keystone

From remo, 2 Years ago, written in Plain Text, viewed 275 times.
URL http://pastebin.mattei.co/index.php/view/99f23c8f Shorturl <br /> <b>Warning</b>: mysqli::mysqli(): (HY000/2002): Connecti Embed
Download Paste or View Raw
  1.  "admin_required": "role:admin",
  2.     "cloud_admin": "role:admin and (is_admin_project:True or domain_id:default)",
  3.     "service_role": "role:service",
  4.     "service_or_admin": "rule:admin_required or rule:service_role",
  5.     "owner" : "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
  6.     "admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
  7.     "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
  8.     "service_admin_or_owner": "rule:service_or_admin or rule:owner",
  9.  
  10.     "default": "rule:admin_required",
  11.  
  12.     "identity:get_region": "",
  13.     "identity:list_regions": "",
  14.     "identity:create_region": "rule:cloud_admin",
  15.     "identity:update_region": "rule:cloud_admin",
  16.     "identity:delete_region": "rule:cloud_admin",
  17.  
  18.     "identity:get_service": "rule:admin_required",
  19.     "identity:list_services": "rule:admin_required",
  20.     "identity:create_service": "rule:cloud_admin",
  21.     "identity:update_service": "rule:cloud_admin",
  22.     "identity:delete_service": "rule:cloud_admin",
  23.  
  24.     "identity:get_endpoint": "rule:admin_required",
  25.     "identity:list_endpoints": "rule:admin_required",
  26.     "identity:create_endpoint": "rule:cloud_admin",
  27.     "identity:update_endpoint": "rule:cloud_admin",
  28.     "identity:delete_endpoint": "rule:cloud_admin",
  29.  
  30.     "identity:get_domain": "rule:cloud_admin or rule:admin_and_matching_domain_id or token.project.domain.id:%(target.domain.id)s",
  31.     "identity:list_domains": "rule:cloud_admin",
  32.     "identity:create_domain": "rule:cloud_admin",
  33.     "identity:update_domain": "rule:cloud_admin",
  34.     "identity:delete_domain": "rule:cloud_admin",
  35.  
  36.     "admin_and_matching_target_project_domain_id": "rule:admin_required and domain_id:%(target.project.domain_id)s",
  37.     "admin_and_matching_project_domain_id": "rule:admin_required and domain_id:%(project.domain_id)s",
  38.     "identity:get_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id or project_id:%(target.project.id)s",
  39.     "identity:list_projects": "rule:cloud_admin or rule:admin_and_matching_domain_id",
  40.     "identity:list_user_projects": "rule:owner or rule:admin_and_matching_domain_id",
  41.     "identity:create_project": "rule:cloud_admin or rule:admin_and_matching_project_domain_id",
  42.     "identity:update_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id",
  43.     "identity:delete_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id",
  44.  
  45.     "admin_and_matching_target_user_domain_id": "rule:admin_required and domain_id:%(target.user.domain_id)s",
  46.     "admin_and_matching_user_domain_id": "rule:admin_required and domain_id:%(user.domain_id)s",
  47.     "identity:get_user": "rule:cloud_admin or rule:admin_and_matching_target_user_domain_id or rule:owner",
  48.     "identity:list_users": "rule:cloud_admin or rule:admin_and_matching_domain_id",
  49.     "identity:create_user": "rule:cloud_admin or rule:admin_and_matching_user_domain_id or rule:admin_and_matching_target_user_domain_id",
  50.     "identity:update_user": "rule:cloud_admin or rule:admin_and_matching_target_user_domain_id",
  51.     "identity:delete_user": "rule:cloud_admin or rule:admin_and_matching_target_user_domain_id",
  52.  
  53.     "admin_and_matching_target_group_domain_id": "rule:admin_required and domain_id:%(target.group.domain_id)s",
  54.     "admin_and_matching_group_domain_id": "rule:admin_required and domain_id:%(group.domain_id)s",
  55.     "identity:get_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
  56.     "identity:list_groups": "rule:cloud_admin or rule:admin_and_matching_domain_id",
  57.     "identity:list_groups_for_user": "rule:owner or rule:admin_and_matching_target_user_domain_id",
  58.     "identity:create_group": "rule:cloud_admin or rule:admin_and_matching_group_domain_id",
  59.     "identity:update_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
  60.     "identity:delete_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
  61.     "identity:list_users_in_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
  62.     "identity:remove_user_from_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
  63.     "identity:check_user_in_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
  64.     "identity:add_user_to_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
  65.  
  66.     "identity:get_credential": "rule:admin_required",
  67.     "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
  68.     "identity:create_credential": "rule:admin_required",
  69.     "identity:update_credential": "rule:admin_required",
  70.     "identity:delete_credential": "rule:admin_required",
  71.  
  72.     "identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
  73.     "identity:ec2_list_credentials": "rule:admin_required or rule:owner",
  74.     "identity:ec2_create_credential": "rule:admin_required or rule:owner",
  75.     "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
  76.  
  77.     "identity:get_role": "rule:admin_required",
  78.     "identity:list_roles": "rule:admin_required",
  79.     "identity:create_role": "rule:cloud_admin",
  80.     "identity:update_role": "rule:cloud_admin",
  81.     "identity:delete_role": "rule:cloud_admin",
  82.  
  83.     "identity:get_domain_role": "rule:cloud_admin or rule:get_domain_roles",
  84.     "identity:list_domain_roles": "rule:cloud_admin or rule:list_domain_roles",
  85.     "identity:create_domain_role": "rule:cloud_admin or rule:domain_admin_matches_domain_role",
  86.     "identity:update_domain_role": "rule:cloud_admin or rule:domain_admin_matches_target_domain_role",
  87.     "identity:delete_domain_role": "rule:cloud_admin or rule:domain_admin_matches_target_domain_role",
  88.     "domain_admin_matches_domain_role": "rule:admin_required and domain_id:%(role.domain_id)s",
  89.     "get_domain_roles": "rule:domain_admin_matches_target_domain_role or rule:project_admin_matches_target_domain_role",
  90.     "domain_admin_matches_target_domain_role": "rule:admin_required and domain_id:%(target.role.domain_id)s",
  91.     "project_admin_matches_target_domain_role": "rule:admin_required and project_domain_id:%(target.role.domain_id)s",
  92.     "list_domain_roles": "rule:domain_admin_matches_filter_on_list_domain_roles or rule:project_admin_matches_filter_on_list_domain_roles",
  93.     "domain_admin_matches_filter_on_list_domain_roles": "rule:admin_required and domain_id:%(domain_id)s",
  94.     "project_admin_matches_filter_on_list_domain_roles": "rule:admin_required and project_domain_id:%(domain_id)s",
  95.     "admin_and_matching_prior_role_domain_id": "rule:admin_required and domain_id:%(target.prior_role.domain_id)s",
  96.     "implied_role_matches_prior_role_domain_or_global": "(domain_id:%(target.implied_role.domain_id)s or None:%(target.implied_role.domain_id)s)",
  97.  
  98.     "identity:get_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
  99.     "identity:list_implied_roles": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
  100.     "identity:create_implied_role": "rule:cloud_admin or (rule:admin_and_matching_prior_role_domain_id and rule:implied_role_matches_prior_role_domain_or_global)",
  101.     "identity:delete_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
  102.     "identity:list_role_inference_rules": "rule:cloud_admin",
  103.     "identity:check_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
  104.  
  105.     "identity:check_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
  106.     "identity:list_grants": "rule:cloud_admin or rule:domain_admin_for_list_grants or rule:project_admin_for_list_grants",
  107.     "identity:create_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
  108.     "identity:revoke_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
  109.     "domain_admin_for_grants": "rule:domain_admin_for_global_role_grants or rule:domain_admin_for_domain_role_grants",
  110.     "domain_admin_for_global_role_grants": "rule:admin_required and None:%(target.role.domain_id)s and rule:domain_admin_grant_match",
  111.     "domain_admin_for_domain_role_grants": "rule:admin_required and domain_id:%(target.role.domain_id)s and rule:domain_admin_grant_match",
  112.     "domain_admin_grant_match": "domain_id:%(domain_id)s or domain_id:%(target.project.domain_id)s",
  113.     "project_admin_for_grants": "rule:project_admin_for_global_role_grants or rule:project_admin_for_domain_role_grants",
  114.     "project_admin_for_global_role_grants": "rule:admin_required and None:%(target.role.domain_id)s and project_id:%(project_id)s",
  115.     "project_admin_for_domain_role_grants": "rule:admin_required and project_domain_id:%(target.role.domain_id)s and project_id:%(project_id)s",
  116.     "domain_admin_for_list_grants": "rule:admin_required and rule:domain_admin_grant_match",
  117.     "project_admin_for_list_grants": "rule:admin_required and project_id:%(project_id)s",
  118.  
  119.     "admin_on_domain_filter" : "rule:admin_required and domain_id:%(scope.domain.id)s",
  120.     "admin_on_project_filter" : "rule:admin_required and project_id:%(scope.project.id)s",
  121.     "admin_on_domain_of_project_filter" : "rule:admin_required and domain_id:%(target.project.domain_id)s",
  122.     "identity:list_role_assignments": "rule:cloud_admin or rule:admin_on_domain_filter or rule:admin_on_project_filter",
  123.     "identity:list_role_assignments_for_tree": "rule:cloud_admin or rule:admin_on_domain_of_project_filter",
  124.     "identity:get_policy": "rule:cloud_admin",
  125.     "identity:list_policies": "rule:cloud_admin",
  126.     "identity:create_policy": "rule:cloud_admin",
  127.     "identity:update_policy": "rule:cloud_admin",
  128.     "identity:delete_policy": "rule:cloud_admin",
  129.  
  130.     "identity:change_password": "rule:owner",
  131.     "identity:check_token": "rule:admin_or_owner",
  132.     "identity:validate_token": "rule:service_admin_or_owner",
  133.     "identity:validate_token_head": "rule:service_or_admin",
  134.     "identity:revocation_list": "rule:service_or_admin",
  135.     "identity:revoke_token": "rule:admin_or_owner",
  136.  
  137.     "identity:create_trust": "user_id:%(trust.trustor_user_id)s",
  138.     "identity:list_trusts": "",
  139.     "identity:list_roles_for_trust": "",
  140.     "identity:get_role_for_trust": "",
  141.     "identity:delete_trust": "",
  142.  
  143.     "identity:create_consumer": "rule:admin_required",
  144.     "identity:get_consumer": "rule:admin_required",
  145.     "identity:list_consumers": "rule:admin_required",
  146.     "identity:delete_consumer": "rule:admin_required",
  147.     "identity:update_consumer": "rule:admin_required",
  148.  
  149.     "identity:authorize_request_token": "rule:admin_required",
  150.     "identity:list_access_token_roles": "rule:admin_required",
  151.     "identity:get_access_token_role": "rule:admin_required",
  152.     "identity:list_access_tokens": "rule:admin_required",
  153.     "identity:get_access_token": "rule:admin_required",
  154.     "identity:delete_access_token": "rule:admin_required",
  155.  
  156.     "identity:list_projects_for_endpoint": "rule:admin_required",
  157.     "identity:add_endpoint_to_project": "rule:admin_required",
  158.     "identity:check_endpoint_in_project": "rule:admin_required",
  159.     "identity:list_endpoints_for_project": "rule:admin_required",
  160.     "identity:remove_endpoint_from_project": "rule:admin_required",
  161.  
  162.     "identity:create_endpoint_group": "rule:admin_required",
  163.     "identity:list_endpoint_groups": "rule:admin_required",
  164.     "identity:get_endpoint_group": "rule:admin_required",
  165.     "identity:update_endpoint_group": "rule:admin_required",
  166.     "identity:delete_endpoint_group": "rule:admin_required",
  167.     "identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
  168.     "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
  169.     "identity:get_endpoint_group_in_project": "rule:admin_required",
  170.     "identity:list_endpoint_groups_for_project": "rule:admin_required",
  171.     "identity:add_endpoint_group_to_project": "rule:admin_required",
  172.     "identity:remove_endpoint_group_from_project": "rule:admin_required",
  173.  
  174.     "identity:create_identity_provider": "rule:cloud_admin",
  175.     "identity:list_identity_providers": "rule:cloud_admin",
  176.     "identity:get_identity_providers": "rule:cloud_admin",
  177.     "identity:update_identity_provider": "rule:cloud_admin",
  178.     "identity:delete_identity_provider": "rule:cloud_admin",
  179.  
  180.     "identity:create_protocol": "rule:cloud_admin",
  181.     "identity:update_protocol": "rule:cloud_admin",
  182.     "identity:get_protocol": "rule:cloud_admin",
  183.     "identity:list_protocols": "rule:cloud_admin",
  184.     "identity:delete_protocol": "rule:cloud_admin",
  185.  
  186.     "identity:create_mapping": "rule:cloud_admin",
  187.     "identity:get_mapping": "rule:cloud_admin",
  188.     "identity:list_mappings": "rule:cloud_admin",
  189.     "identity:delete_mapping": "rule:cloud_admin",
  190.     "identity:update_mapping": "rule:cloud_admin",
  191.  
  192.     "identity:create_service_provider": "rule:cloud_admin",
  193.     "identity:list_service_providers": "rule:cloud_admin",
  194.     "identity:get_service_provider": "rule:cloud_admin",
  195.     "identity:update_service_provider": "rule:cloud_admin",
  196.     "identity:delete_service_provider": "rule:cloud_admin",
  197.  
  198.     "identity:get_auth_catalog": "",
  199.     "identity:get_auth_projects": "",
  200.     "identity:get_auth_domains": "",
  201.  
  202.     "identity:list_projects_for_user": "",
  203.     "identity:list_domains_for_user": "",
  204.  
  205.     "identity:list_revoke_events": "rule:service_or_admin",
  206.  
  207.     "identity:create_policy_association_for_endpoint": "rule:cloud_admin",
  208.     "identity:check_policy_association_for_endpoint": "rule:cloud_admin",
  209.     "identity:delete_policy_association_for_endpoint": "rule:cloud_admin",
  210.     "identity:create_policy_association_for_service": "rule:cloud_admin",
  211.     "identity:check_policy_association_for_service": "rule:cloud_admin",
  212.     "identity:delete_policy_association_for_service": "rule:cloud_admin",
  213.     "identity:create_policy_association_for_region_and_service": "rule:cloud_admin",
  214.     "identity:check_policy_association_for_region_and_service": "rule:cloud_admin",
  215.     "identity:delete_policy_association_for_region_and_service": "rule:cloud_admin",
  216.     "identity:get_policy_for_endpoint": "rule:cloud_admin",
  217.     "identity:list_endpoints_for_policy": "rule:cloud_admin",
  218.  
  219.     "identity:create_domain_config": "rule:cloud_admin",
  220.     "identity:get_domain_config": "rule:cloud_admin",
  221.     "identity:get_security_compliance_domain_config": "",
  222.     "identity:update_domain_config": "rule:cloud_admin",
  223.     "identity:delete_domain_config": "rule:cloud_admin",
  224.     "identity:get_domain_config_default": "rule:cloud_admin"
  225. }
  226.  

Reply to "keystone "

Here you can reply to the paste above