[openstack-dev] [TripleO][keystone] Pt. 2 of Passing along some field feedback
Ben Nemec
openstack at nemebean.com
Wed Jun 28 20:20:59 UTC 2017
On 06/28/2017 02:47 PM, Lance Bragstad wrote:
>
>
> On 06/28/2017 02:29 PM, Fox, Kevin M wrote:
>> I think everyone would benefit from a read-only role for keystone out of the box. Can we get this into keystone rather then in the various distro's?
> Yeah - I think that would be an awesome idea. John Garbutt had some good
> work on this earlier in the cycle. Most of it was documented in specs
> [0] [1]. FWIW - this will be another policy change that is going to have
> cross-project effects. It's implementation or impact won't be isolated
> to keystone if we want read-only roles out-of-the-box.
>
> [0] https://review.openstack.org/#/c/427872/19
> [1] https://review.openstack.org/#/c/428454/
Cool, I will point our folks at those specs. I know doing a custom
read-only role has been pretty painful, so I expect they would be very
happy if this functionality could become standard.
Thanks for the replies.
-Ben
More information about the OpenStack-dev
mailing list