Allow admin to update the policy of each service
In Keystone V3, Policy is now centrally stored in keystone and available for read and update. It would be nice to create a panel that allows the user to read and configure the policy.
The main challenge here is figuring out the interface that allows the user to easily configure the policy rule.
Blueprint information
- Status:
- Complete
- Approver:
- Gabriel Hurley
- Priority:
- Medium
- Drafter:
- Lin Hua Cheng
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Blocked
- Milestone target:
- None
- Started by
- David Lyle
- Completed by
- David Lyle
Related branches
Related bugs
Sprints
Whiteboard
[lblanchard 8-7-13] - Are there some example policies to review? I could put together some initial wireframes for the UI, if so.
[lin-hua-cheng 8-7-13] Keystone and Nova have a policy file that can be used as reference. The policy is simple though, it just check if the user is an admin or owner.
Keystone policy - https:/
Nova policy - https:/
I haven't started with an initial design yet. Go ahead with the initial wireframes, your help is much appreicated!
I would image the UI would be complicated since the UI need to support defining rules by:
- role
- some context variable from user context like project_id
- reuse another existing rule
- combination of the three and allowing to use AND and OR
[david-lyle | 2014-03-26] There is really no way to do anything meaningful in keystone on this topic.
[tpborion | 2014-10-09] With the merging of the endpoint policy (https:/
[lhcheng | 2016-01-20] Until OpenStack services moves to consuming the keystone Policy API as a place to store their policy rule, this feature is not that useful :(
[david-lyle | 2016-06-15] Policy is still a moving target. Until there is something meaningful to access, I'm shelving the topic.