yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1807697] Re: RFE: Token returns Project's tag properties

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Colleen Murphy <colleen@xxxxxxxxxxx>
Date: Tue, 28 May 2019 17:23:52 -0000
Reply-to: Bug 1807697 <1807697@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Okay, in that case I'll close this bug for now. If you get stuck or have
questions, feel free to reopen this or contact us in #openstack-keystone
or on the openstack-discuss mailing list.

** Changed in: keystone
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1807697

Title:
  RFE: Token returns Project's tag properties

Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  
  From an operator perspective, there are many situations where you need to add an ACL for each project. Currently, keystore and openstack policies do not seem to have any fine-grained APIs for project-specific privilege control. 

  For specific, if we want to restrict some network resources per
  projects we have to assign neutron's rbac_policy which enable to map
  specific project with network sources rather than using oslo.policy.

  I found that if we can handle project's extra properties in policy
  code, developer can check the custom properties for their own ACL
  logic which can be added by oslo.policy. There is already enough
  required code in keystone codebase for returning token with project
  extra property, IMHO it can be added without major changes.

  Thanks in advance.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1807697/+subscriptions

References

[Bug 1807697] [NEW] [RFE] Token returns Project's extra properties
From: Yang Youseok, 2018-12-10