Using a middleware is what we are doing also. Can you give more details
about your structure? Our middleware is like the Rackspace OpenRepose. What
do you use for role definitions? Are you using any backend for Keystone
like LDAP?
Regards.
On Thu, Dec 10, 2015 at 9:55 PM, Jesse Keating
In other projects the policy.json file is read each time of api request. So
changes to the file take place immediately. I was 90% sure keystone was the
same way?
___
Kris Lindgren
Senior Linux Systems Engineer
GoDaddy
On
We use RBAC in production but basically modify networking operations and some
compute ones. In our case we don’t need to restart the services if we modify
the policy.json file. I am surprise that keystone is not following the same
process.
Edgar
On 12/9/15, 9:06 AM, "Kris G. Lindgren"
We are running keystone kilo in production, and I¹m actively implementing
RBAC right now. I¹m certain that, at least with the version of keystone
we¹re running, a restart is NOT required when the policy file is modified.
Tim
On 12/9/15, 9:18 AM, "Edgar Magana"
gt;, "Kris G. Lindgren"
<klindg...@godaddy.com>, Oguz Yarimtepe
<oguzyarimt...@gmail.com>,
"openstack-operat...@lists.openstack.org"
<openstack-operat...@lists.openstack.org>
Date: 2015/12/09 04:40 PM
Subject: Re: