Page MenuHomePhabricator

Lock down access for new keystone role model
Closed, ResolvedPublic

Description

We need to make sure that the distinctions between user, projectadmin and admin are properly enforced. I'm sure the wikitech policies are correct, but the policy files for keystone, horizon and nova (and maybe glance and designate) could use a review and an audit.

Event Timeline

Change 270781 had a related patch set uploaded (by Andrew Bogott):
nova policy.json updates

https://gerrit.wikimedia.org/r/270781

Change 270783 had a related patch set uploaded (by Andrew Bogott):
Add a customized glance policy file.

https://gerrit.wikimedia.org/r/270783

Change 270781 merged by Andrew Bogott:
nova policy.json updates

https://gerrit.wikimedia.org/r/270781

Change 270783 merged by Andrew Bogott:
Add a customized glance policy file.

https://gerrit.wikimedia.org/r/270783

Change 270809 had a related patch set uploaded (by Andrew Bogott):
Update designate policy.conf

https://gerrit.wikimedia.org/r/270809

Change 270809 merged by Andrew Bogott:
Update designate policy.conf

https://gerrit.wikimedia.org/r/270809