Authentication for Analytics REST API
Authentication for Analytics REST API. Initially it will be supported only via keystone.
Blueprint information
- Status:
- Complete
- Approver:
- Ashish Ranjan
- Priority:
- Medium
- Drafter:
- Ashish Ranjan
- Direction:
- Needs approval
- Assignee:
- Raj Reddy
- Definition:
- Approved
- Series goal:
- Accepted for r3.1
- Implementation:
- Implemented
- Milestone target:
- r3.1.0.0-fcs
- Started by
- Ashish Ranjan
- Completed by
- Ashish Ranjan
Related branches
Related bugs
Sprints
Whiteboard
Contrail Analytics API RBAC
Currently any user can access the Contrail Analytics API to get historical information via queries and get state information via UVEs. It is desired that RBAC similar to the Contrail Config API be implemented. The architecture for RBAC is based on Openstack Keystone Middleware architecture - http://
Phase 1 for 3.1:
Contrail Analytics API access for cloud-admin user only
Phase 2 for later releases:
Contrail Analytics API RBAC based on the permissions of the objects being queried or accessed to get state information
Implementation details for Phase 1
1. External user makes a REST API call to contrail-
2. It is desired that the RBAC logic is centralized in one process/role and hence contrail-
3. Based on the user role, contrail-
4. contrail-
5. contrail-