diff options
| author | Guang Yee <guang.yee@hp.com> | 2013-01-08 08:46:20 -0800 |
|---|---|---|
| committer | Guang Yee <guang.yee@hp.com> | 2013-02-20 13:18:38 -0800 |
| commit | 9f812939d4b05384b0a7d48e6b916baeca0477dc (patch) | |
| tree | dda2e10abea730ab99955b3d595e60735b273a1f /etc | |
| parent | d036db145d51f8b134ffa36165065a8986e4f8a1 (diff) | |
| download | keystone-9f812939d4b05384b0a7d48e6b916baeca0477dc.tar.gz keystone-9f812939d4b05384b0a7d48e6b916baeca0477dc.tar.xz keystone-9f812939d4b05384b0a7d48e6b916baeca0477dc.zip | |
v3 token API
Also implemented the following:
blueprint pluggable-identity-authentication-handlers
blueprint stop-ids-in-uris
blueprint multi-factor-authn (just the plumbing)
What's missing?
* domain scoping (will be implemented by Henry?)
Change-Id: I191c0b2cb3367b2a5f8a2dc674c284bb13ea97e3
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/keystone.conf.sample | 5 | ||||
| -rw-r--r-- | etc/policy.json | 21 |
2 files changed, 23 insertions, 3 deletions
diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample index 6e810fc6..72554916 100644 --- a/etc/keystone.conf.sample +++ b/etc/keystone.conf.sample @@ -193,6 +193,11 @@ # group_allow_update = True # group_allow_delete = True +[auth] +methods = password,token +password = keystone.auth.methods.password.Password +token = keystone.auth.methods.token.Token + [filter:debug] paste.filter_factory = keystone.common.wsgi:Debug.factory diff --git a/etc/policy.json b/etc/policy.json index aaf20924..a0e77fc2 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -32,6 +32,16 @@ "identity:update_user": [["rule:admin_required"]], "identity:delete_user": [["rule:admin_required"]], + "identity:get_group": [["rule:admin_required"]], + "identity:list_groups": [["rule:admin_required"]], + "identity:create_group": [["rule:admin_required"]], + "identity:update_group": [["rule:admin_required"]], + "identity:delete_group": [["rule:admin_required"]], + "identity:list_users_in_group": [["rule:admin_required"]], + "identity:remove_user_from_group": [["rule:admin_required"]], + "identity:check_user_in_group": [["rule:admin_required"]], + "identity:add_user_to_group": [["rule:admin_required"]], + "identity:get_credential": [["rule:admin_required"]], "identity:list_credentials": [["rule:admin_required"]], "identity:create_credential": [["rule:admin_required"]], @@ -41,8 +51,8 @@ "identity:get_role": [["rule:admin_required"]], "identity:list_roles": [["rule:admin_required"]], "identity:create_role": [["rule:admin_required"]], - "identity:update_roles": [["rule:admin_required"]], - "identity:delete_roles": [["rule:admin_required"]], + "identity:update_role": [["rule:admin_required"]], + "identity:delete_role": [["rule:admin_required"]], "identity:check_grant": [["rule:admin_required"]], "identity:list_grants": [["rule:admin_required"]], @@ -53,5 +63,10 @@ "identity:list_policies": [["rule:admin_required"]], "identity:create_policy": [["rule:admin_required"]], "identity:update_policy": [["rule:admin_required"]], - "identity:delete_policy": [["rule:admin_required"]] + "identity:delete_policy": [["rule:admin_required"]], + + "identity:check_token": [["rule:admin_required"]], + "identity:validate_token": [["rule:admin_required"]], + "identity:revocation_list": [["rule:admin_required"]], + "identity:revoke_token": [["rule:admin_required"], ["user_id:%(user_id)s"]] } |