volume metadata.
 # POST  /volumes/{volume_id}/metadata
@@ -527,7 +527,7 @@
 
 # List type extra specs.
 # GET  /types/{type_id}/extra_specs
-"volume_extension:types_extra_specs:index": "rule:admin or rule:auditor"
+"volume_extension:types_extra_specs:index": "rule:admin or rule:reader"
 
 # Create type extra specs.
 # POST  /types/{type_id}/extra_specs
@@ -535,7 +535,7 @@
 
 # Show one specified type extra specs.
 # GET  /types/{type_id}/extra_specs/{extra_spec_key}
-"volume_extension:types_extra_specs:show": "rule:admin or rule:auditor"
+"volume_extension:types_extra_specs:show": "rule:admin or rule:reader"
 
 # Update type extra specs.
 # PUT  /types/{type_id}/extra_specs/{extra_spec_key}
@@ -555,13 +555,13 @@
 
 # Show volume.
 # GET  /volumes/{volume_id}
-"volume:get": "rule:admin or rule:member or rule:auditor"
+"volume:get": "rule:admin or rule:member or rule:reader"
 
 # List volumes or get summary of volumes.
 # GET  /volumes
 # GET  /volumes/detail
 # GET  /volumes/summary
-"volume:get_all": "rule:admin or rule:member or rule:auditor"
+"volume:get_all": "rule:admin or rule:member or rule:reader"
 
 # Update volume.
 # PUT  /volumes
@@ -578,22 +578,22 @@
 # List or show volume with host attribute.
 # GET  /volumes/{volume_id}
 # GET  /volumes/detail
-"volume_extension:volume_host_attribute": "rule:admin or rule:auditor"
+"volume_extension:volume_host_attribute": "rule:admin or rule:reader"
 
 # List or show volume with tenant attribute.
 # GET  /volumes/{volume_id}
 # GET  /volumes/detail
-"volume_extension:volume_tenant_attribute": "rule:admin or rule:member or rule:auditor"
+"volume_extension:volume_tenant_attribute": "rule:admin or rule:member or rule:reader"
 
 # List or show volume with migration status attribute.
 # GET  /volumes/{volume_id}
 # GET  /volumes/detail
-"volume_extension:volume_mig_status_attribute": "rule:admin or rule:auditor"
+"volume_extension:volume_mig_status_attribute": "rule:admin or rule:reader"
 
 # Show volume's encryption metadata.
 # GET  /volumes/{volume_id}/encryption
 # GET  /volumes/{volume_id}/encryption/{encryption_key}
-"volume_extension:volume_encryption_metadata": "rule:admin or rule:member or rule:auditor"
+"volume_extension:volume_encryption_metadata": "rule:admin or rule:member or rule:reader"
 
 # Create multiattach capable volume.
 # POST  /volumes
diff --git a/services/glance/policy.yaml b/services/glance/policy.yaml
index 327a9cf..01b826e 100644
--- a/services/glance/policy.yaml
+++ b/services/glance/policy.yaml
@@ -14,18 +14,18 @@ owner: "(rule:_member_role and user_id:%(user_id)s)"
 # GET /v1/images
 # GET /v1/images/detail
 # GET /v2/images
-"get_images": "rule:admin or rule:member_or_public or rule:auditor"
+"get_images": "rule:admin or rule:member_or_public or rule:reader"
 
 # Retrieve a specific image entity
 # HEAD /v1/images/<IMAGE_ID>
 # GET /v1/images/<IMAGE_ID>
 # GET /v2/images/<IMAGE_ID>
-"get_image": "rule:admin or rule:member_or_public or rule:auditor"
+"get_image": "rule:admin or rule:member_or_public or rule:reader"
 
 # Download binary image data
 # GET /v1/images/<IMAGE_ID>
 # GET /v2/images/<IMAGE_ID>/file
-"download_image": "rule:admin or rule:member_or_public or rule:auditor"
+"download_image": "rule:admin or rule:member_or_public or rule:reader"
 
 # Upload binary image data
 # POST /v1/images
@@ -72,7 +72,7 @@ owner: "(rule:_member_role and user_id:%(user_id)s)"
 # List the members of an image
 # GET /v1/images/<IMAGE_ID>/members
 # GET /v2/images/<IMAGE_ID>/members
-"get_members": "rule:admin or rule:member_or_public or rule:auditor"
+"get_members": "rule:admin or rule:member_or_public or rule:reader"
 
 # Delete a membership of an image
 # DELETE /v1/images/<IMAGE_ID>/members/<MEMBER_ID>
diff --git a/services/gnocchi/policy.yaml b/services/gnocchi/policy.yaml
index 7c1a808..50166bb 100644
--- a/services/gnocchi/policy.yaml
+++ b/services/gnocchi/policy.yaml
@@ -11,39 +11,39 @@ member_or_creator: "(rule:_member_or_creator and (project_id:%(project_id)s or p
 
 # RULES:
 
-"get status": "rule:admin or rule:auditor"
+"get status": "rule:admin or rule:reader"
 
 "create resource": "rule:admin or rule:member_or_creator"
-"get resource": "rule:admin or rule:member_or_creator or rule:auditor"
+"get resource": "rule:admin or rule:member_or_creator or rule:reader"
 "update resource": "rule:admin or rule:member_or_creator"
 "delete resource": "rule:admin or rule:member_or_creator"
 "delete resources": "rule:admin or rule:member_or_creator"
-"list resource": "rule:admin or rule:member_or_creator or rule:auditor"
-"search resource": "rule:admin or rule:member_or_creator or rule:auditor"
+"list resource": "rule:admin or rule:member_or_creator or rule:reader"
+"search resource": "rule:admin or rule:member_or_creator or rule:reader"
 
 "create resource type": "rule:admin"
 "delete resource type": "rule:admin"
 "update resource type": "rule:admin"
-"list resource type": "rule:admin or rule:member_or_creator or rule:auditor"
-"get resource type": "rule:admin or rule:member_or_creator or rule:auditor"
+"list resource type": "rule:admin or rule:member_or_creator or rule:reader"
+"get resource type": "rule:admin or rule:member_or_creator or rule:reader"
 
-"get archive policy": "rule:admin or rule:member_or_creator or rule:auditor"
-"list archive policy": "rule:admin or rule:member_or_creator or rule:auditor"
+"get archive policy": "rule:admin or rule:member_or_creator or rule:reader"
+"list archive policy": "rule:admin or rule:member_or_creator or rule:reader"
 "create archive policy": "rule:admin"
 "update archive policy": "rule:admin"
 "delete archive policy": "rule:admin"
 
 "create archive policy rule": "rule:admin"
-"get archive policy rule": "rule:admin or rule:member_or_creator or rule:auditor"
-"list archive policy rule": "rule:admin or rule:member_or_creator or rule:auditor"
+"get archive policy rule": "rule:admin or rule:member_or_creator or rule:reader"
+"list archive policy rule": "rule:admin or rule:member_or_creator or rule:reader"
 "update archive policy rule": "rule:admin"
 "delete archive policy rule": "rule:admin"
 
 "create metric": "rule:admin or rule:member_or_creator"
 "delete metric": "rule:admin or rule:member_or_creator"
-"get metric": "rule:admin or rule:member_or_creator or rule:auditor"
-"search metric": "rule:admin or rule:member_or_creator or rule:auditor"
-"list metric": "rule:admin or rule:member_or_creator or rule:auditor"
+"get metric": "rule:admin or rule:member_or_creator or rule:reader"
+"search metric": "rule:admin or rule:member_or_creator or rule:reader"
+"list metric": "rule:admin or rule:member_or_creator or rule:reader"
 
-"get measures":  "rule:admin or rule:member_or_creator or rule:auditor"
+"get measures":  "rule:admin or rule:member_or_creator or rule:reader"
 "post measures":  "rule:admin or rule:member_or_creator"
diff --git a/services/heat/policy.yaml b/services/heat/policy.yaml
index 61c8aaa..45eed23 100644
--- a/services/heat/policy.yaml
+++ b/services/heat/policy.yaml
@@ -19,18 +19,18 @@
 
 # Show build information.
 # GET /v1/{tenant_id}/build_info
-"build_info:build_info": "rule:admin or rule:member or rule:auditor"
+"build_info:build_info": "rule:admin or rule:member or rule:reader"
 
 ### Policy Rules defined in heat.policies.cloudformation
 
 #
-"cloudformation:ListStacks": "rule:admin or rule:member or rule:auditor"
+"cloudformation:ListStacks": "rule:admin or rule:member or rule:reader"
 
 #
 "cloudformation:CreateStack": "rule:admin or rule:member"
 
 #
-"cloudformation:DescribeStacks": "rule:admin or rule:member or rule:auditor"
+"cloudformation:DescribeStacks": "rule:admin or rule:member or rule:reader"
 
 #
 "cloudformation:DeleteStack": "rule:admin or rule:member"
@@ -42,7 +42,7 @@
 "cloudformation:CancelUpdateStack": "rule:admin or rule:member"
 
 #
-"cloudformation:DescribeStackEvents": "rule:admin or rule:member or rule:auditor"
+"cloudformation:DescribeStackEvents": "rule:admin or rule:member or rule:reader"
 
 #
 "cloudformation:ValidateTemplate": "rule:admin or rule:member"
@@ -51,40 +51,40 @@
 "cloudformation:GetTemplate": "rule:admin or rule:member"
 
 #
-"cloudformation:EstimateTemplateCost": "rule:admin or rule:member or rule:auditor"
+"cloudformation:EstimateTemplateCost": "rule:admin or rule:member or rule:reader"
 
 #
-"cloudformation:DescribeStackResource": "rule:admin or rule:member or rule:auditor"
+"cloudformation:DescribeStackResource": "rule:admin or rule:member or rule:reader"
 
 #
-"cloudformation:DescribeStackResources": "rule:admin or rule:member or rule:auditor"
+"cloudformation:DescribeStackResources": "rule:admin or rule:member or rule:reader"
 
 #
-"cloudformation:ListStackResources": "rule:admin or rule:member or rule:auditor"
+"cloudformation:ListStackResources": "rule:admin or rule:member or rule:reader"
 
 ### Policy Rules defined in heat.policies.events
 
 # List events.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events
-"events:index": "rule:admin or rule:member or rule:auditor"
+"events:index": "rule:admin or rule:member or rule:reader"
 
 # Show event.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events/{event_id}
-"events:show": "rule:admin or rule:member or rule:auditor"
+"events:show": "rule:admin or rule:member or rule:reader"
 
 ### Policy Rules defined in heat.policies.resource
 
 # List resources.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources
-"resource:index": "rule:admin or rule:member or rule:auditor"
+"resource:index": "rule:admin or rule:member or rule:reader"
 
 # Show resource metadata.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/metadata
-"resource:metadata": "rule:admin or rule:member or rule:auditor"
+"resource:metadata": "rule:admin or rule:member or rule:reader"
 
 # Signal resource.
 # POST /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/signal
-"resource:signal": "rule:admin or rule:member or rule:auditor"
+"resource:signal": "rule:admin or rule:member or rule:reader"
 
 # Mark resource as unhealthy.
 # PATCH /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name_or_physical_id}
@@ -92,7 +92,7 @@
 
 # Show resource.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}
-"resource:show": "rule:admin or rule:member or rule:auditor"
+"resource:show": "rule:admin or rule:member or rule:reader"
 
 ### Policy Rules defined in heat.policies.resource_types
 
@@ -144,7 +144,7 @@
 ### Policy Rules defined in heat.policies.service
 
 #
-"service:index": "rule:admin or rule:auditor"
+"service:index": "rule:admin or rule:reader"
 
 ### Policy Rules defined in heat.policies.software_configs
 
@@ -154,7 +154,7 @@
 
 # List configs.
 # GET /v1/{tenant_id}/software_configs
-"software_configs:index": "rule:admin or rule:member or rule:auditor"
+"software_configs:index": "rule:admin or rule:member or rule:reader"
 
 # Create config.
 # POST /v1/{tenant_id}/software_configs
@@ -162,7 +162,7 @@
 
 # Show config details.
 # GET /v1/{tenant_id}/software_configs/{config_id}
-"software_configs:show": "rule:admin or rule:member or rule:auditor"
+"software_configs:show": "rule:admin or rule:member or rule:reader"
 
 # Delete config.
 # DELETE /v1/{tenant_id}/software_configs/{config_id}
@@ -172,7 +172,7 @@
 
 # List deployments.
 # GET /v1/{tenant_id}/software_deployments
-"software_deployments:index": "rule:admin or rule:member or rule:auditor"
+"software_deployments:index": "rule:admin or rule:member or rule:reader"
 
 # Create deployment.
 # POST /v1/{tenant_id}/software_deployments
@@ -180,7 +180,7 @@
 
 # Show deployment details.
 # GET /v1/{tenant_id}/software_deployments/{deployment_id}
-"software_deployments:show": "rule:admin or rule:member or rule:auditor"
+"software_deployments:show": "rule:admin or rule:member or rule:reader"
 
 # Update deployment.
 # PUT /v1/{tenant_id}/software_deployments/{deployment_id}
@@ -192,7 +192,7 @@
 
 # Show server configuration metadata.
 # GET /v1/{tenant_id}/software_deployments/metadata/{server_id}
-"software_deployments:metadata": "rule:admin or rule:member or rule:auditor"
+"software_deployments:metadata": "rule:admin or rule:member or rule:reader"
 
 ### Policy Rules defined in heat.policies.stacks
 
@@ -210,15 +210,15 @@
 
 # List stacks in detail.
 # GET /v1/{tenant_id}/stacks
-"stacks:detail": "rule:admin or rule:member or rule:auditor"
+"stacks:detail": "rule:admin or rule:member or rule:reader"
 
 # Export stack.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/export
-"stacks:export": "rule:admin or rule:member or rule:auditor"
+"stacks:export": "rule:admin or rule:member or rule:reader"
 
 # Generate stack template.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template
-"stacks:generate_template": "rule:admin or rule:member or rule:auditor"
+"stacks:generate_template": "rule:admin or rule:member or rule:reader"
 
 # List stacks globally.
 # GET /v1/{tenant_id}/stacks
@@ -226,23 +226,23 @@
 
 # List stacks.
 # GET /v1/{tenant_id}/stacks
-"stacks:index": "rule:admin or rule:member or rule:auditor"
+"stacks:index": "rule:admin or rule:member or rule:reader"
 
 # List resource types.
 # GET /v1/{tenant_id}/resource_types
-"stacks:list_resource_types": "rule:admin or rule:member or rule:auditor"
+"stacks:list_resource_types": "rule:admin or rule:member or rule:reader"
 
 # List template versions.
 # GET /v1/{tenant_id}/template_versions
-"stacks:list_template_versions": "rule:admin or rule:member or rule:auditor"
+"stacks:list_template_versions": "rule:admin or rule:member or rule:reader"
 
 # List template functions.
 # GET /v1/{tenant_id}/template_versions/{template_version}/functions
-"stacks:list_template_functions": "rule:admin or rule:member or rule:auditor"
+"stacks:list_template_functions": "rule:admin or rule:member or rule:reader"
 
 # Find stack.
 # GET /v1/{tenant_id}/stacks/{stack_identity}
-"stacks:lookup": "rule:admin or rule:member or rule:auditor"
+"stacks:lookup": "rule:admin or rule:member or rule:reader"
 
 # Preview stack.
 # POST /v1/{tenant_id}/stacks/preview
@@ -250,11 +250,11 @@
 
 # Show resource type schema.
 # GET /v1/{tenant_id}/resource_types/{type_name}
-"stacks:resource_schema": "rule:admin or rule:member or rule:auditor"
+"stacks:resource_schema": "rule:admin or rule:member or rule:reader"
 
 # Show stack.
 # GET /v1/{tenant_id}/stacks/{stack_identity}
-"stacks:show": "rule:admin or rule:member or rule:auditor"
+"stacks:show": "rule:admin or rule:member or rule:reader"
 
 # Get stack template.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template
@@ -294,7 +294,7 @@
 
 # Show snapshot.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}
-"stacks:show_snapshot": "rule:admin or rule:member or rule:auditor"
+"stacks:show_snapshot": "rule:admin or rule:member or rule:reader"
 
 # Delete snapshot.
 # DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}
@@ -302,7 +302,7 @@
 
 # List snapshots.
 # GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots
-"stacks:list_snapshots": "rule:admin or rule:member or rule:auditor"
+"stacks:list_snapshots": "rule:admin or rule:member or rule:reader"
 
 # Restore snapshot.
 # POST /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}/restore
diff --git a/services/keystone/policy.yaml b/services/keystone/policy.yaml
index 14708c5..9d4f574 100644
--- a/services/keystone/policy.yaml
+++ b/services/keystone/policy.yaml
@@ -4,12 +4,12 @@
 # Show application credential details.
 # GET  /v3/users/{user_id}/application_credentials/{application_credential_id}
 # HEAD  /v3/users/{user_id}/application_credentials/{application_credential_id}
-"identity:get_application_credential": "rule:admin or rule:owner or rule:auditor"
+"identity:get_application_credential": "rule:admin or rule:owner or rule:reader"
 
 # List application credentials for a user.
 # GET  /v3/users/{user_id}/application_credentials
 # HEAD  /v3/users/{user_id}/application_credentials
-"identity:list_application_credentials": "rule:admin or rule:owner or rule:auditor"
+"identity:list_application_credentials": "rule:admin or rule:owner or rule:reader"
 
 # Create an application credential.
 # POST  /v3/users/{user_id}/application_credentials
@@ -117,12 +117,12 @@
 # Show domain details.
 # GET  /v3/domains/{domain_id}
 # Intended scope(s): system
-"identity:get_domain": "rule:admin or token.project.domain.id:%(target.domain.id)s or rule:auditor"
+"identity:get_domain": "rule:admin or token.project.domain.id:%(target.domain.id)s or rule:reader"
 
 # List domains.
 # GET  /v3/domains
 # Intended scope(s): system
-"identity:list_domains": "rule:admin or rule:auditor"
+"identity:list_domains": "rule:admin or rule:reader"
 
 # Create domain.
 # POST  /v3/domains
@@ -154,7 +154,7 @@
 # GET  /v3/domains/{domain_id}/config/{group}/{option}
 # HEAD  /v3/domains/{domain_id}/config/{group}/{option}
 # Intended scope(s): system
-"identity:get_domain_config": "rule:admin or rule:auditor"
+"identity:get_domain_config": "rule:admin or rule:reader"
 
 # Get security compliance domain configuration for either a domain or
 # a specific option in a domain.
@@ -190,11 +190,11 @@
 # GET  /v3/domains/config/{group}/{option}/default
 # HEAD  /v3/domains/config/{group}/{option}/default
 # Intended scope(s): system
-"identity:get_domain_config_default": "rule:admin or rule:auditor"
+"identity:get_domain_config_default": "rule:admin or rule:reader"
 
 # Show ec2 credential details.
 # GET  /v3/users/{user_id}/credentials/OS-EC2/{credential_id}
-"identity:ec2_get_credential": "rule:admin or (rule:owner and user_id:%(target.credential.user_id)s) or rule:auditor"
+"identity:ec2_get_credential": "rule:admin or (rule:owner and user_id:%(target.credential.user_id)s) or rule:reader"
 
 # List ec2 credentials.
 # GET  /v3/users/{user_id}/credentials/OS-EC2
@@ -211,12 +211,12 @@
 # Show endpoint details.
 # GET  /v3/endpoints/{endpoint_id}
 # Intended scope(s): system
-"identity:get_endpoint": "rule:admin or rule:auditor"
+"identity:get_endpoint": "rule:admin or rule:reader"
 
 # List endpoints.
 # GET  /v3/endpoints
 # Intended scope(s): system
-"identity:list_endpoints": "rule:admin or rule:auditor"
+"identity:list_endpoints": "rule:admin or rule:reader"
 
 # Create endpoint.
 # POST  /v3/endpoints
@@ -241,13 +241,13 @@
 # List endpoint groups.
 # GET  /v3/OS-EP-FILTER/endpoint_groups
 # Intended scope(s): system
-"identity:list_endpoint_groups": "rule:admin or rule:auditor"
+"identity:list_endpoint_groups": "rule:admin or rule:reader"
 
 # Get endpoint group.
 # GET  /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
 # HEAD  /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
 # Intended scope(s): system
-"identity:get_endpoint_group": "rule:admin or rule:auditor"
+"identity:get_endpoint_group": "rule:admin or rule:reader"
 
 # Update endpoint group.
 # PATCH  /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
@@ -262,23 +262,23 @@
 # List all projects associated with a specific endpoint group.
 # GET  /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects
 # Intended scope(s): system
-"identity:list_projects_associated_with_endpoint_group": "rule:admin or rule:auditor"
+"identity:list_projects_associated_with_endpoint_group": "rule:admin or rule:reader"
 
 # List all endpoints associated with an endpoint group.
 # GET  /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints
 # Intended scope(s): system
-"identity:list_endpoints_associated_with_endpoint_group": "rule:admin or rule:auditor"
+"identity:list_endpoints_associated_with_endpoint_group": "rule:admin or rule:reader"
 
 # Check if an endpoint group is associated with a project.
 # GET  /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}
 # HEAD  /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}
 # Intended scope(s): system
-"identity:get_endpoint_group_in_project": "rule:admin or rule:auditor"
+"identity:get_endpoint_group_in_project": "rule:admin or rule:reader"
 
 # List endpoint groups associated with a specific project.
 # GET  /v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups
 # Intended scope(s): system
-"identity:list_endpoint_groups_for_project": "rule:admin or rule:auditor"
+"identity:list_endpoint_groups_for_project": "rule:admin or rule:reader"
 
 # Allow a project to access an endpoint group.
 # PUT  /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}
@@ -312,7 +312,7 @@
 # HEAD  /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
 # GET  /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
 # Intended scope(s): system
-"identity:check_grant": "rule:admin or rule:auditor"
+"identity:check_grant": "rule:admin or rule:reader"
 
 # List roles granted to an actor on a target. A target can be either a
 # domain or a project. An actor can be either a user or a group. For
@@ -330,7 +330,7 @@
 # GET  /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects
 # GET  /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
 # Intended scope(s): system
-"identity:list_grants": "rule:admin or rule:auditor"
+"identity:list_grants": "rule:admin or rule:reader"
 
 # Create a role grant between a target and an actor. A target can be
 # either a domain or a project. An actor can be either a user or a
@@ -369,12 +369,12 @@
 # List all grants a specific user has on the system.
 # ['HEAD', 'GET']  /v3/system/users/{user_id}/roles
 # Intended scope(s): system
-"identity:list_system_grants_for_user": "rule:admin or rule:auditor"
+"identity:list_system_grants_for_user": "rule:admin or rule:reader"
 
 # Check if a user has a role on the system.
 # ['HEAD', 'GET']  /v3/system/users/{user_id}/roles/{role_id}
 # Intended scope(s): system
-"identity:check_system_grant_for_user": "rule:admin or rule:auditor"
+"identity:check_system_grant_for_user": "rule:admin or rule:reader"
 
 # Grant a user a role on the system.
 # ['PUT']  /v3/system/users/{user_id}/roles/{role_id}
@@ -389,12 +389,12 @@
 # List all grants a specific group has on the system.
 # ['HEAD', 'GET']  /v3/system/groups/{group_id}/roles
 # Intended scope(s): system
-"identity:list_system_grants_for_group": "rule:admin or rule:auditor"
+"identity:list_system_grants_for_group": "rule:admin or rule:reader"
 
 # Check if a group has a role on the system.
 # ['HEAD', 'GET']  /v3/system/groups/{group_id}/roles/{role_id}
 # Intended scope(s): system
-"identity:check_system_grant_for_group": "rule:admin or rule:auditor"
+"identity:check_system_grant_for_group": "rule:admin or rule:reader"
 
 # Grant a group a role on the system.
 # ['PUT']  /v3/system/groups/{group_id}/roles/{role_id}
@@ -410,19 +410,19 @@
 # GET  /v3/groups/{group_id}
 # HEAD  /v3/groups/{group_id}
 # Intended scope(s): system
-"identity:get_group": "rule:admin or rule:auditor"
+"identity:get_group": "rule:admin or rule:reader"
 
 # List groups.
 # GET  /v3/groups
 # HEAD  /v3/groups
 # Intended scope(s): system
-"identity:list_groups": "rule:admin or rule:auditor"
+"identity:list_groups": "rule:admin or rule:reader"
 
 # List groups to which a user belongs.
 # GET  /v3/users/{user_id}/groups
 # HEAD  /v3/users/{user_id}/groups
 # Intended scope(s): system
-"identity:list_groups_for_user": "rule:admin or rule:owner or rule:auditor"
+"identity:list_groups_for_user": "rule:admin or rule:owner or rule:reader"
 
 # Create group.
 # POST  /v3/groups
@@ -443,7 +443,7 @@
 # GET  /v3/groups/{group_id}/users
 # HEAD  /v3/groups/{group_id}/users
 # Intended scope(s): system
-"identity:list_users_in_group": "rule:admin or rule:auditor"
+"identity:list_users_in_group": "rule:admin or rule:reader"
 
 # Remove user from group.
 # DELETE  /v3/groups/{group_id}/users/{user_id}
@@ -454,7 +454,7 @@
 # HEAD  /v3/groups/{group_id}/users/{user_id}
 # GET  /v3/groups/{group_id}/users/{user_id}
 # Intended scope(s): system
-"identity:check_user_in_group": "rule:admin or rule:auditor"
+"identity:check_user_in_group": "rule:admin or rule:reader"
 
 # Add user to group.
 # PUT  /v3/groups/{group_id}/users/{user_id}
@@ -470,13 +470,13 @@
 # GET  /v3/OS-FEDERATION/identity_providers
 # HEAD  /v3/OS-FEDERATION/identity_providers
 # Intended scope(s): system
-"identity:list_identity_providers": "rule:admin or rule:auditor"
+"identity:list_identity_providers": "rule:admin or rule:reader"
 
 # Get identity provider.
 # GET  /v3/OS-FEDERATION/identity_providers/{idp_id}
 # HEAD  /v3/OS-FEDERATION/identity_providers/{idp_id}
 # Intended scope(s): system
-"identity:get_identity_provider": "rule:admin or rule:auditor"
+"identity:get_identity_provider": "rule:admin or rule:reader"
 
 # Update identity provider.
 # PATCH  /v3/OS-FEDERATION/identity_providers/{idp_id}
@@ -494,7 +494,7 @@
 # role.
 # GET  /v3/roles/{prior_role_id}/implies/{implied_role_id}
 # Intended scope(s): system
-"identity:get_implied_role": "rule:admin or rule:auditor"
+"identity:get_implied_role": "rule:admin or rule:reader"
 
 # List associations between two roles. When a relationship exists
 # between a prior role and an implied role and the prior role is
@@ -504,7 +504,7 @@
 # GET  /v3/roles/{prior_role_id}/implies
 # HEAD  /v3/roles/{prior_role_id}/implies
 # Intended scope(s): system
-"identity:list_implied_roles": "rule:admin or rule:auditor"
+"identity:list_implied_roles": "rule:admin or rule:reader"
 
 # Create an association between two roles. When a relationship exists
 # between a prior role and an implied role and the prior role is
@@ -528,14 +528,14 @@
 # GET  /v3/role_inferences
 # HEAD  /v3/role_inferences
 # Intended scope(s): system
-"identity:list_role_inference_rules": "rule:admin or rule:auditor"
+"identity:list_role_inference_rules": "rule:admin or rule:reader"
 
 # Check an association between two roles. When a relationship exists
 # between a prior role and an implied role and the prior role is
 # assigned to a user, the user also assumes the implied role.
 # HEAD  /v3/roles/{prior_role_id}/implies/{implied_role_id}
 # Intended scope(s): system
-"identity:check_implied_role": "rule:admin or rule:auditor"
+"identity:check_implied_role": "rule:admin or rule:reader"
 
 # Get limit enforcement model.
 # GET  /v3/limits/model
@@ -579,13 +579,13 @@
 # GET  /v3/OS-FEDERATION/mappings/{mapping_id}
 # HEAD  /v3/OS-FEDERATION/mappings/{mapping_id}
 # Intended scope(s): system
-"identity:get_mapping": "rule:admin or rule:auditor"
+"identity:get_mapping": "rule:admin or rule:reader"
 
 # List federated mappings.
 # GET  /v3/OS-FEDERATION/mappings
 # HEAD  /v3/OS-FEDERATION/mappings
 # Intended scope(s): system
-"identity:list_mappings": "rule:admin or rule:auditor"
+"identity:list_mappings": "rule:admin or rule:reader"
 
 # Delete a federated mapping.
 # DELETE  /v3/OS-FEDERATION/mappings/{mapping_id}
@@ -600,12 +600,12 @@
 # Show policy details.
 # GET  /v3/policy/{policy_id}
 # Intended scope(s): system
-"identity:get_policy": "rule:admin or rule:auditor"
+"identity:get_policy": "rule:admin or rule:reader"
 
 # List policies.
 # GET  /v3/policies
 # Intended scope(s): system
-"identity:list_policies": "rule:admin or rule:auditor"
+"identity:list_policies": "rule:admin or rule:reader"
 
 # Create policy.
 # POST  /v3/policies
@@ -631,7 +631,7 @@
 # GET  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
 # HEAD  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
 # Intended scope(s): system
-"identity:check_policy_association_for_endpoint": "rule:admin or rule:auditor"
+"identity:check_policy_association_for_endpoint": "rule:admin or rule:reader"
 
 # Delete policy association for endpoint.
 # DELETE  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
@@ -647,7 +647,7 @@
 # GET  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
 # HEAD  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
 # Intended scope(s): system
-"identity:check_policy_association_for_service": "rule:admin or rule:auditor"
+"identity:check_policy_association_for_service": "rule:admin or rule:reader"
 
 # Delete policy association for service.
 # DELETE  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
@@ -663,7 +663,7 @@
 # GET  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
 # HEAD  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
 # Intended scope(s): system
-"identity:check_policy_association_for_region_and_service": "rule:admin or rule:auditor"
+"identity:check_policy_association_for_region_and_service": "rule:admin or rule:reader"
 
 # Delete policy association for region and service.
 # DELETE  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
@@ -674,25 +674,25 @@
 # GET  /v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy
 # HEAD  /v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy
 # Intended scope(s): system
-"identity:get_policy_for_endpoint": "rule:admin or rule:auditor"
+"identity:get_policy_for_endpoint": "rule:admin or rule:reader"
 
 # List endpoints for policy.
 # GET  /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints
 # Intended scope(s): system
-"identity:list_endpoints_for_policy": "rule:admin or rule:auditor"
+"identity:list_endpoints_for_policy": "rule:admin or rule:reader"
 
 # Show project details.
 # GET  /v3/projects/{project_id}
-"identity:get_project": "rule:admin or project_id:%(target.project.id)s or rule:auditor"
+"identity:get_project": "rule:admin or project_id:%(target.project.id)s or rule:reader"
 
 # List projects.
 # GET  /v3/projects
 # Intended scope(s): system
-"identity:list_projects": "rule:admin or rule:auditor"
+"identity:list_projects": "rule:admin or rule:reader"
 
 # List projects for user.
 # GET  /v3/users/{user_id}/projects
-"identity:list_user_projects": "rule:admin or rule:owner or rule:auditor"
+"identity:list_user_projects": "rule:admin or rule:owner or rule:reader"
 
 # Create project.
 # POST  /v3/projects
@@ -712,12 +712,12 @@
 # List tags for a project.
 # GET  /v3/projects/{project_id}/tags
 # HEAD  /v3/projects/{project_id}/tags
-"identity:list_project_tags": "rule:admin or project_id:%(target.project.id)s or rule:auditor"
+"identity:list_project_tags": "rule:admin or project_id:%(target.project.id)s or rule:reader"
 
 # Check if project contains a tag.
 # GET  /v3/projects/{project_id}/tags/{value}
 # HEAD  /v3/projects/{project_id}/tags/{value}
-"identity:get_project_tag": "rule:admin or project_id:%(target.project.id)s or rule:auditor"
+"identity:get_project_tag": "rule:admin or project_id:%(target.project.id)s or rule:reader"
 
 # Replace all tags on a project with the new set of tags.
 # PUT  /v3/projects/{project_id}/tags
@@ -742,7 +742,7 @@
 # List projects allowed to access an endpoint.
 # GET  /v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects
 # Intended scope(s): system
-"identity:list_projects_for_endpoint": "rule:admin or rule:auditor"
+"identity:list_projects_for_endpoint": "rule:admin or rule:reader"
 
 # Allow project to access an endpoint.
 # PUT  /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
@@ -753,12 +753,12 @@
 # GET  /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
 # HEAD  /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
 # Intended scope(s): system
-"identity:check_endpoint_in_project": "rule:admin or rule:auditor"
+"identity:check_endpoint_in_project": "rule:admin or rule:reader"
 
 # List the endpoints a project is allowed to access.
 # GET  /v3/OS-EP-FILTER/projects/{project_id}/endpoints
 # Intended scope(s): system
-"identity:list_endpoints_for_project": "rule:admin or rule:auditor"
+"identity:list_endpoints_for_project": "rule:admin or rule:reader"
 
 # Remove access to an endpoint from a project that has previously been
 # given explicit access.
@@ -779,12 +779,12 @@
 # Get federated protocol.
 # GET  /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
 # Intended scope(s): system
-"identity:get_protocol": "rule:admin or rule:auditor"
+"identity:get_protocol": "rule:admin or rule:reader"
 
 # List federated protocols.
 # GET  /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols
 # Intended scope(s): system
-"identity:list_protocols": "rule:admin or rule:auditor"
+"identity:list_protocols": "rule:admin or rule:reader"
 
 # Delete federated protocol.
 # DELETE  /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
@@ -849,19 +849,19 @@
 # List revocation events.
 # GET  /v3/OS-REVOKE/events
 # Intended scope(s): system
-"identity:list_revoke_events": "rule:admin or rule:service_role or rule:auditor"
+"identity:list_revoke_events": "rule:admin or rule:service_role or rule:reader"
 
 # Show role details.
 # GET  /v3/roles/{role_id}
 # HEAD  /v3/roles/{role_id}
 # Intended scope(s): system
-"identity:get_role": "rule:admin or rule:auditor"
+"identity:get_role": "rule:admin or rule:reader"
 
 # List roles.
 # GET  /v3/roles
 # HEAD  /v3/roles
 # Intended scope(s): system
-"identity:list_roles": "rule:admin or rule:auditor"
+"identity:list_roles": "rule:admin or rule:reader"
 
 # Create role.
 # POST  /v3/roles
@@ -882,13 +882,13 @@
 # GET  /v3/roles/{role_id}
 # HEAD  /v3/roles/{role_id}
 # Intended scope(s): system
-"identity:get_domain_role": "rule:admin or rule:auditor"
+"identity:get_domain_role": "rule:admin or rule:reader"
 
 # List domain roles.
 # GET  /v3/roles?domain_id={domain_id}
 # HEAD  /v3/roles?domain_id={domain_id}
 # Intended scope(s): system
-"identity:list_domain_roles": "rule:admin or rule:auditor"
+"identity:list_domain_roles": "rule:admin or rule:reader"
 
 # Create domain role.
 # POST  /v3/roles
@@ -909,23 +909,23 @@
 # GET  /v3/role_assignments
 # HEAD  /v3/role_assignments
 # Intended scope(s): system
-"identity:list_role_assignments": "rule:admin or rule:auditor"
+"identity:list_role_assignments": "rule:admin or rule:reader"
 
 # List all role assignments for a given tree of hierarchical projects.
 # GET  /v3/role_assignments?include_subtree
 # HEAD  /v3/role_assignments?include_subtree
 # Intended scope(s): project
-"identity:list_role_assignments_for_tree": "rule:admin or rule:auditor"
+"identity:list_role_assignments_for_tree": "rule:admin or rule:reader"
 
 # Show service details.
 # GET  /v3/services/{service_id}
 # Intended scope(s): system
-"identity:get_service": "rule:admin or rule:auditor"
+"identity:get_service": "rule:admin or rule:reader"
 
 # List services.
 # GET  /v3/services
 # Intended scope(s): system
-"identity:list_services": "rule:admin or rule:auditor"
+"identity:list_services": "rule:admin or rule:reader"
 
 # Create service.
 # POST  /v3/services
@@ -951,13 +951,13 @@
 # GET  /v3/OS-FEDERATION/service_providers
 # HEAD  /v3/OS-FEDERATION/service_providers
 # Intended scope(s): system
-"identity:list_service_providers": "rule:admin or rule:auditor"
+"identity:list_service_providers": "rule:admin or rule:reader"
 
 # Get federated service provider.
 # GET  /v3/OS-FEDERATION/service_providers/{service_provider_id}
 # HEAD  /v3/OS-FEDERATION/service_providers/{service_provider_id}
 # Intended scope(s): system
-"identity:get_service_provider": "rule:admin or rule:auditor"
+"identity:get_service_provider": "rule:admin or rule:reader"
 
 # Update federated service provider.
 # PATCH  /v3/OS-FEDERATION/service_providers/{service_provider_id}
@@ -972,7 +972,7 @@
 # List revoked PKI tokens.
 # GET  /v3/auth/tokens/OS-PKI/revoked
 # Intended scope(s): system, project
-"identity:revocation_list": "rule:admin or rule:service_role or rule:auditor"
+"identity:revocation_list": "rule:admin or rule:service_role or rule:reader"
 
 # Check a token.
 # HEAD  /v3/auth/tokens
@@ -980,7 +980,7 @@
 
 # Validate a token.
 # GET  /v3/auth/tokens
-"identity:validate_token": "rule:admin or rule:service_role or rule:token_subject or rule:auditor"
+"identity:validate_token": "rule:admin or rule:service_role or rule:token_subject or rule:reader"
 
 # Revoke a token.
 # DELETE  /v3/auth/tokens
@@ -1023,13 +1023,13 @@
 # Show user details.
 # GET  /v3/users/{user_id}
 # HEAD  /v3/users/{user_id}
-"identity:get_user": "rule:admin or rule:owner or rule:auditor"
+"identity:get_user": "rule:admin or rule:owner or rule:reader"
 
 # List users.
 # GET  /v3/users
 # HEAD  /v3/users
 # Intended scope(s): system
-"identity:list_users": "rule:admin or rule:auditor"
+"identity:list_users": "rule:admin or rule:reader"
 
 # List all projects a user has access to via role assignments.
 # GET   /v3/auth/projects
diff --git a/services/manila/policy.yaml b/services/manila/policy.yaml
index ef5426b..2369015 100644
--- a/services/manila/policy.yaml
+++ b/services/manila/policy.yaml
@@ -7,7 +7,7 @@
 # GET /os-availability-zone
 # GET /availability-zone
 #
-"availability_zone:index": "rule:default or rule:auditor"
+"availability_zone:index": "rule:default or rule:reader"
 
 ### Policy Rules defined in manila.policies.base
 
@@ -16,13 +16,13 @@
 # Get details of a given message.
 # GET /messages/{message_id}
 #
-"message:get": "rule:default or rule:auditor"
+"message:get": "rule:default or rule:reader"
 
 # Get all messages.
 # GET /messages
 # GET /messages?{query}
 #
-"message:get_all": "rule:default or rule:auditor"
+"message:get_all": "rule:default or rule:reader"
 
 # Delete a message.
 # DELETE /messages/{message_id}
@@ -41,7 +41,7 @@
 # GET /quota-class-sets/{class_name}
 # GET /os-quota-class-sets/{class_name}
 #
-"quota_class_set:show": "rule:defaul or rule:auditort"
+"quota_class_set:show": "rule:defaul or rule:readert"
 
 ### Policy Rules defined in manila.policies.quota_set
 
@@ -58,7 +58,7 @@
 # GET /quota-sets/{tenant_id}/defaults
 # GET /os-quota-sets/{tenant_id}/defaults
 #
-"quota_set:show": "rule:default or rule:auditor"
+"quota_set:show": "rule:default or rule:reader"
 
 # Delete quota for a tenant/user or tenant/share-type. The quota will revert back to default (Admin only).
 # DELETE /quota-sets/{tenant_id}
@@ -75,13 +75,13 @@
 # GET /scheduler-stats/pools
 # GET /scheduler-stats/pools?{query}
 #
-"scheduler_stats:pools:index": "rule:admin or rule:auditor"
+"scheduler_stats:pools:index": "rule:admin or rule:reader"
 
 # Get detailed information regarding backends (and storage pools) known to the scheduler.
 # GET /scheduler-stats/pools/detail?{query}
 # GET /scheduler-stats/pools/detail
 #
-"scheduler_stats:pools:detail": "rule:admin or rule:auditor"
+"scheduler_stats:pools:detail": "rule:admin or rule:reader"
 
 ### Policy Rules defined in manila.policies.security_service
 
@@ -93,19 +93,19 @@
 # Get details of a security service.
 # GET /security-services/{security_service_id}
 #
-"security_service:show": "rule:default or rule:auditor"
+"security_service:show": "rule:default or rule:reader"
 
 # Get details of all security services.
 # GET /security-services/detail?{query}
 # GET /security-services/detail
 #
-"security_service:detail": "rule:default or rule:auditor"
+"security_service:detail": "rule:default or rule:reader"
 
 # Get all security services.
 # GET /security-services
 # GET /security-services?{query}
 #
-"security_service:index": "rule:default or rule:auditor"
+"security_service:index": "rule:default or rule:reader"
 
 # Update a security service.
 # PUT /security-services/{security_service_id}
@@ -121,7 +121,7 @@
 # GET /security-services?all_tenants=1
 # GET /security-services/detail?all_tenants=1
 #
-"security_service:get_all_security_services": "rule:admin or rule:auditor"
+"security_service:get_all_security_services": "rule:admin or rule:reader"
 
 ### Policy Rules defined in manila.policies.service
 
@@ -131,7 +131,7 @@
 # GET /services
 # GET /services?{query}
 #
-"service:index": "rule:admin or rule:auditor"
+"service:index": "rule:admin or rule:reader"
 
 # Enable/Disable scheduling for a service.
 # PUT /os-services/disable
@@ -150,12 +150,12 @@
 # Get all export locations of a given share.
 # GET /shares/{share_id}/export_locations
 #
-"share_export_location:index": "rule:default or rule:auditor"
+"share_export_location:index": "rule:default or rule:reader"
 
 # Get details about the requested export location.
 # GET /shares/{share_id}/export_locations/{export_location_id}
 #
-"share_export_location:show": "rule:default or rule:auditor"
+"share_export_location:show": "rule:default or rule:reader"
 
 ### Policy Rules defined in manila.policies.share_group
 
@@ -167,7 +167,7 @@
 # Get details of a share group.
 # GET /share-groups/{share_group_id}
 #
-"share_group:get": "rule:default or rule:auditor"
+"share_group:get": "rule:default or rule:reader"
 
 # Get all share groups.
 # GET /share-groups
@@ -175,7 +175,7 @@
 # GET /share-groups?{query}
 # GET /share-groups/detail?{query}
 #
-"share_group:get_all": "rule:default or rule:auditor"
+"share_group:get_all": "rule:default or rule:reader"
 
 # Update share group.
 # PUT /share-groups/{share_group_id}
@@ -207,7 +207,7 @@
 # Get details of a share group snapshot.
 # GET /share-group-snapshots/{share_group_snapshot_id}
 #
-"share_group_snapshot:get": "rule:default or rule:auditor"
+"share_group_snapshot:get": "rule:default or rule:reader"
 
 # Get all share group snapshots.
 # GET /share-group-snapshots
@@ -215,7 +215,7 @@
 # GET /share-group-snapshots/{query}
 # GET /share-group-snapshots/detail?{query}
 #
-"share_group_snapshot:get_all": "rule:default or rule:auditor"
+"share_group_snapshot:get_all": "rule:default or rule:reader"
 
 # Update a share group snapshot.
 # PUT /share-group-snapshots/{share_group_snapshot_id}
@@ -248,17 +248,17 @@
 # GET /share-group-types
 # GET /share-group-types?is_public=all
 #
-"share_group_type:index": "rule:default or rule:auditor"
+"share_group_type:index": "rule:default or rule:reader"
 
 # Get details regarding the specified share group type.
 # GET /share-group-types/{share_group_type_id}
 #
-"share_group_type:show": "rule:default or rule:auditor"
+"share_group_type:show": "rule:default or rule:reader"
 
 # Get the default share group type.
 # GET /share-group-types/default
 #
-"share_group_type:default": "rule:default or rule:auditor"
+"share_group_type:default": "rule:default or rule:reader"
 
 # Delete an existing group type.
 # DELETE /share-group-types/{share_group_type_id}
@@ -268,7 +268,7 @@
 # Get project access by share group type.
 # POST /share-group-types/{share_group_type_id}/access
 #
-"share_group_type:list_project_access": "rule:admin or rule:auditor"
+"share_group_type:list_project_access": "rule:admin or rule:reader"
 
 # Allow project to use the share group type.
 # POST /share-group-types/{share_group_type_id}/action
@@ -290,12 +290,12 @@
 # Get share group type specs.
 # GET /share-group-types/{share_group_type_id}/group-specs
 #
-"share_group_types_spec:index": "rule:admin or rule:auditor"
+"share_group_types_spec:index": "rule:admin or rule:reader"
 
 # Get details of a share group type spec.
 # GET /share-group-types/{share_group_type_id}/group-specs/{key}
 #
-"share_group_types_spec:show": "rule:admin or rule:auditor"
+"share_group_types_spec:show": "rule:admin or rule:reader"
 
 # Update a share group type spec.
 # PUT /share-group-types/{share_group_type_id}/group-specs/{key}
@@ -321,19 +321,19 @@
 # Get details of a share network.
 # GET /share-networks/{share_network_id}
 #
-"share_network:show": "rule:default or rule:auditor"
+"share_network:show": "rule:default or rule:reader"
 
 # Get all share networks.
 # GET /share-networks
 # GET /share-networks?{query}
 #
-"share_network:index": "rule:default or rule:auditor"
+"share_network:index": "rule:default or rule:reader"
 
 # Get details of share networks .
 # GET /share-networks/detail?{query}
 # GET /share-networks/detail
 #
-"share_network:detail": "rule:default or rule:auditor"
+"share_network:detail": "rule:default or rule:reader"
 
 # Update a share network.
 # PUT /share-networks/{share_network_id}
@@ -359,7 +359,7 @@
 # GET /share-networks?all_tenants=1
 # GET /share-networks/detail?all_tenants=1
 #
-"share_network:get_all_share_networks": "rule:admin or rule:auditor"
+"share_network:get_all_share_networks": "rule:admin or rule:reader"
 
 ### Policy Rules defined in manila.policies.share_replica
 
@@ -373,12 +373,12 @@
 # GET /share-replicas/detail
 # GET /share-replicas/detail?share_id={share_id}
 #
-"share_replica:get_all": "rule:default or rule:auditor"
+"share_replica:get_all": "rule:default or rule:reader"
 
 # Get details of a share replica.
 # GET /share-replicas/{share_replica_id}
 #
-"share_replica:show": "rule:default or rule:auditor"
+"share_replica:show": "rule:default or rule:reader"
 
 # Delete a share replica.
 # DELETE /share-replicas/{share_replica_id}
@@ -416,17 +416,17 @@
 # GET /share-servers
 # GET /share-servers?{query}
 #
-"share_server:index": "rule:admin or rule:auditor"
+"share_server:index": "rule:admin or rule:reader"
 
 # Show share server.
 # GET /share-servers/{server_id}
 #
-"share_server:show": "rule:admin or rule:auditor"
+"share_server:show": "rule:admin or rule:reader"
 
 # Get share server details.
 # GET /share-servers/{server_id}/details
 #
-"share_server:details": "rule:admin or rule:auditor"
+"share_server:details": "rule:admin or rule:reader"
 
 # Delete share server.
 # DELETE /share-servers/{server_id}
@@ -438,7 +438,7 @@
 # Get share snapshot.
 # GET /snapshots/{snapshot_id}
 #
-"share_snapshot:get_snapshot": "rule:default or rule:auditor"
+"share_snapshot:get_snapshot": "rule:default or rule:reader"
 
 # Get all share snapshots.
 # GET /snapshots
@@ -446,7 +446,7 @@
 # GET /snapshots?{query}
 # GET /snapshots/detail?{query}
 #
-"share_snapshot:get_all_snapshots": "rule:default or rule:auditor"
+"share_snapshot:get_all_snapshots": "rule:default or rule:reader"
 
 # Force Delete a share snapshot.
 # DELETE /snapshots/{snapshot_id}
@@ -471,7 +471,7 @@
 # List access rules of a share snapshot.
 # GET /snapshots/{snapshot_id}/access-list
 #
-"share_snapshot:access_list": "rule:default or rule:auditor"
+"share_snapshot:access_list": "rule:default or rule:reader"
 
 # Allow access to a share snapshot.
 # POST /snapshots/{snapshot_id}/action
@@ -488,31 +488,31 @@
 # List export locations of a share snapshot.
 # GET /snapshots/{snapshot_id}/export-locations/
 #
-"share_snapshot_export_location:index": "rule:default or rule:auditor"
+"share_snapshot_export_location:index": "rule:default or rule:reader"
 
 # Get details of a specified export location of a share snapshot.
 # GET /snapshots/{snapshot_id}/export-locations/{export_location_id}
 #
-"share_snapshot_export_location:show": "rule:default or rule:auditor"
+"share_snapshot_export_location:show": "rule:default or rule:reader"
 
 ### Policy Rules defined in manila.policies.share_snapshot_instance
 
 # Get share snapshot instance.
 # GET /snapshot-instances/{snapshot_instance_id}
 #
-"share_snapshot_instance:show": "rule:admin or rule:auditor"
+"share_snapshot_instance:show": "rule:admin or rule:reader"
 
 # Get all share snapshot instances.
 # GET /snapshot-instances
 # GET /snapshot-instances?{query}
 #
-"share_snapshot_instance:index": "rule:admin or rule:auditor"
+"share_snapshot_instance:index": "rule:admin or rule:reader"
 
 # Get details of share snapshot instances.
 # GET /snapshot-instances/detail
 # GET /snapshot-instances/detail?{query}
 #
-"share_snapshot_instance:detail": "rule:admin or rule:auditor"
+"share_snapshot_instance:detail": "rule:admin or rule:reader"
 
 # Reset share snapshot instance's status.
 # POST /snapshot-instances/{snapshot_instance_id}/action
@@ -524,12 +524,12 @@
 # List export locations of a share snapshot instance.
 # GET /snapshot-instances/{snapshot_instance_id}/export-locations
 #
-"share_snapshot_instance_export_location:index": "rule:admin or rule:auditor"
+"share_snapshot_instance_export_location:index": "rule:admin or rule:reader"
 
 # Show details of a specified export location of a share snapshot instance.
 # GET /snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}
 #
-"share_snapshot_instance_export_location:show": "rule:admin or rule:auditor"
+"share_snapshot_instance_export_location:show": "rule:admin or rule:reader"
 
 ### Policy Rules defined in manila.policies.share_type
 
@@ -541,18 +541,18 @@
 # Get share type.
 # GET /types/{share_type_id}
 #
-"share_type:show": "rule:default or rule:auditor"
+"share_type:show": "rule:default or rule:reader"
 
 # List share types.
 # GET /types
 # GET /types?is_public=all
 #
-"share_type:index": "rule:default or rule:auditor"
+"share_type:index": "rule:default or rule:reader"
 
 # Get default share type.
 # GET /types/default
 #
-"share_type:default": "rule:default or rule:auditor"
+"share_type:default": "rule:default or rule:reader"
 
 # Delete share type.
 # DELETE /types/{share_type_id}
@@ -562,7 +562,7 @@
 # List share type project access.
 # GET /types/{share_type_id}
 #
-"share_type:list_project_access": "rule:admin or rule:auditor"
+"share_type:list_project_access": "rule:admin or rule:reader"
 
 # Add share type to project.
 # POST /types/{share_type_id}/action
@@ -584,12 +584,12 @@
 # Get share type extra specs of a given share type.
 # GET /types/{share_type_id}/extra_specs
 #
-"share_types_extra_spec:show": "rule:admin or rule:auditor"
+"share_types_extra_spec:show": "rule:admin or rule:reader"
 
 # Get details of a share type extra spec.
 # GET /types/{share_type_id}/extra_specs/{extra_spec_id}
 #
-"share_types_extra_spec:index": "rule:admin or rule:auditor"
+"share_types_extra_spec:index": "rule:admin or rule:reader"
 
 # Update share type extra spec.
 # PUT /types/{share_type_id}/extra_specs
@@ -611,13 +611,13 @@
 # Get share.
 # GET /shares/{share_id}
 #
-"share:get": "rule:default or rule:auditor"
+"share:get": "rule:default or rule:reader"
 
 # List shares.
 # GET /shares
 # GET /shares/detail
 #
-"share:get_all": "rule:default or rule:auditor"
+"share:get_all": "rule:default or rule:reader"
 
 # Update share.
 # PUT /shares
@@ -653,23 +653,23 @@
 # GET /shares
 # GET /shares/detail
 #
-"share:list_by_host": "rule:admin or rule:auditor"
+"share:list_by_host": "rule:admin or rule:reader"
 
 # List share by server id.
 # GET /shares
 # GET /shares/detail
 #
-"share:list_by_share_server_id": "rule:admin or rule:auditor"
+"share:list_by_share_server_id": "rule:admin or rule:reader"
 
 # Get share access rule, it under deny access operation.
 # POST /shares/{share_id}/action
 #
-"share:access_get": "rule:default or rule:auditor"
+"share:access_get": "rule:default or rule:reader"
 
 # List share access rules.
 # GET /shares/{share_id}/action
 #
-"share:access_get_all": "rule:default or rule:auditor"
+"share:access_get_all": "rule:default or rule:reader"
 
 # Extend share.
 # POST /shares/{share_id}/action
@@ -699,7 +699,7 @@
 # Retrieve share migration progress for a given share.
 # POST /shares/{share_id}/action
 #
-"share:migration_get_progress": "rule:admin or rule:auditor"
+"share:migration_get_progress": "rule:admin or rule:reader"
 
 # Reset task state.
 # POST /shares/{share_id}/action
@@ -749,4 +749,4 @@
 # Get share metadata.
 # GET /shares/{share_id}/metadata
 #
-"share:get_share_metadata": "rule:default or rule:auditor"
+"share:get_share_metadata": "rule:default or rule:reader"
diff --git a/services/neutron/policy.json b/services/neutron/policy.json
index 16715af..b0b5601 100644
--- a/services/neutron/policy.json
+++ b/services/neutron/policy.json
@@ -1,6 +1,6 @@
 {
-  "global_auditor": "(role:global_auditor and is_admin_project:True )",
-  "auditor": "((role:auditor and project_id:%(project_id)s) or rule:global_auditor)",
+  "global_reader": "(role:global_reader and is_admin_project:True )",
+  "reader": "((role:reader and project_id:%(project_id)s) or rule:global_reader)",
   "_member_role": "(role:Member or role:member or role:_member_ and project_id:%(project_id)s)",
   "member": "(rule:_member_role and project_id:%(project_id)s)",
   "admin": "(is_admin:True or role:admin and (is_admin_project:True or project_id:%(project_id)s)",
@@ -16,34 +16,34 @@
   "create_subnet": "rule:admin or rule:network_owner",
   "create_subnet:segment_id": "rule:admin",
   "create_subnet:service_types": "rule:admin",
-  "get_subnet": "rule:admin or rule:member or rule:shared or rule:auditor",
-  "get_subnet:segment_id": "rule:admin or rule:auditor",
+  "get_subnet": "rule:admin or rule:member or rule:shared or rule:reader",
+  "get_subnet:segment_id": "rule:admin or rule:reader",
   "update_subnet": "rule:admin or rule:network_owner",
   "update_subnet:service_types": "rule:admin",
   "delete_subnet": "rule:admin or rule:network_owner",
   "create_subnetpool": "rule:admin or rule:member",
   "create_subnetpool:shared": "rule:admin",
   "create_subnetpool:is_default": "rule:admin",
-  "get_subnetpool": "rule:admin or rule:member or rule:shared_subnetpools or rule:auditor",
+  "get_subnetpool": "rule:admin or rule:member or rule:shared_subnetpools or rule:reader",
   "update_subnetpool": "rule:admin or rule:member",
   "update_subnetpool:is_default": "rule:admin",
   "delete_subnetpool": "rule:admin or rule:member",
   "create_address_scope": "rule:admin or rule:member",
   "create_address_scope:shared": "rule:admin",
-  "get_address_scope": "rule:admin or rule:member or rule:shared_address_scopes or rule:auditor",
+  "get_address_scope": "rule:admin or rule:member or rule:shared_address_scopes or rule:reader",
   "update_address_scope": "rule:admin or rule:member",
   "update_address_scope:shared": "rule:admin",
   "delete_address_scope": "rule:admin or rule:member",
   "create_network": "rule:admin or rule:member",
-  "get_network": "rule:admin or rule:member or rule:shared or rule:external or rule:context_is_advsvc or rule:auditor",
-  "get_network:router:external": "rule:admin or rule:member or rule:auditor",
-  "get_network:segments": "rule:admin or rule:auditor",
-  "get_network:provider:network_type": "rule:admin or rule:auditor",
-  "get_network:provider:physical_network": "rule:admin or rule:auditor",
-  "get_network:provider:segmentation_id": "rule:admin or rule:auditor",
-  "get_network:queue_id": "rule:admin or rule:auditor",
-  "get_network_ip_availabilities": "rule:admin or rule:auditor",
-  "get_network_ip_availability": "rule:admin or rule:auditor",
+  "get_network": "rule:admin or rule:member or rule:shared or rule:external or rule:context_is_advsvc or rule:reader",
+  "get_network:router:external": "rule:admin or rule:member or rule:reader",
+  "get_network:segments": "rule:admin or rule:reader",
+  "get_network:provider:network_type": "rule:admin or rule:reader",
+  "get_network:provider:physical_network": "rule:admin or rule:reader",
+  "get_network:provider:segmentation_id": "rule:admin or rule:reader",
+  "get_network:queue_id": "rule:admin or rule:reader",
+  "get_network_ip_availabilities": "rule:admin or rule:reader",
+  "get_network_ip_availability": "rule:admin or rule:reader",
   "create_network:shared": "rule:admin",
   "create_network:router:external": "rule:admin",
   "create_network:is_default": "rule:admin",
@@ -60,7 +60,7 @@
   "update_network:router:external": "rule:admin",
   "delete_network": "rule:admin or rule:member",
   "create_segment": "rule:admin",
-  "get_segment": "rule:admin or rule:auditor",
+  "get_segment": "rule:admin or rule:reader",
   "update_segment": "rule:admin",
   "delete_segment": "rule:admin",
   "network_device": "field:port:device_owner=~^network:",
@@ -74,12 +74,12 @@
   "create_port:binding:profile": "rule:admin",
   "create_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin or rule:network_owner",
   "create_port:allowed_address_pairs": "rule:admin or rule:network_owner",
-  "get_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner or rule:auditor",
-  "get_port:queue_id": "rule:admin or rule:auditor",
-  "get_port:binding:vif_type": "rule:admin or rule:auditor",
-  "get_port:binding:vif_details": "rule:admin or rule:auditor",
-  "get_port:binding:host_id": "rule:admin or rule:auditor",
-  "get_port:binding:profile": "rule:admin or rule:auditor",
+  "get_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner or rule:reader",
+  "get_port:queue_id": "rule:admin or rule:reader",
+  "get_port:binding:vif_type": "rule:admin or rule:reader",
+  "get_port:binding:vif_details": "rule:admin or rule:reader",
+  "get_port:binding:host_id": "rule:admin or rule:reader",
+  "get_port:binding:profile": "rule:admin or rule:reader",
   "update_port": "rule:admin or rule:member or rule:context_is_advsvc",
   "update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin or rule:network_owner",
   "update_port:mac_address": "rule:admin or rule:context_is_advsvc",
@@ -92,13 +92,13 @@
   "update_port:allowed_address_pairs": "rule:admin or rule:network_owner",
   "update_port:data_plane_status": "rule:admin_or_data_plane_int",
   "delete_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner",
-  "get_router:ha": "rule:admin or rule:auditor",
+  "get_router:ha": "rule:admin or rule:reader",
   "create_router": "rule:admin or rule:member",
   "create_router:external_gateway_info:enable_snat": "rule:admin",
   "create_router:distributed": "rule:admin",
   "create_router:ha": "rule:admin",
-  "get_router": "rule:admin or rule:member or rule:auditor",
-  "get_router:distributed": "rule:admin or rule:auditor",
+  "get_router": "rule:admin or rule:member or rule:reader",
+  "get_router:distributed": "rule:admin or rule:reader",
   "update_router": "rule:admin or rule:member",
   "update_router:external_gateway_info": "rule:admin or rule:member",
   "update_router:external_gateway_info:network_id": "rule:admin or rule:member",
@@ -111,68 +111,68 @@
   "create_router:external_gateway_info:external_fixed_ips": "rule:admin",
   "update_router:external_gateway_info:external_fixed_ips": "rule:admin",
   "create_qos_queue": "rule:admin",
-  "get_qos_queue": "rule:admin or rule:auditor",
+  "get_qos_queue": "rule:admin or rule:reader",
   "update_agent": "rule:admin",
   "delete_agent": "rule:admin",
-  "get_agent": "rule:admin or rule:auditor",
+  "get_agent": "rule:admin or rule:reader",
   "create_dhcp-network": "rule:admin",
   "delete_dhcp-network": "rule:admin",
-  "get_dhcp-networks": "rule:admin or rule:auditor",
+  "get_dhcp-networks": "rule:admin or rule:reader",
   "create_l3-router": "rule:admin",
   "delete_l3-router": "rule:admin",
-  "get_l3-routers": "rule:admin or rule:auditor",
-  "get_dhcp-agents": "rule:admin or rule:auditor",
-  "get_l3-agents": "rule:admin or rule:auditor",
-  "get_loadbalancer-agent": "rule:admin or rule:auditor",
-  "get_loadbalancer-pools": "rule:admin or rule:auditor",
-  "get_agent-loadbalancers": "rule:admin or rule:auditor",
-  "get_loadbalancer-hosting-agent": "rule:admin or rule:auditor",
+  "get_l3-routers": "rule:admin or rule:reader",
+  "get_dhcp-agents": "rule:admin or rule:reader",
+  "get_l3-agents": "rule:admin or rule:reader",
+  "get_loadbalancer-agent": "rule:admin or rule:reader",
+  "get_loadbalancer-pools": "rule:admin or rule:reader",
+  "get_agent-loadbalancers": "rule:admin or rule:reader",
+  "get_loadbalancer-hosting-agent": "rule:admin or rule:reader",
   "create_floatingip": "rule:admin or rule:member",
   "create_floatingip:floating_ip_address": "rule:admin",
   "update_floatingip": "rule:admin or rule:member",
   "delete_floatingip": "rule:admin or rule:member",
-  "get_floatingip": "rule:admin or rule:member or rule:auditor",
+  "get_floatingip": "rule:admin or rule:member or rule:reader",
   "create_network_profile": "rule:admin",
   "update_network_profile": "rule:admin",
   "delete_network_profile": "rule:admin",
-  "get_network_profiles": "rule:admin or rule:member or rule:auditor",
-  "get_network_profile": "rule:admin or rule:member or rule:auditor",
+  "get_network_profiles": "rule:admin or rule:member or rule:reader",
+  "get_network_profile": "rule:admin or rule:member or rule:reader",
   "update_policy_profiles": "rule:admin",
-  "get_policy_profiles": "rule:admin or rule:member or rule:auditor",
-  "get_policy_profile": "rule:admin or rule:member or rule:auditor",
+  "get_policy_profiles": "rule:admin or rule:member or rule:reader",
+  "get_policy_profile": "rule:admin or rule:member or rule:reader",
   "create_metering_label": "rule:admin",
   "delete_metering_label": "rule:admin",
-  "get_metering_label": "rule:admin or rule:auditor",
+  "get_metering_label": "rule:admin or rule:reader",
   "create_metering_label_rule": "rule:admin",
   "delete_metering_label_rule": "rule:admin",
-  "get_metering_label_rule": "rule:admin or rule:auditor",
-  "get_service_provider": "rule:admin or rule:member or rule:auditor",
-  "get_lsn": "rule:admin or rule:auditor",
+  "get_metering_label_rule": "rule:admin or rule:reader",
+  "get_service_provider": "rule:admin or rule:member or rule:reader",
+  "get_lsn": "rule:admin or rule:reader",
   "create_lsn": "rule:admin",
   "create_flavor": "rule:admin",
   "update_flavor": "rule:admin",
   "delete_flavor": "rule:admin",
-  "get_flavors": "rule:admin or rule:member or rule:auditor",
-  "get_flavor": "rule:admin or rule:member or rule:auditor",
+  "get_flavors": "rule:admin or rule:member or rule:reader",
+  "get_flavor": "rule:admin or rule:member or rule:reader",
   "create_service_profile": "rule:admin",
   "update_service_profile": "rule:admin",
   "delete_service_profile": "rule:admin",
-  "get_service_profiles": "rule:admin or rule:auditor",
-  "get_service_profile": "rule:admin or rule:auditor",
-  "get_policy": "rule:admin or rule:member or rule:auditor",
+  "get_service_profiles": "rule:admin or rule:reader",
+  "get_service_profile": "rule:admin or rule:reader",
+  "get_policy": "rule:admin or rule:member or rule:reader",
   "create_policy": "rule:admin",
   "update_policy": "rule:admin",
   "delete_policy": "rule:admin",
-  "get_policy_bandwidth_limit_rule": "rule:admin or rule:member or rule:auditor",
+  "get_policy_bandwidth_limit_rule": "rule:admin or rule:member or rule:reader",
   "create_policy_bandwidth_limit_rule": "rule:admin",
   "delete_policy_bandwidth_limit_rule": "rule:admin",
   "update_policy_bandwidth_limit_rule": "rule:admin",
-  "get_policy_dscp_marking_rule": "rule:admin or rule:member or rule:auditor",
+  "get_policy_dscp_marking_rule": "rule:admin or rule:member or rule:reader",
   "create_policy_dscp_marking_rule": "rule:admin",
   "delete_policy_dscp_marking_rule": "rule:admin",
   "update_policy_dscp_marking_rule": "rule:admin",
-  "get_rule_type": "rule:admin or rule:member or rule:auditor",
-  "get_policy_minimum_bandwidth_rule": "rule:admin or rule:member or rule:auditor",
+  "get_rule_type": "rule:admin or rule:member or rule:reader",
+  "get_policy_minimum_bandwidth_rule": "rule:admin or rule:member or rule:reader",
   "create_policy_minimum_bandwidth_rule": "rule:admin",
   "delete_policy_minimum_bandwidth_rule": "rule:admin",
   "update_policy_minimum_bandwidth_rule": "rule:admin",
@@ -181,31 +181,31 @@
   "create_rbac_policy:target_tenant": "rule:restrict_wildcard",
   "update_rbac_policy": "rule:admin or rule:member",
   "update_rbac_policy:target_tenant": "rule:restrict_wildcard and rule:admin or rule:member",
-  "get_rbac_policy": "rule:admin or rule:member or rule:auditor",
+  "get_rbac_policy": "rule:admin or rule:member or rule:reader",
   "delete_rbac_policy": "rule:admin or rule:member",
   "create_flavor_service_profile": "rule:admin",
   "delete_flavor_service_profile": "rule:admin",
-  "get_flavor_service_profile": "rule:admin or rule:member or rule:auditor",
-  "get_auto_allocated_topology": "rule:admin or rule:member or rule:auditor",
+  "get_flavor_service_profile": "rule:admin or rule:member or rule:reader",
+  "get_auto_allocated_topology": "rule:admin or rule:member or rule:reader",
   "create_trunk": "rule:admin or rule:member",
-  "get_trunk": "rule:admin or rule:member or rule:auditor",
+  "get_trunk": "rule:admin or rule:member or rule:reader",
   "delete_trunk": "rule:admin or rule:member",
-  "get_subports": "rule:admin or rule:member or rule:auditor",
+  "get_subports": "rule:admin or rule:member or rule:reader",
   "add_subports": "rule:admin or rule:member",
   "remove_subports": "rule:admin or rule:member",
-  "get_security_groups": "rule:admin or rule:member or rule:auditor",
-  "get_security_group": "rule:admin or rule:member or rule:auditor",
+  "get_security_groups": "rule:admin or rule:member or rule:reader",
+  "get_security_group": "rule:admin or rule:member or rule:reader",
   "create_security_group": "rule:admin or rule:member",
   "update_security_group": "rule:admin or rule:member",
   "delete_security_group": "rule:admin or rule:member",
-  "get_security_group_rules": "rule:admin or rule:member or rule:auditor",
-  "get_security_group_rule": "rule:admin or rule:member or rule:auditor",
+  "get_security_group_rules": "rule:admin or rule:member or rule:reader",
+  "get_security_group_rule": "rule:admin or rule:member or rule:reader",
   "create_security_group_rule": "rule:admin or rule:member",
   "delete_security_group_rule": "rule:admin or rule:member",
-  "get_loggable_resources": "rule:admin or rule:auditor",
+  "get_loggable_resources": "rule:admin or rule:reader",
   "create_log": "rule:admin",
   "update_log": "rule:admin",
   "delete_log": "rule:admin",
-  "get_logs": "rule:admin or rule:auditor",
-  "get_log": "rule:admin or rule:auditor"
+  "get_logs": "rule:admin or rule:reader",
+  "get_log": "rule:admin or rule:reader"
 }
diff --git a/services/neutron/policy.yaml b/services/neutron/policy.yaml
index 668f8e3..d30245c 100644
--- a/services/neutron/policy.yaml
+++ b/services/neutron/policy.yaml
@@ -20,8 +20,8 @@
 "create_subnet": "rule:admin or rule:network_owner"
 "create_subnet:segment_id": "rule:admin"
 "create_subnet:service_types": "rule:admin"
-"get_subnet": "rule:admin or rule:member or rule:shared or rule:auditor"
-"get_subnet:segment_id": "rule:admin or rule:auditor"
+"get_subnet": "rule:admin or rule:member or rule:shared or rule:reader"
+"get_subnet:segment_id": "rule:admin or rule:reader"
 "update_subnet": "rule:admin or rule:network_owner"
 "update_subnet:service_types": "rule:admin"
 "delete_subnet": "rule:admin or rule:network_owner"
@@ -29,28 +29,28 @@
 "create_subnetpool": "rule:admin or rule:member"
 "create_subnetpool:shared": "rule:admin"
 "create_subnetpool:is_default": "rule:admin"
-"get_subnetpool": "rule:admin or rule:member or rule:shared_subnetpools or rule:auditor"
+"get_subnetpool": "rule:admin or rule:member or rule:shared_subnetpools or rule:reader"
 "update_subnetpool": "rule:admin or rule:member"
 "update_subnetpool:is_default": "rule:admin"
 "delete_subnetpool": "rule:admin or rule:member"
 
 "create_address_scope": "rule:admin or rule:member"
 "create_address_scope:shared": "rule:admin"
-"get_address_scope": "rule:admin or rule:member or rule:shared_address_scopes or rule:auditor"
+"get_address_scope": "rule:admin or rule:member or rule:shared_address_scopes or rule:reader"
 "update_address_scope": "rule:admin or rule:member"
 "update_address_scope:shared": "rule:admin"
 "delete_address_scope": "rule:admin or rule:member"
 
 "create_network": "rule:admin or rule:member"
-"get_network": "rule:admin or rule:member or rule:shared or rule:external or rule:context_is_advsvc or rule:auditor"
-"get_network:router:external": "rule:admin or rule:member or rule:auditor"
-"get_network:segments": "rule:admin or rule:auditor"
-"get_network:provider:network_type": "rule:admin or rule:auditor"
-"get_network:provider:physical_network": "rule:admin or rule:auditor"
-"get_network:provider:segmentation_id": "rule:admin or rule:auditor"
-"get_network:queue_id": "rule:admin or rule:auditor"
-"get_network_ip_availabilities": "rule:admin or rule:auditor"
-"get_network_ip_availability": "rule:admin or rule:auditor"
+"get_network": "rule:admin or rule:member or rule:shared or rule:external or rule:context_is_advsvc or rule:reader"
+"get_network:router:external": "rule:admin or rule:member or rule:reader"
+"get_network:segments": "rule:admin or rule:reader"
+"get_network:provider:network_type": "rule:admin or rule:reader"
+"get_network:provider:physical_network": "rule:admin or rule:reader"
+"get_network:provider:segmentation_id": "rule:admin or rule:reader"
+"get_network:queue_id": "rule:admin or rule:reader"
+"get_network_ip_availabilities": "rule:admin or rule:reader"
+"get_network_ip_availability": "rule:admin or rule:reader"
 "create_network:shared": "rule:admin"
 "create_network:router:external": "rule:admin"
 "create_network:is_default": "rule:admin"
@@ -68,7 +68,7 @@
 "delete_network": "rule:admin or rule:member"
 
 "create_segment": "rule:admin"
-"get_segment": "rule:admin or rule:auditor"
+"get_segment": "rule:admin or rule:reader"
 "update_segment": "rule:admin"
 "delete_segment": "rule:admin"
 
@@ -83,12 +83,12 @@
 "create_port:binding:profile": "rule:admin"
 "create_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin or rule:network_owner"
 "create_port:allowed_address_pairs": "rule:admin or rule:network_owner"
-"get_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner or rule:auditor"
-"get_port:queue_id": "rule:admin or rule:auditor"
-"get_port:binding:vif_type": "rule:admin or rule:auditor"
-"get_port:binding:vif_details": "rule:admin or rule:auditor"
-"get_port:binding:host_id": "rule:admin or rule:auditor"
-"get_port:binding:profile": "rule:admin or rule:auditor"
+"get_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner or rule:reader"
+"get_port:queue_id": "rule:admin or rule:reader"
+"get_port:binding:vif_type": "rule:admin or rule:reader"
+"get_port:binding:vif_details": "rule:admin or rule:reader"
+"get_port:binding:host_id": "rule:admin or rule:reader"
+"get_port:binding:profile": "rule:admin or rule:reader"
 "update_port": "rule:admin or rule:member or rule:context_is_advsvc"
 "update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin or rule:network_owner"
 "update_port:mac_address": "rule:admin or rule:context_is_advsvc"
@@ -102,13 +102,13 @@
 "update_port:data_plane_status": "rule:admin_or_data_plane_int"
 "delete_port": "rule:context_is_advsvc or rule:admin or rule:member or rule:network_owner"
 
-"get_router:ha": "rule:admin or rule:auditor"
+"get_router:ha": "rule:admin or rule:reader"
 "create_router": "rule:admin or rule:member"
 "create_router:external_gateway_info:enable_snat": "rule:admin"
 "create_router:distributed": "rule:admin"
 "create_router:ha": "rule:admin"
-"get_router": "rule:admin or rule:member or rule:auditor"
-"get_router:distributed": "rule:admin or rule:auditor"
+"get_router": "rule:admin or rule:member or rule:reader"
+"get_router:distributed": "rule:admin or rule:reader"
 "update_router": "rule:admin or rule:member"
 "update_router:external_gateway_info": "rule:admin or rule:member"
 "update_router:external_gateway_info:network_id": "rule:admin or rule:member"
@@ -124,77 +124,77 @@
 "update_router:external_gateway_info:external_fixed_ips": "rule:admin"
 
 "create_qos_queue": "rule:admin"
-"get_qos_queue": "rule:admin or rule:auditor"
+"get_qos_queue": "rule:admin or rule:reader"
 
 "update_agent": "rule:admin"
 "delete_agent": "rule:admin"
-"get_agent": "rule:admin or rule:auditor"
+"get_agent": "rule:admin or rule:reader"
 
 "create_dhcp-network": "rule:admin"
 "delete_dhcp-network": "rule:admin"
-"get_dhcp-networks": "rule:admin or rule:auditor"
+"get_dhcp-networks": "rule:admin or rule:reader"
 "create_l3-router": "rule:admin"
 "delete_l3-router": "rule:admin"
-"get_l3-routers": "rule:admin or rule:auditor"
-"get_dhcp-agents": "rule:admin or rule:auditor"
-"get_l3-agents": "rule:admin or rule:auditor"
-"get_loadbalancer-agent": "rule:admin or rule:auditor"
-"get_loadbalancer-pools": "rule:admin or rule:auditor"
-"get_agent-loadbalancers": "rule:admin or rule:auditor"
-"get_loadbalancer-hosting-agent": "rule:admin or rule:auditor"
+"get_l3-routers": "rule:admin or rule:reader"
+"get_dhcp-agents": "rule:admin or rule:reader"
+"get_l3-agents": "rule:admin or rule:reader"
+"get_loadbalancer-agent": "rule:admin or rule:reader"
+"get_loadbalancer-pools": "rule:admin or rule:reader"
+"get_agent-loadbalancers": "rule:admin or rule:reader"
+"get_loadbalancer-hosting-agent": "rule:admin or rule:reader"
 
 "create_floatingip": "rule:admin or rule:member"
 "create_floatingip:floating_ip_address": "rule:admin"
 "update_floatingip": "rule:admin or rule:member"
 "delete_floatingip": "rule:admin or rule:member"
-"get_floatingip": "rule:admin or rule:member or rule:auditor"
+"get_floatingip": "rule:admin or rule:member or rule:reader"
 
 "create_network_profile": "rule:admin"
 "update_network_profile": "rule:admin"
 "delete_network_profile": "rule:admin"
-"get_network_profiles": "rule:admin or rule:member or rule:auditor"
-"get_network_profile": "rule:admin or rule:member or rule:auditor"
+"get_network_profiles": "rule:admin or rule:member or rule:reader"
+"get_network_profile": "rule:admin or rule:member or rule:reader"
 "update_policy_profiles": "rule:admin"
-"get_policy_profiles": "rule:admin or rule:member or rule:auditor"
-"get_policy_profile": "rule:admin or rule:member or rule:auditor"
+"get_policy_profiles": "rule:admin or rule:member or rule:reader"
+"get_policy_profile": "rule:admin or rule:member or rule:reader"
 
 "create_metering_label": "rule:admin"
 "delete_metering_label": "rule:admin"
-"get_metering_label": "rule:admin or rule:auditor"
+"get_metering_label": "rule:admin or rule:reader"
 
 "create_metering_label_rule": "rule:admin"
 "delete_metering_label_rule": "rule:admin"
-"get_metering_label_rule": "rule:admin or rule:auditor"
+"get_metering_label_rule": "rule:admin or rule:reader"
 
-"get_service_provider": "rule:admin or rule:member or rule:auditor"
-"get_lsn": "rule:admin or rule:auditor"
+"get_service_provider": "rule:admin or rule:member or rule:reader"
+"get_lsn": "rule:admin or rule:reader"
 "create_lsn": "rule:admin"
 
 "create_flavor": "rule:admin"
 "update_flavor": "rule:admin"
 "delete_flavor": "rule:admin"
-"get_flavors": "rule:admin or rule:member or rule:auditor"
-"get_flavor": "rule:admin or rule:member or rule:auditor"
+"get_flavors": "rule:admin or rule:member or rule:reader"
+"get_flavor": "rule:admin or rule:member or rule:reader"
 "create_service_profile": "rule:admin"
 "update_service_profile": "rule:admin"
 "delete_service_profile": "rule:admin"
-"get_service_profiles": "rule:admin or rule:auditor"
-"get_service_profile": "rule:admin or rule:auditor"
+"get_service_profiles": "rule:admin or rule:reader"
+"get_service_profile": "rule:admin or rule:reader"
 
-"get_policy": "rule:admin or rule:member or rule:auditor"
+"get_policy": "rule:admin or rule:member or rule:reader"
 "create_policy": "rule:admin"
 "update_policy": "rule:admin"
 "delete_policy": "rule:admin"
-"get_policy_bandwidth_limit_rule": "rule:admin or rule:member or rule:auditor"
+"get_policy_bandwidth_limit_rule": "rule:admin or rule:member or rule:reader"
 "create_policy_bandwidth_limit_rule": "rule:admin"
 "delete_policy_bandwidth_limit_rule": "rule:admin"
 "update_policy_bandwidth_limit_rule": "rule:admin"
-"get_policy_dscp_marking_rule": "rule:admin or rule:member or rule:auditor"
+"get_policy_dscp_marking_rule": "rule:admin or rule:member or rule:reader"
 "create_policy_dscp_marking_rule": "rule:admin"
 "delete_policy_dscp_marking_rule": "rule:admin"
 "update_policy_dscp_marking_rule": "rule:admin"
-"get_rule_type": "rule:admin or rule:member or rule:auditor"
-"get_policy_minimum_bandwidth_rule": "rule:admin or rule:member or rule:auditor"
+"get_rule_type": "rule:admin or rule:member or rule:reader"
+"get_policy_minimum_bandwidth_rule": "rule:admin or rule:member or rule:reader"
 "create_policy_minimum_bandwidth_rule": "rule:admin"
 "delete_policy_minimum_bandwidth_rule": "rule:admin"
 "update_policy_minimum_bandwidth_rule": "rule:admin"
@@ -204,34 +204,34 @@
 "create_rbac_policy:target_tenant": "rule:restrict_wildcard"
 "update_rbac_policy": "rule:admin or rule:member"
 "update_rbac_policy:target_tenant": "rule:restrict_wildcard and rule:admin or rule:member"
-"get_rbac_policy": "rule:admin or rule:member or rule:auditor"
+"get_rbac_policy": "rule:admin or rule:member or rule:reader"
 "delete_rbac_policy": "rule:admin or rule:member"
 
 "create_flavor_service_profile": "rule:admin"
 "delete_flavor_service_profile": "rule:admin"
-"get_flavor_service_profile": "rule:admin or rule:member or rule:auditor"
-"get_auto_allocated_topology": "rule:admin or rule:member or rule:auditor"
+"get_flavor_service_profile": "rule:admin or rule:member or rule:reader"
+"get_auto_allocated_topology": "rule:admin or rule:member or rule:reader"
 
 "create_trunk": "rule:admin or rule:member"
-"get_trunk": "rule:admin or rule:member or rule:auditor"
+"get_trunk": "rule:admin or rule:member or rule:reader"
 "delete_trunk": "rule:admin or rule:member"
-"get_subports": "rule:admin or rule:member or rule:auditor"
+"get_subports": "rule:admin or rule:member or rule:reader"
 "add_subports": "rule:admin or rule:member"
 "remove_subports": "rule:admin or rule:member"
 
-"get_security_groups": "rule:admin or rule:member or rule:auditor"
-"get_security_group": "rule:admin or rule:member or rule:auditor"
+"get_security_groups": "rule:admin or rule:member or rule:reader"
+"get_security_group": "rule:admin or rule:member or rule:reader"
 "create_security_group": "rule:admin or rule:member"
 "update_security_group": "rule:admin or rule:member"
 "delete_security_group": "rule:admin or rule:member"
-"get_security_group_rules": "rule:admin or rule:member or rule:auditor"
-"get_security_group_rule": "rule:admin or rule:member or rule:auditor"
+"get_security_group_rules": "rule:admin or rule:member or rule:reader"
+"get_security_group_rule": "rule:admin or rule:member or rule:reader"
 "create_security_group_rule": "rule:admin or rule:member"
 "delete_security_group_rule": "rule:admin or rule:member"
 
-"get_loggable_resources": "rule:admin or rule:auditor"
+"get_loggable_resources": "rule:admin or rule:reader"
 "create_log": "rule:admin"
 "update_log": "rule:admin"
 "delete_log": "rule:admin"
-"get_logs": "rule:admin or rule:auditor"
-"get_log": "rule:admin or rule:auditor"
+"get_logs": "rule:admin or rule:reader"
+"get_log": "rule:admin or rule:reader"
diff --git a/services/nova/policy.yaml b/services/nova/policy.yaml
index 731c14b..aa87829 100644
--- a/services/nova/policy.yaml
+++ b/services/nova/policy.yaml
@@ -50,7 +50,7 @@
 
 # List all aggregates
 # GET  /os-aggregates
-"os_compute_api:os-aggregates:index": "rule:admin or rule:auditor"
+"os_compute_api:os-aggregates:index": "rule:admin or rule:reader"
 
 # Delete an aggregate
 # DELETE  /os-aggregates/{aggregate_id}
@@ -58,7 +58,7 @@
 
 # Show details for an aggregate
 # GET  /os-aggregates/{aggregate_id}
-"os_compute_api:os-aggregates:show": "rule:admin or rule:auditor"
+"os_compute_api:os-aggregates:show": "rule:admin or rule:reader"
 
 # Create an assisted volume snapshot
 # POST  /os-assisted-volume-snapshots
@@ -72,7 +72,7 @@
 # a server
 # GET  /servers/{server_id}/os-interface
 # GET  /servers/{server_id}/os-interface/{port_id}
-"os_compute_api:os-attach-interfaces": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-attach-interfaces": "rule:admin or rule:member or rule:reader"
 
 # Attach an interface to a server
 # POST  /servers/{server_id}/os-interface
@@ -84,18 +84,18 @@
 
 # List availability zone information without host information
 # GET  /os-availability-zone
-"os_compute_api:os-availability-zone:list": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-availability-zone:list": "rule:admin or rule:member or rule:reader"
 
 # List detailed availability zone information with host information
 # GET  /os-availability-zone/detail
-"os_compute_api:os-availability-zone:detail": "rule:admin or rule:auditor"
+"os_compute_api:os-availability-zone:detail": "rule:admin or rule:reader"
 
 # List and show details of bare metal nodes.
 #
 # These APIs are proxy calls to the Ironic service and are deprecated.
 # GET  /os-baremetal-nodes
 # GET  /os-baremetal-nodes/{node_id}
-"os_compute_api:os-baremetal-nodes": "rule:admin or rule:auditor"
+"os_compute_api:os-baremetal-nodes": "rule:admin or rule:reader"
 
 # Update an existing cell
 # PUT  /os-cells/{cell_id}
@@ -111,7 +111,7 @@
 # GET  /os-cells/info
 # GET  /os-cells/capacities
 # GET  /os-cells/{cell_id}
-"os_compute_api:os-cells": "rule:admin or rule:auditor"
+"os_compute_api:os-cells": "rule:admin or rule:reader"
 
 # Sync instances info in all cells
 # POST  /os-cells/sync_instances
@@ -145,11 +145,11 @@
 # Show console connection information for a given console
 # authentication token
 # GET  /os-console-auth-tokens/{console_token}
-"os_compute_api:os-console-auth-tokens": "rule:admin or rule:auditor"
+"os_compute_api:os-console-auth-tokens": "rule:admin or rule:reader"
 
 # Show console output for a server
 # POST  /servers/{server_id}/action (os-getConsoleOutput)
-"os_compute_api:os-console-output": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-console-output": "rule:admin or rule:member or rule:reader"
 
 # Create a console for a server instance
 # POST  /servers/{server_id}/consoles
@@ -157,7 +157,7 @@
 
 # Show console details for a server instance
 # GET  /servers/{server_id}/consoles/{console_id}
-"os_compute_api:os-consoles:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-consoles:show": "rule:admin or rule:member or rule:reader"
 
 # Delete a console for a server instance
 # DELETE  /servers/{server_id}/consoles/{console_id}
@@ -165,7 +165,7 @@
 
 # List all consoles for a server instance
 # GET  /servers/{server_id}/consoles
-"os_compute_api:os-consoles:index": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-consoles:index": "rule:admin or rule:member or rule:reader"
 
 # Create a back up of a server
 # POST  /servers/{server_id}/action (createBackup)
@@ -208,7 +208,7 @@
 # - ``OS-EXT-SRV-ATTR:user_data`` (since microversion 2.3)
 # GET  /servers/{id}
 # GET  /servers/detail
-"os_compute_api:os-extended-server-attributes": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-extended-server-attributes": "rule:admin or rule:member or rule:reader"
 
 # DEPRECATED
 # "os_compute_api:os-extended-status" has been deprecated since 17.0.0.
@@ -225,7 +225,7 @@
 # - ``OS-EXT-STS:power_state``
 # GET  /servers/{id}
 # GET  /servers/detail
-"os_compute_api:os-extended-status": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-extended-status": "rule:admin or rule:member or rule:reader"
 
 # DEPRECATED
 # "os_compute_api:os-extended-volumes" has been deprecated since 17.0.0.
@@ -237,13 +237,13 @@
 # server
 # GET  /servers/{id}
 # GET  /servers/detail
-"os_compute_api:os-extended-volumes": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-extended-volumes": "rule:admin or rule:member or rule:reader"
 
 # List available extensions and show information for an extension by
 # alias
 # GET  /extensions
 # GET  /extensions/{alias}
-"os_compute_api:extensions": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:extensions": "rule:admin or rule:member or rule:reader"
 
 # Add flavor access to a tenant
 # POST  /flavors/{flavor_id}/action (addTenantAccess)
@@ -277,7 +277,7 @@
 
 # Show an extra spec for a flavor
 # GET  /flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}
-"os_compute_api:os-flavor-extra-specs:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-flavor-extra-specs:show": "rule:admin or rule:member or rule:reader"
 
 # Create extra specs for a flavor
 # POST  /flavors/{flavor_id}/os-extra_specs/
@@ -343,7 +343,7 @@
 
 # List floating IP pools. This API is deprecated.
 # GET  /os-floating-ip-pools
-"os_compute_api:os-floating-ip-pools": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-floating-ip-pools": "rule:admin or rule:member or rule:reader"
 
 # Manage a project's floating IPs. These APIs are all deprecated.
 # POST  /servers/{server_id}/action (addFloatingIp)
@@ -399,7 +399,7 @@
 # GET  /os-hypervisors/{hypervisor_id}/uptime
 # GET  /os-hypervisors/{hypervisor_hostname_pattern}/search
 # GET  /os-hypervisors/{hypervisor_hostname_pattern}/servers
-"os_compute_api:os-hypervisors": "rule:admin or rule:auditor"
+"os_compute_api:os-hypervisors": "rule:admin or rule:reader"
 
 # DEPRECATED
 # "os_compute_api:image-size" has been deprecated since 17.0.0.
@@ -410,7 +410,7 @@
 # Add 'OS-EXT-IMG-SIZE:size' attribute in the image response.
 # GET  /images/{id}
 # GET  /images/detail
-"os_compute_api:image-size": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:image-size": "rule:admin or rule:member or rule:reader"
 
 # Add events details in action details for a server.
 #
@@ -422,26 +422,26 @@
 # host identifier and, if policy enforcement passes, the name of
 # the host.
 # GET  /servers/{server_id}/os-instance-actions/{request_id}
-"os_compute_api:os-instance-actions:events": "rule:admin or rule:auditor"
+"os_compute_api:os-instance-actions:events": "rule:admin or rule:reader"
 
 # List actions and show action details for a server.
 # GET  /servers/{server_id}/os-instance-actions
 # GET  /servers/{server_id}/os-instance-actions/{request_id}
-"os_compute_api:os-instance-actions": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-instance-actions": "rule:admin or rule:member or rule:reader"
 
 # List all usage audits and that occurred before a specified time for
 # all servers on all compute hosts where usage auditing is configured
 # GET  /os-instance_usage_audit_log
 # GET  /os-instance_usage_audit_log/{before_timestamp}
-"os_compute_api:os-instance-usage-audit-log": "rule:admin or rule:auditor"
+"os_compute_api:os-instance-usage-audit-log": "rule:admin or rule:reader"
 
 # Show IP addresses details for a network label of a server
 # GET  /servers/{server_id}/ips/{network_label}
-"os_compute_api:ips:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:ips:show": "rule:admin or rule:member or rule:reader"
 
 # List IP addresses that are assigned to a server
 # GET  /servers/{server_id}/ips
-"os_compute_api:ips:index": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:ips:index": "rule:admin or rule:member or rule:reader"
 
 # List all keypairs
 # GET  /os-keypairs
@@ -472,7 +472,7 @@
 
 # Show rate and absolute limits for the project
 # GET  /limits
-"os_compute_api:limits": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:limits": "rule:admin or rule:member or rule:reader"
 
 # Lock a server
 # POST  /servers/{server_id}/action (lock)
@@ -499,7 +499,7 @@
 
 # List migrations
 # GET  /os-migrations
-"os_compute_api:os-migrations:index": "rule:admin or rule:auditor"
+"os_compute_api:os-migrations:index": "rule:admin or rule:reader"
 
 # Add or remove a fixed IP address from a server.
 #
@@ -525,7 +525,7 @@
 # deprecated.
 # GET  /os-networks
 # GET  /os-networks/{network_id}
-"os_compute_api:os-networks:view": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-networks:view": "rule:admin or rule:member or rule:reader"
 
 # Associate or disassociate a network from a host or project.
 #
@@ -545,7 +545,7 @@
 
 # List quotas for specific quota classs
 # GET  /os-quota-class-sets/{quota_class}
-"os_compute_api:os-quota-class-sets:show": "rule:admin or quota_class:%(quota_class)s or rule:auditor"
+"os_compute_api:os-quota-class-sets:show": "rule:admin or quota_class:%(quota_class)s or rule:reader"
 
 # Update quotas for specific quota class
 # PUT  /os-quota-class-sets/{quota_class}
@@ -561,7 +561,7 @@
 
 # Show a quota
 # GET  /os-quota-sets/{tenant_id}
-"os_compute_api:os-quota-sets:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-quota-sets:show": "rule:admin or rule:member or rule:reader"
 
 # Revert quotas to defaults
 # DELETE  /os-quota-sets/{tenant_id}
@@ -569,7 +569,7 @@
 
 # Show the detail of quota
 # GET  /os-quota-sets/{tenant_id}/detail
-"os_compute_api:os-quota-sets:detail": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-quota-sets:detail": "rule:admin or rule:member or rule:reader"
 
 # Generate a URL to access remove server console
 # POST  /servers/{server_id}/action (os-getRDPConsole)
@@ -631,7 +631,7 @@
 
 # Show the usage data for a server
 # GET  /servers/{server_id}/diagnostics
-"os_compute_api:os-server-diagnostics": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-server-diagnostics": "rule:admin or rule:member or rule:reader"
 
 # Create one or more external events
 # POST  /os-server-external-events
@@ -650,19 +650,19 @@
 
 # List all server groups
 # GET  /os-server-groups
-"os_compute_api:os-server-groups:index": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-server-groups:index": "rule:admin or rule:member or rule:reader"
 
 # Show details of a server group
 # GET  /os-server-groups/{server_group_id}
-"os_compute_api:os-server-groups:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-server-groups:show": "rule:admin or rule:member or rule:reader"
 
 # List all metadata of a server
 # GET  /servers/{server_id}/metadata
-"os_compute_api:server-metadata:index": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:server-metadata:index": "rule:admin or rule:member or rule:reader"
 
 # Show metadata for a server
 # GET  /servers/{server_id}/metadata/{key}
-"os_compute_api:server-metadata:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:server-metadata:show": "rule:admin or rule:member or rule:reader"
 
 # Create metadata for a server
 # POST  /servers/{server_id}/metadata
@@ -691,7 +691,7 @@
 
 # List all tags for given server
 # GET  /servers/{server_id}/tags
-"os_compute_api:os-server-tags:index": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-server-tags:index": "rule:admin or rule:member or rule:reader"
 
 # Replace all tags on specified server with the new set of tags.
 # PUT  /servers/{server_id}/tags
@@ -707,7 +707,7 @@
 
 # Check tag existence on the server.
 # GET  /servers/{server_id}/tags/{tag}
-"os_compute_api:os-server-tags:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-server-tags:show": "rule:admin or rule:member or rule:reader"
 
 # DEPRECATED
 # "os_compute_api:os-server-usage" has been deprecated since 17.0.0.
@@ -723,32 +723,32 @@
 # 'os_compute_api:servers:detail' for GET /servers/detail passes
 # GET  /servers/{id}
 # GET  /servers/detail
-"os_compute_api:os-server-usage": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-server-usage": "rule:admin or rule:member or rule:reader"
 
 # List all servers
 # GET  /servers
-"os_compute_api:servers:index": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:servers:index": "rule:admin or rule:member or rule:reader"
 
 # List all servers with detailed information
 # GET  /servers/detail
-"os_compute_api:servers:detail": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:servers:detail": "rule:admin or rule:member or rule:reader"
 
 # List all servers for all projects
 # GET  /servers
-"os_compute_api:servers:index:get_all_tenants": "rule:admin or rule:global_auditor"
+"os_compute_api:servers:index:get_all_tenants": "rule:admin or rule:global_reader"
 
 # List all servers with detailed information for all projects
 # GET  /servers/detail
-"os_compute_api:servers:detail:get_all_tenants": "rule:admin or rule:auditor"
+"os_compute_api:servers:detail:get_all_tenants": "rule:admin or rule:reader"
 
 # Show a server
 # GET  /servers/{server_id}
-"os_compute_api:servers:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:servers:show": "rule:admin or rule:member or rule:reader"
 
 # Show a server with additional host status information
 # GET  /servers/{server_id}
 # GET  /servers/detail
-"os_compute_api:servers:show:host_status": "rule:admin or rule:auditor"
+"os_compute_api:servers:show:host_status": "rule:admin or rule:reader"
 
 # Create a server
 # POST  /servers
@@ -858,7 +858,7 @@
 
 # Show details for an in-progress live migration for a given server
 # GET  /servers/{server_id}/migrations/{migration_id}
-"os_compute_api:servers:migrations:show": "rule:admin or rule:auditor"
+"os_compute_api:servers:migrations:show": "rule:admin or rule:reader"
 
 # Force an in-progress live migration for a given server to complete
 # POST  /servers/{server_id}/migrations/{migration_id}/action (force_complete)
@@ -870,7 +870,7 @@
 
 # Lists in-progress live migrations for a given server
 # GET  /servers/{server_id}/migrations
-"os_compute_api:servers:migrations:index": "rule:admin or rule:auditor"
+"os_compute_api:servers:migrations:index": "rule:admin or rule:reader"
 
 # List all running Compute services in a region, enables or disable
 # scheduling for a Compute service, logs disabled Compute service
@@ -899,11 +899,11 @@
 
 # Show usage statistics for a specific tenant
 # GET  /os-simple-tenant-usage/{tenant_id}
-"os_compute_api:os-simple-tenant-usage:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-simple-tenant-usage:show": "rule:admin or rule:member or rule:reader"
 
 # List per tenant usage statistics for all tenants
 # GET  /os-simple-tenant-usage
-"os_compute_api:os-simple-tenant-usage:list": "rule:admin or rule:auditor"
+"os_compute_api:os-simple-tenant-usage:list": "rule:admin or rule:reader"
 
 # Resume suspended server
 # POST  /servers/{server_id}/action (resume)
@@ -929,7 +929,7 @@
 # project limits. And this check is performed only after the check
 # os_compute_api:limits passes
 # GET  /limits
-"os_compute_api:os-used-limits": "rule:admin or rule:auditor"
+"os_compute_api:os-used-limits": "rule:admin or rule:reader"
 
 # Manage volumes for use with the Compute API.
 #
@@ -950,7 +950,7 @@
 
 # List volume attachments for an instance
 # GET  /servers/{server_id}/os-volume_attachments
-"os_compute_api:os-volumes-attachments:index": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-volumes-attachments:index": "rule:admin or rule:member or rule:reader"
 
 # Attach a volume to an instance
 # POST  /servers/{server_id}/os-volume_attachments
@@ -958,7 +958,7 @@
 
 # Show details of a volume attachment
 # GET  /servers/{server_id}/os-volume_attachments/{attachment_id}
-"os_compute_api:os-volumes-attachments:show": "rule:admin or rule:member or rule:auditor"
+"os_compute_api:os-volumes-attachments:show": "rule:admin or rule:member or rule:reader"
 
 # Update a volume attachment
 # PUT  /servers/{server_id}/os-volume_attachments/{attachment_id}
diff --git a/services/panko/policy.yaml b/services/panko/policy.yaml
index 651a316..d74ca7b 100644
--- a/services/panko/policy.yaml
+++ b/services/panko/policy.yaml
@@ -5,16 +5,16 @@
 # GET /v2/events
 # GET /v2/events/{message_id}
 #
-"segregation": "rule:admin or rule:member or rule:auditor"
+"segregation": "rule:admin or rule:member or rule:reader"
 
 ### Policy Rules defined in panko.policies.telemetry
 
 # Return all events matching the query filters.
 # GET /v2/events
 #
-"telemetry:events:index": "rule:admin or rule:member or rule:auditor"
+"telemetry:events:index": "rule:admin or rule:member or rule:reader"
 
 # Return a single event with the given message id.
 # GET /v2/events/{message_id}
 #
-"telemetry:events:show": "rule:admin or rule:member or rule:auditor"
+"telemetry:events:show": "rule:admin or rule:member or rule:reader"
diff --git a/tests/auth_token_auditor/access.json b/tests/auth_token_auditor/access.json
deleted file mode 100644
index 920780b..0000000
--- a/tests/auth_token_auditor/access.json
+++ /dev/null
@@ -1,136 +0,0 @@
-{
-    "token": {
-        "methods": [
-            "password"
-        ],
-        "roles": [
-            {
-                "id": "f03fda8f8a3249b2a70fb1f176a7b631",
-                "name": "Reader"
-            }
-        ],
-        "issued_at": "2002-01-18T21:14:07Z",
-        "expires_at": "2038-01-18T21:14:07Z",
-        "audit_ids": ["VcxU2JYqT8OzfUVvrjEITQ", "qNUTIJntTzO1-XUk5STybw"],
-        "project": {
-            "id": "tenant_id1",
-            "domain": {
-                "id": "domain_id1",
-                "name": "domain_name1"
-            },
-            "enabled": true,
-            "description": null,
-            "name": "tenant_name1"
-        },
-        "catalog": [
-            {
-                "endpoints": [
-                    {
-                        "id": "3b5e554bcf114f2483e8a1be7a0506d1",
-                        "interface": "admin",
-                        "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    },
-                    {
-                        "id": "54abd2dc463c4ba4a72915498f8ecad1",
-                        "interface": "internal",
-                        "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    },
-                    {
-                        "id": "70a7efa4b1b941968357cc43ae1419ee",
-                        "interface": "public",
-                        "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    }
-                ],
-                "id": "5707c3fc0a294703a3c638e9cf6a6c3a",
-                "type": "volume",
-                "name": "volume"
-            },
-            {
-                "endpoints": [
-                    {
-                        "id": "92217a3b95394492859bc49fd474382f",
-                        "interface": "admin",
-                        "url": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne"
-                    },
-                    {
-                        "id": "f20563bdf66f4efa8a1f11d99b672be1",
-                        "interface": "internal",
-                        "url": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne"
-                    },
-                    {
-                        "id": "375f9ba459a447738fb60fe5fc26e9aa",
-                        "interface": "public",
-                        "url": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne"
-                    }
-                ],
-                "id": "15c21aae6b274a8da52e0a068e908aac",
-                "type": "image",
-                "name": "glance"
-            },
-            {
-                "endpoints": [
-                    {
-                        "id": "edbd9f50f66746ae9ed11dc3b1ae35da",
-                        "interface": "admin",
-                        "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    },
-                    {
-                        "id": "9e03c46c80a34a159cb39f5cb0498b92",
-                        "interface": "internal",
-                        "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    },
-                    {
-                        "id": "1df0b44d92634d59bd0e0d60cf7ce432",
-                        "interface": "public",
-                        "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    }
-                ],
-                "id": "2f404fdb89154c589efbc10726b029ec",
-                "type": "compute",
-                "name": "nova"
-            },
-            {
-                "endpoints": [
-                    {
-                        "id": "a4501e141a4b4e14bf282e7bffd81dc5",
-                        "interface": "admin",
-                        "url": "http://127.0.0.1:35357/v3",
-                        "region": "RegionOne"
-                    },
-                    {
-                        "id": "3d17e3227bfc4483b58de5eaa584e360",
-                        "interface": "internal",
-                        "url": "http://127.0.0.1:35357/v3",
-                        "region": "RegionOne"
-                    },
-                    {
-                        "id": "8cd4b957090f4ca5842a22e9a74099cd",
-                        "interface": "public",
-                        "url": "http://127.0.0.1:5000/v3",
-                        "region": "RegionOne"
-                    }
-                ],
-                "id": "c5d926d566424e4fba4f80c37916cde5",
-                "type": "identity",
-                "name": "keystone"
-            }
-        ],
-        "user": {
-            "domain": {
-                "id": "domain_id1",
-                "name": "domain_name1"
-            },
-            "name": "user_name1",
-            "id": "user_id1"
-        }
-    }
-}
diff --git a/tests/auth_token_auditor/aodh.origin b/tests/auth_token_auditor/aodh.origin
deleted file mode 100644
index 6c2161c..0000000
--- a/tests/auth_token_auditor/aodh.origin
+++ /dev/null
@@ -1,10 +0,0 @@
-passed: telemetry:alarm_history
-failed: telemetry:change_alarm
-failed: telemetry:change_alarm_state
-failed: telemetry:create_alarm
-failed: telemetry:delete_alarm
-passed: telemetry:get_alarm
-passed: telemetry:get_alarms
-passed: telemetry:get_alarm_state
-failed: telemetry:query_alarm
-failed: telemetry:query_alarm_history
diff --git a/tests/auth_token_auditor/cinder.origin b/tests/auth_token_auditor/cinder.origin
deleted file mode 100644
index 895b4f2..0000000
--- a/tests/auth_token_auditor/cinder.origin
+++ /dev/null
@@ -1,134 +0,0 @@
-failed: backup:backup-import
-passed: backup:backup_project_attribute
-failed: backup:create
-failed: backup:delete
-failed: backup:export-import
-passed: backup:get
-passed: backup:get_all
-failed: backup:restore
-failed: backup:update
-passed: clusters:get
-passed: clusters:get_all
-failed: clusters:update
-passed: group:access_group_types_specs
-failed: group:create
-failed: group:create_group_snapshot
-failed: group:delete
-failed: group:delete_group_snapshot
-failed: group:disable_replication
-failed: group:enable_replication
-failed: group:failover_replication
-passed: group:get
-passed: group:get_all
-passed: group:get_all_group_snapshots
-passed: group:get_group_snapshot
-failed: group:group_types_manage
-failed: group:group_types_specs
-failed: group:list_replication_targets
-failed: group:reset_group_snapshot_status
-failed: group:reset_status
-failed: group:update
-passed: group:update_group_snapshot
-passed: limits_extension:used_limits
-failed: message:delete
-passed: message:get
-passed: message:get_all
-passed: scheduler_extension:scheduler_stats:get_pools
-passed: snapshot_extension:list_manageable
-failed: snapshot_extension:snapshot_actions:update_snapshot_status
-failed: snapshot_extension:snapshot_manage
-failed: snapshot_extension:snapshot_unmanage
-failed: volume:accept_transfer
-failed: volume:attachment_complete
-failed: volume:attachment_create
-failed: volume:attachment_delete
-failed: volume:attachment_update
-failed: volume:create
-failed: volume:create_from_image
-failed: volume:create_snapshot
-failed: volume:create_transfer
-failed: volume:create_volume_metadata
-failed: volume:delete
-failed: volume:delete_snapshot
-failed: volume:delete_snapshot_metadata
-failed: volume:delete_transfer
-failed: volume:delete_volume_metadata
-failed: volume:extend
-failed: volume:extend_attached_volume
-passed: volume_extension:access_types_extra_specs
-passed: volume_extension:access_types_qos_specs_id
-failed: volume_extension:backup_admin_actions:force_delete
-failed: volume_extension:backup_admin_actions:reset_status
-passed: volume_extension:capabilities
-passed: volume_extension:extended_snapshot_attributes
-failed: volume_extension:hosts
-passed: volume_extension:list_manageable
-failed: volume_extension:qos_specs_manage:create
-failed: volume_extension:qos_specs_manage:delete
-passed: volume_extension:qos_specs_manage:get
-passed: volume_extension:qos_specs_manage:get_all
-passed: volume_extension:qos_specs_manage:update
-failed: volume_extension:quota_classes
-passed: volume_extension:quota_classes:validate_setup_for_nested_quota_use
-failed: volume_extension:quotas:delete
-passed: volume_extension:quotas:show
-failed: volume_extension:quotas:update
-passed: volume_extension:services:index
-failed: volume_extension:services:update
-failed: volume_extension:snapshot_admin_actions:force_delete
-failed: volume_extension:snapshot_admin_actions:reset_status
-failed: volume_extension:types_extra_specs:create
-failed: volume_extension:types_extra_specs:delete
-passed: volume_extension:types_extra_specs:index
-passed: volume_extension:types_extra_specs:show
-failed: volume_extension:types_extra_specs:update
-failed: volume_extension:types_manage
-failed: volume_extension:volume_actions:attach
-failed: volume_extension:volume_actions:begin_detaching
-failed: volume_extension:volume_actions:detach
-failed: volume_extension:volume_actions:initialize_connection
-failed: volume_extension:volume_actions:reserve
-failed: volume_extension:volume_actions:roll_detaching
-failed: volume_extension:volume_actions:terminate_connection
-failed: volume_extension:volume_actions:unreserve
-failed: volume_extension:volume_actions:upload_image
-failed: volume_extension:volume_actions:upload_public
-failed: volume_extension:volume_admin_actions:force_delete
-failed: volume_extension:volume_admin_actions:force_detach
-failed: volume_extension:volume_admin_actions:migrate_volume
-failed: volume_extension:volume_admin_actions:migrate_volume_completion
-failed: volume_extension:volume_admin_actions:reset_status
-passed: volume_extension:volume_encryption_metadata
-passed: volume_extension:volume_host_attribute
-failed: volume_extension:volume_image_metadata
-failed: volume_extension:volume_manage
-passed: volume_extension:volume_mig_status_attribute
-passed: volume_extension:volume_tenant_attribute
-failed: volume_extension:volume_type_access
-failed: volume_extension:volume_type_access:addProjectAccess
-failed: volume_extension:volume_type_access:removeProjectAccess
-failed: volume_extension:volume_type_encryption
-failed: volume_extension:volume_unmanage
-failed: volume:failover_host
-failed: volume:force_delete
-failed: volume:freeze_host
-passed: volume:get
-passed: volume:get_all
-passed: volume:get_all_snapshots
-passed: volume:get_all_transfers
-passed: volume:get_snapshot
-passed: volume:get_snapshot_metadata
-passed: volume:get_transfer
-passed: volume:get_volume_metadata
-failed: volume:multiattach
-failed: volume:multiattach_bootable_volume
-failed: volume:retype
-failed: volume:revert_to_snapshot
-failed: volume:thaw_host
-failed: volume:update
-failed: volume:update_readonly_flag
-failed: volume:update_snapshot
-failed: volume:update_snapshot_metadata
-failed: volume:update_volume_admin_metadata
-failed: volume:update_volume_metadata
-failed: workers:cleanup
diff --git a/tests/auth_token_auditor/glance.origin b/tests/auth_token_auditor/glance.origin
deleted file mode 100644
index e69de29..0000000
--- a/tests/auth_token_auditor/glance.origin
+++ /dev/null
diff --git a/tests/auth_token_auditor/gnocchi.origin b/tests/auth_token_auditor/gnocchi.origin
deleted file mode 100644
index e69de29..0000000
--- a/tests/auth_token_auditor/gnocchi.origin
+++ /dev/null
diff --git a/tests/auth_token_auditor/heat.origin b/tests/auth_token_auditor/heat.origin
deleted file mode 100644
index 32a2b08..0000000
--- a/tests/auth_token_auditor/heat.origin
+++ /dev/null
@@ -1,79 +0,0 @@
-failed: actions:action
-passed: build_info:build_info
-failed: cloudformation:CancelUpdateStack
-failed: cloudformation:CreateStack
-failed: cloudformation:DeleteStack
-passed: cloudformation:DescribeStackEvents
-passed: cloudformation:DescribeStackResource
-passed: cloudformation:DescribeStackResources
-passed: cloudformation:DescribeStacks
-passed: cloudformation:EstimateTemplateCost
-failed: cloudformation:GetTemplate
-passed: cloudformation:ListStackResources
-passed: cloudformation:ListStacks
-failed: cloudformation:UpdateStack
-failed: cloudformation:ValidateTemplate
-passed: events:index
-passed: events:show
-passed: resource:index
-failed: resource:mark_unhealthy
-passed: resource:metadata
-passed: resource:show
-passed: resource:signal
-failed: resource_types:OS::Cinder::EncryptedVolumeType
-failed: resource_types:OS::Cinder::QoSAssociation
-failed: resource_types:OS::Cinder::QoSSpecs
-failed: resource_types:OS::Cinder::Quota
-failed: resource_types:OS::Cinder::VolumeType
-failed: resource_types:OS::Keystone::*
-failed: resource_types:OS::Manila::ShareType
-failed: resource_types:OS::Neutron::ProviderNet
-failed: resource_types:OS::Neutron::QoSBandwidthLimitRule
-failed: resource_types:OS::Neutron::QoSPolicy
-failed: resource_types:OS::Neutron::Quota
-failed: resource_types:OS::Neutron::Segment
-failed: resource_types:OS::Nova::Flavor
-failed: resource_types:OS::Nova::HostAggregate
-failed: resource_types:OS::Nova::Quota
-passed: service:index
-failed: software_configs:create
-failed: software_configs:delete
-failed: software_configs:global_index
-passed: software_configs:index
-passed: software_configs:show
-failed: software_deployments:create
-failed: software_deployments:delete
-passed: software_deployments:index
-passed: software_deployments:metadata
-passed: software_deployments:show
-failed: software_deployments:update
-failed: stacks:abandon
-failed: stacks:create
-failed: stacks:delete
-failed: stacks:delete_snapshot
-passed: stacks:detail
-failed: stacks:environment
-passed: stacks:export
-failed: stacks:files
-passed: stacks:generate_template
-failed: stacks:global_index
-passed: stacks:index
-failed: stacks:list_outputs
-passed: stacks:list_resource_types
-passed: stacks:list_snapshots
-passed: stacks:list_template_functions
-passed: stacks:list_template_versions
-passed: stacks:lookup
-failed: stacks:preview
-failed: stacks:preview_update
-failed: stacks:preview_update_patch
-passed: stacks:resource_schema
-failed: stacks:restore_snapshot
-passed: stacks:show
-failed: stacks:show_output
-passed: stacks:show_snapshot
-failed: stacks:snapshot
-failed: stacks:template
-failed: stacks:update
-failed: stacks:update_patch
-failed: stacks:validate_template
diff --git a/tests/auth_token_auditor/keystone.origin b/tests/auth_token_auditor/keystone.origin
deleted file mode 100644
index f86dcc7..0000000
--- a/tests/auth_token_auditor/keystone.origin
+++ /dev/null
@@ -1,187 +0,0 @@
-failed: identity:add_endpoint_group_to_project
-failed: identity:add_endpoint_to_project
-failed: identity:add_user_to_group
-failed: identity:authorize_request_token
-passed: identity:check_endpoint_in_project
-passed: identity:check_grant
-passed: identity:check_implied_role
-passed: identity:check_policy_association_for_endpoint
-passed: identity:check_policy_association_for_region_and_service
-passed: identity:check_policy_association_for_service
-passed: identity:check_system_grant_for_group
-passed: identity:check_system_grant_for_user
-failed: identity:check_token
-passed: identity:check_user_in_group
-failed: identity:create_application_credential
-failed: identity:create_consumer
-failed: identity:create_credential
-failed: identity:create_domain
-failed: identity:create_domain_config
-failed: identity:create_domain_role
-failed: identity:create_endpoint
-failed: identity:create_endpoint_group
-failed: identity:create_grant
-failed: identity:create_group
-failed: identity:create_identity_provider
-failed: identity:create_implied_role
-failed: identity:create_limits
-failed: identity:create_mapping
-failed: identity:create_policy
-failed: identity:create_policy_association_for_endpoint
-failed: identity:create_policy_association_for_region_and_service
-failed: identity:create_policy_association_for_service
-failed: identity:create_project
-failed: identity:create_project_tag
-failed: identity:create_protocol
-failed: identity:create_region
-failed: identity:create_registered_limits
-failed: identity:create_role
-failed: identity:create_service
-failed: identity:create_service_provider
-failed: identity:create_system_grant_for_group
-failed: identity:create_system_grant_for_user
-failed: identity:create_trust
-failed: identity:create_user
-failed: identity:delete_access_token
-failed: identity:delete_application_credential
-failed: identity:delete_consumer
-failed: identity:delete_credential
-failed: identity:delete_domain
-failed: identity:delete_domain_config
-failed: identity:delete_domain_role
-failed: identity:delete_endpoint
-failed: identity:delete_endpoint_group
-failed: identity:delete_group
-failed: identity:delete_identity_provider
-failed: identity:delete_implied_role
-failed: identity:delete_limit
-failed: identity:delete_mapping
-failed: identity:delete_policy
-failed: identity:delete_policy_association_for_endpoint
-failed: identity:delete_policy_association_for_region_and_service
-failed: identity:delete_policy_association_for_service
-failed: identity:delete_project
-failed: identity:delete_project_tag
-failed: identity:delete_project_tags
-failed: identity:delete_protocol
-failed: identity:delete_region
-failed: identity:delete_registered_limit
-failed: identity:delete_role
-failed: identity:delete_service
-failed: identity:delete_service_provider
-failed: identity:delete_trust
-failed: identity:delete_user
-failed: identity:ec2_create_credential
-failed: identity:ec2_delete_credential
-passed: identity:ec2_get_credential
-failed: identity:ec2_list_credentials
-failed: identity:get_access_token
-failed: identity:get_access_token_role
-passed: identity:get_application_credential
-failed: identity:get_auth_catalog
-failed: identity:get_auth_domains
-failed: identity:get_auth_projects
-failed: identity:get_auth_system
-failed: identity:get_consumer
-failed: identity:get_credential
-passed: identity:get_domain
-passed: identity:get_domain_config
-passed: identity:get_domain_config_default
-passed: identity:get_domain_role
-passed: identity:get_endpoint
-passed: identity:get_endpoint_group
-passed: identity:get_endpoint_group_in_project
-passed: identity:get_group
-passed: identity:get_identity_provider
-passed: identity:get_implied_role
-failed: identity:get_limit
-failed: identity:get_limit_model
-passed: identity:get_mapping
-passed: identity:get_policy
-passed: identity:get_policy_for_endpoint
-passed: identity:get_project
-passed: identity:get_project_tag
-passed: identity:get_protocol
-failed: identity:get_region
-failed: identity:get_registered_limit
-passed: identity:get_role
-failed: identity:get_role_for_trust
-failed: identity:get_security_compliance_domain_config
-passed: identity:get_service
-passed: identity:get_service_provider
-failed: identity:get_trust
-passed: identity:get_user
-failed: identity:list_access_token_roles
-failed: identity:list_access_tokens
-passed: identity:list_application_credentials
-failed: identity:list_consumers
-failed: identity:list_credentials
-passed: identity:list_domain_roles
-passed: identity:list_domains
-failed: identity:list_domains_for_user
-passed: identity:list_endpoint_groups
-passed: identity:list_endpoint_groups_for_project
-passed: identity:list_endpoints
-passed: identity:list_endpoints_associated_with_endpoint_group
-passed: identity:list_endpoints_for_policy
-passed: identity:list_endpoints_for_project
-passed: identity:list_grants
-passed: identity:list_groups
-passed: identity:list_groups_for_user
-passed: identity:list_identity_providers
-passed: identity:list_implied_roles
-failed: identity:list_limits
-passed: identity:list_mappings
-passed: identity:list_policies
-passed: identity:list_projects
-passed: identity:list_projects_associated_with_endpoint_group
-passed: identity:list_projects_for_endpoint
-failed: identity:list_projects_for_user
-passed: identity:list_project_tags
-passed: identity:list_protocols
-failed: identity:list_regions
-failed: identity:list_registered_limits
-passed: identity:list_revoke_events
-passed: identity:list_role_assignments
-passed: identity:list_role_assignments_for_tree
-passed: identity:list_role_inference_rules
-passed: identity:list_roles
-failed: identity:list_roles_for_trust
-passed: identity:list_service_providers
-passed: identity:list_services
-passed: identity:list_system_grants_for_group
-passed: identity:list_system_grants_for_user
-failed: identity:list_trusts
-passed: identity:list_user_projects
-passed: identity:list_users
-passed: identity:list_users_in_group
-failed: identity:remove_endpoint_from_project
-failed: identity:remove_endpoint_group_from_project
-failed: identity:remove_user_from_group
-passed: identity:revocation_list
-failed: identity:revoke_grant
-failed: identity:revoke_system_grant_for_group
-failed: identity:revoke_system_grant_for_user
-failed: identity:revoke_token
-failed: identity:update_consumer
-failed: identity:update_credential
-failed: identity:update_domain
-failed: identity:update_domain_config
-failed: identity:update_domain_role
-failed: identity:update_endpoint
-failed: identity:update_endpoint_group
-failed: identity:update_group
-failed: identity:update_identity_provider
-failed: identity:update_limit
-failed: identity:update_mapping
-failed: identity:update_policy
-failed: identity:update_project
-failed: identity:update_project_tags
-failed: identity:update_protocol
-failed: identity:update_region
-failed: identity:update_registered_limit
-failed: identity:update_role
-failed: identity:update_service
-failed: identity:update_service_provider
-failed: identity:update_user
-passed: identity:validate_token
diff --git a/tests/auth_token_auditor/manila.origin b/tests/auth_token_auditor/manila.origin
deleted file mode 100644
index 9e745f9..0000000
--- a/tests/auth_token_auditor/manila.origin
+++ /dev/null
@@ -1,130 +0,0 @@
-passed: availability_zone:index
-failed: message:delete
-passed: message:get
-passed: message:get_all
-failed: quota_class_set:show
-failed: quota_class_set:update
-failed: quota_set:delete
-passed: quota_set:show
-failed: quota_set:update
-passed: scheduler_stats:pools:detail
-passed: scheduler_stats:pools:index
-failed: security_service:create
-failed: security_service:delete
-passed: security_service:detail
-passed: security_service:get_all_security_services
-passed: security_service:index
-passed: security_service:show
-failed: security_service:update
-passed: service:index
-failed: service:update
-passed: share:access_get
-passed: share:access_get_all
-failed: share:allow_access
-failed: share:create
-failed: share:create_snapshot
-failed: share:delete
-failed: share:delete_share_metadata
-failed: share:delete_snapshot
-failed: share:deny_access
-passed: share_export_location:index
-passed: share_export_location:show
-failed: share:extend
-failed: share:force_delete
-passed: share:get
-passed: share:get_all
-passed: share:get_share_metadata
-failed: share_group:create
-failed: share_group:delete
-failed: share_group:force_delete
-passed: share_group:get
-passed: share_group:get_all
-failed: share_group:reset_status
-failed: share_group_snapshot:create
-failed: share_group_snapshot:delete
-failed: share_group_snapshot:force_delete
-passed: share_group_snapshot:get
-passed: share_group_snapshot:get_all
-failed: share_group_snapshot:reset_status
-failed: share_group_snapshot:update
-failed: share_group_type:add_project_access
-failed: share_group_type:create
-passed: share_group_type:default
-failed: share_group_type:delete
-passed: share_group_type:index
-passed: share_group_type:list_project_access
-failed: share_group_type:remove_project_access
-passed: share_group_type:show
-failed: share_group_types_spec:create
-failed: share_group_types_spec:delete
-passed: share_group_types_spec:index
-passed: share_group_types_spec:show
-failed: share_group_types_spec:update
-failed: share_group:update
-passed: share:list_by_host
-passed: share:list_by_share_server_id
-failed: share:manage
-failed: share:migration_cancel
-failed: share:migration_complete
-passed: share:migration_get_progress
-failed: share:migration_start
-failed: share_network:add_security_service
-failed: share_network:create
-failed: share_network:delete
-passed: share_network:detail
-passed: share_network:get_all_share_networks
-passed: share_network:index
-failed: share_network:remove_security_service
-passed: share_network:show
-failed: share_network:update
-failed: share_replica:create
-failed: share_replica:delete
-failed: share_replica:force_delete
-passed: share_replica:get_all
-failed: share_replica:promote
-failed: share_replica:reset_replica_state
-failed: share_replica:reset_status
-failed: share_replica:resync
-passed: share_replica:show
-failed: share:reset_status
-failed: share:reset_task_state
-failed: share:revert_to_snapshot
-failed: share_server:delete
-passed: share_server:details
-passed: share_server:index
-passed: share_server:show
-failed: share:shrink
-passed: share_snapshot:access_list
-failed: share_snapshot:allow_access
-failed: share_snapshot:deny_access
-passed: share_snapshot_export_location:index
-passed: share_snapshot_export_location:show
-failed: share_snapshot:force_delete
-passed: share_snapshot:get_all_snapshots
-passed: share_snapshot:get_snapshot
-passed: share_snapshot_instance:detail
-passed: share_snapshot_instance_export_location:index
-passed: share_snapshot_instance_export_location:show
-passed: share_snapshot_instance:index
-failed: share_snapshot_instance:reset_status
-passed: share_snapshot_instance:show
-failed: share_snapshot:manage_snapshot
-failed: share_snapshot:reset_status
-failed: share_snapshot:unmanage_snapshot
-failed: share:snapshot_update
-failed: share_type:add_project_access
-failed: share_type:create
-passed: share_type:default
-failed: share_type:delete
-passed: share_type:index
-passed: share_type:list_project_access
-failed: share_type:remove_project_access
-failed: share_types_extra_spec:create
-failed: share_types_extra_spec:delete
-passed: share_types_extra_spec:index
-passed: share_types_extra_spec:show
-failed: share_types_extra_spec:update
-passed: share_type:show
-failed: share:unmanage
-failed: share:update
-failed: share:update_share_metadata
diff --git a/tests/auth_token_auditor/neutron.origin b/tests/auth_token_auditor/neutron.origin
deleted file mode 100644
index 32c0c19..0000000
--- a/tests/auth_token_auditor/neutron.origin
+++ /dev/null
@@ -1,67 +0,0 @@
-failed: create_address_scope:shared
-failed: create_floatingip:floating_ip_address
-failed: create_network:is_default
-failed: create_network:provider:network_type
-failed: create_network:provider:physical_network
-failed: create_network:provider:segmentation_id
-failed: create_network:router:external
-failed: create_network:segments
-failed: create_network:shared
-failed: create_port:allowed_address_pairs
-failed: create_port:binding:host_id
-failed: create_port:binding:profile
-passed: create_port:device_owner
-failed: create_port:fixed_ips:ip_address
-failed: create_port:fixed_ips:subnet_id
-failed: create_port:mac_address
-failed: create_port:mac_learning_enabled
-failed: create_port:port_security_enabled
-passed: create_rbac_policy:target_tenant
-failed: create_router:distributed
-failed: create_router:external_gateway_info:enable_snat
-failed: create_router:external_gateway_info:external_fixed_ips
-failed: create_router:ha
-failed: create_subnetpool:is_default
-failed: create_subnetpool:shared
-failed: create_subnet:segment_id
-failed: create_subnet:service_types
-passed: get_network:provider:network_type
-passed: get_network:provider:physical_network
-passed: get_network:provider:segmentation_id
-passed: get_network:queue_id
-passed: get_network:router:external
-passed: get_network:segments
-passed: get_port:binding:host_id
-passed: get_port:binding:profile
-passed: get_port:binding:vif_details
-passed: get_port:binding:vif_type
-passed: get_port:queue_id
-passed: get_router:distributed
-passed: get_router:ha
-passed: get_subnet:segment_id
-failed: update_address_scope:shared
-failed: update_network:provider:network_type
-failed: update_network:provider:physical_network
-failed: update_network:provider:segmentation_id
-failed: update_network:router:external
-failed: update_network:segments
-failed: update_network:shared
-failed: update_port:allowed_address_pairs
-failed: update_port:binding:host_id
-failed: update_port:binding:profile
-failed: update_port:data_plane_status
-passed: update_port:device_owner
-failed: update_port:fixed_ips:ip_address
-failed: update_port:fixed_ips:subnet_id
-failed: update_port:mac_address
-failed: update_port:mac_learning_enabled
-failed: update_port:port_security_enabled
-failed: update_rbac_policy:target_tenant
-failed: update_router:distributed
-failed: update_router:external_gateway_info
-failed: update_router:external_gateway_info:enable_snat
-failed: update_router:external_gateway_info:external_fixed_ips
-failed: update_router:external_gateway_info:network_id
-failed: update_router:ha
-failed: update_subnetpool:is_default
-failed: update_subnet:service_types
diff --git a/tests/auth_token_auditor/nova.origin b/tests/auth_token_auditor/nova.origin
deleted file mode 100644
index a82dead..0000000
--- a/tests/auth_token_auditor/nova.origin
+++ /dev/null
@@ -1,164 +0,0 @@
-failed: cells_scheduler_filter:DifferentCellFilter
-failed: cells_scheduler_filter:TargetCellFilter
-failed: network:attach_external_network
-passed: os_compute_api:extensions
-failed: os_compute_api:flavors
-passed: os_compute_api:image-size
-passed: os_compute_api:ips:index
-passed: os_compute_api:ips:show
-passed: os_compute_api:limits
-failed: os_compute_api:os-admin-actions:inject_network_info
-failed: os_compute_api:os-admin-actions:reset_network
-failed: os_compute_api:os-admin-actions:reset_state
-failed: os_compute_api:os-admin-password
-failed: os_compute_api:os-agents
-failed: os_compute_api:os-aggregates:add_host
-failed: os_compute_api:os-aggregates:create
-failed: os_compute_api:os-aggregates:delete
-passed: os_compute_api:os-aggregates:index
-failed: os_compute_api:os-aggregates:remove_host
-failed: os_compute_api:os-aggregates:set_metadata
-passed: os_compute_api:os-aggregates:show
-failed: os_compute_api:os-aggregates:update
-failed: os_compute_api:os-assisted-volume-snapshots:create
-failed: os_compute_api:os-assisted-volume-snapshots:delete
-passed: os_compute_api:os-attach-interfaces
-failed: os_compute_api:os-attach-interfaces:create
-failed: os_compute_api:os-attach-interfaces:delete
-passed: os_compute_api:os-availability-zone:detail
-passed: os_compute_api:os-availability-zone:list
-passed: os_compute_api:os-baremetal-nodes
-passed: os_compute_api:os-cells
-failed: os_compute_api:os-cells:create
-failed: os_compute_api:os-cells:delete
-failed: os_compute_api:os-cells:sync_instances
-failed: os_compute_api:os-cells:update
-failed: os_compute_api:os-config-drive
-passed: os_compute_api:os-console-auth-tokens
-passed: os_compute_api:os-console-output
-failed: os_compute_api:os-consoles:create
-failed: os_compute_api:os-consoles:delete
-passed: os_compute_api:os-consoles:index
-passed: os_compute_api:os-consoles:show
-failed: os_compute_api:os-create-backup
-failed: os_compute_api:os-deferred-delete
-failed: os_compute_api:os-evacuate
-failed: os_compute_api:os-extended-availability-zone
-passed: os_compute_api:os-extended-server-attributes
-passed: os_compute_api:os-extended-status
-passed: os_compute_api:os-extended-volumes
-failed: os_compute_api:os-flavor-access
-failed: os_compute_api:os-flavor-access:add_tenant_access
-failed: os_compute_api:os-flavor-access:remove_tenant_access
-failed: os_compute_api:os-flavor-extra-specs:create
-failed: os_compute_api:os-flavor-extra-specs:delete
-failed: os_compute_api:os-flavor-extra-specs:index
-passed: os_compute_api:os-flavor-extra-specs:show
-failed: os_compute_api:os-flavor-extra-specs:update
-failed: os_compute_api:os-flavor-manage
-failed: os_compute_api:os-flavor-manage:create
-failed: os_compute_api:os-flavor-manage:delete
-failed: os_compute_api:os-flavor-manage:update
-failed: os_compute_api:os-flavor-rxtx
-passed: os_compute_api:os-floating-ip-pools
-failed: os_compute_api:os-floating-ips
-failed: os_compute_api:os-hide-server-addresses
-failed: os_compute_api:os-hosts
-passed: os_compute_api:os-hypervisors
-passed: os_compute_api:os-instance-actions
-passed: os_compute_api:os-instance-actions:events
-passed: os_compute_api:os-instance-usage-audit-log
-failed: os_compute_api:os-keypairs
-failed: os_compute_api:os-keypairs:create
-failed: os_compute_api:os-keypairs:delete
-failed: os_compute_api:os-keypairs:index
-failed: os_compute_api:os-keypairs:show
-failed: os_compute_api:os-lock-server:lock
-failed: os_compute_api:os-lock-server:unlock
-failed: os_compute_api:os-lock-server:unlock:unlock_override
-failed: os_compute_api:os-migrate-server:migrate
-failed: os_compute_api:os-migrate-server:migrate_live
-passed: os_compute_api:os-migrations:index
-failed: os_compute_api:os-multinic
-failed: os_compute_api:os-networks
-failed: os_compute_api:os-networks-associate
-passed: os_compute_api:os-networks:view
-failed: os_compute_api:os-pause-server:pause
-failed: os_compute_api:os-pause-server:unpause
-passed: os_compute_api:os-quota-class-sets:show
-failed: os_compute_api:os-quota-class-sets:update
-passed: os_compute_api:os-quota-sets:defaults
-failed: os_compute_api:os-quota-sets:delete
-passed: os_compute_api:os-quota-sets:detail
-passed: os_compute_api:os-quota-sets:show
-failed: os_compute_api:os-quota-sets:update
-failed: os_compute_api:os-remote-consoles
-failed: os_compute_api:os-rescue
-failed: os_compute_api:os-security-group-default-rules
-failed: os_compute_api:os-security-groups
-passed: os_compute_api:os-server-diagnostics
-failed: os_compute_api:os-server-external-events:create
-failed: os_compute_api:os-server-groups
-failed: os_compute_api:os-server-groups:create
-failed: os_compute_api:os-server-groups:delete
-passed: os_compute_api:os-server-groups:index
-passed: os_compute_api:os-server-groups:show
-failed: os_compute_api:os-server-password
-failed: os_compute_api:os-server-tags:delete
-failed: os_compute_api:os-server-tags:delete_all
-passed: os_compute_api:os-server-tags:index
-passed: os_compute_api:os-server-tags:show
-failed: os_compute_api:os-server-tags:update
-failed: os_compute_api:os-server-tags:update_all
-passed: os_compute_api:os-server-usage
-failed: os_compute_api:os-services
-failed: os_compute_api:os-shelve:shelve
-failed: os_compute_api:os-shelve:shelve_offload
-failed: os_compute_api:os-shelve:unshelve
-passed: os_compute_api:os-simple-tenant-usage:list
-passed: os_compute_api:os-simple-tenant-usage:show
-failed: os_compute_api:os-suspend-server:resume
-failed: os_compute_api:os-suspend-server:suspend
-failed: os_compute_api:os-tenant-networks
-passed: os_compute_api:os-used-limits
-failed: os_compute_api:os-volumes
-failed: os_compute_api:os-volumes-attachments:create
-failed: os_compute_api:os-volumes-attachments:delete
-passed: os_compute_api:os-volumes-attachments:index
-passed: os_compute_api:os-volumes-attachments:show
-failed: os_compute_api:os-volumes-attachments:update
-failed: os_compute_api:server-metadata:create
-failed: os_compute_api:server-metadata:delete
-passed: os_compute_api:server-metadata:index
-passed: os_compute_api:server-metadata:show
-failed: os_compute_api:server-metadata:update
-failed: os_compute_api:server-metadata:update_all
-failed: os_compute_api:servers:confirm_resize
-failed: os_compute_api:servers:create
-failed: os_compute_api:servers:create:attach_network
-failed: os_compute_api:servers:create:attach_volume
-failed: os_compute_api:servers:create:forced_host
-failed: os_compute_api:servers:create_image
-failed: os_compute_api:servers:create_image:allow_volume_backed
-failed: os_compute_api:servers:create:trusted_certs
-failed: os_compute_api:servers:create:zero_disk_flavor
-failed: os_compute_api:servers:delete
-passed: os_compute_api:servers:detail
-passed: os_compute_api:servers:detail:get_all_tenants
-passed: os_compute_api:servers:index
-failed: os_compute_api:servers:index:get_all_tenants
-failed: os_compute_api:servers:migrations:delete
-failed: os_compute_api:servers:migrations:force_complete
-passed: os_compute_api:servers:migrations:index
-passed: os_compute_api:servers:migrations:show
-failed: os_compute_api:servers:reboot
-failed: os_compute_api:servers:rebuild
-failed: os_compute_api:servers:rebuild:trusted_certs
-failed: os_compute_api:servers:resize
-failed: os_compute_api:servers:revert_resize
-passed: os_compute_api:servers:show
-passed: os_compute_api:servers:show:host_status
-failed: os_compute_api:servers:start
-failed: os_compute_api:servers:stop
-failed: os_compute_api:servers:trigger_crash_dump
-failed: os_compute_api:servers:update
diff --git a/tests/auth_token_auditor/panko.origin b/tests/auth_token_auditor/panko.origin
deleted file mode 100644
index 377b7c9..0000000
--- a/tests/auth_token_auditor/panko.origin
+++ /dev/null
@@ -1,2 +0,0 @@
-passed: telemetry:events:index
-passed: telemetry:events:show
diff --git a/tests/auth_token_reader/access.json b/tests/auth_token_reader/access.json
new file mode 100644
index 0000000..920780b
--- /dev/null
+++ b/tests/auth_token_reader/access.json
@@ -0,0 +1,136 @@
+{
+    "token": {
+        "methods": [
+            "password"
+        ],
+        "roles": [
+            {
+                "id": "f03fda8f8a3249b2a70fb1f176a7b631",
+                "name": "Reader"
+            }
+        ],
+        "issued_at": "2002-01-18T21:14:07Z",
+        "expires_at": "2038-01-18T21:14:07Z",
+        "audit_ids": ["VcxU2JYqT8OzfUVvrjEITQ", "qNUTIJntTzO1-XUk5STybw"],
+        "project": {
+            "id": "tenant_id1",
+            "domain": {
+                "id": "domain_id1",
+                "name": "domain_name1"
+            },
+            "enabled": true,
+            "description": null,
+            "name": "tenant_name1"
+        },
+        "catalog": [
+            {
+                "endpoints": [
+                    {
+                        "id": "3b5e554bcf114f2483e8a1be7a0506d1",
+                        "interface": "admin",
+                        "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
+                        "region": "regionOne"
+                    },
+                    {
+                        "id": "54abd2dc463c4ba4a72915498f8ecad1",
+                        "interface": "internal",
+                        "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
+                        "region": "regionOne"
+                    },
+                    {
+                        "id": "70a7efa4b1b941968357cc43ae1419ee",
+                        "interface": "public",
+                        "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
+                        "region": "regionOne"
+                    }
+                ],
+                "id": "5707c3fc0a294703a3c638e9cf6a6c3a",
+                "type": "volume",
+                "name": "volume"
+            },
+            {
+                "endpoints": [
+                    {
+                        "id": "92217a3b95394492859bc49fd474382f",
+                        "interface": "admin",
+                        "url": "http://127.0.0.1:9292/v1",
+                        "region": "regionOne"
+                    },
+                    {
+                        "id": "f20563bdf66f4efa8a1f11d99b672be1",
+                        "interface": "internal",
+                        "url": "http://127.0.0.1:9292/v1",
+                        "region": "regionOne"
+                    },
+                    {
+                        "id": "375f9ba459a447738fb60fe5fc26e9aa",
+                        "interface": "public",
+                        "url": "http://127.0.0.1:9292/v1",
+                        "region": "regionOne"
+                    }
+                ],
+                "id": "15c21aae6b274a8da52e0a068e908aac",
+                "type": "image",
+                "name": "glance"
+            },
+            {
+                "endpoints": [
+                    {
+                        "id": "edbd9f50f66746ae9ed11dc3b1ae35da",
+                        "interface": "admin",
+                        "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
+                        "region": "regionOne"
+                    },
+                    {
+                        "id": "9e03c46c80a34a159cb39f5cb0498b92",
+                        "interface": "internal",
+                        "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
+                        "region": "regionOne"
+                    },
+                    {
+                        "id": "1df0b44d92634d59bd0e0d60cf7ce432",
+                        "interface": "public",
+                        "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
+                        "region": "regionOne"
+                    }
+                ],
+                "id": "2f404fdb89154c589efbc10726b029ec",
+                "type": "compute",
+                "name": "nova"
+            },
+            {
+                "endpoints": [
+                    {
+                        "id": "a4501e141a4b4e14bf282e7bffd81dc5",
+                        "interface": "admin",
+                        "url": "http://127.0.0.1:35357/v3",
+                        "region": "RegionOne"
+                    },
+                    {
+                        "id": "3d17e3227bfc4483b58de5eaa584e360",
+                        "interface": "internal",
+                        "url": "http://127.0.0.1:35357/v3",
+                        "region": "RegionOne"
+                    },
+                    {
+                        "id": "8cd4b957090f4ca5842a22e9a74099cd",
+                        "interface": "public",
+                        "url": "http://127.0.0.1:5000/v3",
+                        "region": "RegionOne"
+                    }
+                ],
+                "id": "c5d926d566424e4fba4f80c37916cde5",
+                "type": "identity",
+                "name": "keystone"
+            }
+        ],
+        "user": {
+            "domain": {
+                "id": "domain_id1",
+                "name": "domain_name1"
+            },
+            "name": "user_name1",
+            "id": "user_id1"
+        }
+    }
+}
diff --git a/tests/auth_token_reader/aodh.origin b/tests/auth_token_reader/aodh.origin
new file mode 100644
index 0000000..6c2161c
--- /dev/null
+++ b/tests/auth_token_reader/aodh.origin
@@ -0,0 +1,10 @@
+passed: telemetry:alarm_history
+failed: telemetry:change_alarm
+failed: telemetry:change_alarm_state
+failed: telemetry:create_alarm
+failed: telemetry:delete_alarm
+passed: telemetry:get_alarm
+passed: telemetry:get_alarms
+passed: telemetry:get_alarm_state
+failed: telemetry:query_alarm
+failed: telemetry:query_alarm_history
diff --git a/tests/auth_token_reader/cinder.origin b/tests/auth_token_reader/cinder.origin
new file mode 100644
index 0000000..895b4f2
--- /dev/null
+++ b/tests/auth_token_reader/cinder.origin
@@ -0,0 +1,134 @@
+failed: backup:backup-import
+passed: backup:backup_project_attribute
+failed: backup:create
+failed: backup:delete
+failed: backup:export-import
+passed: backup:get
+passed: backup:get_all
+failed: backup:restore
+failed: backup:update
+passed: clusters:get
+passed: clusters:get_all
+failed: clusters:update
+passed: group:access_group_types_specs
+failed: group:create
+failed: group:create_group_snapshot
+failed: group:delete
+failed: group:delete_group_snapshot
+failed: group:disable_replication
+failed: group:enable_replication
+failed: group:failover_replication
+passed: group:get
+passed: group:get_all
+passed: group:get_all_group_snapshots
+passed: group:get_group_snapshot
+failed: group:group_types_manage
+failed: group:group_types_specs
+failed: group:list_replication_targets
+failed: group:reset_group_snapshot_status
+failed: group:reset_status
+failed: group:update
+passed: group:update_group_snapshot
+passed: limits_extension:used_limits
+failed: message:delete
+passed: message:get
+passed: message:get_all
+passed: scheduler_extension:scheduler_stats:get_pools
+passed: snapshot_extension:list_manageable
+failed: snapshot_extension:snapshot_actions:update_snapshot_status
+failed: snapshot_extension:snapshot_manage
+failed: snapshot_extension:snapshot_unmanage
+failed: volume:accept_transfer
+failed: volume:attachment_complete
+failed: volume:attachment_create
+failed: volume:attachment_delete
+failed: volume:attachment_update
+failed: volume:create
+failed: volume:create_from_image
+failed: volume:create_snapshot
+failed: volume:create_transfer
+failed: volume:create_volume_metadata
+failed: volume:delete
+failed: volume:delete_snapshot
+failed: volume:delete_snapshot_metadata
+failed: volume:delete_transfer
+failed: volume:delete_volume_metadata
+failed: volume:extend
+failed: volume:extend_attached_volume
+passed: volume_extension:access_types_extra_specs
+passed: volume_extension:access_types_qos_specs_id
+failed: volume_extension:backup_admin_actions:force_delete
+failed: volume_extension:backup_admin_actions:reset_status
+passed: volume_extension:capabilities
+passed: volume_extension:extended_snapshot_attributes
+failed: volume_extension:hosts
+passed: volume_extension:list_manageable
+failed: volume_extension:qos_specs_manage:create
+failed: volume_extension:qos_specs_manage:delete
+passed: volume_extension:qos_specs_manage:get
+passed: volume_extension:qos_specs_manage:get_all
+passed: volume_extension:qos_specs_manage:update
+failed: volume_extension:quota_classes
+passed: volume_extension:quota_classes:validate_setup_for_nested_quota_use
+failed: volume_extension:quotas:delete
+passed: volume_extension:quotas:show
+failed: volume_extension:quotas:update
+passed: volume_extension:services:index
+failed: volume_extension:services:update
+failed: volume_extension:snapshot_admin_actions:force_delete
+failed: volume_extension:snapshot_admin_actions:reset_status
+failed: volume_extension:types_extra_specs:create
+failed: volume_extension:types_extra_specs:delete
+passed: volume_extension:types_extra_specs:index
+passed: volume_extension:types_extra_specs:show
+failed: volume_extension:types_extra_specs:update
+failed: volume_extension:types_manage
+failed: volume_extension:volume_actions:attach
+failed: volume_extension:volume_actions:begin_detaching
+failed: volume_extension:volume_actions:detach
+failed: volume_extension:volume_actions:initialize_connection
+failed: volume_extension:volume_actions:reserve
+failed: volume_extension:volume_actions:roll_detaching
+failed: volume_extension:volume_actions:terminate_connection
+failed: volume_extension:volume_actions:unreserve
+failed: volume_extension:volume_actions:upload_image
+failed: volume_extension:volume_actions:upload_public
+failed: volume_extension:volume_admin_actions:force_delete
+failed: volume_extension:volume_admin_actions:force_detach
+failed: volume_extension:volume_admin_actions:migrate_volume
+failed: volume_extension:volume_admin_actions:migrate_volume_completion
+failed: volume_extension:volume_admin_actions:reset_status
+passed: volume_extension:volume_encryption_metadata
+passed: volume_extension:volume_host_attribute
+failed: volume_extension:volume_image_metadata
+failed: volume_extension:volume_manage
+passed: volume_extension:volume_mig_status_attribute
+passed: volume_extension:volume_tenant_attribute
+failed: volume_extension:volume_type_access
+failed: volume_extension:volume_type_access:addProjectAccess
+failed: volume_extension:volume_type_access:removeProjectAccess
+failed: volume_extension:volume_type_encryption
+failed: volume_extension:volume_unmanage
+failed: volume:failover_host
+failed: volume:force_delete
+failed: volume:freeze_host
+passed: volume:get
+passed: volume:get_all
+passed: volume:get_all_snapshots
+passed: volume:get_all_transfers
+passed: volume:get_snapshot
+passed: volume:get_snapshot_metadata
+passed: volume:get_transfer
+passed: volume:get_volume_metadata
+failed: volume:multiattach
+failed: volume:multiattach_bootable_volume
+failed: volume:retype
+failed: volume:revert_to_snapshot
+failed: volume:thaw_host
+failed: volume:update
+failed: volume:update_readonly_flag
+failed: volume:update_snapshot
+failed: volume:update_snapshot_metadata
+failed: volume:update_volume_admin_metadata
+failed: volume:update_volume_metadata
+failed: workers:cleanup
diff --git a/tests/auth_token_reader/glance.origin b/tests/auth_token_reader/glance.origin
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/auth_token_reader/glance.origin
diff --git a/tests/auth_token_reader/gnocchi.origin b/tests/auth_token_reader/gnocchi.origin
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/auth_token_reader/gnocchi.origin
diff --git a/tests/auth_token_reader/heat.origin b/tests/auth_token_reader/heat.origin
new file mode 100644
index 0000000..32a2b08
--- /dev/null
+++ b/tests/auth_token_reader/heat.origin
@@ -0,0 +1,79 @@
+failed: actions:action
+passed: build_info:build_info
+failed: cloudformation:CancelUpdateStack
+failed: cloudformation:CreateStack
+failed: cloudformation:DeleteStack
+passed: cloudformation:DescribeStackEvents
+passed: cloudformation:DescribeStackResource
+passed: cloudformation:DescribeStackResources
+passed: cloudformation:DescribeStacks
+passed: cloudformation:EstimateTemplateCost
+failed: cloudformation:GetTemplate
+passed: cloudformation:ListStackResources
+passed: cloudformation:ListStacks
+failed: cloudformation:UpdateStack
+failed: cloudformation:ValidateTemplate
+passed: events:index
+passed: events:show
+passed: resource:index
+failed: resource:mark_unhealthy
+passed: resource:metadata
+passed: resource:show
+passed: resource:signal
+failed: resource_types:OS::Cinder::EncryptedVolumeType
+failed: resource_types:OS::Cinder::QoSAssociation
+failed: resource_types:OS::Cinder::QoSSpecs
+failed: resource_types:OS::Cinder::Quota
+failed: resource_types:OS::Cinder::VolumeType
+failed: resource_types:OS::Keystone::*
+failed: resource_types:OS::Manila::ShareType
+failed: resource_types:OS::Neutron::ProviderNet
+failed: resource_types:OS::Neutron::QoSBandwidthLimitRule
+failed: resource_types:OS::Neutron::QoSPolicy
+failed: resource_types:OS::Neutron::Quota
+failed: resource_types:OS::Neutron::Segment
+failed: resource_types:OS::Nova::Flavor
+failed: resource_types:OS::Nova::HostAggregate
+failed: resource_types:OS::Nova::Quota
+passed: service:index
+failed: software_configs:create
+failed: software_configs:delete
+failed: software_configs:global_index
+passed: software_configs:index
+passed: software_configs:show
+failed: software_deployments:create
+failed: software_deployments:delete
+passed: software_deployments:index
+passed: software_deployments:metadata
+passed: software_deployments:show
+failed: software_deployments:update
+failed: stacks:abandon
+failed: stacks:create
+failed: stacks:delete
+failed: stacks:delete_snapshot
+passed: stacks:detail
+failed: stacks:environment
+passed: stacks:export
+failed: stacks:files
+passed: stacks:generate_template
+failed: stacks:global_index
+passed: stacks:index
+failed: stacks:list_outputs
+passed: stacks:list_resource_types
+passed: stacks:list_snapshots
+passed: stacks:list_template_functions
+passed: stacks:list_template_versions
+passed: stacks:lookup
+failed: stacks:preview
+failed: stacks:preview_update
+failed: stacks:preview_update_patch
+passed: stacks:resource_schema
+failed: stacks:restore_snapshot
+passed: stacks:show
+failed: stacks:show_output
+passed: stacks:show_snapshot
+failed: stacks:snapshot
+failed: stacks:template
+failed: stacks:update
+failed: stacks:update_patch
+failed: stacks:validate_template
diff --git a/tests/auth_token_reader/keystone.origin b/tests/auth_token_reader/keystone.origin
new file mode 100644
index 0000000..f86dcc7
--- /dev/null
+++ b/tests/auth_token_reader/keystone.origin
@@ -0,0 +1,187 @@
+failed: identity:add_endpoint_group_to_project
+failed: identity:add_endpoint_to_project
+failed: identity:add_user_to_group
+failed: identity:authorize_request_token
+passed: identity:check_endpoint_in_project
+passed: identity:check_grant
+passed: identity:check_implied_role
+passed: identity:check_policy_association_for_endpoint
+passed: identity:check_policy_association_for_region_and_service
+passed: identity:check_policy_association_for_service
+passed: identity:check_system_grant_for_group
+passed: identity:check_system_grant_for_user
+failed: identity:check_token
+passed: identity:check_user_in_group
+failed: identity:create_application_credential
+failed: identity:create_consumer
+failed: identity:create_credential
+failed: identity:create_domain
+failed: identity:create_domain_config
+failed: identity:create_domain_role
+failed: identity:create_endpoint
+failed: identity:create_endpoint_group
+failed: identity:create_grant
+failed: identity:create_group
+failed: identity:create_identity_provider
+failed: identity:create_implied_role
+failed: identity:create_limits
+failed: identity:create_mapping
+failed: identity:create_policy
+failed: identity:create_policy_association_for_endpoint
+failed: identity:create_policy_association_for_region_and_service
+failed: identity:create_policy_association_for_service
+failed: identity:create_project
+failed: identity:create_project_tag
+failed: identity:create_protocol
+failed: identity:create_region
+failed: identity:create_registered_limits
+failed: identity:create_role
+failed: identity:create_service
+failed: identity:create_service_provider
+failed: identity:create_system_grant_for_group
+failed: identity:create_system_grant_for_user
+failed: identity:create_trust
+failed: identity:create_user
+failed: identity:delete_access_token
+failed: identity:delete_application_credential
+failed: identity:delete_consumer
+failed: identity:delete_credential
+failed: identity:delete_domain
+failed: identity:delete_domain_config
+failed: identity:delete_domain_role
+failed: identity:delete_endpoint
+failed: identity:delete_endpoint_group
+failed: identity:delete_group
+failed: identity:delete_identity_provider
+failed: identity:delete_implied_role
+failed: identity:delete_limit
+failed: identity:delete_mapping
+failed: identity:delete_policy
+failed: identity:delete_policy_association_for_endpoint
+failed: identity:delete_policy_association_for_region_and_service
+failed: identity:delete_policy_association_for_service
+failed: identity:delete_project
+failed: identity:delete_project_tag
+failed: identity:delete_project_tags
+failed: identity:delete_protocol
+failed: identity:delete_region
+failed: identity:delete_registered_limit
+failed: identity:delete_role
+failed: identity:delete_service
+failed: identity:delete_service_provider
+failed: identity:delete_trust
+failed: identity:delete_user
+failed: identity:ec2_create_credential
+failed: identity:ec2_delete_credential
+passed: identity:ec2_get_credential
+failed: identity:ec2_list_credentials
+failed: identity:get_access_token
+failed: identity:get_access_token_role
+passed: identity:get_application_credential
+failed: identity:get_auth_catalog
+failed: identity:get_auth_domains
+failed: identity:get_auth_projects
+failed: identity:get_auth_system
+failed: identity:get_consumer
+failed: identity:get_credential
+passed: identity:get_domain
+passed: identity:get_domain_config
+passed: identity:get_domain_config_default
+passed: identity:get_domain_role
+passed: identity:get_endpoint
+passed: identity:get_endpoint_group
+passed: identity:get_endpoint_group_in_project
+passed: identity:get_group
+passed: identity:get_identity_provider
+passed: identity:get_implied_role
+failed: identity:get_limit
+failed: identity:get_limit_model
+passed: identity:get_mapping
+passed: identity:get_policy
+passed: identity:get_policy_for_endpoint
+passed: identity:get_project
+passed: identity:get_project_tag
+passed: identity:get_protocol
+failed: identity:get_region
+failed: identity:get_registered_limit
+passed: identity:get_role
+failed: identity:get_role_for_trust
+failed: identity:get_security_compliance_domain_config
+passed: identity:get_service
+passed: identity:get_service_provider
+failed: identity:get_trust
+passed: identity:get_user
+failed: identity:list_access_token_roles
+failed: identity:list_access_tokens
+passed: identity:list_application_credentials
+failed: identity:list_consumers
+failed: identity:list_credentials
+passed: identity:list_domain_roles
+passed: identity:list_domains
+failed: identity:list_domains_for_user
+passed: identity:list_endpoint_groups
+passed: identity:list_endpoint_groups_for_project
+passed: identity:list_endpoints
+passed: identity:list_endpoints_associated_with_endpoint_group
+passed: identity:list_endpoints_for_policy
+passed: identity:list_endpoints_for_project
+passed: identity:list_grants
+passed: identity:list_groups
+passed: identity:list_groups_for_user
+passed: identity:list_identity_providers
+passed: identity:list_implied_roles
+failed: identity:list_limits
+passed: identity:list_mappings
+passed: identity:list_policies
+passed: identity:list_projects
+passed: identity:list_projects_associated_with_endpoint_group
+passed: identity:list_projects_for_endpoint
+failed: identity:list_projects_for_user
+passed: identity:list_project_tags
+passed: identity:list_protocols
+failed: identity:list_regions
+failed: identity:list_registered_limits
+passed: identity:list_revoke_events
+passed: identity:list_role_assignments
+passed: identity:list_role_assignments_for_tree
+passed: identity:list_role_inference_rules
+passed: identity:list_roles
+failed: identity:list_roles_for_trust
+passed: identity:list_service_providers
+passed: identity:list_services
+passed: identity:list_system_grants_for_group
+passed: identity:list_system_grants_for_user
+failed: identity:list_trusts
+passed: identity:list_user_projects
+passed: identity:list_users
+passed: identity:list_users_in_group
+failed: identity:remove_endpoint_from_project
+failed: identity:remove_endpoint_group_from_project
+failed: identity:remove_user_from_group
+passed: identity:revocation_list
+failed: identity:revoke_grant
+failed: identity:revoke_system_grant_for_group
+failed: identity:revoke_system_grant_for_user
+failed: identity:revoke_token
+failed: identity:update_consumer
+failed: identity:update_credential
+failed: identity:update_domain
+failed: identity:update_domain_config
+failed: identity:update_domain_role
+failed: identity:update_endpoint
+failed: identity:update_endpoint_group
+failed: identity:update_group
+failed: identity:update_identity_provider
+failed: identity:update_limit
+failed: identity:update_mapping
+failed: identity:update_policy
+failed: identity:update_project
+failed: identity:update_project_tags
+failed: identity:update_protocol
+failed: identity:update_region
+failed: identity:update_registered_limit
+failed: identity:update_role
+failed: identity:update_service
+failed: identity:update_service_provider
+failed: identity:update_user
+passed: identity:validate_token
diff --git a/tests/auth_token_reader/manila.origin b/tests/auth_token_reader/manila.origin
new file mode 100644
index 0000000..9e745f9
--- /dev/null
+++ b/tests/auth_token_reader/manila.origin
@@ -0,0 +1,130 @@
+passed: availability_zone:index
+failed: message:delete
+passed: message:get
+passed: message:get_all
+failed: quota_class_set:show
+failed: quota_class_set:update
+failed: quota_set:delete
+passed: quota_set:show
+failed: quota_set:update
+passed: scheduler_stats:pools:detail
+passed: scheduler_stats:pools:index
+failed: security_service:create
+failed: security_service:delete
+passed: security_service:detail
+passed: security_service:get_all_security_services
+passed: security_service:index
+passed: security_service:show
+failed: security_service:update
+passed: service:index
+failed: service:update
+passed: share:access_get
+passed: share:access_get_all
+failed: share:allow_access
+failed: share:create
+failed: share:create_snapshot
+failed: share:delete
+failed: share:delete_share_metadata
+failed: share:delete_snapshot
+failed: share:deny_access
+passed: share_export_location:index
+passed: share_export_location:show
+failed: share:extend
+failed: share:force_delete
+passed: share:get
+passed: share:get_all
+passed: share:get_share_metadata
+failed: share_group:create
+failed: share_group:delete
+failed: share_group:force_delete
+passed: share_group:get
+passed: share_group:get_all
+failed: share_group:reset_status
+failed: share_group_snapshot:create
+failed: share_group_snapshot:delete
+failed: share_group_snapshot:force_delete
+passed: share_group_snapshot:get
+passed: share_group_snapshot:get_all
+failed: share_group_snapshot:reset_status
+failed: share_group_snapshot:update
+failed: share_group_type:add_project_access
+failed: share_group_type:create
+passed: share_group_type:default
+failed: share_group_type:delete
+passed: share_group_type:index
+passed: share_group_type:list_project_access
+failed: share_group_type:remove_project_access
+passed: share_group_type:show
+failed: share_group_types_spec:create
+failed: share_group_types_spec:delete
+passed: share_group_types_spec:index
+passed: share_group_types_spec:show
+failed: share_group_types_spec:update
+failed: share_group:update
+passed: share:list_by_host
+passed: share:list_by_share_server_id
+failed: share:manage
+failed: share:migration_cancel
+failed: share:migration_complete
+passed: share:migration_get_progress
+failed: share:migration_start
+failed: share_network:add_security_service
+failed: share_network:create
+failed: share_network:delete
+passed: share_network:detail
+passed: share_network:get_all_share_networks
+passed: share_network:index
+failed: share_network:remove_security_service
+passed: share_network:show
+failed: share_network:update
+failed: share_replica:create
+failed: share_replica:delete
+failed: share_replica:force_delete
+passed: share_replica:get_all
+failed: share_replica:promote
+failed: share_replica:reset_replica_state
+failed: share_replica:reset_status
+failed: share_replica:resync
+passed: share_replica:show
+failed: share:reset_status
+failed: share:reset_task_state
+failed: share:revert_to_snapshot
+failed: share_server:delete
+passed: share_server:details
+passed: share_server:index
+passed: share_server:show
+failed: share:shrink
+passed: share_snapshot:access_list
+failed: share_snapshot:allow_access
+failed: share_snapshot:deny_access
+passed: share_snapshot_export_location:index
+passed: share_snapshot_export_location:show
+failed: share_snapshot:force_delete
+passed: share_snapshot:get_all_snapshots
+passed: share_snapshot:get_snapshot
+passed: share_snapshot_instance:detail
+passed: share_snapshot_instance_export_location:index
+passed: share_snapshot_instance_export_location:show
+passed: share_snapshot_instance:index
+failed: share_snapshot_instance:reset_status
+passed: share_snapshot_instance:show
+failed: share_snapshot:manage_snapshot
+failed: share_snapshot:reset_status
+failed: share_snapshot:unmanage_snapshot
+failed: share:snapshot_update
+failed: share_type:add_project_access
+failed: share_type:create
+passed: share_type:default
+failed: share_type:delete
+passed: share_type:index
+passed: share_type:list_project_access
+failed: share_type:remove_project_access
+failed: share_types_extra_spec:create
+failed: share_types_extra_spec:delete
+passed: share_types_extra_spec:index
+passed: share_types_extra_spec:show
+failed: share_types_extra_spec:update
+passed: share_type:show
+failed: share:unmanage
+failed: share:update
+failed: share:update_share_metadata
diff --git a/tests/auth_token_reader/neutron.origin b/tests/auth_token_reader/neutron.origin
new file mode 100644
index 0000000..32c0c19
--- /dev/null
+++ b/tests/auth_token_reader/neutron.origin
@@ -0,0 +1,67 @@
+failed: create_address_scope:shared
+failed: create_floatingip:floating_ip_address
+failed: create_network:is_default
+failed: create_network:provider:network_type
+failed: create_network:provider:physical_network
+failed: create_network:provider:segmentation_id
+failed: create_network:router:external
+failed: create_network:segments
+failed: create_network:shared
+failed: create_port:allowed_address_pairs
+failed: create_port:binding:host_id
+failed: create_port:binding:profile
+passed: create_port:device_owner
+failed: create_port:fixed_ips:ip_address
+failed: create_port:fixed_ips:subnet_id
+failed: create_port:mac_address
+failed: create_port:mac_learning_enabled
+failed: create_port:port_security_enabled
+passed: create_rbac_policy:target_tenant
+failed: create_router:distributed
+failed: create_router:external_gateway_info:enable_snat
+failed: create_router:external_gateway_info:external_fixed_ips
+failed: create_router:ha
+failed: create_subnetpool:is_default
+failed: create_subnetpool:shared
+failed: create_subnet:segment_id
+failed: create_subnet:service_types
+passed: get_network:provider:network_type
+passed: get_network:provider:physical_network
+passed: get_network:provider:segmentation_id
+passed: get_network:queue_id
+passed: get_network:router:external
+passed: get_network:segments
+passed: get_port:binding:host_id
+passed: get_port:binding:profile
+passed: get_port:binding:vif_details
+passed: get_port:binding:vif_type
+passed: get_port:queue_id
+passed: get_router:distributed
+passed: get_router:ha
+passed: get_subnet:segment_id
+failed: update_address_scope:shared
+failed: update_network:provider:network_type
+failed: update_network:provider:physical_network
+failed: update_network:provider:segmentation_id
+failed: update_network:router:external
+failed: update_network:segments
+failed: update_network:shared
+failed: update_port:allowed_address_pairs
+failed: update_port:binding:host_id
+failed: update_port:binding:profile
+failed: update_port:data_plane_status
+passed: update_port:device_owner
+failed: update_port:fixed_ips:ip_address
+failed: update_port:fixed_ips:subnet_id
+failed: update_port:mac_address
+failed: update_port:mac_learning_enabled
+failed: update_port:port_security_enabled
+failed: update_rbac_policy:target_tenant
+failed: update_router:distributed
+failed: update_router:external_gateway_info
+failed: update_router:external_gateway_info:enable_snat
+failed: update_router:external_gateway_info:external_fixed_ips
+failed: update_router:external_gateway_info:network_id
+failed: update_router:ha
+failed: update_subnetpool:is_default
+failed: update_subnet:service_types
diff --git a/tests/auth_token_reader/nova.origin b/tests/auth_token_reader/nova.origin
new file mode 100644
index 0000000..a82dead
--- /dev/null
+++ b/tests/auth_token_reader/nova.origin
@@ -0,0 +1,164 @@
+failed: cells_scheduler_filter:DifferentCellFilter
+failed: cells_scheduler_filter:TargetCellFilter
+failed: network:attach_external_network
+passed: os_compute_api:extensions
+failed: os_compute_api:flavors
+passed: os_compute_api:image-size
+passed: os_compute_api:ips:index
+passed: os_compute_api:ips:show
+passed: os_compute_api:limits
+failed: os_compute_api:os-admin-actions:inject_network_info
+failed: os_compute_api:os-admin-actions:reset_network
+failed: os_compute_api:os-admin-actions:reset_state
+failed: os_compute_api:os-admin-password
+failed: os_compute_api:os-agents
+failed: os_compute_api:os-aggregates:add_host
+failed: os_compute_api:os-aggregates:create
+failed: os_compute_api:os-aggregates:delete
+passed: os_compute_api:os-aggregates:index
+failed: os_compute_api:os-aggregates:remove_host
+failed: os_compute_api:os-aggregates:set_metadata
+passed: os_compute_api:os-aggregates:show
+failed: os_compute_api:os-aggregates:update
+failed: os_compute_api:os-assisted-volume-snapshots:create
+failed: os_compute_api:os-assisted-volume-snapshots:delete
+passed: os_compute_api:os-attach-interfaces
+failed: os_compute_api:os-attach-interfaces:create
+failed: os_compute_api:os-attach-interfaces:delete
+passed: os_compute_api:os-availability-zone:detail
+passed: os_compute_api:os-availability-zone:list
+passed: os_compute_api:os-baremetal-nodes
+passed: os_compute_api:os-cells
+failed: os_compute_api:os-cells:create
+failed: os_compute_api:os-cells:delete
+failed: os_compute_api:os-cells:sync_instances
+failed: os_compute_api:os-cells:update
+failed: os_compute_api:os-config-drive
+passed: os_compute_api:os-console-auth-tokens
+passed: os_compute_api:os-console-output
+failed: os_compute_api:os-consoles:create
+failed: os_compute_api:os-consoles:delete
+passed: os_compute_api:os-consoles:index
+passed: os_compute_api:os-consoles:show
+failed: os_compute_api:os-create-backup
+failed: os_compute_api:os-deferred-delete
+failed: os_compute_api:os-evacuate
+failed: os_compute_api:os-extended-availability-zone
+passed: os_compute_api:os-extended-server-attributes
+passed: os_compute_api:os-extended-status
+passed: os_compute_api:os-extended-volumes
+failed: os_compute_api:os-flavor-access
+failed: os_compute_api:os-flavor-access:add_tenant_access
+failed: os_compute_api:os-flavor-access:remove_tenant_access
+failed: os_compute_api:os-flavor-extra-specs:create
+failed: os_compute_api:os-flavor-extra-specs:delete
+failed: os_compute_api:os-flavor-extra-specs:index
+passed: os_compute_api:os-flavor-extra-specs:show
+failed: os_compute_api:os-flavor-extra-specs:update
+failed: os_compute_api:os-flavor-manage
+failed: os_compute_api:os-flavor-manage:create
+failed: os_compute_api:os-flavor-manage:delete
+failed: os_compute_api:os-flavor-manage:update
+failed: os_compute_api:os-flavor-rxtx
+passed: os_compute_api:os-floating-ip-pools
+failed: os_compute_api:os-floating-ips
+failed: os_compute_api:os-hide-server-addresses
+failed: os_compute_api:os-hosts
+passed: os_compute_api:os-hypervisors
+passed: os_compute_api:os-instance-actions
+passed: os_compute_api:os-instance-actions:events
+passed: os_compute_api:os-instance-usage-audit-log
+failed: os_compute_api:os-keypairs
+failed: os_compute_api:os-keypairs:create
+failed: os_compute_api:os-keypairs:delete
+failed: os_compute_api:os-keypairs:index
+failed: os_compute_api:os-keypairs:show
+failed: os_compute_api:os-lock-server:lock
+failed: os_compute_api:os-lock-server:unlock
+failed: os_compute_api:os-lock-server:unlock:unlock_override
+failed: os_compute_api:os-migrate-server:migrate
+failed: os_compute_api:os-migrate-server:migrate_live
+passed: os_compute_api:os-migrations:index
+failed: os_compute_api:os-multinic
+failed: os_compute_api:os-networks
+failed: os_compute_api:os-networks-associate
+passed: os_compute_api:os-networks:view
+failed: os_compute_api:os-pause-server:pause
+failed: os_compute_api:os-pause-server:unpause
+passed: os_compute_api:os-quota-class-sets:show
+failed: os_compute_api:os-quota-class-sets:update
+passed: os_compute_api:os-quota-sets:defaults
+failed: os_compute_api:os-quota-sets:delete
+passed: os_compute_api:os-quota-sets:detail
+passed: os_compute_api:os-quota-sets:show
+failed: os_compute_api:os-quota-sets:update
+failed: os_compute_api:os-remote-consoles
+failed: os_compute_api:os-rescue
+failed: os_compute_api:os-security-group-default-rules
+failed: os_compute_api:os-security-groups
+passed: os_compute_api:os-server-diagnostics
+failed: os_compute_api:os-server-external-events:create
+failed: os_compute_api:os-server-groups
+failed: os_compute_api:os-server-groups:create
+failed: os_compute_api:os-server-groups:delete
+passed: os_compute_api:os-server-groups:index
+passed: os_compute_api:os-server-groups:show
+failed: os_compute_api:os-server-password
+failed: os_compute_api:os-server-tags:delete
+failed: os_compute_api:os-server-tags:delete_all
+passed: os_compute_api:os-server-tags:index
+passed: os_compute_api:os-server-tags:show
+failed: os_compute_api:os-server-tags:update
+failed: os_compute_api:os-server-tags:update_all
+passed: os_compute_api:os-server-usage
+failed: os_compute_api:os-services
+failed: os_compute_api:os-shelve:shelve
+failed: os_compute_api:os-shelve:shelve_offload
+failed: os_compute_api:os-shelve:unshelve
+passed: os_compute_api:os-simple-tenant-usage:list
+passed: os_compute_api:os-simple-tenant-usage:show
+failed: os_compute_api:os-suspend-server:resume
+failed: os_compute_api:os-suspend-server:suspend
+failed: os_compute_api:os-tenant-networks
+passed: os_compute_api:os-used-limits
+failed: os_compute_api:os-volumes
+failed: os_compute_api:os-volumes-attachments:create
+failed: os_compute_api:os-volumes-attachments:delete
+passed: os_compute_api:os-volumes-attachments:index
+passed: os_compute_api:os-volumes-attachments:show
+failed: os_compute_api:os-volumes-attachments:update
+failed: os_compute_api:server-metadata:create
+failed: os_compute_api:server-metadata:delete
+passed: os_compute_api:server-metadata:index
+passed: os_compute_api:server-metadata:show
+failed: os_compute_api:server-metadata:update
+failed: os_compute_api:server-metadata:update_all
+failed: os_compute_api:servers:confirm_resize
+failed: os_compute_api:servers:create
+failed: os_compute_api:servers:create:attach_network
+failed: os_compute_api:servers:create:attach_volume
+failed: os_compute_api:servers:create:forced_host
+failed: os_compute_api:servers:create_image
+failed: os_compute_api:servers:create_image:allow_volume_backed
+failed: os_compute_api:servers:create:trusted_certs
+failed: os_compute_api:servers:create:zero_disk_flavor
+failed: os_compute_api:servers:delete
+passed: os_compute_api:servers:detail
+passed: os_compute_api:servers:detail:get_all_tenants
+passed: os_compute_api:servers:index
+failed: os_compute_api:servers:index:get_all_tenants
+failed: os_compute_api:servers:migrations:delete
+failed: os_compute_api:servers:migrations:force_complete
+passed: os_compute_api:servers:migrations:index
+passed: os_compute_api:servers:migrations:show
+failed: os_compute_api:servers:reboot
+failed: os_compute_api:servers:rebuild
+failed: os_compute_api:servers:rebuild:trusted_certs
+failed: os_compute_api:servers:resize
+failed: os_compute_api:servers:revert_resize
+passed: os_compute_api:servers:show
+passed: os_compute_api:servers:show:host_status
+failed: os_compute_api:servers:start
+failed: os_compute_api:servers:stop
+failed: os_compute_api:servers:trigger_crash_dump
+failed: os_compute_api:servers:update
diff --git a/tests/auth_token_reader/panko.origin b/tests/auth_token_reader/panko.origin
new file mode 100644
index 0000000..377b7c9
--- /dev/null
+++ b/tests/auth_token_reader/panko.origin
@@ -0,0 +1,2 @@
+passed: telemetry:events:index
+passed: telemetry:events:show
diff --git a/tests/functions b/tests/functions
index 082fa9f..4426985 100755
--- a/tests/functions
+++ b/tests/functions
@@ -57,5 +57,5 @@ show_diff(){
 }
 
 list_tokens(){
-   echo auth_token_admin auth_token_member auth_token_auditor
+   echo auth_token_admin auth_token_member auth_token_reader
 }