[openstack-dev] Dynamic Policy for Access Control Subteam Meeting
Adam Young
ayoung at redhat.com
Thu Jun 4 16:42:01 UTC 2015
On 06/04/2015 09:40 AM, Sean Dague wrote:
>>> Is there some secret dragon I'm missing here?
>> >
>> >No. But it is a significant bit of coding to do; you would need to
>> >crawl every API and make sure you hit every code path that could enforce
>> >policy.
> Um, I don't understand that.
>
> I'm saying that you'd "GEThttps://my.nova.api.server/policy"
What would that return? The default policy.json file that you ship? Or
would it be auto-generated based on enforcement in the code?
If it is auto-generated, you need to crawl the code, somehow, to
generate that.
If it is policy.json, then you are not implementing the defaults in
code, just returning the one managed by the CMS and deployed with the
Service endpoint.
More information about the OpenStack-dev
mailing list