> On Jun 2, 2016, at 10:03 AM, Adam Young <[email protected]> wrote: > > To do all of this right, however, requires a degree of introspection that we > do not have in OpenStack. Trove needs to ask Nova "I want to do X, what role > do I need?" and there is no where in the system today that this information > lives. > > So, while we could make something that works for service users as the problem > is defined by Nova today, that would be, in a word, bad. We need something > that works for the larger OpenStack ecosystem, to include less trusted third > party services, and still deal with the long running tasks.
Hello, If openstack supported RBAC (ANSI INCITS 359) you would be able to call (something like) this API: List<String> permissionRoles(Permission perm) throws SecurityException Return a list of type String of all roles that have granted a particular permission. RBAC Review APIs: http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/ReviewMgr.html One of the advantages of pursuing published standards, you enjoy support for requirements across a broad spectrum of requirements, and perhaps for things you didn’t know was needed (at design time). Hope this helps, Shawn __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
