Merge "Move access token to DocumentedRuleDefault"
This commit is contained in:
commit
4dd73a8543
@ -15,24 +15,46 @@ from oslo_policy import policy
|
||||
from keystone.common.policies import base
|
||||
|
||||
access_token_policies = [
|
||||
policy.RuleDefault(
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'authorize_request_token',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Authorize OAUTH1 request token.',
|
||||
operations=[{'path': '/v3/OS-OAUTH1/authorize/{request_token_id}',
|
||||
'method': 'PUT'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_access_token',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Get OAUTH1 access token for user by access token ID.',
|
||||
operations=[{'path': ('/v3/users/{user_id}/OS-OAUTH1/access_tokens/'
|
||||
'{access_token_id}'),
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_access_token_role',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Get role for user OAUTH1 access token.',
|
||||
operations=[{'path': ('/v3/users/{user_id}/OS-OAUTH1/access_tokens/'
|
||||
'{access_token_id}/roles/{role_id}'),
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_access_tokens',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='List OAUTH1 access tokens for user.',
|
||||
operations=[{'path': '/v3/users/{user_id}/OS-OAUTH1/access_tokens',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_access_token_roles',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='List OAUTH1 access token roles.',
|
||||
operations=[{'path': ('/v3/users/{user_id}/OS-OAUTH1/access_tokens/'
|
||||
'{access_token_id}/roles'),
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'delete_access_token',
|
||||
check_str=base.RULE_ADMIN_REQUIRED)
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Delete OAUTH1 access token.',
|
||||
operations=[{'path': ('/v3/users/{user_id}/OS-OAUTH1/access_tokens/'
|
||||
'{access_token_id}'),
|
||||
'method': 'DELETE'}])
|
||||
]
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user