"Fossies" - the Fresh Open Source Software Archive

Member "horizon-14.0.4/openstack_auth/tests/conf/keystone_policy.json" (22 Oct 2019, 6429 Bytes) of package /linux/misc/openstack/horizon-14.0.4.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) JSON source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 {
    2     "admin_required": "role:admin or is_admin:1",
    3     "service_role": "role:service",
    4     "service_or_admin": "rule:admin_required or rule:service_role",
    5     "owner" : "user_id:%(user_id)s",
    6     "admin_or_owner": "rule:admin_required or rule:owner",
    7 
    8     "default": "rule:admin_required",
    9 
   10     "identity:get_region": "",
   11     "identity:list_regions": "",
   12     "identity:create_region": "rule:admin_required",
   13     "identity:update_region": "rule:admin_required",
   14     "identity:delete_region": "rule:admin_required",
   15 
   16     "identity:get_service": "rule:admin_required",
   17     "identity:list_services": "rule:admin_required",
   18     "identity:create_service": "rule:admin_required",
   19     "identity:update_service": "rule:admin_required",
   20     "identity:delete_service": "rule:admin_required",
   21 
   22     "identity:get_endpoint": "rule:admin_required",
   23     "identity:list_endpoints": "rule:admin_required",
   24     "identity:create_endpoint": "rule:admin_required",
   25     "identity:update_endpoint": "rule:admin_required",
   26     "identity:delete_endpoint": "rule:admin_required",
   27 
   28     "identity:get_catalog": "",
   29 
   30     "identity:get_domain": "rule:admin_required",
   31     "identity:list_domains": "rule:admin_required",
   32     "identity:create_domain": "rule:admin_required",
   33     "identity:update_domain": "rule:admin_required",
   34     "identity:delete_domain": "rule:admin_required",
   35 
   36     "identity:get_project": "rule:admin_required",
   37     "identity:list_projects": "rule:admin_required",
   38     "identity:list_user_projects": "rule:admin_or_owner",
   39     "identity:create_project": "rule:admin_required",
   40     "identity:update_project": "rule:admin_required",
   41     "identity:delete_project": "rule:admin_required",
   42 
   43     "identity:get_user": "rule:admin_required",
   44     "identity:list_users": "rule:admin_required",
   45     "identity:create_user": "rule:admin_required",
   46     "identity:update_user": "rule:admin_required",
   47     "identity:delete_user": "rule:admin_required",
   48     "identity:change_password": "rule:admin_or_owner",
   49 
   50     "identity:get_group": "rule:admin_required",
   51     "identity:list_groups": "rule:admin_required",
   52     "identity:list_groups_for_user": "rule:admin_or_owner",
   53     "identity:create_group": "rule:admin_required",
   54     "identity:update_group": "rule:admin_required",
   55     "identity:delete_group": "rule:admin_required",
   56     "identity:list_users_in_group": "rule:admin_required",
   57     "identity:remove_user_from_group": "rule:admin_required",
   58     "identity:check_user_in_group": "rule:admin_required",
   59     "identity:add_user_to_group": "rule:admin_required",
   60 
   61     "identity:get_credential": "rule:admin_required",
   62     "identity:list_credentials": "rule:admin_required",
   63     "identity:create_credential": "rule:admin_required",
   64     "identity:update_credential": "rule:admin_required",
   65     "identity:delete_credential": "rule:admin_required",
   66 
   67     "identity:ec2_get_credential": "rule:admin_or_owner",
   68     "identity:ec2_list_credentials": "rule:admin_or_owner",
   69     "identity:ec2_create_credential": "rule:admin_or_owner",
   70     "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
   71 
   72     "identity:get_role": "rule:admin_required",
   73     "identity:list_roles": "rule:admin_required",
   74     "identity:create_role": "rule:admin_required",
   75     "identity:update_role": "rule:admin_required",
   76     "identity:delete_role": "rule:admin_required",
   77 
   78     "identity:check_grant": "rule:admin_required",
   79     "identity:list_grants": "rule:admin_required",
   80     "identity:create_grant": "rule:admin_required",
   81     "identity:revoke_grant": "rule:admin_required",
   82 
   83     "identity:list_role_assignments": "rule:admin_required",
   84 
   85     "identity:get_policy": "rule:admin_required",
   86     "identity:list_policies": "rule:admin_required",
   87     "identity:create_policy": "rule:admin_required",
   88     "identity:update_policy": "rule:admin_required",
   89     "identity:delete_policy": "rule:admin_required",
   90 
   91     "identity:check_token": "rule:admin_required",
   92     "identity:validate_token": "rule:service_or_admin",
   93     "identity:validate_token_head": "rule:service_or_admin",
   94     "identity:revocation_list": "rule:service_or_admin",
   95     "identity:revoke_token": "rule:admin_or_owner",
   96 
   97     "identity:create_trust": "user_id:%(trust.trustor_user_id)s",
   98     "identity:get_trust": "rule:admin_or_owner",
   99     "identity:list_trusts": "",
  100     "identity:list_roles_for_trust": "",
  101     "identity:check_role_for_trust": "",
  102     "identity:get_role_for_trust": "",
  103     "identity:delete_trust": "",
  104 
  105     "identity:create_consumer": "rule:admin_required",
  106     "identity:get_consumer": "rule:admin_required",
  107     "identity:list_consumers": "rule:admin_required",
  108     "identity:delete_consumer": "rule:admin_required",
  109     "identity:update_consumer": "rule:admin_required",
  110 
  111     "identity:authorize_request_token": "rule:admin_required",
  112     "identity:list_access_token_roles": "rule:admin_required",
  113     "identity:get_access_token_role": "rule:admin_required",
  114     "identity:list_access_tokens": "rule:admin_required",
  115     "identity:get_access_token": "rule:admin_required",
  116     "identity:delete_access_token": "rule:admin_required",
  117 
  118     "identity:list_projects_for_endpoint": "rule:admin_required",
  119     "identity:add_endpoint_to_project": "rule:admin_required",
  120     "identity:check_endpoint_in_project": "rule:admin_required",
  121     "identity:list_endpoints_for_project": "rule:admin_required",
  122     "identity:remove_endpoint_from_project": "rule:admin_required",
  123 
  124     "identity:create_identity_provider": "rule:admin_required",
  125     "identity:list_identity_providers": "rule:admin_required",
  126     "identity:get_identity_provider": "rule:admin_required",
  127     "identity:update_identity_provider": "rule:admin_required",
  128     "identity:delete_identity_provider": "rule:admin_required",
  129 
  130     "identity:create_protocol": "rule:admin_required",
  131     "identity:update_protocol": "rule:admin_required",
  132     "identity:get_protocol": "rule:admin_required",
  133     "identity:list_protocols": "rule:admin_required",
  134     "identity:delete_protocol": "rule:admin_required",
  135 
  136     "identity:create_mapping": "rule:admin_required",
  137     "identity:get_mapping": "rule:admin_required",
  138     "identity:list_mappings": "rule:admin_required",
  139     "identity:delete_mapping": "rule:admin_required",
  140     "identity:update_mapping": "rule:admin_required",
  141 
  142     "identity:list_projects_for_groups": "",
  143     "identity:list_domains_for_groups": "",
  144 
  145     "identity:list_revoke_events": ""
  146 }