There are a couple of places to look to see the current dev effort in Swift around ACLs.
In no particular order: * Supporting a service token in Swift https://review.openstack.org/#/c/105228/ * Adding policy engine support to Swift https://review.openstack.org/#/c/89568/ * Fixing ACLs to work with Keystone v3+ https://review.openstack.org/#/c/86430/ Some of the above may be in line with what you're looking for. --John On Jul 10, 2014, at 8:17 PM, Osanai, Hisashi <[email protected]> wrote: > > Hi, > > I looked for info about role-based access control in swift because > I would like to prohibit PUT operations to containers like create > containers and set ACLs. > > Other services like Nova, Cinder have "policy.json" file but Swift doesn't. > And I found out the following info. > - Swift ACL's migration > - Centralized policy management > > Do you have detail info for above? > > http://dolphm.com/openstack-juno-design-summit-outcomes-for-keystone/ > --- > Migrate Swift ACL's from a highly flexible Tenant ID/Name basis, which worked > reasonably well against Identity API v2, to strictly be based on v3 Project > IDs. The driving requirement here is that Project Names are no longer > globally unique in v3, as they're only unique within a top-level domain. > --- > Centralized policy management > Keystone currently provides an unused /v3/policies API that can be used to > centralize policy blob management across OpenStack. > > > Best Regards, > Hisashi Osanai > > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
