Add scope_types to oauth policies
Change-Id: I5f6d96373d2b53632596f6d35ba099e818a0eded
This commit is contained in:
Lance Bragstad
parent
c59c660a10
commit
f89154c3d4
@ -18,12 +18,17 @@ access_token_policies = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'authorize_request_token',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
# Since access tokens require a request token and request tokens
|
||||
# require a project, it makes sense to have a project-scoped token in
|
||||
# order to access these APIs.
|
||||
scope_types=['project'],
|
||||
description='Authorize OAUTH1 request token.',
|
||||
operations=[{'path': '/v3/OS-OAUTH1/authorize/{request_token_id}',
|
||||
'method': 'PUT'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_access_token',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['project'],
|
||||
description='Get OAUTH1 access token for user by access token ID.',
|
||||
operations=[{'path': ('/v3/users/{user_id}/OS-OAUTH1/access_tokens/'
|
||||
'{access_token_id}'),
|
||||
@ -31,6 +36,7 @@ access_token_policies = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_access_token_role',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['project'],
|
||||
description='Get role for user OAUTH1 access token.',
|
||||
operations=[{'path': ('/v3/users/{user_id}/OS-OAUTH1/access_tokens/'
|
||||
'{access_token_id}/roles/{role_id}'),
|
||||
@ -38,12 +44,14 @@ access_token_policies = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_access_tokens',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['project'],
|
||||
description='List OAUTH1 access tokens for user.',
|
||||
operations=[{'path': '/v3/users/{user_id}/OS-OAUTH1/access_tokens',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_access_token_roles',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['project'],
|
||||
description='List OAUTH1 access token roles.',
|
||||
operations=[{'path': ('/v3/users/{user_id}/OS-OAUTH1/access_tokens/'
|
||||
'{access_token_id}/roles'),
|
||||
@ -51,6 +59,7 @@ access_token_policies = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'delete_access_token',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['project'],
|
||||
description='Delete OAUTH1 access token.',
|
||||
operations=[{'path': ('/v3/users/{user_id}/OS-OAUTH1/access_tokens/'
|
||||
'{access_token_id}'),
|
||||
|
||||
@ -18,30 +18,35 @@ consumer_policies = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_consumer',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['system'],
|
||||
description='Show OAUTH1 consumer details.',
|
||||
operations=[{'path': '/v3/OS-OAUTH1/consumers/{consumer_id}',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_consumers',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['system'],
|
||||
description='List OAUTH1 consumers.',
|
||||
operations=[{'path': '/v3/OS-OAUTH1/consumers',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'create_consumer',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['system'],
|
||||
description='Create OAUTH1 consumer.',
|
||||
operations=[{'path': '/v3/OS-OAUTH1/consumers',
|
||||
'method': 'POST'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'update_consumer',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['system'],
|
||||
description='Update OAUTH1 consumer.',
|
||||
operations=[{'path': '/v3/OS-OAUTH1/consumers/{consumer_id}',
|
||||
'method': 'PATCH'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'delete_consumer',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
scope_types=['system'],
|
||||
description='Delete OAUTH1 consumer.',
|
||||
operations=[{'path': '/v3/OS-OAUTH1/consumers/{consumer_id}',
|
||||
'method': 'DELETE'}])
|
||||
|
||||
Loading…
Reference in New Issue
Block a user