Hi Kristy, Have you try the "[]" or "@" rule as mentioned here?
https://github.com/openstack/keystone/blob/master/keystone/openstack/common/ policy.py#L71 Guang > -----Original Message----- > From: K.W.S.Siu [mailto:k.w.s....@kent.ac.uk] > Sent: Tuesday, August 12, 2014 3:44 AM > To: openstack Mailing List > Subject: [openstack-dev] [keystone] Configuring protected API functions > to allow public access > > Hi All, > > Correct me if I am wrong but I don't think you can configure the > Keystone policy.json to allow public access to an API function, as far > as I can tell you can allow access to any authenticated user regardless > of role assignments but not public access. > > My use case is a client which allows users to query for a list of > supported identity providers / protocols so that the user can then > select which provider to authenticate with - as the user is > unauthenticated at the time of the query the request needs to allow > public access to the 'List Identity Providers' API function. > > I can remove the protected decorator from the required functions but > this is a nasty hack. > > I suggest that it should be possible to configure this kind of access > rule on a deployment by deployment basis and I was just hoping to get > some thoughts on this. > > Many thanks, > Kristy > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev