On 04/17/2014 02:15 AM, Reza Bakhshayeshi wrote:
Hi,
I want to integrate an external service with keystone, in a way that
only an authorized user in keystone could make access to that service.
In the simplest form, consider it as a web service which receive the
user's request and return a specific feature of his/her instance.
Surely, users should be unable to see other's instance specifications,
and must be authorized in the keystone.
What do you think is the best way of performing this scenario?
Use RBAC, create a Role specific to your new service, and only assign
that role to people that you trust. Create a policy file that checks
for that the calling user has that role before any operations.
Thanks,
Reza
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
