[Openstack] Integrate External Service with Keystone

Reza Bakhshayeshi reza.b2008 at gmail.com
Tue Apr 22 09:32:39 UTC 2014


Thanks Adam and Remo, I'll check it out.


On 21 April 2014 01:59, Remo Mattei <remo at italy1.com> wrote:

> Hi Reza,
> as Adam suggested, I have in fact, created a new lab for some of the new
> hire regarding this topic. Here is the public URL you can use to follow the
> instruction on how to do this.
>
> http://docs.openstack.org/developer/horizon/topics/policy.html
>
>
>
>  On 04/17/2014 02:15 AM, Reza Bakhshayeshi wrote:
>
>  Hi,
>
>  I want to integrate an external service with keystone, in a way that
> only an authorized user in keystone could make access to that service.
>  In the simplest form, consider it as a web service which receive the
> user's request and return a specific feature of his/her instance.
>  Surely, users should be unable to see other's instance specifications,
> and must be authorized in the keystone.
> What do you think is the best way of performing this scenario?
>
>
> Use RBAC, create a Role specific to your new service, and only assign that
> role to people that you trust.  Create a policy file that checks for that
> the calling user has that role before any operations.
>
>
>  Thanks,
>  Reza
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,53543175213691779914982!
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,53543175213691779914982!
>
>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140422/726a22c4/attachment.html>


More information about the Openstack mailing list