[openstack-dev] [keystone] Service scoped role definition
David Chadwick
d.w.chadwick at kent.ac.uk
Tue Dec 10 08:29:58 UTC 2013
How about the following which clearly separates naming and scoping
constraints
{
"role": {
"id": "76e72a",
"domain_id" = "--id--", (optional, if present, role is named by
specific domain)
"project_id" = "--id--", (optional, if present, role is named
by project)
"service_id" = "--id--", (optional, if present, role is named
by service)
"name": "---role_name---", (must be unique when combined with
domain, project and service ids)
"scope": {"id": "---id---", (resource_id)
"type": "service | file | domain etc.",
"endpoint":"---endpoint---"
}
}
}
regards
David
More information about the OpenStack-dev
mailing list