Support service policy files
It's been pointed out that that deployers shouldn't have to change multiple places to enforce policy. Horizon already uses (copies of) service policy files to determine what operations should be exposed to users (whether they can list servers, view images etc). Searchlight can do the same. This BP will support configurable paths to service policy files (a deployer is responsible for getting them into the right places) that will be used to enforce which resource types are available to a user for querying/faceting etc. At the same time the existing fine-grained searchlight policy controls will be removed so that from SL's policy.json it'll still be possible to remove a resource type from consideration entirely, and still be possible to disable faceting, but not disable faceting/querying on a per resource basis.
Whether a user can perform e.g. a search on Servers will thus be:
query:allowed && searchlight:
Blueprint information
- Status:
- Started
- Approver:
- Travis Tripp
- Priority:
- Medium
- Drafter:
- Steve McLellan
- Direction:
- Approved
- Assignee:
- Steve McLellan
- Definition:
- Review
- Series goal:
- Accepted for newton
- Implementation:
- Needs Code Review
- Milestone target:
- newton-rc1
- Started by
- Travis Tripp
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Service policy file support
Not convinced we can realistically do full support for service policy files. The way oslo.policy processes some rules is a bit odd and it's quite hard to generically support everything.