Complete RBAC in keystone

Registered by Alexander Makarov on 2016-06-03

The only part of access control that is currently separated from keystone in OpenStack
is policy enforcement. If policies are enforces in keystone it opens an opportunity
to perform all access checks in place using internally stored delegation and policy data.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Alexander Makarov
Direction:
Needs approval
Assignee:
None
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Lance Bragstad on 2019-02-13

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/complete-rbac,n,z

Addressed by: https://review.openstack.org/325326
    Complete RBAC in keystone

(vishakha) 19-02-13 Marked as invalid since the RBAC things are getting executed [0]. Please feel free to have discussion over it or volunteering for policy things.
[0] https://bugs.launchpad.net/keystone/+bugs?field.tag=policy

(lbragstad): 19-02-13: Marking as obsolete since the currently proposed solution in review eludes to cross-project work, which we'll need more signoff and communication for in order for the effort to be successful.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.