"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/common/policies/base.py" between
keystone-15.0.0.tar.gz and keystone-15.0.1.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Stein" series (maintained release).

base.py  (keystone-15.0.0):base.py  (keystone-15.0.1)
skipping to change at line 27 skipping to change at line 27
RULE_ADMIN_OR_OWNER = 'rule:admin_or_owner' RULE_ADMIN_OR_OWNER = 'rule:admin_or_owner'
RULE_ADMIN_OR_CREDENTIAL_OWNER = ( RULE_ADMIN_OR_CREDENTIAL_OWNER = (
'rule:admin_required or ' 'rule:admin_required or '
'(rule:owner and user_id:%(target.credential.user_id)s)') '(rule:owner and user_id:%(target.credential.user_id)s)')
RULE_ADMIN_OR_TARGET_DOMAIN = ( RULE_ADMIN_OR_TARGET_DOMAIN = (
'rule:admin_required or ' 'rule:admin_required or '
'token.project.domain.id:%(target.domain.id)s') 'token.project.domain.id:%(target.domain.id)s')
RULE_ADMIN_OR_TARGET_PROJECT = ( RULE_ADMIN_OR_TARGET_PROJECT = (
'rule:admin_required or ' 'rule:admin_required or '
'project_id:%(target.project.id)s') 'project_id:%(target.project.id)s')
RULE_ADMIN_OR_TOKEN_SUBJECT = 'rule:admin_or_token_subject' RULE_ADMIN_OR_TOKEN_SUBJECT = 'rule:admin_or_token_subject' # nosec
RULE_REVOKE_EVENT_OR_ADMIN = 'rule:revoke_event_or_admin' RULE_REVOKE_EVENT_OR_ADMIN = 'rule:revoke_event_or_admin'
RULE_SERVICE_ADMIN_OR_TOKEN_SUBJECT = 'rule:service_admin_or_token_subject' RULE_SERVICE_ADMIN_OR_TOKEN_SUBJECT = (
'rule:service_admin_or_token_subject') # nosec
RULE_SERVICE_OR_ADMIN = 'rule:service_or_admin' RULE_SERVICE_OR_ADMIN = 'rule:service_or_admin'
RULE_TRUST_OWNER = 'user_id:%(trust.trustor_user_id)s' RULE_TRUST_OWNER = 'user_id:%(trust.trustor_user_id)s'
# We are explicitly setting system_scope:all in these check strings because # We are explicitly setting system_scope:all in these check strings because
# they provide backwards compatibility in the event a deployment sets # they provide backwards compatibility in the event a deployment sets
# ``keystone.conf [oslo_policy] enforce_scope = False``, which the default. # ``keystone.conf [oslo_policy] enforce_scope = False``, which the default.
# Otherwise, this might open up APIs to be more permissive unintentionally if a # Otherwise, this might open up APIs to be more permissive unintentionally if a
# deployment isn't enforcing scope. For example, the identity:get_endpoint # deployment isn't enforcing scope. For example, the identity:get_endpoint
# policy might be ``rule:admin_required`` today and eventually ``role:reader`` # policy might be ``rule:admin_required`` today and eventually ``role:reader``
# enforcing system scoped tokens. Until enforce_scope=True by default, it would # enforcing system scoped tokens. Until enforce_scope=True by default, it would
 End of changes. 2 change blocks. 
2 lines changed or deleted 3 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)