Allow prefixes other than 'identity:' for policy.json
The way keystone's enforcement works, all policy elements in the policy.json file must be prefixed with 'identity:', in theory this should be expanded to allow each extension to be used as the identifier (e.g. os-ec2, meaning the enforcement rule could be os-ec2:<method>). Likely this should be specified in a similar syntax to this (in controller.
@controller.
The default should remain "identity". For transition perhaps allow an alternate (e.g. if there was a desire to support 'identity' and 'assignment' for example), where enforcement that occurs on the "old" rule indicates via logging this will need to be changed in a future release.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Not
- Drafter:
- Morgan Fainberg
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Superseded
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- Morgan Fainberg
Related branches
Related bugs
Sprints
Whiteboard
Marking this as superseded. This may/will be something else once we have policy direction in the Kilo summit.
