Public bug reported: During the Xena PTG we discussed how to continue integrating the secure RBAC effort into Horizon [0].
One improvement we agreed upon was for Horizon to use the user's unscoped token to fetch authorization scopes (GET /v3/auth/projects, GET /v3/auth/domains, GET /v3/auth/system) [1]. Then horizon can present a list of targets and rescope tokens similar to what it does today. Additionally, this is a good way to start integrating support for system-scoped tokens into Horizon, which horizon will need in the future when it's required by policy. [0] https://etherpad.opendev.org/p/policy-popup-xena-ptg [1] https://docs.openstack.org/api-ref/identity/v3/?expanded=get-available-project-scopes-detail#authentication-and-token-management ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1926345 Title: Horizon should use the authorization API in keystone to build authorization targets for users Status in OpenStack Dashboard (Horizon): New Bug description: During the Xena PTG we discussed how to continue integrating the secure RBAC effort into Horizon [0]. One improvement we agreed upon was for Horizon to use the user's unscoped token to fetch authorization scopes (GET /v3/auth/projects, GET /v3/auth/domains, GET /v3/auth/system) [1]. Then horizon can present a list of targets and rescope tokens similar to what it does today. Additionally, this is a good way to start integrating support for system-scoped tokens into Horizon, which horizon will need in the future when it's required by policy. [0] https://etherpad.opendev.org/p/policy-popup-xena-ptg [1] https://docs.openstack.org/api-ref/identity/v3/?expanded=get-available-project-scopes-detail#authentication-and-token-management To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1926345/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
