Secure data access

Registered by Renat Akhmerov

We need to design a clear pattern for secure access to data in DB.

Currently we have db/api.py module where we filter some types of objects by project id. This approach doesn't seem to be maintainable and flexible enough.

Here's a list of the ideas we could try:
1. Build a Secure DB API on top of regular DB API that would be aware of Mistral security context and transparently apply all needed filtering for all secure objects.
2. Implement a decorator @secure_object that would do similar logic so that we could apply it for DB models (or DB access methods).

Blueprint information

Status:
Complete
Approver:
Renat Akhmerov
Priority:
Medium
Drafter:
Renat Akhmerov
Direction:
Needs approval
Assignee:
Renat Akhmerov
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1
Started by
Renat Akhmerov
Completed by
Renat Akhmerov

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/mistral-secure-data-access,n,z

Addressed by: https://review.openstack.org/147405
    Working on secure DB access layer

Addressed by: https://review.openstack.org/148210
    Working on secure DB layer

Addressed by: https://review.openstack.org/148224
    Working on secure DB access (part 3)

Addressed by: https://review.openstack.org/148901
    Working on secure DB access (part 4)

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.