Move auth_token middleware from admin user to an RBAC policy

Before this patch auth_token middleware required admin user credentials
stored in assorted config files. With this patch only non-admin user
credentials are needed. The revocation_list and validate_token commands
use an policy.json rule, to only allow these commands if you are in have the
service role.

Rule used:
    "service_role": [["role:service"]],
    "service_or_admin": [["rule:admin_required"], ["rule:service_role"]],

Added the policy wrapper on the validate functions.

Fixes bug 1153789

Change-Id: I43986e26b16aa5213ad2536a0d07d942bf3dbbbb

1 files changed, 10 insertions, 0 deletions

diff --git a/tests/default_fixtures.py b/tests/default_fixtures.py
index 3a1379ed..256bb4b7 100644
--- a/tests/default_fixtures.py
+++ b/tests/default_fixtures.py
@@ -45,6 +45,12 @@ TENANTS = [
         'description': 'description',
         'enabled': True,
         'domain_id': DEFAULT_DOMAIN_ID
+    }, {
+        'id': 'service',
+        'name': 'service',
+        'description': 'description',
+        'enabled': True,
+        'domain_id': DEFAULT_DOMAIN_ID
     }
 ]
 
@@ -115,8 +121,12 @@ ROLES = [
     }, {
         'id': 'writer',
         'name': 'Writer',
+    }, {
+        'id': 'service',
+        'name': 'Service',
     }
 
+
 ]
 
 DOMAINS = [