On 06/28/2017 02:47 PM, Lance Bragstad wrote:
On 06/28/2017 02:29 PM, Fox, Kevin M wrote:
I think everyone would benefit from a read-only role for keystone out of the
box. Can we get this into keystone rather then in the various distro's?
Yeah - I think that would be an awesome idea. John Garbutt had some good
work on this earlier in the cycle. Most of it was documented in specs
[0] [1]. FWIW - this will be another policy change that is going to have
cross-project effects. It's implementation or impact won't be isolated
to keystone if we want read-only roles out-of-the-box.
[0] https://review.openstack.org/#/c/427872/19
[1] https://review.openstack.org/#/c/428454/
Cool, I will point our folks at those specs. I know doing a custom
read-only role has been pretty painful, so I expect they would be very
happy if this functionality could become standard.
Thanks for the replies.
-Ben
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
