spacepaste

Paste details

reply | raw

  1.  
  2. {
  3. "admin_required": "role:admin or is_admin:1",
  4. "creator_required": "role:creator",
  5. "creator_or_admin": "rule:creator_required or rule:admin_required",
  6. "service_role": "role:service",
  7. "service_or_admin": "rule:admin_required or rule:service_role",
  8. "owner" : "user_id:%(user_id)s",
  9. "admin_or_owner": "rule:admin_required or rule:owner",
  10. "token_subject": "user_id:%(target.token.user_id)s",
  11. "admin_or_token_subject": "rule:admin_required or rule:token_subject",
  13. "default": "rule:admin_required",
  15. "identity:get_region": "",
  16. "identity:list_regions": "",
  17. "identity:create_region": "rule:admin_required",
  18. "identity:update_region": "rule:admin_required",
  19. "identity:delete_region": "rule:admin_required",
  21. "identity:get_service": "rule:admin_required",
  22. "identity:list_services": "rule:admin_required",
  23. "identity:create_service": "rule:admin_required",
  24. "identity:update_service": "rule:admin_required",
  25. "identity:delete_service": "rule:admin_required",
  27. "identity:get_endpoint": "rule:admin_required",
  28. "identity:list_endpoints": "rule:admin_required",
  29. "identity:create_endpoint": "rule:admin_required",
  30. "identity:update_endpoint": "rule:admin_required",
  31. "identity:delete_endpoint": "rule:admin_required",
  33. "identity:get_domain": "rule:creator_or_admin",
  34. "identity:list_domains": "rule:creator_or_admin",
  35. "identity:create_domain": "rule:admin_required",
  36. "identity:update_domain": "rule:admin_required",
  37. "identity:delete_domain": "rule:admin_required",
  39. "identity:get_project": "rule:admin_or_owner or rule:creator_or_admin",
  40. "identity:list_projects": "rule:creator_or_admin",
  41. "identity:list_user_projects": "rule:admin_or_owner or rule:creator_or_admin",
  42. "identity:create_project": "rule:admin_required",
  43. "identity:update_project": "rule:admin_or_owner or rule:creator_or_admin",
  44. "identity:delete_project": "rule:admin_required",
  46. "identity:get_user": "rule:creator_or_admin",
  47. "identity:list_users": "rule:creator_or_admin",
  48. "identity:create_user": "rule:admin_required",
  49. "identity:update_user": "rule:creator_or_admin",
  50. "identity:delete_user": "rule:admin_required",
  51. "identity:change_password": "rule:admin_or_owner",
  53. "identity:get_group": "rule:creator_or_admin",
  54. "identity:list_groups": "rule:creator_or_admin",
  55. "identity:list_groups_for_user": "rule:admin_or_owner or rule:creator_or_admin",
  56. "identity:create_group": "rule:admin_required",
  57. "identity:update_group": "rule:creator_or_admin",
  58. "identity:delete_group": "rule:admin_required",
  59. "identity:list_users_in_group": "rule:creator_or_admin",
  60. "identity:remove_user_from_group": "rule:admin_required",
  61. "identity:check_user_in_group": "rule:creator_or_admin",
  62. "identity:add_user_to_group": "rule:admin_required",
  64. "identity:get_credential": "rule:admin_required",
  65. "identity:list_credentials": "rule:admin_required",
  66. "identity:create_credential": "rule:admin_required",
  67. "identity:update_credential": "rule:admin_required",
  68. "identity:delete_credential": "rule:admin_required",
  70. "identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
  71. "identity:ec2_list_credentials": "rule:admin_or_owner",
  72. "identity:ec2_create_credential": "rule:admin_or_owner",
  73. "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
  75. "identity:get_role": "rule:creator_or_admin",
  76. "identity:list_roles": "rule:creator_or_admin",
  77. "identity:create_role": "rule:admin_required",
  78. "identity:update_role": "rule:admin_required",
  79. "identity:delete_role": "rule:admin_required",
  81. "identity:check_grant": "rule:admin_required",
  82. "identity:list_grants": "rule:admin_required",
  83. "identity:create_grant": "rule:admin_or_owner",
  84. "identity:revoke_grant": "rule:admin_or_owner",
  86. "identity:list_role_assignments": "rule:creator_or_admin",
  88. "identity:get_policy": "rule:admin_required",
  89. "identity:list_policies": "rule:admin_required",
  90. "identity:create_policy": "rule:admin_required",
  91. "identity:update_policy": "rule:admin_required",
  92. "identity:delete_policy": "rule:admin_required",
  94. "identity:check_token": "rule:admin_required",
  95. "identity:validate_token": "rule:service_or_admin",
  96. "identity:validate_token_head": "rule:service_or_admin",
  97. "identity:revocation_list": "rule:service_or_admin",
  98. "identity:revoke_token": "rule:admin_or_token_subject",
  100. "identity:create_trust": "user_id:%(trust.trustor_user_id)s",
  101. "identity:get_trust": "rule:admin_or_owner",
  102. "identity:list_trusts": "",
  103. "identity:list_roles_for_trust": "",
  104. "identity:get_role_for_trust": "",
  105. "identity:delete_trust": "",
  107. "identity:create_consumer": "rule:admin_required",
  108. "identity:get_consumer": "rule:admin_required",
  109. "identity:list_consumers": "rule:admin_required",
  110. "identity:delete_consumer": "rule:admin_required",
  111. "identity:update_consumer": "rule:admin_required",
  113. "identity:authorize_request_token": "rule:admin_required",
  114. "identity:list_access_token_roles": "rule:admin_required",
  115. "identity:get_access_token_role": "rule:admin_required",
  116. "identity:list_access_tokens": "rule:admin_required",
  117. "identity:get_access_token": "rule:admin_required",
  118. "identity:delete_access_token": "rule:admin_required",
  120. "identity:list_projects_for_endpoint": "rule:admin_required",
  121. "identity:add_endpoint_to_project": "rule:admin_required",
  122. "identity:check_endpoint_in_project": "rule:admin_required",
  123. "identity:list_endpoints_for_project": "rule:admin_required",
  124. "identity:remove_endpoint_from_project": "rule:admin_required",
  126. "identity:create_endpoint_group": "rule:admin_required",
  127. "identity:list_endpoint_groups": "rule:admin_required",
  128. "identity:get_endpoint_group": "rule:admin_required",
  129. "identity:update_endpoint_group": "rule:admin_required",
  130. "identity:delete_endpoint_group": "rule:admin_required",
  131. "identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
  132. "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
  133. "identity:get_endpoint_group_in_project": "rule:admin_required",
  134. "identity:add_endpoint_group_to_project": "rule:admin_required",
  135. "identity:remove_endpoint_group_from_project": "rule:admin_required",
  137. "identity:create_identity_provider": "rule:admin_required",
  138. "identity:list_identity_providers": "rule:admin_required",
  139. "identity:get_identity_providers": "rule:admin_required",
  140. "identity:update_identity_provider": "rule:admin_required",
  141. "identity:delete_identity_provider": "rule:admin_required",
  143. "identity:create_protocol": "rule:admin_required",
  144. "identity:update_protocol": "rule:admin_required",
  145. "identity:get_protocol": "rule:admin_required",
  146. "identity:list_protocols": "rule:admin_required",
  147. "identity:delete_protocol": "rule:admin_required",
  149. "identity:create_mapping": "rule:admin_required",
  150. "identity:get_mapping": "rule:admin_required",
  151. "identity:list_mappings": "rule:admin_required",
  152. "identity:delete_mapping": "rule:admin_required",
  153. "identity:update_mapping": "rule:admin_required",
  155. "identity:create_service_provider": "rule:admin_required",
  156. "identity:list_service_providers": "rule:admin_required",
  157. "identity:get_service_provider": "rule:admin_required",
  158. "identity:update_service_provider": "rule:admin_required",
  159. "identity:delete_service_provider": "rule:admin_required",
  161. "identity:get_auth_catalog": "",
  162. "identity:get_auth_projects": "",
  163. "identity:get_auth_domains": "",
  165. "identity:list_projects_for_groups": "",
  166. "identity:list_domains_for_groups": "",
  168. "identity:list_revoke_events": "",
  170. "identity:create_policy_association_for_endpoint": "rule:admin_required",
  171. "identity:check_policy_association_for_endpoint": "rule:admin_required",
  172. "identity:delete_policy_association_for_endpoint": "rule:admin_required",
  173. "identity:create_policy_association_for_service": "rule:admin_required",
  174. "identity:check_policy_association_for_service": "rule:admin_required",
  175. "identity:delete_policy_association_for_service": "rule:admin_required",
  176. "identity:create_policy_association_for_region_and_service": "rule:admin_required",
  177. "identity:check_policy_association_for_region_and_service": "rule:admin_required",
  178. "identity:delete_policy_association_for_region_and_service": "rule:admin_required",
  179. "identity:get_policy_for_endpoint": "rule:admin_required",
  180. "identity:list_endpoints_for_policy": "rule:admin_required",
  182. "identity:create_domain_config": "rule:admin_required",
  183. "identity:get_domain_config": "rule:admin_required",
  184. "identity:update_domain_config": "rule:admin_required",
  185. "identity:delete_domain_config": "rule:admin_required"
  186. }
  187.  
Powered by spacepaste. Paste removal.