Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-10 Thread Ryan Petrello
hook with URL parsing which maps path to policy key. > >> > >> > >> Thanks > >> Georgy > >> > >> > >> > >> On Wed, Jan 8, 2014 at 9:05 AM, Kurt Griffiths > >> wrote: > >> Yeah, that could work. The main thi

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-09 Thread Georgy Okrokvertskhov
th URL parsing which maps path to policy key. > >> > >> > >> Thanks > >> Georgy > >> > >> > >> > >> On Wed, Jan 8, 2014 at 9:05 AM, Kurt Griffiths < > kurt.griffi...@rackspace.com> wrote: > >> Yeah, that could

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-09 Thread Ryan Petrello
>> >> Thanks >> Georgy >> >> >> >> On Wed, Jan 8, 2014 at 9:05 AM, Kurt Griffiths >> wrote: >> Yeah, that could work. The main thing is to try and keep policy control in >> one place if you can rather than sprinkling it all over the p

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-09 Thread Georgy Okrokvertskhov
policy control >> in one place if you can rather than sprinkling it all over the place. >> >> From: Georgy Okrokvertskhov >> Reply-To: OpenStack Dev >> Date: Wednesday, January 8, 2014 at 10:41 AM >> >> To: OpenStack Dev >> Subject: Re: [op

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-08 Thread Adam Young
penStack Dev mailto:openstack-dev@lists.openstack.org>> Date: Wednesday, January 8, 2014 at 10:41 AM To: OpenStack Dev mailto:openstack-dev@lists.openstack.org>> Subject: Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy Hi Kurt,

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-08 Thread Georgy Okrokvertskhov
rokvertskhov > Reply-To: OpenStack Dev > Date: Wednesday, January 8, 2014 at 10:41 AM > > To: OpenStack Dev > Subject: Re: [openstack-dev] [Solum][Pecan][Security] Pecan > SecureController vs. Nova policy > > Hi Kurt, > > As for WSGI middleware I think about Peca

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-08 Thread Kurt Griffiths
e: Wednesday, January 8, 2014 at 10:41 AM To: OpenStack Dev mailto:openstack-dev@lists.openstack.org>> Subject: Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy Hi Kurt, As for WSGI middleware I think about Pecan hooks which can be added before actual contro

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-08 Thread Georgy Okrokvertskhov
ement whether this option makes sense in Solum’s case. > > From: Doug Hellmann > Reply-To: OpenStack Dev > Date: Tuesday, January 7, 2014 at 6:54 AM > To: OpenStack Dev > Subject: Re: [openstack-dev] [Solum][Pecan][Security] Pecan > SecureController vs. Nova policy >

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-07 Thread Kurt Griffiths
To: OpenStack Dev mailto:openstack-dev@lists.openstack.org>> Subject: Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy On Mon, Jan 6, 2014 at 6:26 PM, Georgy Okrokvertskhov mailto:gokrokvertsk...@mirantis.com>> wrote: Hi Dough, Thank you for pointing t

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-07 Thread Doug Hellmann
On Mon, Jan 6, 2014 at 6:26 PM, Georgy Okrokvertskhov < gokrokvertsk...@mirantis.com> wrote: > Hi Dough, > > Thank you for pointing to this code. As I see you use OpenStack policy > framework but not Pecan security features. How do you implement fine grain > access control like user allowed to rea

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-06 Thread Georgy Okrokvertskhov
Hi Dough, Thank you for pointing to this code. As I see you use OpenStack policy framework but not Pecan security features. How do you implement fine grain access control like user allowed to read only, writers and admins. Can you block part of API methods for specific user like access to create m

Re: [openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-06 Thread Doug Hellmann
On Mon, Jan 6, 2014 at 2:56 PM, Georgy Okrokvertskhov < gokrokvertsk...@mirantis.com> wrote: > Hi, > > In Solum project we will need to implement security and ACL for Solum API. > Currently we use Pecan framework for API. Pecan has its own security model > based on SecureController class. At the s

[openstack-dev] [Solum][Pecan][Security] Pecan SecureController vs. Nova policy

2014-01-06 Thread Georgy Okrokvertskhov
Hi, In Solum project we will need to implement security and ACL for Solum API. Currently we use Pecan framework for API. Pecan has its own security model based on SecureController class. At the same time OpenStack widely uses policy mechanism which uses json files to control access to specific API