On 06/11/2015 05:35 PM, Salvatore Orlando wrote:
I am not able to say whether this works for Nova. Surely works for
Neutron - from a functional perspective at least.
I still don't know however whether this choice is the best way to
proceed, and perhaps you can help me understand better.
Role
I am not able to say whether this works for Nova. Surely works for Neutron
- from a functional perspective at least.
I still don't know however whether this choice is the best way to proceed,
and perhaps you can help me understand better.
Role checks are always expressed through policy.json and c
Sean had a really good point when he mentioned that the Developers know
what need to be enforced, and I think this is why he suggested that the
base policy implementation be in Python code, not the policy JSON DSL.
The main thrust of the dynamic policy has been to get the role-to-api
assignmen