[Openstack] Integrate External Service with Keystone
Remo Mattei
remo at italy1.com
Sun Apr 20 21:29:45 UTC 2014
Hi Reza,
as Adam suggested, I have in fact, created a new lab for some of the new hire regarding this topic. Here is the public URL you can use to follow the instruction on how to do this.
http://docs.openstack.org/developer/horizon/topics/policy.html
> On 04/17/2014 02:15 AM, Reza Bakhshayeshi wrote:
>> Hi,
>>
>> I want to integrate an external service with keystone, in a way that only an authorized user in keystone could make access to that service.
>> In the simplest form, consider it as a web service which receive the user's request and return a specific feature of his/her instance.
>> Surely, users should be unable to see other's instance specifications, and must be authorized in the keystone.
>> What do you think is the best way of performing this scenario?
>
> Use RBAC, create a Role specific to your new service, and only assign that role to people that you trust. Create a policy file that checks for that the calling user has that role before any operations.
>>
>> Thanks,
>> Reza
>>
>>
>>
>> _______________________________________________
>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org
>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
> !DSPAM:1,53543175213691779914982!
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,53543175213691779914982!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140420/af885136/attachment.html>
More information about the Openstack
mailing list