diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-05-30 05:05:48 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-05-30 05:05:48 +0000 |
| commit | 6d33805d0fe7fd7bd75765ee4167eb64fbdd324b (patch) | |
| tree | 109952b6569d4aa3e7db02af3eb60f7de2516713 /etc | |
| parent | d67e31b70ca648c8ca0a3cb76f421b3be257d4c5 (diff) | |
| parent | 3c3f5dc8973a28fcded50bdb65b7cd77cd772cc6 (diff) | |
| download | keystone-6d33805d0fe7fd7bd75765ee4167eb64fbdd324b.tar.gz keystone-6d33805d0fe7fd7bd75765ee4167eb64fbdd324b.tar.xz keystone-6d33805d0fe7fd7bd75765ee4167eb64fbdd324b.zip | |
Merge "Move auth_token middleware from admin user to an RBAC policy"
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/policy.json | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/policy.json b/etc/policy.json index f53161ef..fcad7a93 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -1,5 +1,7 @@ { "admin_required": [["role:admin"], ["is_admin:1"]], + "service_role": [["role:service"]], + "service_or_admin": [["rule:admin_required"], ["rule:service_role"]], "owner" : [["user_id:%(user_id)s"]], "admin_or_owner": [["rule:admin_required"], ["rule:owner"]], @@ -71,8 +73,9 @@ "identity:delete_policy": [["rule:admin_required"]], "identity:check_token": [["rule:admin_required"]], - "identity:validate_token": [["rule:admin_required"]], - "identity:revocation_list": [["rule:admin_required"]], + "identity:validate_token": [["rule:service_or_admin"]], + "identity:validate_token_head": [["rule:service_or_admin"]], + "identity:revocation_list": [["rule:service_or_admin"]], "identity:revoke_token": [["rule:admin_required"], ["user_id:%(user_id)s"]], |