openstack
/
keystone
Code Issues Proposed changes
keystone/keystone/common/policies
History
Vishakha Agarwal c56611ff58 Implement domain reader for role_assignments 
This change adds tests cases for the default roles
keystone supports at install time. It also modifies
the policies for the role_assignments API to be more
self-service by properly checking for scopes if accessed
with a domain-scoped tokens. This gives domain users the
power to query role assignments within the domain they
have authorization on without exposing other assignment
information in the deployment, domains, or projects.

Subsequent patches will:

  - add functionality for domain members
  - add functionality for domain admins
  - add functionality for project readers
  - add functionality for project members
  - add functionality for project admins
  - remove the obsolete policies from policy.v3cloudsample.json

Co-Authored-By: Lance Bragstad <lbragstad@gmail.com>

Partial-Bug: 1750673
Change-Id: I0c6d202a315d4683e2589f0d9121e93c97fb13e4
(cherry picked from commit 425d48ec0a)
 		2019-03-25 17:44:16 +00:00
..
__init__.py Add Application Credentials controller 2018-01-27 11:55:05 +01:00
access_token.py Add scope_types to oauth policies 2018-01-05 22:25:05 +00:00
application_credential.py Add Application Credentials controller 2018-01-27 11:55:05 +01:00
auth.py Implement GET /v3/auth/system 2018-01-24 01:09:16 +00:00
base.py Add scope checks to common system role definitions 2018-12-18 21:20:29 +00:00
consumer.py Add scope_types to oauth policies 2018-01-05 22:25:05 +00:00
credential.py Make system members the same as system readers for credentials 2019-03-05 21:25:16 +00:00
domain.py Allow project users to retrieve domains 2019-01-21 20:46:05 +00:00
domain_config.py Add scope_types to domain config policies 2018-01-19 20:17:30 +00:00
ec2_credential.py Document scope_types for ec2 policies 2018-01-19 22:30:35 +00:00
endpoint.py Update endpoint policies for system admin 2019-01-08 22:32:20 +00:00
endpoint_group.py Add scope_types to endpoint group policies 2018-01-05 21:47:10 +00:00
grant.py Merge "Add scope_types to grant policies" 2018-01-26 21:48:27 +00:00
group.py Implement system admin role in groups API 2019-02-11 17:50:03 +00:00
identity_provider.py Update idp policies for system admin 2019-01-08 22:15:32 +00:00
implied_role.py Add scope_types to implied role policies 2018-01-04 21:32:18 +00:00
limit.py Add domain level limit support - API 2019-02-19 11:09:13 +08:00
mapping.py Update mapping policies for system admin 2019-01-08 22:26:20 +00:00
policy.py Add scope_types for policy policies 2018-01-05 22:25:55 +00:00
policy_association.py Add scope_types to policy association policies 2018-01-04 20:37:30 +00:00
project.py Implement domain reader functionality for projects 2019-03-15 21:19:05 +00:00
project_endpoint.py Add scope_types to project endpoint policies 2018-01-04 21:04:09 +00:00
protocol.py Implement system admin role in protocol API 2019-01-08 20:39:34 +00:00
region.py Add tests for domain users interacting with regions 2019-02-11 17:51:10 +00:00
registered_limit.py Allow domain users to access the registered limits API 2019-01-08 18:16:07 +00:00
revoke_event.py Add scope_types for revoke event policies 2018-01-04 21:14:16 +00:00
role.py Update role policies for system admin 2019-01-08 20:48:28 +00:00
role_assignment.py Implement domain reader for role_assignments 2019-03-25 17:44:16 +00:00
service.py Update service policies for system admin 2019-02-22 16:53:52 +00:00
service_provider.py Update service provider policies for system admin 2019-01-04 17:58:31 +00:00
token.py Remove v2.0 policies 2018-02-20 22:38:17 +00:00
token_revocation.py Add scope_types to token revocation policies 2018-01-05 21:53:24 +00:00
trust.py Add scope_types to trust policies 2018-01-23 16:36:24 +00:00
user.py Implement system admin role in users API 2019-02-04 19:56:01 +00:00