yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1270926] [NEW] [RFE] Enhancement needed on role data model to support name-spaced roles

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Arvind Tiwari <1270926@xxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Jan 2014 19:27:10 -0000
Reply-to: Bug 1270926 <1270926@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

In the current "OpenStack Identity V3" specification "Role" data model
is not sufficient to handle multiple use cases which is extremely
required for a large scale OpenStack cloud  deployments. This limitation
of role data model also creates operational bottlenecks for service
deployers.

Most of the detailed use cases are listed in below blue prints.

https://blueprints.launchpad.net/keystone/+spec/name-spaced-roles
https://blueprints.launchpad.net/keystone/+spec/serviceid-binding-with-role-definition

To fix these issues listed in above blue prints, we need an enhancement
on role data model (physical and ReST) so that notion of name-spaced
role can be defined.

Below is an example of enhanced role data model which can optionally
name-spaced to domain, project or service.

{
   "role": {
      "id": "r1e72a",
      "name": "admin",
      "qname": "d1vc7i.p1vc7i.s1vc7i.admin",
      "namesapce": {
         "domain_id": "d1vc7i",
         "project_id": "p1vc7i",
         "service_id": "s1vc7i"
      },
      "links": {
         "self": "http://identity:35357/v3/roles/r1e72a";
      }
   }
}

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1270926

Title:
  [RFE] Enhancement needed on role data model to support name-spaced
  roles

Status in OpenStack Identity (Keystone):
  New

Bug description:
  In the current "OpenStack Identity V3" specification "Role" data model
  is not sufficient to handle multiple use cases which is extremely
  required for a large scale OpenStack cloud  deployments. This
  limitation of role data model also creates operational bottlenecks for
  service deployers.

  Most of the detailed use cases are listed in below blue prints.

  https://blueprints.launchpad.net/keystone/+spec/name-spaced-roles
  https://blueprints.launchpad.net/keystone/+spec/serviceid-binding-with-role-definition

  To fix these issues listed in above blue prints, we need an
  enhancement on role data model (physical and ReST) so that notion of
  name-spaced role can be defined.

  Below is an example of enhanced role data model which can optionally
  name-spaced to domain, project or service.

  {
     "role": {
        "id": "r1e72a",
        "name": "admin",
        "qname": "d1vc7i.p1vc7i.s1vc7i.admin",
        "namesapce": {
           "domain_id": "d1vc7i",
           "project_id": "p1vc7i",
           "service_id": "s1vc7i"
        },
        "links": {
           "self": "http://identity:35357/v3/roles/r1e72a";
        }
     }
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1270926/+subscriptions

Follow ups

[Bug 1270926] Re: [RFE] Enhancement needed on role data model to support name-spaced roles
From: Steve Martinelli, 2016-02-21
[Bug 1270926] [NEW] [RFE] Enhancement needed on role data model to support name-spaced roles
From: Arvind Tiwari, 2014-01-20

References

[Bug 1270926] [NEW] [RFE] Enhancement needed on role data model to support name-spaced roles
From: Arvind Tiwari, 2014-01-20