OpenStack Dashboard (Horizon)

Horizon should use the authorization API in keystone to build authorization targets for users

Bug #1926345 reported by Lance Bragstad on 2021-04-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Triaged	High	Akihiro Motoki

Bug Description

During the Xena PTG we discussed how to continue integrating the secure RBAC effort into Horizon [0].

One improvement we agreed upon was for Horizon to use the user's unscoped token to fetch authorization scopes (GET /v3/auth/projects, GET /v3/auth/domains, GET /v3/auth/system) [1].

Then horizon can present a list of targets and rescope tokens similar to what it does today. Additionally, this is a good way to start integrating support for system-scoped tokens into Horizon, which horizon will need in the future when it's required by policy.

[0] https://etherpad.opendev.org/p/policy-popup-xena-ptg
[1] https://docs.openstack.org/api-ref/identity/v3/?expanded=get-available-project-scopes-detail#authentication-and-token-management

Tatiana Ovchinnikova (tmazur) on 2021-05-05

Changed in horizon:
status:	New → Triaged
importance:	Undecided → High

Tatiana Ovchinnikova (tmazur) on 2021-05-05

Changed in horizon:
assignee:	nobody → Akihiro Motoki (amotoki)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.