1326390 – [RFE] Implement Secure RBAC Project Scoped Personas within nova, placement

Bug 1326390 - [RFE] Implement Secure RBAC Project Scoped Personas within nova, placement [NEEDINFO]

Summary: [RFE] Implement Secure RBAC Project Scoped Personas within nova, placement

Keywords:
Status:	ON_QA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-nova
Sub Component:
Version:	7.0 (Kilo)
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	zstream
Target Release:	17.1
Assignee:	Stephen Finucane
QA Contact:	nova-maint
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	1663544 1899906 (view as bug list)
Depends On:	1228474 1801416
Blocks:	1381612
TreeView+	depends on / blocked

Reported:	2016-04-12 15:00 UTC by Jaison Raju
Modified:	2023-01-10 12:15 UTC (History)
CC List:	33 users (show)
Fixed In Version:	openstack-nova-23.2.1-0.20220428212241.327693a.el9ost
Doc Type:	Enhancement
Doc Text:
Clone Of:
Clones:	1899906 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:	Wallaby
Flags:	pveiga: needinfo? (spower)

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	760240	0	None	MERGED	Implement secure RBAC for resource providers	2023-01-30 15:27:21 UTC
Red Hat Issue Tracker	OSP-346	0	None	None	None	2021-12-10 14:51:12 UTC

Description Jaison Raju 2016-04-12 15:00:33 UTC

1. Proposed title of this feature request  
Need nova policy to be configured to include a read-only role .
  
3. What is the nature and description of the request?  
Customer has requirement of read-only admin role for all core services .

4. Why does the customer need this? (List the business requirements here)  
  A read-only admin user is necessary for customer environment .
  
Additional info:
The following bug is raised for keystone to add role .
This role can be configured in policy file .
Bug 1228474 - [RFE] Read only role for tenant access (edit)

Comment 2 Jaison Raju 2016-04-12 15:03:13 UTC

https://blueprints.launchpad.net/keystone/+spec/admin-readonly-role

Comment 4 Stephen Gordon 2016-05-06 14:32:32 UTC

Moving to rhos-11?/Ocata for now - this is a long term goal but the ultimate solution is unlikely to be backportable to earlier releases.

Comment 14 Stephen Finucane 2020-12-01 16:47:19 UTC

*** Bug 1899906 has been marked as a duplicate of this bug. ***

Comment 16 Stephen Finucane 2021-02-10 16:06:20 UTC

The placement patches have merged now

Comment 17 Stephen Finucane 2021-03-30 14:49:38 UTC

*** Bug 1663544 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

akaris
alee
alifshit
broose
cylopez
dasmith
djuran
egallen
eglynn
hrybacki
igarciam
jhakimra
jparker
jpretori
jraju
jschluet
kchamart
mariel
mburns
molasaga
morazi
nkinder
nsatsia
pveiga
ramishra
sbauza
scohen
sgordon
smooney
spower
srevivo
stephenfin
vromanso