On 05/15/2015 07:30 PM, Zane Bitter wrote:
On 15/05/15 11:57, Adam Young wrote:
It's kind of unfortunate IMHO that the default policy.json files tend
to give all users access to non-admin APIs, rather than requiring a
specific role (like "Member").
Working on that. Come to my policy session!
On 15/05/15 11:57, Adam Young wrote:
It's kind of unfortunate IMHO that the default policy.json files tend
to give all users access to non-admin APIs, rather than requiring a
specific role (like "Member").
Working on that. Come to my policy session!
This one, I assume:
http://libertydesignsu
From: Fox, Kevin M
Sent: Friday, May 15, 2015 7:56 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] [Zaqar] [Keystone] SSH workflow
action
I think we have to be very careful with cheep, easy, user provisionable user
accounts. I
On 05/15/2015 09:56 AM, Zane Bitter wrote:
On 14/05/15 23:38, Adam Young wrote:
So the mechanisms are there. In the short term we'd need some
cross-project co-operation to define a system through which we can do
this across projects (i.e. Murano or any other service can create a
user and have Za
, 2015 7:56 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] [Zaqar] [Keystone] SSH workflow
action
I think we have to be very careful with cheep, easy, user provisionable user
accounts. I know we've had a hard enough time ge
Adam Young [ayo...@redhat.com]
Sent: Thursday, May 14, 2015 8:38 PM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [Murano] [Mistral] [Zaqar] [Keystone] SSH workflow
action
On 05/12/2015 09:43 PM, Zane Bitter wrote:
> On 12/05/15 13:06, Georgy Okrokvertskhov wrote:
>>
On 14/05/15 23:38, Adam Young wrote:
So the mechanisms are there. In the short term we'd need some
cross-project co-operation to define a system through which we can do
this across projects (i.e. Murano or any other service can create a
user and have Zaqar authorise it for listening on a particul
On 05/12/2015 09:43 PM, Zane Bitter wrote:
On 12/05/15 13:06, Georgy Okrokvertskhov wrote:
There is one thing which still bothers me. It is authentication. Right
now with separate RabbitMQ instance we keep VMs authentication isolated
from OpenStack infra.
This is still a problem if you want to u
2015 4:09 PM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [Murano] [Mistral] [Zaqar] [Keystone] SSH workflow
action
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
+1 to a Keystone and Oslo solution for this problem. One of my
objections to Kevin's spec for Barbican is the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
+1 to a Keystone and Oslo solution for this problem. One of my
objections to Kevin's spec for Barbican is the copying of Keystone
code into the Barbican tree. It seems to me like a "code smell" that
we're trying to solve a problem that Keystone sho
On 12/05/15 13:06, Georgy Okrokvertskhov wrote:
There is one thing which still bothers me. It is authentication. Right
now with separate RabbitMQ instance we keep VMs authentication isolated
from OpenStack infra.
This is still a problem if you want to use webhooks (Heat autoscaling,
Murano action
11 matches
Mail list logo