On 05/31/2016 04:01 PM, Jay Faulkner wrote: > Hi all, > > > During this cycle, on behalf of OSIC, I'll be working on implementing proper > oslo.policy support for Ironic. The reasons this is needed probably don't need > to be explained here, so I won't :). > > > I have two requests for the list regarding this though: > > > 1) Is there a general guideline to follow when designing policy roles? There > appears to have been some discussion around this already > here: https://review.openstack.org/#/c/245629/, but it hasn't moved in over a > month. I want Ironic's implementation of policy to be as 'standard' as > possible; > but I've had trouble finding any kind of standard. > > > 2) A general call for contributors to help make this happen in Ironic. I want, > in the next week, to finish up the research and start on a spec. Anyone > willing > to help with the design or implementation let me know here or in IRC so we can > work together. > > > Thanks in advance, > > Jay Faulkner >
Hi Jay, Morgan and I sat down earlier this week to brainstorm on adding policy checks to Ironic's API. Turns out, all the glue for enforcing policy is *already* in place in the project, but we haven't implemented enforcement within specific API methods yet. It's not going to be that much work -- I already have a POC up locally with a few new policy settings. I'll be happy to work on the spec with you, and hope to have the POC in a shareable form within a couple days. --Devananda __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev