Add app-credentials-specific policy rules

In order to have Create and Delete buttons for application credentials in non-admin projects we need to add the respective policy.json rules. The dashboard pane for application credentials was added in Rocky. Change-Id: I42d4772ebe185c35cc5e81c36ebdb3f6f6c169c4 Closes-Bug: #1827107
2019-04-30 21:44:22 +03:00 · 2019-04-30 21:44:22 +03:00 · 4573def42a
parent cedff8bf2b
commit 4573def42a
1 changed files with 5 additions and 0 deletions
--- a/templates/rocky/keystonev3_policy.json
+++ b/templates/rocky/keystonev3_policy.json
@ -74,6 +74,11 @@
    "identity:ec2_create_credential": "rule:admin_required or rule:owner",
    "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",

+    "identity:get_application_credential": "rule:admin_required or user_id:%(user_id)s",
+    "identity:create_application_credential": "rule:admin_required or user_id:%(user_id)s",
+    "identity:delete_application_credential": "rule:admin_required or user_id:%(user_id)s",
+    "identity:list_application_credentials": "rule:admin_required or user_id:%(user_id)s",
+
    "identity:get_role": "rule:admin_required",
    "identity:list_roles": "rule:admin_required",
    "identity:create_role": "rule:cloud_admin",