On 2014年08月23日 18:29, Christopher Yeoh wrote:
On Sat, 23 Aug 2014 03:56:27 -0500
Joe Cropper <[email protected]> wrote:
Hi Folks,
Would anyone be opposed to adding the 'action' checking to the v2/v3
authorizers? This would allow administrators more fine-grained
control over who can read vs. create/update/delete server groups.
Thoughts?
If folks are supportive, I'd be happy to add this... but not sure if
we'd treat this as a 'bug' or whether there is a blueprint under which
this could be done?
Long term we want to have a separate authorizer for every method. Alex
had a nova-spec proposed for this but it unfortunately did not make
Juno
https://review.openstack.org/#/c/92326/
Also since the feature proposal deadline has passed it'll have to wait
till Kilo.
Yes, that spec propose adding policy rule for each API for get more
fine-grained control. But we have to wait till K release.
Chris
_______________________________________________
OpenStack-dev mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
