On 1/18/2017 3:06 PM, Sam Morrison wrote:
I would love it if all the projects policy.json was actually usable. Too
many times the policy.json isn’t the only place where authN happens with
lots of hard coded is_admin etc.
Just the ability to to have a certain role to a certain thing would be
amazing. It makes it really hard to have read only users to generate
reports with that we can show our funders how much people use our
openstack cloud.
Cheers,
Sam
(non-enterprise)
Sam,
I'd like to get your feedback on the policy-in-code changes for Nova in
the Newton release along with the related Nova policy CLIs. Some of that
is probably not well documented or communicated, but it was trying to
build into a place where you can get more information about what an
individual user or project is able to do with Nova from an access
perspective. The immediate benefit with policy-in-code was simplifying
your policy file such that it can be empty if you are just going with
the defaults, and then only add/change the defaults as needed in the
policy.json (or policy.yaml). There was some other discussion on
long-term goals for policy at the Austin summit which I could dig up if
needed.
--
Thanks,
Matt Riedemann
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
