© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
We discussed this bug at some length on the 18th of December.
As indicated by the age of this bug this is a non-trivial feature to provide even with the new support in selected charms to provide policy override files.
Enabling a new type of role is a somewhat risky process for a couple of reasons:
a) New policy rules must be both positively and negatively tested to ensure both the intent of the new 'read-only' rules/role and to ensure that the existing functionality of the rules for members and admins is maintained.
b) Policies must be regression between OpenStack releases - its possible that an endpoint/function and associated rule will no longer be valid.
Based on IRC and email conversation this feels like a feature that is still required but in order to implement this in a risk free way, it needs proper validation and testing.
Policy Overrides may look like a neat way to implement this, and maybe the solution is to provide a set of override files for all services that provide this feature, but that's just part of the challenge - testing is probably the larger task here.