[Openstack] Integrate External Service with Keystone

Adam Young ayoung at redhat.com
Sun Apr 20 20:35:21 UTC 2014


On 04/17/2014 02:15 AM, Reza Bakhshayeshi wrote:
> Hi,
>
> I want to integrate an external service with keystone, in a way that 
> only an authorized user in keystone could make access to that service.
> In the simplest form, consider it as a web service which receive the 
> user's request and return a specific feature of his/her instance.
> Surely, users should be unable to see other's instance specifications, 
> and must be authorized in the keystone.
> What do you think is the best way of performing this scenario?

Use RBAC, create a Role specific to your new service, and only assign 
that role to people that you trust.  Create a policy file that checks 
for that the calling user has that role before any operations.
>
> Thanks,
> Reza
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140420/13bbf76c/attachment.html>


More information about the Openstack mailing list