yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1350879] Re: Keystone V2 API does not use the policy.json for RBAC

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Steve Martinelli <stevemar@xxxxxxxxxx>
Date: Sun, 21 Feb 2016 07:49:56 -0000
Reply-to: Bug 1350879 <1350879@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

v2 has been deprecated. v3 provides much finer RBAC control and should
be used for just this reason.

** Changed in: keystone
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1350879

Title:
  Keystone V2 API does not use the policy.json for RBAC

Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  The Keystone V2 API does not allow for granular editing of the RBAC rules.
  For example, allowing members of a project to list the API endpoints.

  In other OpenStack projects this is done through the policy.json file,
  and the Keystone V3 API uses this file to determine RBAC.

  I would propose that Keystone V2 API use this policy for at least
  listing the API endpoints. This information is already visible through
  the dashboard to any member of a project. This will allow for users to
  optionally allow non-admin API access to list the API endpoints.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1350879/+subscriptions

References

[Bug 1350879] [NEW] Keystone V2 API does not use the policy.json for RBAC
From: John Trowbridge, 2014-07-31