OpenStack Identity (keystone)

Remove Authorization Code from functions and put it in a Decorator

Registered by Ziad Sawalha on 2012-01-03

In order to continue cleaning up the Keystone code, we need to move the authorization checks for ADMIN and SERVICE ADMIN roles out of all the function calls in logic/service.py and reimplement as a decorator and/or middleware.

Potentially implement a context object to hold call data like other projects do.

Blueprint information

Status:: Complete

Approver:: None

Priority:: Medium

Drafter:: Ziad Sawalha

Direction:: Needs approval

Assignee:: Ed Leafe

Definition:: Drafting

Series goal:: Accepted for essex

Implementation:: Implemented

Milestone target:: 2012.1

Started by: Ed Leafe on 2012-01-05

Completed by: Joe Savak on 2012-01-16

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/keystone-internal-authorization,n,z

Addressed by: https://review.openstack.org/2851
Implemented decorators to admin and service_admin checks BP: keystone-internal-authorization

Addressed by: https://review.openstack.org/2937
Created skeleton for the context middleware.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Joe Savak