diff options
| author | Gage Hugo <gagehugo@gmail.com> | 2017-07-24 16:21:55 -0500 |
|---|---|---|
| committer | Gage Hugo <gagehugo@gmail.com> | 2017-10-17 10:15:19 -0500 |
| commit | bd452fb9d9f6b4b1aba3ba9690b0e729264bba29 (patch) | |
| tree | b18e308a2f5cc19df40a0643f1de4726a7058d54 /etc | |
| parent | 53290711743e8c35297543afa38a51ccaa2843e8 (diff) | |
| download | keystone-bd452fb9d9f6b4b1aba3ba9690b0e729264bba29.tar.gz | |
Add policy for project tags
This change adds policy rules for project tags. The default
rules for both project updating and project tags will share
the same admin_required rule since tags are an attribute
of project.
Depends-On: Ibcf158f1b8082fbffeb48fa48c6592c87e056d01
Change-Id: Ieb68bd2c9c216b25ad74d320a1c9a297d2b251e7
Partially-Implements: bp project-tags
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/policy.v3cloudsample.json | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json index 5dbcb7dbb..1d9dda829 100644 --- a/etc/policy.v3cloudsample.json +++ b/etc/policy.v3cloudsample.json @@ -42,6 +42,12 @@ "identity:create_project": "rule:cloud_admin or rule:admin_and_matching_project_domain_id", "identity:update_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id", "identity:delete_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id", + "identity:create_project_tag": "rule:admin_required", + "identity:delete_project_tag": "rule:admin_required", + "identity:get_project_tag": "rule:admin_required", + "identity:list_project_tags": "rule:admin_required", + "identity:delete_project_tags": "rule:admin_required", + "identity:update_project_tags": "rule:admin_required", "admin_and_matching_target_user_domain_id": "rule:admin_required and domain_id:%(target.user.domain_id)s", "admin_and_matching_user_domain_id": "rule:admin_required and domain_id:%(user.domain_id)s", |