Public bug reported: Now that keystone supports system-scope as well as default roles, several upstream OpenStack services are updating their default policies to be more secure [0].
Horizon may need to understand how these services are configured via policy to present the proper panels to certain users (e.g., should the admin panels be presented to project-admins modeling the old behavior or should they only be presented to system-users?) This bug is to track the work for horizon to evaluate the configuration changes necessary to deploy secure RBAC. This topic was discussed during the Xena PTG [1]. [0] Using system-scope to fix https://bugs.launchpad.net/glance/+bug/968696 [1] https://etherpad.opendev.org/p/policy-popup-xena-ptg ** Affects: horizon Importance: Undecided Status: New ** Description changed: Now that keystone supports system-scope as well as default roles, several upstream OpenStack services are updating their default policies to be more secure [0]. Horizon may need to understand how these services are configured via policy to present the proper panels to certain users (e.g., should the admin panels be presented to project-admins modeling the old behavior or should they only be presented to system-users?) This bug is to track the work for horizon to evaluate the configuration - changes necessary to deploy secure RBAC. - + changes necessary to deploy secure RBAC. This topic was discussed during + the Xena PTG [1]. [0] Using system-scope to fix https://bugs.launchpad.net/glance/+bug/968696 + [1] https://etherpad.opendev.org/p/policy-popup-xena-ptg -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1926347 Title: Add a configuration option so that horizon can be deployed to enforce scope Status in OpenStack Dashboard (Horizon): New Bug description: Now that keystone supports system-scope as well as default roles, several upstream OpenStack services are updating their default policies to be more secure [0]. Horizon may need to understand how these services are configured via policy to present the proper panels to certain users (e.g., should the admin panels be presented to project-admins modeling the old behavior or should they only be presented to system-users?) This bug is to track the work for horizon to evaluate the configuration changes necessary to deploy secure RBAC. This topic was discussed during the Xena PTG [1]. [0] Using system-scope to fix https://bugs.launchpad.net/glance/+bug/968696 [1] https://etherpad.opendev.org/p/policy-popup-xena-ptg To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1926347/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
