yahoo-eng-team team mailing list archive

[Steve Martinelli <stevemar@xxxxxxxxxx>]

use blueprint https://blueprints.launchpad.net/keystone/+spec/name-
spaced-roles to track this work.

** Changed in: keystone
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1270926

Title:
  [RFE] Enhancement needed on role data model to support name-spaced
  roles

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  In the current "OpenStack Identity V3" specification "Role" data model
  is not sufficient to handle multiple use cases which is extremely
  required for a large scale OpenStack cloud  deployments. This
  limitation of role data model also creates operational bottlenecks for
  service deployers.

  Most of the detailed use cases are listed in below blue prints.

  https://blueprints.launchpad.net/keystone/+spec/name-spaced-roles
  https://blueprints.launchpad.net/keystone/+spec/serviceid-binding-with-role-definition

  To fix these issues listed in above blue prints, we need an
  enhancement on role data model (physical and ReST) so that notion of
  name-spaced role can be defined.

  Below is an example of enhanced role data model which can optionally
  name-spaced to domain, project or service.

  {
     "role": {
        "id": "r1e72a",
        "name": "admin",
        "qname": "d1vc7i.p1vc7i.s1vc7i.admin",
        "namesapce": {
           "domain_id": "d1vc7i",
           "project_id": "p1vc7i",
           "service_id": "s1vc7i"
        },
        "links": {
           "self": "http://identity:35357/v3/roles/r1e72a";
        }
     }
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1270926/+subscriptions