Open Stack

On 05/31/2016 04:01 PM, Jay Faulkner wrote:
> Hi all,
> 
> 
> During this cycle, on behalf of OSIC, I'll be working on implementing proper
> oslo.policy support for Ironic. The reasons this is needed probably don't need
> to be explained here, so I won't :).
> 
> 
> I have two requests for the list regarding this though:
> 
> 
> 1) Is there a general guideline to follow when designing policy roles? There
> appears to have been some discussion around this already
> here: https://review.openstack.org/#/c/245629/, but it hasn't moved in over a
> month. I want Ironic's implementation of policy to be as 'standard' as possible;
> but I've had trouble finding any kind of standard.
> 
> 
> 2) A general call for contributors to help make this happen in Ironic. I want,
> in the next week, to finish up the research and start on a spec. Anyone willing
> to help with the design or implementation let me know here or in IRC so we can
> work together.
> 
> 
> Thanks in advance,
> 
> Jay Faulkner
> 

Hi Jay,

Morgan and I sat down earlier this week to brainstorm on adding policy checks to
Ironic's API. Turns out, all the glue for enforcing policy is *already* in place
in the project, but we haven't implemented enforcement within specific API
methods yet. It's not going to be that much work -- I already have a POC up
locally with a few new policy settings.

I'll be happy to work on the spec with you, and hope to have the POC in a
shareable form within a couple days.

--Devananda