2.5 KiB
Support Role-based Access Control for Networks
Include the URL of your launchpad blueprint:
https://blueprints.launchpad.net/heat/+spec/support-rbac-for-networks
Currently there is no support about Role-based Access Control for Networks in heat. So add a new namespace called OS::Neutron::RBACPolicy for the rbac resource.
Problem description
There are new rbac-policies api in Liberty which needed to be supported by heat. We need to add a new namespace for it.
Proposed change
we need to add the following resource
RBACPolicy
Specification.
RBACPolicy
Create a RBAC policy for a given tenant.
Namespace: OS::Neutron::RBACPolicy
Required Properties:
- object_type:
-
Type of the object that RBAC policy affects. String Value.
- target_tenant:
-
ID of the tenant to which the RBAC policy will be enforced. String Value. Update allowed.
- action:
-
Action for the RBAC policy. String Value.
- object_id:
-
ID or name of the RBAC object. String Value.
Supported object_type and action:
SUPPORTED_TYPES_ACTIONS = {'network': ['access_as_shared']}
Optional Properties:
- tenant_id:
-
The owner tenant ID. Only required if the caller has an administrative role and wants to create a rbac for another tenant. String Value.
References
https://blueprints.launchpad.net/neutron/+spec/rbac-networks
Alternatives
None
Implementation
Assignee(s)
- Primary assignee:
-
Di XiaoLi <dixiaobj@cn.ibm.com>
Milestones
- Target Milestone for completion:
-
mitaka-3
Work Items
- Add new namespace for OS::Neutron::RBACPolicy resource.
Dependencies
None