oslo.policy/sample_data/auth_v3_token_system_admin.json
Colleen Murphy 99daead510 Modernize policy checker
Without this patch, the policy checker issues a 'failed' result when
checking a system-scoped sample token against a policy string like
"role:admin and system_scope:all", because the policy checker does not
understand the 'system_scope' attribute that is now in oslo.context[1]
and wasn't parsing the "system" scope object from the sample token.
Similarly, it fails on a string like "user_id:%(user_id)s" because it
never looked up the user_id from the sample token. This change updates
the policy checker to understand token contexts and policies like these
so that more of the policy defaults in keystone, and soon other
projects, will pass. This also adds a new system-scoped sample token to
check against.

[1] https://review.opendev.org/530509

Change-Id: I02fbbc99d28aa5c787133f530f6e968341107bf7
2019-10-10 08:38:14 -07:00

137 lines
4.9 KiB
JSON

{
"token": {
"methods": [
"password"
],
"expires_at": "2038-01-18T21:14:07Z",
"issued_at": "2000-01-18T21:14:07Z",
"roles": [
{
"id":"41b1af9bb39241e8b8b79fae5906abcc",
"name": "admin"
},
{
"id": "ac9add6b3c5a46dcaaf21390c4657949",
"name": "member"
},
{
"id": "b0cb8117845f4fd489865d498b80bab3",
"name": "reader"
}
],
"system": {
"all": true
},
"catalog": [
{
"endpoints": [
{
"id": "f84e070735e54914b41e2b5cfa94dcf7",
"interface": "admin",
"url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
"region": "regionOne"
},
{
"id": "8220bba1d2844e0b81b171c6ede1155f",
"interface": "internal",
"url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
"region": "regionOne"
},
{
"id": "719b92ea82a04e7a9ff1107c62da10da",
"interface": "public",
"url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
"region": "regionOne"
}
],
"type": "volume",
"name": "volume",
"id":"547e9195d1914b5eb087bedbc98fccc3"
},
{
"endpoints": [
{
"id": "44752324c0d44375bc854168ea22f1fc",
"interface": "admin",
"url": "http://127.0.0.1:9292/v1",
"region": "regionOne"
},
{
"id": "a59b3734f57449078f1637c10f96c8e8",
"interface": "internal",
"url": "http://127.0.0.1:9292/v1",
"region": "regionOne"
},
{
"id": "16c3ab1a4df640569812e432c98b2a48",
"interface": "public",
"url": "http://127.0.0.1:9292/v1",
"region": "regionOne"
}
],
"type": "image",
"name": "glance",
"id": "22c15d232e55419eb4aeb3ebbd12aac2"
},
{
"endpoints": [
{
"id": "9c2fdc2d45bb45c5a7f973e235e0f998",
"interface": "admin",
"url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
"region": "regionOne"
},
{
"id": "88ccfa8cbb7743998b38b998f4e6a720",
"interface": "internal",
"url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
"region": "regionOne"
},
{
"id": "113ee928c6934c92b9a12bd4e456c804",
"interface": "public",
"url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
"region": "regionOne"
}
],
"type": "compute",
"name": "nova",
"id": "fbf2afcdeb10473392636df9785d3fb5"
},
{
"endpoints": [
{
"id": "c10a5cda00784049953296d18464aa38",
"interface": "admin",
"url": "http://127.0.0.1:35357/v3",
"region": "RegionOne"
},
{
"id": "334650263e064428bb2f0b7c3c7a743c",
"interface": "internal",
"url": "http://127.0.0.1:35357/v3",
"region": "RegionOne"
},
{
"id": "52ff54addc38430d9b656c7164e2caf8",
"interface": "public",
"url": "http://127.0.0.1:5000/v3",
"region": "RegionOne"
}
],
"type": "identity",
"name": "keystone",
"id": "a0d9913a4bca4d5699e151804e0b5172"
}
],
"user": {
"domain": {
"id": "domain_id1",
"name": "domain_name1"
},
"name": "user_name1",
"id": "user_id1"
}
}
}