Merge "Move trust to DocumentedRuleDefault"
This commit is contained in:
commit
a43d5a6893
@ -112,6 +112,7 @@ identity:list_trusts GET /v3/OS-TRUST/trus
|
|||||||
identity:list_roles_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles
|
identity:list_roles_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles
|
||||||
identity:get_role_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}
|
identity:get_role_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}
|
||||||
identity:delete_trust DELETE /v3/OS-TRUST/trusts/{trust_id}
|
identity:delete_trust DELETE /v3/OS-TRUST/trusts/{trust_id}
|
||||||
|
identity:get_trust GET /v3/OS-TRUST/trusts/{trust_id}
|
||||||
|
|
||||||
identity:create_consumer POST /v3/OS-OAUTH1/consumers
|
identity:create_consumer POST /v3/OS-OAUTH1/consumers
|
||||||
identity:get_consumer GET /v3/OS-OAUTH1/consumers/{consumer_id}
|
identity:get_consumer GET /v3/OS-OAUTH1/consumers/{consumer_id}
|
||||||
|
@ -140,6 +140,7 @@
|
|||||||
"identity:list_roles_for_trust": "",
|
"identity:list_roles_for_trust": "",
|
||||||
"identity:get_role_for_trust": "",
|
"identity:get_role_for_trust": "",
|
||||||
"identity:delete_trust": "",
|
"identity:delete_trust": "",
|
||||||
|
"identity:get_trust": "",
|
||||||
|
|
||||||
"identity:create_consumer": "rule:admin_required",
|
"identity:create_consumer": "rule:admin_required",
|
||||||
"identity:get_consumer": "rule:admin_required",
|
"identity:get_consumer": "rule:admin_required",
|
||||||
|
@ -15,21 +15,50 @@ from oslo_policy import policy
|
|||||||
from keystone.common.policies import base
|
from keystone.common.policies import base
|
||||||
|
|
||||||
trust_policies = [
|
trust_policies = [
|
||||||
policy.RuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
name=base.IDENTITY % 'create_trust',
|
name=base.IDENTITY % 'create_trust',
|
||||||
check_str=base.RULE_TRUST_OWNER),
|
check_str=base.RULE_TRUST_OWNER,
|
||||||
policy.RuleDefault(
|
description='Create trust.',
|
||||||
|
operations=[{'path': '/v3/OS-TRUST/trusts',
|
||||||
|
'method': 'POST'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
name=base.IDENTITY % 'list_trusts',
|
name=base.IDENTITY % 'list_trusts',
|
||||||
check_str=''),
|
check_str='',
|
||||||
policy.RuleDefault(
|
description='List trusts.',
|
||||||
|
operations=[{'path': '/v3/OS-TRUST/trusts',
|
||||||
|
'method': 'GET'},
|
||||||
|
{'path': '/v3/OS-TRUST/trusts',
|
||||||
|
'method': 'HEAD'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
name=base.IDENTITY % 'list_roles_for_trust',
|
name=base.IDENTITY % 'list_roles_for_trust',
|
||||||
check_str=''),
|
check_str='',
|
||||||
policy.RuleDefault(
|
description='List roles delegated by a trust.',
|
||||||
|
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles',
|
||||||
|
'method': 'GET'},
|
||||||
|
{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles',
|
||||||
|
'method': 'HEAD'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
name=base.IDENTITY % 'get_role_for_trust',
|
name=base.IDENTITY % 'get_role_for_trust',
|
||||||
check_str=''),
|
check_str='',
|
||||||
policy.RuleDefault(
|
description='Check if trust delegates a particular role.',
|
||||||
|
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
|
||||||
|
'method': 'GET'},
|
||||||
|
{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
|
||||||
|
'method': 'HEAD'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
name=base.IDENTITY % 'delete_trust',
|
name=base.IDENTITY % 'delete_trust',
|
||||||
check_str=''),
|
check_str='',
|
||||||
|
description='Revoke trust.',
|
||||||
|
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}',
|
||||||
|
'method': 'DELETE'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name=base.IDENTITY % 'get_trust',
|
||||||
|
check_str='',
|
||||||
|
description='Get trust.',
|
||||||
|
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}',
|
||||||
|
'method': 'GET'},
|
||||||
|
{'path': '/v3/OS-TRUST/trusts/{trust_id}',
|
||||||
|
'method': 'HEAD'}])
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user