We are still using mysql backend for Keystone. We are using a customization for Horizon that's public https://github.com/blueboxgroup/horizon-customization
and then we have crafted policy files that are public as well (e.g. https://github.com/blueboxgroup/ursula/blob/master/roles/nova-common/templates/etc/nova/policy.json ) Lastly we have middleware for keystone (not public) that does some filtering of what various roles can see, which in effect keeps "admin" role from being able to see "cloud_admin" things. - jlk On Tue, Dec 29, 2015 at 12:28 AM, Oğuz Yarımtepe <[email protected]> wrote: > Using a middleware is what we are doing also. Can you give more details > about your structure? Our middleware is like the Rackspace OpenRepose. What > do you use for role definitions? Are you using any backend for Keystone > like LDAP? > > Regards. > > > > On Thu, Dec 10, 2015 at 9:55 PM, Jesse Keating <[email protected]> wrote: > >> We use RBAC, however we've done it based on roles and some middleware. >> The policy files are essentially static. >> >> >> - jlk >> >> On Wed, Dec 9, 2015 at 12:39 AM, Oguz Yarimtepe <[email protected]> >> wrote: >> >>> Hi, >>> >>> I am wondering whether there are people using RBAC at production. The >>> policy.json file has a structure that requires restart of the service each >>> time you edit the file. Is there and on the fly solution or tips about it? >>> >>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> [email protected] >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >> >> > > > -- > Oğuz Yarımtepe > http://about.me/oguzy >
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
