OpenStack Dashboard (Horizon)

Add a configuration option so that horizon can be deployed to enforce scope

Bug #1926347 reported by Lance Bragstad on 2021-04-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Triaged	High	Akihiro Motoki

Bug Description

Now that keystone supports system-scope as well as default roles, several upstream OpenStack services are updating their default policies to be more secure [0].

Horizon may need to understand how these services are configured via policy to present the proper panels to certain users (e.g., should the admin panels be presented to project-admins modeling the old behavior or should they only be presented to system-users?)

This bug is to track the work for horizon to evaluate the configuration changes necessary to deploy secure RBAC. This topic was discussed during the Xena PTG [1].

[0] Using system-scope to fix https://bugs.launchpad.net/glance/+bug/968696
[1] https://etherpad.opendev.org/p/policy-popup-xena-ptg

See original description

Lance Bragstad (lbragstad) on 2021-04-27

description:

updated

Tatiana Ovchinnikova (tmazur) on 2021-05-05

Changed in horizon:
importance:	Undecided → High
status:	New → Triaged

Tatiana Ovchinnikova (tmazur) on 2021-05-05

Changed in horizon:
assignee:	nobody → Akihiro Motoki (amotoki)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.