| 2021-04-27 18:56:16 |
Lance Bragstad |
description |
Now that keystone supports system-scope as well as default roles, several upstream OpenStack services are updating their default policies to be more secure [0].
Horizon may need to understand how these services are configured via policy to present the proper panels to certain users (e.g., should the admin panels be presented to project-admins modeling the old behavior or should they only be presented to system-users?)
This bug is to track the work for horizon to evaluate the configuration changes necessary to deploy secure RBAC.
[0] Using system-scope to fix https://bugs.launchpad.net/glance/+bug/968696 |
Now that keystone supports system-scope as well as default roles, several upstream OpenStack services are updating their default policies to be more secure [0].
Horizon may need to understand how these services are configured via policy to present the proper panels to certain users (e.g., should the admin panels be presented to project-admins modeling the old behavior or should they only be presented to system-users?)
This bug is to track the work for horizon to evaluate the configuration changes necessary to deploy secure RBAC. This topic was discussed during the Xena PTG [1].
[0] Using system-scope to fix https://bugs.launchpad.net/glance/+bug/968696
[1] https://etherpad.opendev.org/p/policy-popup-xena-ptg |
|
