openstack team mailing list archive

Thread
Date

Re: 'admin' role hard-coded in keystone and nova, and policy.json

To: Salman A Baset <sabaset@xxxxxxxxxx>, openstack <openstack@xxxxxxxxxxxxxxxxxxx>
From: Joshua Harlow <harlowja@xxxxxxxxxxxxx>
Date: Thu, 10 May 2012 19:13:02 -0700
Accept-language: en-US
Acceptlanguage: en-US
In-reply-to: <OF2E91645D.0DB9D9EE-ON852579FA.0075C733-852579FA.00764CC3@us.ibm.com>
Thread-index: Ac0u/BtIl5g05/mtTceu4kOsIOnx3wAH3x38
Thread-topic: [Openstack] 'admin' role hard-coded in keystone and nova, and policy.json

I was also wondering about this, it seems there are lots of policy.json files with hard coded roles in them, which is weird since keystone supports the creation of roles and such, but if u create a role which isn't in a policy.json then u have just caused yourself a problem, which isn't very apparent...

On 5/10/12 2:32 PM, "Salman A Baset" <sabaset@xxxxxxxxxx> wrote:

It seems that 'admin' role is hard-coded cross nova and horizon. As a result if I want to define 'myadmin' role, and grant it all the admin privileges, it does not seem possible. Is this a recognized limitation?

Further, is there some good documentation on policy.json for nova, keystone, and glance?

Thanks.

Best Regards,

Salman A. Baset
Research Staff Member, IBM T. J. Watson Research Center
Tel: +1-914-784-6248

Follow ups

Re: 'admin' role hard-coded in keystone and nova, and policy.json
From: Gabriel Hurley, 2012-05-11
Re: 'admin' role hard-coded in keystone and nova, and policy.json
From: Vishvananda Ishaya, 2012-05-11

References

'admin' role hard-coded in keystone and nova, and policy.json
From: Salman A Baset, 2012-05-10