Le 21/11/2013 10:04, Yuriy Taraday a écrit :
On Thu, Nov 21, 2013 at 12:37 PM, Sylvain Bauza
<sylvain.ba...@bull.net <mailto:sylvain.ba...@bull.net>> wrote:
Hi Yuriy, Dolph et al.
I'm implementing a climate.policy.check_is_admin(ctx) which will
look at policy.json entry 'context_is_admin' for knowing which
roles do have elevated rights for Climate.
This check must be called when creating a context for knowing if
we can allow extra rights. The is_admin flag is pretty handsome
because it can be triggered upon that check.
If we say that one is bad, how should we manage that ?
-Sylvain
There should be no need for is_admin and some special policy rule like
"context_is_admin".
Every action that might require granular access control (for
controllers it should be every action at all, I guess) should call
enforce() from openstack.common.policy to check appropriate rule in
policy.json.
Rules for actions that require user to be admin should contain a
reference to some basic rule like "admin_required" in Keystone (see
https://github.com/openstack/keystone/blob/master/etc/policy.json).
We should not check from code if the user is an admin. We should
always ask openstack.common.policy if the user have access to the action.
--
Kind regards, Yuriy.
Thanks for all your thoughts, really appreciated. OK, I will discuss
with Swann and see what needs to be modified accordingly.
I'll deliver a new patchset for https://review.openstack.org/#/c/57200/
(policies) based on Context patch from Swann and having is_admin, and
then I'll iterate removing the necessary parts.
-Sylvain
(Btw, that's bad I spent a few days implementing policies without clear
guidelines and copying Nova stuff with latest Oslo policies, we
definitely need developer documentation for that...)
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
