OpenStack Identity (keystone)

Complete RBAC in keystone

Registered by Alexander Makarov on 2016-06-03

The only part of access control that is currently separated from keystone in OpenStack
is policy enforcement. If policies are enforces in keystone it opens an opportunity
to perform all access checks in place using internally stored delegation and policy data.

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: Alexander Makarov

Direction:: Needs approval

Assignee:: None

Definition:: Obsolete

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Completed by: Lance Bragstad on 2019-02-13

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/complete-rbac,n,z

Addressed by: https://review.openstack.org/325326
Complete RBAC in keystone

(vishakha) 19-02-13 Marked as invalid since the RBAC things are getting executed [0]. Please feel free to have discussion over it or volunteering for policy things.
[0] https://bugs.launchpad.net/keystone/+bugs?field.tag=policy

(lbragstad): 19-02-13: Marking as obsolete since the currently proposed solution in review eludes to cross-project work, which we'll need more signoff and communication for in order for the effort to be successful.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information

Everyone can see this information.

Subscribers

Nobuto Murata