On 12/01/2015 01:23 AM, 1021710773 wrote:
Every Developers,
Hello. I here would like to ask some questions about policy rules.
Now the policy rules of openstack in keystone and other projects
are set in policy.json, in other words, the policy rules are equal
to each projects. And the common ways to enforce are in decorative
function like protected(). And in keystone project, it manage the
users, projects, roles and other resources. Now, some particular
projects(tenants) may have its own enforce rules, not just like the
policy.json, and in that ways, could we update the usual decorative
function of enforce to realize the authentification of projects? And
now, the policy model appears in keystone project. Could we use it to
create association between projects and policy?
That request has come up in the past. At this point, I don't think we
have a path to "Tenant specific policy" but we have a couple features in
Mitaka that might be close: Implied Roles and Domain specific roles.
See the specs:
Implied roles has merged:
http://git.openstack.org/cgit/openstack/keystone-specs/tree/specs/mitaka/implied-roles.rst
Domain specific roles was just given the thumbs up and will likely merge
soon.
Hope to hear from you. Thanks!
Weiwei Yang
------------------------------------------------------------------------
yangwei...@cmss.chinamobile.com
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev