diff options
author | Joe Gordon <jogo@cloudscaling.com> | 2013-03-08 15:34:25 -0800 |
---|---|---|
committer | Joe Gordon <jogo@cloudscaling.com> | 2013-05-16 18:45:52 +0000 |
commit | 3c3f5dc8973a28fcded50bdb65b7cd77cd772cc6 (patch) | |
tree | 4ba4f702a1a454c7d921450041377fa3755d143b /tests/default_fixtures.py | |
parent | 96a816f50d2ab9fdf88af4489d51f24188a555a4 (diff) | |
download | keystone-3c3f5dc8973a28fcded50bdb65b7cd77cd772cc6.tar.gz keystone-3c3f5dc8973a28fcded50bdb65b7cd77cd772cc6.tar.xz keystone-3c3f5dc8973a28fcded50bdb65b7cd77cd772cc6.zip |
Move auth_token middleware from admin user to an RBAC policy
Before this patch auth_token middleware required admin user credentials
stored in assorted config files. With this patch only non-admin user
credentials are needed. The revocation_list and validate_token commands
use an policy.json rule, to only allow these commands if you are in have the
service role.
Rule used:
"service_role": [["role:service"]],
"service_or_admin": [["rule:admin_required"], ["rule:service_role"]],
Added the policy wrapper on the validate functions.
Fixes bug 1153789
Change-Id: I43986e26b16aa5213ad2536a0d07d942bf3dbbbb
Diffstat (limited to 'tests/default_fixtures.py')
-rw-r--r-- | tests/default_fixtures.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/tests/default_fixtures.py b/tests/default_fixtures.py index 3a1379ed..256bb4b7 100644 --- a/tests/default_fixtures.py +++ b/tests/default_fixtures.py @@ -45,6 +45,12 @@ TENANTS = [ 'description': 'description', 'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID + }, { + 'id': 'service', + 'name': 'service', + 'description': 'description', + 'enabled': True, + 'domain_id': DEFAULT_DOMAIN_ID } ] @@ -115,8 +121,12 @@ ROLES = [ }, { 'id': 'writer', 'name': 'Writer', + }, { + 'id': 'service', + 'name': 'Service', } + ] DOMAINS = [ |