aboutsummaryrefslogtreecommitdiffstats
path: root/external_policy_checker/conf/templates/keystone.policy.json
blob: 7fc967d5da15c093d70a1b1e8360ff1348301d9e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
{

    "identity:get_region": "{{wrapper}}",
    "identity:list_regions": "{{wrapper}}",
    "identity:create_region": "{{wrapper}}",
    "identity:update_region": "{{wrapper}}",
    "identity:delete_region": "{{wrapper}}",

    "identity:get_service": "{{wrapper}}",
    "identity:list_services": "{{wrapper}}",
    "identity:create_service": "{{wrapper}}",
    "identity:update_service": "{{wrapper}}",
    "identity:delete_service": "{{wrapper}}",

    "identity:get_endpoint": "{{wrapper}}",
    "identity:list_endpoints": "{{wrapper}}",
    "identity:create_endpoint": "{{wrapper}}",
    "identity:update_endpoint": "{{wrapper}}",
    "identity:delete_endpoint": "{{wrapper}}",

    "identity:get_registered_limit": "{{wrapper}}",
    "identity:list_registered_limits": "{{wrapper}}",
    "identity:create_registered_limits": "{{wrapper}}",
    "identity:update_registered_limits": "{{wrapper}}",
    "identity:delete_registered_limit": "{{wrapper}}",

    "identity:get_limit": "{{wrapper}}",
    "identity:list_limits": "{{wrapper}}",
    "identity:create_limits": "{{wrapper}}",
    "identity:update_limits": "{{wrapper}}",
    "identity:delete_limit": "{{wrapper}}",

    "identity:get_domain": "{{wrapper}}",
    "identity:list_domains": "{{wrapper}}",
    "identity:create_domain": "{{wrapper}}",
    "identity:update_domain": "{{wrapper}}",
    "identity:delete_domain": "{{wrapper}}",

    "admin_and_matching_target_project_domain_id": "{{wrapper}}",
    "admin_and_matching_project_domain_id": "{{wrapper}}",
    "identity:get_project": "{{wrapper}}",
    "identity:list_projects": "{{wrapper}}",
    "identity:list_user_projects": "{{wrapper}}",
    "identity:create_project": "{{wrapper}}",
    "identity:update_project": "{{wrapper}}",
    "identity:delete_project": "{{wrapper}}",
    "identity:create_project_tag": "{{wrapper}}",
    "identity:delete_project_tag": "{{wrapper}}",
    "identity:get_project_tag": "{{wrapper}}",
    "identity:list_project_tags": "{{wrapper}}",
    "identity:delete_project_tags": "{{wrapper}}",
    "identity:update_project_tags": "{{wrapper}}",
    
    "admin_and_matching_target_user_domain_id": "{{wrapper}}",
    "admin_and_matching_user_domain_id": "{{wrapper}}",
    "identity:get_user": "{{wrapper}}",
    "identity:list_users": "{{wrapper}}",
    "identity:create_user": "{{wrapper}}",
    "identity:update_user": "{{wrapper}}",
    "identity:delete_user": "{{wrapper}}",

    "admin_and_matching_target_group_domain_id": "{{wrapper}}",
    "admin_and_matching_group_domain_id": "{{wrapper}}",
    "identity:get_group": "{{wrapper}}",
    "identity:list_groups": "{{wrapper}}",
    "identity:list_groups_for_user": "{{wrapper}}",
    "identity:create_group": "{{wrapper}}",
    "identity:update_group": "{{wrapper}}",
    "identity:delete_group": "{{wrapper}}",
    "identity:list_users_in_group": "{{wrapper}}",
    "identity:remove_user_from_group": "{{wrapper}}",
    "identity:check_user_in_group": "{{wrapper}}",
    "identity:add_user_to_group": "{{wrapper}}",

    "identity:get_credential": "{{wrapper}}",
    "identity:list_credentials": "{{wrapper}}",
    "identity:create_credential": "{{wrapper}}",
    "identity:update_credential": "{{wrapper}}",
    "identity:delete_credential": "{{wrapper}}",

    "identity:ec2_get_credential": "{{wrapper}}",
    "identity:ec2_list_credentials": "{{wrapper}}",
    "identity:ec2_create_credential": "{{wrapper}}",
    "identity:ec2_delete_credential": "{{wrapper}}",

    "identity:get_role": "{{wrapper}}",
    "identity:list_roles": "{{wrapper}}",
    "identity:create_role": "{{wrapper}}",
    "identity:update_role": "{{wrapper}}",
    "identity:delete_role": "{{wrapper}}",

    "identity:get_domain_role": "{{wrapper}}",
    "identity:list_domain_roles": "{{wrapper}}",
    "identity:create_domain_role": "{{wrapper}}",
    "identity:update_domain_role": "{{wrapper}}",
    "identity:delete_domain_role": "{{wrapper}}",
    "domain_admin_matches_domain_role": "{{wrapper}}",
    "get_domain_roles": "{{wrapper}}",
    "domain_admin_matches_target_domain_role": "{{wrapper}}",
    "project_admin_matches_target_domain_role": "{{wrapper}}",
    "list_domain_roles": "{{wrapper}}",
    "domain_admin_matches_filter_on_list_domain_roles": "{{wrapper}}",
    "project_admin_matches_filter_on_list_domain_roles": "{{wrapper}}",
    "admin_and_matching_prior_role_domain_id": "{{wrapper}}",
    "implied_role_matches_prior_role_domain_or_global": "{{wrapper}}",

    "identity:get_implied_role": "{{wrapper}}",
    "identity:list_implied_roles": "{{wrapper}}",
    "identity:create_implied_role": "{{wrapper}}",
    "identity:delete_implied_role": "{{wrapper}}",
    "identity:list_role_inference_rules": "{{wrapper}}",
    "identity:check_implied_role": "{{wrapper}}",

    "identity:list_system_grants_for_user": "{{wrapper}}",
    "identity:check_system_grant_for_user": "{{wrapper}}",
    "identity:create_system_grant_for_user": "{{wrapper}}",
    "identity:revoke_system_grant_for_user": "{{wrapper}}",

    "identity:list_system_grants_for_group": "{{wrapper}}",
    "identity:check_system_grant_for_group": "{{wrapper}}",
    "identity:create_system_grant_for_group": "{{wrapper}}",
    "identity:revoke_system_grant_for_group": "{{wrapper}}",

    "identity:check_grant": "{{wrapper}}",
    "identity:list_grants": "{{wrapper}}",
    "identity:create_grant": "{{wrapper}}",
    "identity:revoke_grant": "{{wrapper}}",
    "domain_admin_for_grants": "{{wrapper}}",
    "domain_admin_for_global_role_grants": "{{wrapper}}",
    "domain_admin_for_domain_role_grants": "{{wrapper}}",
    "domain_admin_grant_match": "{{wrapper}}",
    "project_admin_for_grants": "{{wrapper}}",
    "project_admin_for_global_role_grants": "{{wrapper}}",
    "project_admin_for_domain_role_grants": "{{wrapper}}",
    "domain_admin_for_list_grants": "{{wrapper}}",
    "project_admin_for_list_grants": "{{wrapper}}",

    "admin_on_domain_filter": "{{wrapper}}",
    "admin_on_project_filter": "{{wrapper}}",
    "admin_on_domain_of_project_filter": "{{wrapper}}",
    "identity:list_role_assignments": "{{wrapper}}",
    "identity:list_role_assignments_for_tree": "{{wrapper}}",
    "identity:get_policy": "{{wrapper}}",
    "identity:list_policies": "{{wrapper}}",
    "identity:create_policy": "{{wrapper}}",
    "identity:update_policy": "{{wrapper}}",
    "identity:delete_policy": "{{wrapper}}",

    "identity:check_token": "{{wrapper}}",
    "identity:validate_token": "{{wrapper}}",
    "identity:validate_token_head": "{{wrapper}}",
    "identity:revocation_list": "{{wrapper}}",
    "identity:revoke_token": "{{wrapper}}",

    "identity:create_trust": "{{wrapper}}",
    "identity:list_trusts": "{{wrapper}}",
    "identity:list_roles_for_trust": "{{wrapper}}",
    "identity:get_role_for_trust": "{{wrapper}}",
    "identity:delete_trust": "{{wrapper}}",
    "identity:get_trust": "{{wrapper}}",

    "identity:create_consumer": "{{wrapper}}",
    "identity:get_consumer": "{{wrapper}}",
    "identity:list_consumers": "{{wrapper}}",
    "identity:delete_consumer": "{{wrapper}}",
    "identity:update_consumer": "{{wrapper}}",

    "identity:authorize_request_token": "{{wrapper}}",
    "identity:list_access_token_roles": "{{wrapper}}",
    "identity:get_access_token_role": "{{wrapper}}",
    "identity:list_access_tokens": "{{wrapper}}",
    "identity:get_access_token": "{{wrapper}}",
    "identity:delete_access_token": "{{wrapper}}",

    "identity:list_projects_for_endpoint": "{{wrapper}}",
    "identity:add_endpoint_to_project": "{{wrapper}}",
    "identity:check_endpoint_in_project": "{{wrapper}}",
    "identity:list_endpoints_for_project": "{{wrapper}}",
    "identity:remove_endpoint_from_project": "{{wrapper}}",

    "identity:create_endpoint_group": "{{wrapper}}",
    "identity:list_endpoint_groups": "{{wrapper}}",
    "identity:get_endpoint_group": "{{wrapper}}",
    "identity:update_endpoint_group": "{{wrapper}}",
    "identity:delete_endpoint_group": "{{wrapper}}",
    "identity:list_projects_associated_with_endpoint_group": "{{wrapper}}",
    "identity:list_endpoints_associated_with_endpoint_group": "{{wrapper}}",
    "identity:get_endpoint_group_in_project": "{{wrapper}}",
    "identity:list_endpoint_groups_for_project": "{{wrapper}}",
    "identity:add_endpoint_group_to_project": "{{wrapper}}",
    "identity:remove_endpoint_group_from_project": "{{wrapper}}",

    "identity:create_identity_provider": "{{wrapper}}",
    "identity:list_identity_providers": "{{wrapper}}",
    "identity:get_identity_provider": "{{wrapper}}",
    "identity:update_identity_provider": "{{wrapper}}",
    "identity:delete_identity_provider": "{{wrapper}}",

    "identity:create_protocol": "{{wrapper}}",
    "identity:update_protocol": "{{wrapper}}",
    "identity:get_protocol": "{{wrapper}}",
    "identity:list_protocols": "{{wrapper}}",
    "identity:delete_protocol": "{{wrapper}}",

    "identity:create_mapping": "{{wrapper}}",
    "identity:get_mapping": "{{wrapper}}",
    "identity:list_mappings": "{{wrapper}}",
    "identity:delete_mapping": "{{wrapper}}",
    "identity:update_mapping": "{{wrapper}}",

    "identity:create_service_provider": "{{wrapper}}",
    "identity:list_service_providers": "{{wrapper}}",
    "identity:get_service_provider": "{{wrapper}}",
    "identity:update_service_provider": "{{wrapper}}",
    "identity:delete_service_provider": "{{wrapper}}",

    "identity:get_auth_catalog": "{{wrapper}}",
    "identity:get_auth_projects": "{{wrapper}}",
    "identity:get_auth_domains": "{{wrapper}}",
    "identity:get_auth_system": "{{wrapper}}",

    "identity:list_projects_for_user": "{{wrapper}}",
    "identity:list_domains_for_user": "{{wrapper}}",

    "identity:list_revoke_events": "{{wrapper}}",

    "identity:create_policy_association_for_endpoint": "{{wrapper}}",
    "identity:check_policy_association_for_endpoint": "{{wrapper}}",
    "identity:delete_policy_association_for_endpoint": "{{wrapper}}",
    "identity:create_policy_association_for_service": "{{wrapper}}",
    "identity:check_policy_association_for_service": "{{wrapper}}",
    "identity:delete_policy_association_for_service": "{{wrapper}}",
    "identity:create_policy_association_for_region_and_service": "{{wrapper}}",
    "identity:check_policy_association_for_region_and_service": "{{wrapper}}",
    "identity:delete_policy_association_for_region_and_service": "{{wrapper}}",
    "identity:get_policy_for_endpoint": "{{wrapper}}",
    "identity:list_endpoints_for_policy": "{{wrapper}}",

    "identity:create_domain_config": "{{wrapper}}",
    "identity:get_domain_config": "{{wrapper}}",
    "identity:get_security_compliance_domain_config": "{{wrapper}}",
    "identity:update_domain_config": "{{wrapper}}",
    "identity:delete_domain_config": "{{wrapper}}",
    "identity:get_domain_config_default": "{{wrapper}}",

    "identity:get_application_credential": "{{wrapper}}",
    "identity:list_application_credentials": "{{wrapper}}",
    "identity:create_application_credential": "{{wrapper}}",
    "identity:delete_application_credential": "{{wrapper}}",
}