Merge "Update Keystone core to Mitaka."

author: Ruan HE <ruan.he@orange.com> 2016-06-09 08:12:34 +0000
committer: Gerrit Code Review <gerrit@172.30.200.206> 2016-06-09 08:12:34 +0000
commit: 4bc079a2664f9a407e332291f34d174625a9d5ea (patch)
tree: 7481cd5d0a9b3ce37c44c797a1e0d39881221cbe /keystone-moon/etc/policy.json
parent: 2f179c5790fbbf6144205d3c6e5089e6eb5f048a (diff)
parent: 2e7b4f2027a1147ca28301e4f88adf8274b39a1f (diff)
1 files changed, 16 insertions, 2 deletions
diff --git a/keystone-moon/etc/policy.json b/keystone-moon/etc/policy.json
index ebb94b02..797af24d 100644
--- a/keystone-moon/etc/policy.json
+++ b/keystone-moon/etc/policy.json
@@ -34,7 +34,7 @@
     "identity:update_domain": "rule:admin_required",
     "identity:delete_domain": "rule:admin_required",
 
-    "identity:get_project": "rule:admin_required",
+    "identity:get_project": "rule:admin_required or project_id:%(target.project.id)s",
     "identity:list_projects": "rule:admin_required",
     "identity:list_user_projects": "rule:admin_or_owner",
     "identity:create_project": "rule:admin_required",
@@ -75,6 +75,18 @@
     "identity:create_role": "rule:admin_required",
     "identity:update_role": "rule:admin_required",
     "identity:delete_role": "rule:admin_required",
+    "identity:get_domain_role": "rule:admin_required",
+    "identity:list_domain_roles": "rule:admin_required",
+    "identity:create_domain_role": "rule:admin_required",
+    "identity:update_domain_role": "rule:admin_required",
+    "identity:delete_domain_role": "rule:admin_required",
+
+    "identity:get_implied_role": "rule:admin_required ",
+    "identity:list_implied_roles": "rule:admin_required",
+    "identity:create_implied_role": "rule:admin_required",
+    "identity:delete_implied_role": "rule:admin_required",
+    "identity:list_role_inference_rules": "rule:admin_required",
+    "identity:check_implied_role": "rule:admin_required",
 
     "identity:check_grant": "rule:admin_required",
     "identity:list_grants": "rule:admin_required",
@@ -82,6 +94,7 @@
     "identity:revoke_grant": "rule:admin_required",
 
     "identity:list_role_assignments": "rule:admin_required",
+    "identity:list_role_assignments_for_tree": "rule:admin_required",
 
     "identity:get_policy": "rule:admin_required",
     "identity:list_policies": "rule:admin_required",
@@ -180,5 +193,6 @@
     "identity:create_domain_config": "rule:admin_required",
     "identity:get_domain_config": "rule:admin_required",
     "identity:update_domain_config": "rule:admin_required",
-    "identity:delete_domain_config": "rule:admin_required"
+    "identity:delete_domain_config": "rule:admin_required",
+    "identity:get_domain_config_default": "rule:admin_required"
 }
author	Ruan HE <ruan.he@orange.com>	2016-06-09 08:12:34 +0000
committer	Gerrit Code Review <gerrit@172.30.200.206>	2016-06-09 08:12:34 +0000
commit	4bc079a2664f9a407e332291f34d174625a9d5ea (patch)
tree	7481cd5d0a9b3ce37c44c797a1e0d39881221cbe /keystone-moon/etc/policy.json
parent	2f179c5790fbbf6144205d3c6e5089e6eb5f048a (diff)
parent	2e7b4f2027a1147ca28301e4f88adf8274b39a1f (diff)