v3 token API

Also implemented the following: blueprint pluggable-identity-authentication-handlers blueprint stop-ids-in-uris blueprint multi-factor-authn (just the plumbing) What's missing? * domain scoping (will be implemented by Henry?) Change-Id: I191c0b2cb3367b2a5f8a2dc674c284bb13ea97e3
author: Guang Yee <guang.yee@hp.com> 2013-01-08 08:46:20 -0800
committer: Guang Yee <guang.yee@hp.com> 2013-02-20 13:18:38 -0800
commit: 9f812939d4b05384b0a7d48e6b916baeca0477dc (patch)
tree: dda2e10abea730ab99955b3d595e60735b273a1f /etc/policy.json
parent: d036db145d51f8b134ffa36165065a8986e4f8a1 (diff)
download: keystone-9f812939d4b05384b0a7d48e6b916baeca0477dc.tar.gz
keystone-9f812939d4b05384b0a7d48e6b916baeca0477dc.tar.xz
keystone-9f812939d4b05384b0a7d48e6b916baeca0477dc.zip
1 files changed, 18 insertions, 3 deletions
diff --git a/etc/policy.json b/etc/policy.json
index aaf20924..a0e77fc2 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -32,6 +32,16 @@
     "identity:update_user": [["rule:admin_required"]],
     "identity:delete_user": [["rule:admin_required"]],
 
+    "identity:get_group": [["rule:admin_required"]],
+    "identity:list_groups": [["rule:admin_required"]],
+    "identity:create_group": [["rule:admin_required"]],
+    "identity:update_group": [["rule:admin_required"]],
+    "identity:delete_group": [["rule:admin_required"]],
+    "identity:list_users_in_group": [["rule:admin_required"]],
+    "identity:remove_user_from_group": [["rule:admin_required"]],
+    "identity:check_user_in_group": [["rule:admin_required"]],
+    "identity:add_user_to_group": [["rule:admin_required"]],
+
     "identity:get_credential": [["rule:admin_required"]],
     "identity:list_credentials": [["rule:admin_required"]],
     "identity:create_credential": [["rule:admin_required"]],
@@ -41,8 +51,8 @@
     "identity:get_role": [["rule:admin_required"]],
     "identity:list_roles": [["rule:admin_required"]],
     "identity:create_role": [["rule:admin_required"]],
-    "identity:update_roles": [["rule:admin_required"]],
-    "identity:delete_roles": [["rule:admin_required"]],
+    "identity:update_role": [["rule:admin_required"]],
+    "identity:delete_role": [["rule:admin_required"]],
 
     "identity:check_grant": [["rule:admin_required"]],
     "identity:list_grants": [["rule:admin_required"]],
@@ -53,5 +63,10 @@
     "identity:list_policies": [["rule:admin_required"]],
     "identity:create_policy": [["rule:admin_required"]],
     "identity:update_policy": [["rule:admin_required"]],
-    "identity:delete_policy": [["rule:admin_required"]]
+    "identity:delete_policy": [["rule:admin_required"]],
+
+    "identity:check_token": [["rule:admin_required"]],
+    "identity:validate_token": [["rule:admin_required"]],
+    "identity:revocation_list": [["rule:admin_required"]],
+    "identity:revoke_token": [["rule:admin_required"], ["user_id:%(user_id)s"]]
 }
author	Guang Yee <guang.yee@hp.com>	2013-01-08 08:46:20 -0800
committer	Guang Yee <guang.yee@hp.com>	2013-02-20 13:18:38 -0800
commit	9f812939d4b05384b0a7d48e6b916baeca0477dc (patch)
tree	dda2e10abea730ab99955b3d595e60735b273a1f /etc/policy.json
parent	d036db145d51f8b134ffa36165065a8986e4f8a1 (diff)
download	keystone-9f812939d4b05384b0a7d48e6b916baeca0477dc.tar.gz keystone-9f812939d4b05384b0a7d48e6b916baeca0477dc.tar.xz keystone-9f812939d4b05384b0a7d48e6b916baeca0477dc.zip