[Openstack-operators] What would you like in Pike?
mriedem at linux.vnet.ibm.com
Mon Jan 23 18:24:47 UTC 2017
On 1/18/2017 3:06 PM, Sam Morrison wrote:
> I would love it if all the projects policy.json was actually usable. Too
> many times the policy.json isn’t the only place where authN happens with
> lots of hard coded is_admin etc.
> Just the ability to to have a certain role to a certain thing would be
> amazing. It makes it really hard to have read only users to generate
> reports with that we can show our funders how much people use our
> openstack cloud.
I'd like to get your feedback on the policy-in-code changes for Nova in
the Newton release along with the related Nova policy CLIs. Some of that
is probably not well documented or communicated, but it was trying to
build into a place where you can get more information about what an
individual user or project is able to do with Nova from an access
perspective. The immediate benefit with policy-in-code was simplifying
your policy file such that it can be empty if you are just going with
the defaults, and then only add/change the defaults as needed in the
policy.json (or policy.yaml). There was some other discussion on
long-term goals for policy at the Austin summit which I could dig up if
More information about the OpenStack-operators