On 06/28/2017 03:20 PM, Ben Nemec wrote: > > > On 06/28/2017 02:47 PM, Lance Bragstad wrote: >> >> >> On 06/28/2017 02:29 PM, Fox, Kevin M wrote: >>> I think everyone would benefit from a read-only role for keystone >>> out of the box. Can we get this into keystone rather then in the >>> various distro's? >> Yeah - I think that would be an awesome idea. John Garbutt had some good >> work on this earlier in the cycle. Most of it was documented in specs >> [0] [1]. FWIW - this will be another policy change that is going to have >> cross-project effects. It's implementation or impact won't be isolated >> to keystone if we want read-only roles out-of-the-box. >> >> [0] https://review.openstack.org/#/c/427872/19 >> [1] https://review.openstack.org/#/c/428454/ > > Cool, I will point our folks at those specs. I know doing a custom > read-only role has been pretty painful, so I expect they would be very > happy if this functionality could become standard. Absolutely - it would be awesome to provide some standard roles out of the box (at least for the sake of interoperability). I'm happy to help in any way I can. We also have the weekly policy meeting that's focused on nailing down cross-project issues with policy [0].
[0] http://eavesdrop.openstack.org/#Keystone_Policy_Meeting > > Thanks for the replies. > > -Ben > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
signature.asc
Description: OpenPGP digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
