Ability to authorize interaction with entity properties

Registered by Brian Waldon on 2012-05-21

We need to be able to authorize specific groups of users to create, update, and read different properties of arbitrary entities.

Blueprint information

Status:
Complete
Approver:
Brian Waldon
Priority:
High
Drafter:
Brian Waldon
Direction:
Approved
Assignee:
Iccha Sethi
Definition:
Approved
Series goal:
Accepted for havana
Implementation:
Implemented
Milestone target:
milestone icon 2013.2
Started by
Iccha Sethi on 2013-07-30
Completed by
Mark Washenberger on 2013-09-10

Related branches

Sprints

Whiteboard

This shouldn't require API contract changes, so it can wait until Grizzly to happen.

misc links:-
futher discussion to be documented on:
https://etherpad.openstack.org/public-glance-protected-props

Latest proposal (27 June): https://wiki.openstack.org/wiki/Glance-property-protections

The latest proposal looks great to me. I'm afraid we won't have this in by havana-2, so I'm bumping it just to reflect that fact during the project updates.

Gerrit topic: https://review.openstack.org/#q,topic:bp/api-v2-property-protection,n,z

Addressed by: https://review.openstack.org/43372
    Add Extra Properties class in domain layer

Addressed by: https://review.openstack.org/43368
    Rule parser for property protections

Addressed by: https://review.openstack.org/43548
    Property Protection Layer

Addressed by: https://review.openstack.org/43733
    Property Protection Layer

Addressed by: https://review.openstack.org/43904
    Adds property protection layer to gateway

Addressed by: https://review.openstack.org/44703
    Implement protected properties for API v1

Addressed by: https://review.openstack.org/46283
    Add policy style '@'/'!' rules to prop protections

Addressed by: https://review.openstack.org/46268
    Ensure prop protections are read/enforced in order

Addressed by: https://review.openstack.org/46767
    Add documentation for property protections

Addressed by: https://review.openstack.org/48076
    Using policies for protected properties

Addressed by: https://review.openstack.org/48475
    Use packaged version of ordereddict

Addressed by: https://review.openstack.org/48482
    Add documentation for property protections

Addressed by: https://review.openstack.org/51854
    Documentation for using policies for protected properties

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.