Policy registration in code

Registered by Andrew Laski on 2016-05-05

There are two issues being addressed here:

Given a deployed policy file it is not trivial to determine how much it differs
from the defaults that a project expects. This is due to there not being an
authoritative place to find all policies and their defaults. Some projects
provide sample files but they're not always exhaustive. And it's not easy to
diff a production policy file against the sample file after extensive
modification.

Given an authenticated request context it is not possible to determine which
policies will pass. This is because policy checks are ad hoc throughout the
code with no central registry of all possible checks. And a policy file may not
have all policies listed as some may be left to fallback to the default rule.

These will be addressed as described in https://review.openstack.org/#/c/309152

Blueprint information

Status:
Not started
Approver:
Davanum Srinivas (DIMS)
Priority:
Undefined
Drafter:
Andrew Laski
Direction:
Approved
Assignee:
Andrew Laski
Definition:
Approved
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.