Cinder

Make Cinder Consistent and Secure RBAC Ready

Registered by Brian Rosmaita

Revise Cinder's policy definitions to support the community-wide Consistent and Secure RBAC effort.

In Yoga:
- make Cinder recognize system scope
- modify the system-admin persona to be recognized by having admin role on a system
- add the system-reader persona
- add the project-admin persona

There will also have to be adjustments made to the API and cinderclient to handle the project_id-in-the-URL issue. This is that users with system scope are not required to be in a project, so there's no project_id for them to include in the URL, and any keystone templating that requires a project_id in the URL won't include a cinder URL for them in their service catalog.

See the Yoga spec "The Return of Make Cinder Consistent and Secure RBAC Ready" for details.

Blueprint information

Status:
Started
Approver:
None
Priority:
High
Drafter:
Brian Rosmaita
Direction:
Approved
Assignee:
None
Definition:
Approved
Series goal:
Accepted for yoga
Implementation:
Slow progress
Milestone target:
milestone icon yoga-3
Started by
Brian Rosmaita

Related branches

Sprints

Whiteboard

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.