Secure RBAC: Implement support of project-personas in Tacker
In the OpenStack Zed cycle, the Technical committee proposed introducing the project scope personas [1].
This is to introduce the member and reader roles to operate things within their project. By default, any other project role like foo will not be allowed to do anything in the project.
Reference for RBAC Etherpads:
https:/
https:/
[1] https:/
Blueprint information
- Status:
- Not started
- Approver:
- Yasufumi Ogawa
- Priority:
- Undefined
- Drafter:
- Manpreet Kaur
- Direction:
- Needs approval
- Assignee:
- Manpreet Kaur
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
[WIP]SRBAC: Implement project-personas in Tacker
Gerrit topic: https:/
Addressed by: https:/
[WIP]
Gerrit topic: https:/
Addressed by: https:/
Pass RequestContext to oslo_policy
Gerrit topic: https:/
Addressed by: https:/
Introduce project scope_types in tacker policy
Addressed by: https:/
Add new default base rules and mapping in policy base class
Addressed by: https:/
Add new default roles in vnf-lcm API policies
Addressed by: https:/
Add new default roles in vnf-package API policies
Gerrit topic: https:/
Addressed by: https:/
Add Tacker RBAC change documentation
Addressed by: https:/
Add testing framework for RBAC
Addressed by: https:/
Add RBAC tests for VNF LCM APIs
Gerrit topic: https:/
Addressed by: https:/
Add RBAC tests for VNF Package APIs
Gerrit topic: https:/
Addressed by: https:/
Introduce project scope_types in VNF Package policy
Gerrit topic: https:/
Gerrit topic: https:/
Gerrit topic: https:/
Addressed by: https:/
Add new default roles in vnf-lcm API policies
Addressed by: https:/
Introduce project scope_types in VNF Package policy
Addressed by: https:/
Add new default roles in vnf-package API policies
Addressed by: https:/
Add Tacker RBAC change documentation and release notes