[openstack-dev] Dynamic Policy for Access Control Subteam Meeting

Adam Young ayoung at redhat.com
Thu Jun 4 16:42:01 UTC 2015

On 06/04/2015 09:40 AM, Sean Dague wrote:
>>> Is there some secret dragon I'm missing here?
>> >
>> >No.  But it is a significant bit of coding to do;  you would need to
>> >crawl every API and make sure you hit every code path that could enforce
>> >policy.
> Um, I don't understand that.
> I'm saying that you'd "GEThttps://my.nova.api.server/policy"
What would that return?  The default policy.json file that you ship?  Or 
would it be auto-generated based on enforcement in the code?

If it is auto-generated, you need to crawl the code, somehow, to 
generate that.

If it is policy.json, then you are not implementing the defaults in 
code, just returning the one managed by the CMS and deployed with the 
Service endpoint.

More information about the OpenStack-dev mailing list