White List Extension for Application Credentials

Registered by Johannes Grassler on 2018-03-07

This spec describes a white list extension for application credentials that allows their creator to restrict their usage by specifying a white list of URL paths/ request methods any request using the application credential must match.

Blueprint information

Status:
Started
Approver:
Lance Bragstad
Priority:
High
Drafter:
Johannes Grassler
Direction:
Approved
Assignee:
Johannes Grassler
Definition:
Approved
Series goal:
Accepted for stein
Implementation:
Started
Milestone target:
milestone icon stein-3
Started by
Lance Bragstad on 2018-06-06

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/whitelist-extension-for-app-creds,n,z

Addressed by: https://review.openstack.org/572776
    Migrations for application credential capabilities

Addressed by: https://review.openstack.org/628168
    [WIP] Add API changes for app cred capabilities

Addressed by: https://review.openstack.org/628193
    [WIP] Add manager support for app cred capabilities

Addressed by: https://review.openstack.org/628524
    [WIP] Add API for /v3/allowed-requests

Addressed by: https://review.openstack.org/631936
    [WIP] Add SQL migrations for app cred capabilities

Addressed by: https://review.openstack.org/631937
    [WIP] Add driver support for app cred capabilities

Addressed by: https://review.openstack.org/631993
    [WIP] Add capabilities to token validation

Addressed by: https://review.openstack.org/637436
    Add manager for access rules

Addressed by: https://review.openstack.org/637437
    Add API for /v3/access_rules

Addressed by: https://review.openstack.org/637438
    Add a permissive mode for access rules

Addressed by: https://review.openstack.org/639182
    Update app cred capabilities spec

Addressed by: https://review.openstack.org/640034
    WIP: Add role check to access rules

Gerrit topic: https://review.opendev.org/#/q/topic:bp/whitelist-extension-for-app-creds

Addressed by: https://review.opendev.org/663440
    Add user_id to access rules table

Gerrit topic: https://review.opendev.org/#/q/topic:undo-access-rules-config

Addressed by: https://review.opendev.org/663462
    Add manager support for app cred access rules

Addressed by: https://review.opendev.org/628168
    Add API changes for app cred access rules

Addressed by: https://review.opendev.org/631993
    Add access rules to token validation

Addressed by: https://review.opendev.org/668238
    Expose access rules as its own API

Addressed by: https://review.opendev.org/671374
    Update API version for access rules

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.