yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #78647
[Bug 1807697] Re: RFE: Token returns Project's tag properties
Okay, in that case I'll close this bug for now. If you get stuck or have
questions, feel free to reopen this or contact us in #openstack-keystone
or on the openstack-discuss mailing list.
** Changed in: keystone
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1807697
Title:
RFE: Token returns Project's tag properties
Status in OpenStack Identity (keystone):
Won't Fix
Bug description:
From an operator perspective, there are many situations where you need to add an ACL for each project. Currently, keystore and openstack policies do not seem to have any fine-grained APIs for project-specific privilege control.
For specific, if we want to restrict some network resources per
projects we have to assign neutron's rbac_policy which enable to map
specific project with network sources rather than using oslo.policy.
I found that if we can handle project's extra properties in policy
code, developer can check the custom properties for their own ACL
logic which can be added by oslo.policy. There is already enough
required code in keystone codebase for returning token with project
extra property, IMHO it can be added without major changes.
Thanks in advance.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1807697/+subscriptions
References