Move auth_token middleware from admin user to an RBAC policy

Before this patch auth_token middleware required admin user credentials
stored in assorted config files. With this patch only non-admin user
credentials are needed. The revocation_list and validate_token commands
use an policy.json rule, to only allow these commands if you are in have the
service role.

Rule used:
    "service_role": [["role:service"]],
    "service_or_admin": [["rule:admin_required"], ["rule:service_role"]],

Added the policy wrapper on the validate functions.

Fixes bug 1153789

Change-Id: I43986e26b16aa5213ad2536a0d07d942bf3dbbbb

0 files changed, 0 insertions, 0 deletions