tacker

Secure RBAC: Implement support of project-personas in Tacker

Registered by Manpreet Kaur

In the OpenStack Zed cycle, the Technical committee proposed introducing the project scope personas [1].

This is to introduce the member and reader roles to operate things within their project. By default, any other project role like foo will not be allowed to do anything in the project.

Reference for RBAC Etherpads:
https://etherpad.opendev.org/p/rbac-goal-tracking
https://etherpad.opendev.org/p/rbac-zed-ptg

[1] https://review.opendev.org/c/openstack/governance/+/847418

Blueprint information

Status:
Not started
Approver:
Yasufumi Ogawa
Priority:
Undefined
Drafter:
Manpreet Kaur
Direction:
Needs approval
Assignee:
Manpreet Kaur
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/implement-reader-role

Addressed by: https://review.opendev.org/c/openstack/tacker-specs/+/866956
    [WIP]SRBAC: Implement project-personas in Tacker

Gerrit topic: https://review.opendev.org/#/q/topic:bp/implement-project-personas

Addressed by: https://review.opendev.org/c/openstack/tacker/+/870730
    [WIP]SRBAC:Implement Project Personas in Tacker

Gerrit topic: https://review.opendev.org/#/q/topic:secure-rbac

Addressed by: https://review.opendev.org/c/openstack/tacker/+/907021
    Pass RequestContext to oslo_policy

Gerrit topic: https://review.opendev.org/#/q/topic:secure-rbac2

Addressed by: https://review.opendev.org/c/openstack/tacker/+/907022
    Introduce project scope_types in tacker policy

Addressed by: https://review.opendev.org/c/openstack/tacker/+/907024
    Add new default base rules and mapping in policy base class

Addressed by: https://review.opendev.org/c/openstack/tacker/+/907025
    Add new default roles in vnf-lcm API policies

Addressed by: https://review.opendev.org/c/openstack/tacker/+/907026
    Add new default roles in vnf-package API policies

Gerrit topic: https://review.opendev.org/#/q/topic:sr1

Addressed by: https://review.opendev.org/c/openstack/tacker/+/907694
    Add Tacker RBAC change documentation

Addressed by: https://review.opendev.org/c/openstack/tacker/+/908394
    Add testing framework for RBAC

Addressed by: https://review.opendev.org/c/openstack/tacker/+/908559
    Add RBAC tests for VNF LCM APIs

Gerrit topic: https://review.opendev.org/#/q/topic:rbac3

Addressed by: https://review.opendev.org/c/openstack/tacker/+/908728
    Add RBAC tests for VNF Package APIs

Gerrit topic: https://review.opendev.org/#/q/topic:rbac51

Addressed by: https://review.opendev.org/c/openstack/tacker/+/908752
    Introduce project scope_types in VNF Package policy

Gerrit topic: https://review.opendev.org/#/q/topic:rbac71

Gerrit topic: https://review.opendev.org/#/q/topic:srbac12

Gerrit topic: https://review.opendev.org/#/q/topic:caracal-r2

Addressed by: https://review.opendev.org/c/openstack/tacker/+/914055
    Add new default roles in vnf-lcm API policies

Addressed by: https://review.opendev.org/c/openstack/tacker/+/914056
    Introduce project scope_types in VNF Package policy

Addressed by: https://review.opendev.org/c/openstack/tacker/+/914057
    Add new default roles in vnf-package API policies

Addressed by: https://review.opendev.org/c/openstack/tacker/+/914058
    Add Tacker RBAC change documentation and release notes

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.