[Yahoo-eng-team] [Bug 2039269] [NEW] Implement full_match mapping compination matching rule

Fri, 13 Oct 2023 03:58:02 -0700 

Public bug reported:

Hello,

As a OpenStack administrator I would like to federate flexible access policies 
to Openstack projects from identity provider.
For example, I have projects Green and Red, and Admin and User roles. From 
identity provider Keystone receives an array like: "Green_Admin;Red_User". And 
there is no way to specify rule "If idp gives Green_Admin and Red_User then set 
role Admin for project Green, and role User for project Red".

I tried to implement "full match" logic with something like:
any_one_of: Green_Admin
any_one_of: Red_User
not_any_of: Green_User, Red_Admin 
But in real life example with a dozen of projects and several roles I ended up 
with 50MB mappings JSON that Keystone can't accept.

Best Regards,
Alex.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2039269

Title:
  Implement full_match mapping compination matching rule

Status in OpenStack Identity (keystone):
  New

Bug description:
  Hello,

  As a OpenStack administrator I would like to federate flexible access 
policies to Openstack projects from identity provider.
  For example, I have projects Green and Red, and Admin and User roles. From 
identity provider Keystone receives an array like: "Green_Admin;Red_User". And 
there is no way to specify rule "If idp gives Green_Admin and Red_User then set 
role Admin for project Green, and role User for project Red".

  I tried to implement "full match" logic with something like:
  any_one_of: Green_Admin
  any_one_of: Red_User
  not_any_of: Green_User, Red_Admin 
  But in real life example with a dozen of projects and several roles I ended 
up with 50MB mappings JSON that Keystone can't accept.

  Best Regards,
  Alex.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2039269/+subscriptions


-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to