[Openstack-security] [openstack/barbican-specs] SecurityImpact review request change I80b4d5506ad0cb289f77db8ad0d9632bea9ae474
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Jun 15 16:56:36 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/191076
Log:
commit 393fe6a62acec625437c4065a90e7320b25a6e18
Author: jfwood <john.wood at rackspace.com>
Date: Fri Jun 12 08:41:34 2015 -0500
Add List of Group-IDs to ACL for Secrets/Containers
The current access control list (ACL) approach in Barbican only allows
for adding user IDs for access to a given secret or container. This
blueprint proposes allowing group IDs to be added to ACLs to
accommodate users within specified groups access to
secrets/containers as well. Adding group support to ACLs would support
LDAP group based access to secrets/containers.
This blueprint depends on the approval of a Keystone blueprint:
https://review.openstack.org/#/c/188564/
Change-Id: I80b4d5506ad0cb289f77db8ad0d9632bea9ae474
Implements: blueprint api-acl-add-group-list
APIImpact: Update /v1/.../acls resource to add new 'groups' list
DocImpact: Update acls resource docs to mention a new 'groups' list
SecurityImpact: Adds a new means to access secrets and containers
More information about the Openstack-security
mailing list