[Openstack] Integrate External Service with Keystone

Remo Mattei remo at italy1.com
Sun Apr 20 21:29:45 UTC 2014


Hi Reza, 
as Adam suggested, I have in fact, created a new lab for some of the new hire regarding this topic. Here is the public URL you can use to follow the instruction on how to do this. 

http://docs.openstack.org/developer/horizon/topics/policy.html



> On 04/17/2014 02:15 AM, Reza Bakhshayeshi wrote:
>> Hi,
>> 
>> I want to integrate an external service with keystone, in a way that only an authorized user in keystone could make access to that service.
>> In the simplest form, consider it as a web service which receive the user's request and return a specific feature of his/her instance.
>> Surely, users should be unable to see other's instance specifications, and must be authorized in the keystone.
>> What do you think is the best way of performing this scenario?
> 
> Use RBAC, create a Role specific to your new service, and only assign that role to people that you trust.  Create a policy file that checks for that the calling user has that role before any operations. 
>> 
>> Thanks,
>> Reza
>> 
>> 
>> 
>> _______________________________________________
>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> 
> !DSPAM:1,53543175213691779914982!
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> 
> 
> !DSPAM:1,53543175213691779914982!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140420/af885136/attachment.html>


More information about the Openstack mailing list