Hi Yuriy, Dolph et al.
I'm implementing a climate.policy.check_is_admin(ctx) which will look at
policy.json entry 'context_is_admin' for knowing which roles do have
elevated rights for Climate.
This check must be called when creating a context for knowing if we can
allow extra rights. The
On Thu, Nov 21, 2013 at 12:37 PM, Sylvain Bauza sylvain.ba...@bull.netwrote:
Hi Yuriy, Dolph et al.
I'm implementing a climate.policy.check_is_admin(ctx) which will look at
policy.json entry 'context_is_admin' for knowing which roles do have
elevated rights for Climate.
This check must be
Le 21/11/2013 10:04, Yuriy Taraday a écrit :
On Thu, Nov 21, 2013 at 12:37 PM, Sylvain Bauza
sylvain.ba...@bull.net mailto:sylvain.ba...@bull.net wrote:
Hi Yuriy, Dolph et al.
I'm implementing a climate.policy.check_is_admin(ctx) which will
look at policy.json entry
Hi,
When reviewing https://review.openstack.org/#/c/54539/, it appeared to
me that we need to make consensus on the way to know that a request is
having admin creds.
Currently, for implementing policies check in Climate, I'm looking at
context.roles dict, which contains the unicode string
On Wed, Nov 20 2013, Sylvain Bauza wrote:
When reviewing https://review.openstack.org/#/c/54539/, it appeared to me
that we need to make consensus on the way to know that a request is having
admin creds.
Currently, for implementing policies check in Climate, I'm looking at
context.roles
Le 20/11/2013 11:18, Julien Danjou a écrit :
It depends on how fine grained you want your ACL to be,
Then, that's policy matter to let you know if you can trust the user or not.
I'm digging into
http://adam.younglogic.com/2013/11/policy-enforcement-in-openstack/,great value
for knowing how
Looking at implementations in Keystone and Nova, I found the only use for
is_admin but it is essential.
Whenever in code you need to run a piece of code with admin privileges, you
can create a new context with is_admin=True keeping all other parameters
as is, run code requiring admin access and
Hi Yuriy,
Le 20/11/2013 11:56, Yuriy Taraday a écrit :
Looking at implementations in Keystone and Nova, I found the only use
for is_admin but it is essential.
Whenever in code you need to run a piece of code with admin
privileges, you can create a new context with is_admin=True keeping
all
I suppose it's ok - just rebase from Swann's commit to have is_admin param
to use.
On Wed, Nov 20, 2013 at 3:21 PM, Sylvain Bauza sylvain.ba...@bull.netwrote:
Hi Yuriy,
Le 20/11/2013 11:56, Yuriy Taraday a écrit :
Looking at implementations in Keystone and Nova, I found the only use
for
Well, I'm guessing the best way is the contrary, Swann needing to rebase
from the change I proposed about policies. The latter is still as draft,
committing myself to finish it by today.
-Sylvain
Le 20/11/2013 12:42, Dina Belova a écrit :
I suppose it's ok - just rebase from Swann's commit to
On Wed, Nov 20, 2013 at 3:21 PM, Sylvain Bauza sylvain.ba...@bull.netwrote:
Yes indeed, that's something coming into my mind. Looking at Nova, I found
a context_is_admin policy in policy.json allowing you to say which role
is admin or not [1] and is matched in policy.py [2], which itself is
On Wed, Nov 20, 2013 at 10:24 AM, Yuriy Taraday yorik@gmail.com wrote:
On Wed, Nov 20, 2013 at 3:21 PM, Sylvain Bauza sylvain.ba...@bull.netwrote:
Yes indeed, that's something coming into my mind. Looking at Nova, I
found a context_is_admin policy in policy.json allowing you to say which
Hello, Dolph.
On Wed, Nov 20, 2013 at 8:42 PM, Dolph Mathews dolph.math...@gmail.comwrote:
On Wed, Nov 20, 2013 at 10:24 AM, Yuriy Taraday yorik@gmail.comwrote:
context.is_admin should not be checked directly from code, only through
policy rules. It should be set only if we need to
On Wed, Nov 20, 2013 at 10:52 AM, Yuriy Taraday yorik@gmail.com wrote:
Hello, Dolph.
On Wed, Nov 20, 2013 at 8:42 PM, Dolph Mathews dolph.math...@gmail.comwrote:
On Wed, Nov 20, 2013 at 10:24 AM, Yuriy Taraday yorik@gmail.comwrote:
context.is_admin should not be checked directly
On Wed, Nov 20, 2013 at 9:57 PM, Dolph Mathews dolph.math...@gmail.comwrote:
On Wed, Nov 20, 2013 at 10:52 AM, Yuriy Taraday yorik@gmail.comwrote:
On Wed, Nov 20, 2013 at 8:42 PM, Dolph Mathews
dolph.math...@gmail.comwrote:
is_admin is a short sighted and not at all granular -- it
15 matches
Mail list logo
