Enhancement of Tacker API resource access control
Tacker Policy defined in the policy enforcer and policy.yaml uses "admin_or_owner" or "@(allow any)" only.
In Telecom operator usecases, they use additional information such as "area/region" and "vnfprovider" for access control.
This blueprint aims to implement fine-grained access control based on user and VNF information for API resources.
We will extend user information to include role, VIM information, VNF instance information,
and implement the policy enforcer that uses not only roles, but also user and VNF information.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Yuta Kazato
- Direction:
- Needs approval
- Assignee:
- Yuta Kazato
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Enhancement of Tacker API Resource Access Control
Addressed by: https:/
[WIP]
Gerrit topic: https:/
Addressed by: https:/
Enhancement of Tacker API resource access control
Addressed by: https:/
Enhancement of Tacker API Policy for VNF tenant