On Mon, Jan 6, 2014 at 2:56 PM, Georgy Okrokvertskhov < gokrokvertskhov at mirantis.com> wrote: > Hi, > > In Solum project we will need to implement security and ACL for Solum API. > Currently we use Pecan framework for API. Pecan has its own security model > based on SecureController class. At the same time OpenStack widely uses > policy mechanism which uses json files to control access to specific API > methods. > > I wonder if someone has any experience with implementing security and ACL > stuff with using Pecan framework. What is the right way to provide security > for API? > In ceilometer we are using the keystone middleware and the policy framework to manage arguments that constrain the queries handled by the storage layer. http://git.openstack.org/cgit/openstack/ceilometer/tree/ceilometer/api/acl.py and http://git.openstack.org/cgit/openstack/ceilometer/tree/ceilometer/api/controllers/v2.py#n337 Doug > > Thanks > Georgy > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140106/a15d6d76/attachment.html>