yahoo-eng-team team mailing list archive

[Miguel Lavalle <miguel@xxxxxxxxxxxx>]

Hi Yang,

Thanks for the follow up. Closing this RFE

** Tags removed: rfe

** Changed in: neutron
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1825336

Title:
  [RFE] Tag based policy

Status in neutron:
  Won't Fix

Bug description:
  It's not directly related to Neutron though, Neutron have been used
  tagging concept widely so that I think it's good place to start with.
  Also, I felt this feature allows rbac_policy functionality to be
  achieved in a slightly more generic way.

  
  What I want to achieve is tag based policy. The scenario that I imagine like this

  
  1. Admin attach tag to several resource. (Network / Service Provider ...)

  2. Tags attached in project exposed in auth_token so that credential
  used oslo.policy can take tagging list.

  3. Admin add specific rule in oslo.policy like this

  "get_network": "project_tags:%(tags)s"

  4. Then users can access limited resources which only matched to their
  tag.

  
  I think changing for the implementation belongs to several components though (oslo.context / oslo.policy / keystone / nova ...), LoC is not so much since there were already many building blocks can be used.

  I already posted the keystone side for the feature that I said in (2):
  https://bugs.launchpad.net/keystone/+bug/1807697

  It seems that the feedback from the service use directly this feature
  can give a little more power to this RFE. So I will be appreciated to
  what Neutron folks think about it.

  Thanks in advance.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1825336/+subscriptions