Review usage of oslo-privsep library on Nova
Nova's usage of the privsep library is too broad. A single global permission
profile with all needed capabilities is defined for all functions that interact
with privsep to use. While this works, it is not the best usage of the library
as functions are getting a set of rights they do not need and thus should not
receive. This spec seeks to fix this situation by defining a more specialized
usage of the library.
Blueprint information
- Status:
- Not started
- Approver:
- Balazs Gibizer
- Priority:
- Undefined
- Drafter:
- Jorge San Emeterio
- Direction:
- Approved
- Assignee:
- Jorge San Emeterio
- Definition:
- Approved
- Series goal:
- Accepted for antelope
- Implementation:
- Deferred
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
[20230116 bauzas] Spec approved for 2023.1 cycle https:/
Gerrit topic: https:/
Addressed by: https:/
WIP: Moving privsep profiles to nova/__init__.py
Addressed by: https:/
Dividing global privsep profile
Addressed by: https:/
WIP: Creating an example of the refactor privileged functions will go through.
[20230307 bauzas] Deferred as implementation not merged in 2023.1