From 9f812939d4b05384b0a7d48e6b916baeca0477dc Mon Sep 17 00:00:00 2001 From: Guang Yee Date: Tue, 8 Jan 2013 08:46:20 -0800 Subject: v3 token API Also implemented the following: blueprint pluggable-identity-authentication-handlers blueprint stop-ids-in-uris blueprint multi-factor-authn (just the plumbing) What's missing? * domain scoping (will be implemented by Henry?) Change-Id: I191c0b2cb3367b2a5f8a2dc674c284bb13ea97e3 --- etc/keystone.conf.sample | 5 +++++ etc/policy.json | 21 ++++++++++++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) (limited to 'etc') diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample index 6e810fc6..72554916 100644 --- a/etc/keystone.conf.sample +++ b/etc/keystone.conf.sample @@ -193,6 +193,11 @@ # group_allow_update = True # group_allow_delete = True +[auth] +methods = password,token +password = keystone.auth.methods.password.Password +token = keystone.auth.methods.token.Token + [filter:debug] paste.filter_factory = keystone.common.wsgi:Debug.factory diff --git a/etc/policy.json b/etc/policy.json index aaf20924..a0e77fc2 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -32,6 +32,16 @@ "identity:update_user": [["rule:admin_required"]], "identity:delete_user": [["rule:admin_required"]], + "identity:get_group": [["rule:admin_required"]], + "identity:list_groups": [["rule:admin_required"]], + "identity:create_group": [["rule:admin_required"]], + "identity:update_group": [["rule:admin_required"]], + "identity:delete_group": [["rule:admin_required"]], + "identity:list_users_in_group": [["rule:admin_required"]], + "identity:remove_user_from_group": [["rule:admin_required"]], + "identity:check_user_in_group": [["rule:admin_required"]], + "identity:add_user_to_group": [["rule:admin_required"]], + "identity:get_credential": [["rule:admin_required"]], "identity:list_credentials": [["rule:admin_required"]], "identity:create_credential": [["rule:admin_required"]], @@ -41,8 +51,8 @@ "identity:get_role": [["rule:admin_required"]], "identity:list_roles": [["rule:admin_required"]], "identity:create_role": [["rule:admin_required"]], - "identity:update_roles": [["rule:admin_required"]], - "identity:delete_roles": [["rule:admin_required"]], + "identity:update_role": [["rule:admin_required"]], + "identity:delete_role": [["rule:admin_required"]], "identity:check_grant": [["rule:admin_required"]], "identity:list_grants": [["rule:admin_required"]], @@ -53,5 +63,10 @@ "identity:list_policies": [["rule:admin_required"]], "identity:create_policy": [["rule:admin_required"]], "identity:update_policy": [["rule:admin_required"]], - "identity:delete_policy": [["rule:admin_required"]] + "identity:delete_policy": [["rule:admin_required"]], + + "identity:check_token": [["rule:admin_required"]], + "identity:validate_token": [["rule:admin_required"]], + "identity:revocation_list": [["rule:admin_required"]], + "identity:revoke_token": [["rule:admin_required"], ["user_id:%(user_id)s"]] } -- cgit