Re: [openstack-dev] [keystone] [nova] [oslo] oslo.policy requests from the Nova team

On 06/02/2015 06:16 PM, David Lyle wrote: > The Horizon project also uses the nova policy.json file to do role based > access control (RBAC) on the actions a user can perform. If the defaults > are hidden in the code, that makes those checks a lot more difficult to > perform. Horizon will then get

Re: [openstack-dev] [keystone] [nova] [oslo] oslo.policy requests from the Nova team

one] [nova] [oslo] oslo.policy requests from the Nova team On 2 June 2015 at 17:22, Sean Dague wrote: > Nova has a very large API, and during the last release cycle a lot of > work was done to move all the API checking properly into policy, and > not do admin context checks at the database l

Re: [openstack-dev] [keystone] [nova] [oslo] oslo.policy requests from the Nova team

On 2 June 2015 at 17:22, Sean Dague wrote: > Nova has a very large API, and during the last release cycle a lot of > work was done to move all the API checking properly into policy, and not > do admin context checks at the database level. The result is a very > large policy file - > https://github

Re: [openstack-dev] [keystone] [nova] [oslo] oslo.policy requests from the Nova team

On 2 June 2015 at 23:48, Kevin L. Mitchell wrote: > On Tue, 2015-06-02 at 16:16 -0600, David Lyle wrote: >> The Horizon project also uses the nova policy.json file to do role >> based access control (RBAC) on the actions a user can perform. If the >> defaults are hidden in the code, that makes tho

Re: [openstack-dev] [keystone] [nova] [oslo] oslo.policy requests from the Nova team

On Tue, 2015-06-02 at 16:16 -0600, David Lyle wrote: > The Horizon project also uses the nova policy.json file to do role > based access control (RBAC) on the actions a user can perform. If the > defaults are hidden in the code, that makes those checks a lot more > difficult to perform. Horizon wil

Re: [openstack-dev] [keystone] [nova] [oslo] oslo.policy requests from the Nova team

The Horizon project also uses the nova policy.json file to do role based access control (RBAC) on the actions a user can perform. If the defaults are hidden in the code, that makes those checks a lot more difficult to perform. Horizon will then get to duplicate all the hard coded defaults in our co

Re: [openstack-dev] [keystone] [nova] [oslo] oslo.policy requests from the Nova team

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/02/2015 06:22 PM, Sean Dague wrote: > Nova has a very large API, and during the last release cycle a lot > of work was done to move all the API checking properly into policy, > and not do admin context checks at the database level. The result >

[openstack-dev] [keystone] [nova] [oslo] oslo.policy requests from the Nova team

Nova has a very large API, and during the last release cycle a lot of work was done to move all the API checking properly into policy, and not do admin context checks at the database level. The result is a very large policy file - https://github.com/openstack/nova/blob/master/etc/nova/policy.json