[openstack-dev] [Horizon][RBAC] Approach to eliminate hard-coded checks based on roles
Thiago Paiva
thiagop at lsd.ufcg.edu.br
Fri Jun 20 13:55:23 UTC 2014
Hello everyone,
Today, Horizon protect its resources (views, Dashboards or Panels) using
a hard-coded approach, restricting on code the access to users having
determined roles (like Admin). This problem was already addressed in
this bug: https://bugs.launchpad.net/horizon/+bug/1226627
In an attempt to flexibilize the RBAC control over Horizon resources, I
designed an approach that involves the creation of a (temporary)
Horizon's policy file. This file receives rules to protect every
resource, controlling the access on Horizon and has the flexibility for
cloud-providers to edit these rules and add the checks over the roles
that best meet their needs.
A POC of this approach was sent to Gerrit as WIP, so you may evaluate
the viability of the approach. It's avaliable on the review link below.
I'd like you to take a look and send some feedback. If it seems viable
to you guys, I'll write a blueprint (or spec) to address this change.
https://review.openstack.org/#/c/99446/
Thanks,
--
Thiago Paiva Brito
Software Engineer
Advanced OpenStack Brazil Team
More information about the OpenStack-dev
mailing list