openstack
/
keystone
Code Issues Proposed changes
keystone/keystone/common/policies
History
Lance Bragstad f249c9e2b0 Allow domain users to access the limit API 
This commit adds domain-scope to the scope_types for limit policies,
allowing domain users to access those APIs when enforce_scope is
enabled. This commit also introduces some tests that explicitly show
how domain users are expected to behave with the limits API. A
subsequent patch will do the same for project users.

This commit also modifies the GET /v3/limit policy to allow project
users to filter responses by project_id, which isn't entirely useful
outside of just calling the API with a project-scoped token.

Change-Id: I9b38f3fd2f83efd508b2d9a6c323bbaa7169d4cd
Related-Bug: 1805880
Partial-Bug: 1818736
 		2019-09-24 19:14:17 -07:00
..
__init__.py Expose access rules as its own API 2019-09-14 03:14:20 -07:00
access_rule.py Expose access rules as its own API 2019-09-14 03:14:20 -07:00
access_token.py Add scope_types to oauth policies 2018-01-05 22:25:05 +00:00
application_credential.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
auth.py Implement GET /v3/auth/system 2018-01-24 01:09:16 +00:00
base.py implement system scope for application credential 2019-07-19 17:53:16 -07:00
consumer.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
credential.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
domain.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
domain_config.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
ec2_credential.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
endpoint.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
endpoint_group.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
grant.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
group.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
identity_provider.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
implied_role.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
limit.py Allow domain users to access the limit API 2019-09-24 19:14:17 -07:00
mapping.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
policy.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
policy_association.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
project.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
project_endpoint.py Implement scope type checking for Project Endpoints 2019-09-19 15:39:22 -07:00
protocol.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
region.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
registered_limit.py Allow domain users to access the registered limits API 2019-01-08 18:16:07 +00:00
revoke_event.py Add scope_types for revoke event policies 2018-01-04 21:14:16 +00:00
role.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
role_assignment.py Allow system/domain scope for assignment tree list 2019-09-20 16:15:16 +00:00
service.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
service_provider.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
token.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
token_revocation.py Deprecate identity:revocation_list policy for removal 2019-07-23 17:21:19 +00:00
trust.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00
user.py Make policy deprecation reasons less verbose 2019-09-20 08:58:52 -07:00