← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #76166

[Bug 1807697] [NEW] [RFE] Token returns Project's extra properties

  Thread PreviousDate PreviousThread Next 
Public bug reported:


>From an operator perspective, there are many situations where you need to add an ACL for each project. Currently, keystore and openstack policies do not seem to have any fine-grained APIs for project-specific privilege control. 

For specific, if we want to restrict some network resources per projects
we have to assign neutron's rbac_policy which enable to map specific
project with network sources rather than using oslo.policy.

I found that if we can handle project's extra properties in policy code,
developer can check the custom properties for their own ACL logic which
can be added by oslo.policy. There is already enough required code in
keystone codebase for returning token with project extra property, IMHO
it can be added without major changes.

Thanks in advance.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1807697

Title:
  [RFE] Token returns Project's extra properties

Status in OpenStack Identity (keystone):
  New

Bug description:
  
  From an operator perspective, there are many situations where you need to add an ACL for each project. Currently, keystore and openstack policies do not seem to have any fine-grained APIs for project-specific privilege control. 

  For specific, if we want to restrict some network resources per
  projects we have to assign neutron's rbac_policy which enable to map
  specific project with network sources rather than using oslo.policy.

  I found that if we can handle project's extra properties in policy
  code, developer can check the custom properties for their own ACL
  logic which can be added by oslo.policy. There is already enough
  required code in keystone codebase for returning token with project
  extra property, IMHO it can be added without major changes.

  Thanks in advance.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1807697/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next