Open Stack

On 1/18/2017 3:06 PM, Sam Morrison wrote:
> I would love it if all the projects policy.json was actually usable. Too
> many times the policy.json isn’t the only place where authN happens with
> lots of hard coded is_admin etc.
>
> Just the ability to to have a certain role to a certain thing would be
> amazing. It makes it really hard to have read only users to generate
> reports with that we can show our funders how much people use our
> openstack cloud.
>
> Cheers,
> Sam
> (non-enterprise)
>

Sam,

I'd like to get your feedback on the policy-in-code changes for Nova in 
the Newton release along with the related Nova policy CLIs. Some of that 
is probably not well documented or communicated, but it was trying to 
build into a place where you can get more information about what an 
individual user or project is able to do with Nova from an access 
perspective. The immediate benefit with policy-in-code was simplifying 
your policy file such that it can be empty if you are just going with 
the defaults, and then only add/change the defaults as needed in the 
policy.json (or policy.yaml). There was some other discussion on 
long-term goals for policy at the Austin summit which I could dig up if 
needed.

-- 

Thanks,

Matt Riedemann