neutron

creating a policy sample containing cloud_admin, project_admin and project_member roles

Registered by Andre Aranha on 2014-09-23

Reading openstack policies in general, we think that the roles are quite complicated, we don't know which roles are appropriated for each user. For example, in many policies just the admin role is described. Our proposal is to clarify for the cloud user whats the role organizations, for example, cloud_admin is the role for the admins, project_admin for the project admin and project_member a member with a role in a project but with no admin permissions.
The ideia is create a policy.cloudsample.json, where was defined roles as a project_admin, cloud_admin and project_member and determine their permissions, making policies closer to the business reality.

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: Andre Aranha

Direction:: Needs approval

Assignee:: Andre Aranha

Definition:: Obsolete

Series goal:: None

Implementation:: Beta Available

Milestone target:: None

Started by: Andre Aranha on 2014-09-23

Completed by: Armando Migliaccio on 2015-10-22

Related branches

Related bugs

Sprints

Whiteboard

Tests for these policies and documentation are available here: https://github.com/andre-lsd/sample-policies-for-openstack

Gerrit topic: https://review.openstack.org/#q,topic:bp/policy-sample,n,z

Addressed by: https://review.openstack.org/123440
Creating a policy sample

[Dave Chen] Hi Andre Aranha, we are proposing a similar changes on current policy strategy, https://blueprints.launchpad.net/keystone/+spec/admin-readonly-role.
Maybe we can collaboration with each other, I think the changes would not Nutron specific, others such as Nova, Keystone etc. will also be involved to define new policy framework.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Dave Chen

Yih Leong Sun