← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1391504] [NEW] Sample policies for Openstack

 

Public bug reported:

Regarding OpenStack policies, in general, the described roles seem quite
complicated, it is not clear which roles are appropriated for each user.
For example, in many policies it is defined just a global admin role. We
would like to clarify what are the role organizations, for example,
cloud_admin is the role for the cloud managers, domain_admin is the role
for the domain managers, project_admin for the project admin and
project_member a member with a role in a project but with no admin
permissions. In this way, it is clear for the cloud manager which
capability is being given to a user. The idea is create a
policy.cloudsample.json, where roles as cloud_admin project_admin, and
project_member will be defined and some default permissions, making
policies closer to the business reality.

** Affects: cinder
     Importance: Undecided
         Status: New

** Affects: glance
     Importance: Undecided
         Status: New

** Affects: keystone
     Importance: Undecided
         Status: New

** Affects: nova
     Importance: Undecided
         Status: New


** Tags: policy

** Project changed: keystone => glance

** Also affects: keystone
   Importance: Undecided
       Status: New

** Also affects: cinder
   Importance: Undecided
       Status: New

** Also affects: nova
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1391504

Title:
  Sample policies for Openstack

Status in Cinder:
  New
Status in OpenStack Image Registry and Delivery Service (Glance):
  New
Status in OpenStack Identity (Keystone):
  New
Status in OpenStack Compute (Nova):
  New

Bug description:
  Regarding OpenStack policies, in general, the described roles seem
  quite complicated, it is not clear which roles are appropriated for
  each user. For example, in many policies it is defined just a global
  admin role. We would like to clarify what are the role organizations,
  for example, cloud_admin is the role for the cloud managers,
  domain_admin is the role for the domain managers, project_admin for
  the project admin and project_member a member with a role in a project
  but with no admin permissions. In this way, it is clear for the cloud
  manager which capability is being given to a user. The idea is create
  a policy.cloudsample.json, where roles as cloud_admin project_admin,
  and project_member will be defined and some default permissions,
  making policies closer to the business reality.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1391504/+subscriptions


Follow ups

References