Bug 1888788 - [RFE] Implement Secure RBAC Project Scoped Personas within manila
Summary: [RFE] Implement Secure RBAC Project Scoped Personas within manila
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-manila
Version: 17.0 (Wallaby)
Hardware: All
OS: Linux
urgent
medium
Target Milestone: beta
: 17.1
Assignee: Goutham Pacha Ravi
QA Contact: lkuchlan
Erin Peterson
URL:
Whiteboard:
Depends On: 1228474 1326391 1801416 1904499
Blocks: 1381612 1566243 1890785 1956283 2125342
TreeView+ depends on / blocked
 
Reported: 2020-10-15 18:41 UTC by Harry Rybacki
Modified: 2023-08-16 01:10 UTC (History)
25 users (show)

Fixed In Version: openstack-manila-12.1.1-0.20220204174037.e1e9670
Doc Type: Enhancement
Doc Text:
With this update, the Shared File Systems service (manila) API supports a project-scoped 'reader' role. Users with the 'reader' role can send GET requests to the service, but they cannot make any other kind of request. You can enable this feature by using the `environments/enable-secure-rbac.yaml` environment file included with director. You can use the 'reader' role to create audit users for humans and automation and to perform read-only interactions safely with OpenStack APIs.
Clone Of: 1326391
: 1890785 (view as bug list)
Environment:
Last Closed: 2023-08-16 01:09:25 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 763386 0 None MERGED Bump oslo.log version to 4.3.0 2021-11-17 01:54:34 UTC
OpenStack gerrit 763387 0 None MERGED Introduce base personas for secure RBAC 2021-11-17 01:54:34 UTC
OpenStack gerrit 763441 0 None MERGED Implement secure RBAC for storage availability zones 2021-11-17 01:54:34 UTC
OpenStack gerrit 763442 0 None MERGED Implement secure RBAC for messages 2021-11-17 01:54:34 UTC
OpenStack gerrit 763443 0 None MERGED Implement secure RBAC for quota classes 2021-11-17 01:54:34 UTC
OpenStack gerrit 763444 0 None MERGED Implement secure RBAC for quotas 2021-11-17 01:54:34 UTC
OpenStack gerrit 763445 0 None MERGED Implement secure RBAC for storage pool statistics 2021-11-17 01:54:34 UTC
OpenStack gerrit 763446 0 None MERGED Implement secure RBAC for security services 2021-11-17 01:54:34 UTC
OpenStack gerrit 763447 0 None MERGED Implement secure RBAC for services 2021-11-17 01:54:34 UTC
OpenStack gerrit 763448 0 None MERGED Implement secure RBAC for share access rules 2021-11-17 01:54:34 UTC
OpenStack gerrit 763449 0 None MERGED Implement secure RBAC for access rule metadata 2021-11-17 01:54:34 UTC
OpenStack gerrit 763450 0 None MERGED Implement secure RBAC for share locations 2021-11-17 01:54:34 UTC
OpenStack gerrit 763451 0 None MERGED Implement secure RBAC for share groups 2021-11-17 01:54:34 UTC
OpenStack gerrit 763452 0 None MERGED Implement secure RBAC for group snapshots 2021-11-17 01:54:34 UTC
OpenStack gerrit 763453 0 None MERGED Implement secure RBAC for share group types 2021-11-17 01:54:34 UTC
OpenStack gerrit 763454 0 None MERGED Implement secure RBAC for share group type specs 2021-11-17 01:54:34 UTC
OpenStack gerrit 763455 0 None MERGED Implement secure RBAC for share instances 2021-11-17 01:54:34 UTC
OpenStack gerrit 763456 0 None MERGED Implement secure RBAC for share instance export location 2021-11-17 01:54:34 UTC
OpenStack gerrit 763457 0 None MERGED Implement secure RBAC for share networks 2021-11-17 01:54:34 UTC
OpenStack gerrit 763458 0 None MERGED Implement secure RBAC for share network subnets 2021-11-17 01:54:34 UTC
OpenStack gerrit 763459 0 None MERGED Implement secure RBAC for share replicas 2021-11-17 01:54:34 UTC
OpenStack gerrit 763460 0 None MERGED Implement secure RBAC for share replica locations 2021-11-17 01:54:34 UTC
OpenStack gerrit 763461 0 None MERGED Implement secure RBAC for share servers 2021-11-17 01:54:34 UTC
OpenStack gerrit 763462 0 None MERGED Implement secure RBAC for share snapshots 2021-11-17 01:54:34 UTC
OpenStack gerrit 763463 0 None MERGED Implement secure RBAC for share snapshot locations 2021-11-17 01:54:34 UTC
OpenStack gerrit 763464 0 None MERGED Implement secure RBAC for share snapshot instances 2021-11-17 01:54:34 UTC
OpenStack gerrit 763465 0 None MERGED Implement secure RBAC for share snapshot instance export locations 2021-11-17 01:54:34 UTC
OpenStack gerrit 763466 0 None MERGED Implement secure RBAC for share types 2021-11-17 01:54:34 UTC
OpenStack gerrit 763467 0 None MERGED Implement secure RBAC for share type extra spec 2021-11-17 01:54:34 UTC
OpenStack gerrit 763468 0 None MERGED Remove deprecated public share policies 2021-11-17 01:54:34 UTC
OpenStack gerrit 763469 0 None MERGED Implement secure RBAC for shares 2021-11-17 01:54:34 UTC
OpenStack gerrit 773709 0 None MERGED Advertise v2 API routes without project_id 2021-11-17 02:11:25 UTC
OpenStack gerrit 775725 0 None MERGED Fix unit tests to use requests 2021-11-17 01:54:34 UTC
OpenStack gerrit 777652 0 None MERGED Drop "system_scope" from context constructor 2021-11-17 01:54:34 UTC
OpenStack gerrit 777725 0 None MERGED Clean up some policy code 2021-11-17 01:54:34 UTC
OpenStack gerrit 779862 0 None MERGED Change RBAC for share group snapshots 2021-11-17 01:54:34 UTC
OpenStack gerrit 781928 0 None MERGED Disable some policy warnings 2021-11-17 01:54:34 UTC
OpenStack gerrit 782622 0 None MERGED Move params from DocumentedRule to DeprecatedRule 2021-11-17 01:54:34 UTC
OpenStack gerrit 782904 0 None MERGED Set "context_is_admin" to system scope admin roles 2021-11-17 01:54:34 UTC
OpenStack gerrit 783192 0 None MERGED Add release note for secure rbac work 2021-11-17 01:54:34 UTC
Red Hat Issue Tracker OSP-390 0 None None None 2021-11-17 01:56:34 UTC
Red Hat Product Errata RHEA-2023:4577 0 None None None 2023-08-16 01:10:31 UTC

Comment 32 errata-xmlrpc 2023-08-16 01:09:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:4577
Note You need to log in before you can comment on or make changes to this bug.