Policy Control on Per Resource Type
Summary
=======
Provide the policy control on searches based on each resource type.
Motivation
========
Most services provide the ability to list their resources based on Keystone policy files. We need to provide this ability on a per resource type basis.
Description
=========
Testing
======
Brief instruction for reviewers to exercise the changes, including expected results where non-obvious.
Outside Dependencies
==================
See also "A common policy scenario across all projects" : https:/
Requirements Update Required
=======
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Essential
- Drafter:
- Travis Tripp
- Direction:
- Approved
- Assignee:
- Steve McLellan
- Definition:
- Review
- Series goal:
- Accepted for mitaka
- Implementation:
-
Implemented
- Milestone target:
-
mitaka-rc1
- Started by
- Steve McLellan
- Completed by
- Travis Tripp
Related branches
Related bugs
Sprints
Whiteboard
After some discussion, it's decided that for mitaka we'll support allowing queries to resource types based on policy; expanding this to translate from policy -> rbac filtering will be for the next cycle.
Currently we have catalog_search, catalog_plugins, catalog_facets as allowed policy options. We'll expand this to allow control over plugins by resource type. The original discussion had us with query_os_
"query": "",
"facets": "",
"plugins": "",
"os_glance_
"os_glance_
precedence order for a search query is "query" > "os_glance_
Gerrit topic: https:/
Addressed by: https:/
Spec for per-resource policy control
Addressed by: https:/
Per resource policy control
