OpenStack Compute (nova)

Policy Manager Role Default

Registered by Ghanshyam Maan

Keystone introduce a new role 'manager' role at project level. A project-manager can use project-level management APIs and intended to perform more privileged operations than project-member on its project resources.

This is community-wide goal to default policy rule to 'manager' role:

- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-3

Blueprint information

Status:
Complete
Approver:
Uggla
Priority:
Undefined
Drafter:
Ghanshyam Maan
Direction:
Needs approval
Assignee:
Ghanshyam Maan
Definition:
Approved
Series goal:
Accepted for 2025.2
Implementation:
Implemented
Milestone target:
None
Started by
Sylvain Bauza
Completed by
Sylvain Bauza

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/policy-service-and-manager-role-default

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/937650
    Propose API policy manager role spec

Gerrit topic: https://review.opendev.org/#/q/topic:bp/policy-manager-role-default

Addressed by: https://review.opendev.org/c/openstack/nova/+/941056
    Add Project Manager role context in unit tests

Gerrit topic: https://review.opendev.org/#/q/topic:manager1

Addressed by: https://review.opendev.org/c/openstack/nova/+/953063
    Add new policies for live migrate APIs

Addressed by: https://review.opendev.org/c/openstack/nova/+/953158
    Add project manager role in Nova API policy rule

Addressed by: https://review.opendev.org/c/openstack/nova/+/941347
    Add project manager role in Nova API policy rule

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/953722
    Allow list migrations policy to manager role

Addressed by: https://review.opendev.org/c/openstack/nova/+/956189
    Fix doc comment on manager role change

[2025MMDD bauzas] Spec got approved for Flamingo

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.