On Tue, Aug 12, 2014 at 10:30 AM, Yee, Guang <guang....@hp.com> wrote:
> Hi Kristy, > > Have you try the "[]" or "@" rule as mentioned here? > That still requires valid authentication though, just not any specific authorization. I don't think we have a way to express truly public resources in oslo.policy. > > > https://github.com/openstack/keystone/blob/master/keystone/openstack/common/ > policy.py#L71 > > > > Guang > > > > -----Original Message----- > > From: K.W.S.Siu [mailto:k.w.s....@kent.ac.uk] > > Sent: Tuesday, August 12, 2014 3:44 AM > > To: openstack Mailing List > > Subject: [openstack-dev] [keystone] Configuring protected API functions > > to allow public access > > > > Hi All, > > > > Correct me if I am wrong but I don't think you can configure the > > Keystone policy.json to allow public access to an API function, as far > > as I can tell you can allow access to any authenticated user regardless > > of role assignments but not public access. > > > > My use case is a client which allows users to query for a list of > > supported identity providers / protocols so that the user can then > > select which provider to authenticate with - as the user is > > unauthenticated at the time of the query the request needs to allow > > public access to the 'List Identity Providers' API function. > > > > I can remove the protected decorator from the required functions but > > this is a nasty hack. > > > > I suggest that it should be possible to configure this kind of access > > rule on a deployment by deployment basis and I was just hoping to get > > some thoughts on this. > > > > Many thanks, > > Kristy > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev