[oslo][keystone][nova] Spec for moving policy format default to YAML
One of the outcomes of the Oslo PTG session on Monday was that we need to make YAML the official default for olso.policy instead of just the unofficial default as it has been since policy-in-code happened. The reason this hasn't happened before now is that it is complex and fraught with security concerns, but the RBAC work going on now has made it clear that we need do it anyway. To that end, I've written a spec[0] that I believe captures the plan we outlined in the PTG session. If this is relevant to your interests, please take a look and leave feedback. Thanks. -Ben 0: https://review.opendev.org/733650
---- On Thu, 04 Jun 2020 10:57:00 -0500 Ben Nemec <openstack@nemebean.com> wrote ----
One of the outcomes of the Oslo PTG session on Monday was that we need to make YAML the official default for olso.policy instead of just the unofficial default as it has been since policy-in-code happened. The reason this hasn't happened before now is that it is complex and fraught with security concerns, but the RBAC work going on now has made it clear that we need do it anyway.
To that end, I've written a spec[0] that I believe captures the plan we outlined in the PTG session. If this is relevant to your interests, please take a look and leave feedback.
Thanks, Ben for composing the spec, I added one comment about warning on having default rules in the file. Also, we will be tracking this in policy-popup team also as these are the things to finish before other projects ship the new policy. -gmann
Thanks.
-Ben
participants (2)
-
Ben Nemec
-
Ghanshyam Mann