yahoo-eng-team team mailing list archive

[John Trowbridge <trown@xxxxxxxxxx>]

Public bug reported:

The Keystone V2 API does not allow for granular editing of the RBAC rules.
For example, allowing members of a project to list the API endpoints.

In other OpenStack projects this is done through the policy.json file,
and the Keystone V3 API uses this file to determine RBAC.

I would propose that Keystone V2 API use this policy for at least
listing the API endpoints. This information is already visible through
the dashboard to any member of a project. This will allow for users to
optionally allow non-admin API access to list the API endpoints.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1350879

Title:
  Keystone V2 API does not use the policy.json for RBAC

Status in OpenStack Identity (Keystone):
  New

Bug description:
  The Keystone V2 API does not allow for granular editing of the RBAC rules.
  For example, allowing members of a project to list the API endpoints.

  In other OpenStack projects this is done through the policy.json file,
  and the Keystone V3 API uses this file to determine RBAC.

  I would propose that Keystone V2 API use this policy for at least
  listing the API endpoints. This information is already visible through
  the dashboard to any member of a project. This will allow for users to
  optionally allow non-admin API access to list the API endpoints.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1350879/+subscriptions