Designate

Current policy checking does not allow fine grained zone and recordset contorol

Bug #1782611 reported by Dmitry Galkin on 2018-07-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Designate	In Progress	Undecided	Dmitry Galkin

Bug Description

Hi All,

This is not exactly a bug. But rather a summary for reference of what was discussed on irc meeting: http://eavesdrop.openstack.org/meetings/designate/2018/designate.2018-06-13-11.00.log.html

We have several use cases with multiple roles in Designate when we need to allow particular users to create sub-zone for a zone that is already present in their project. Or to allow create/update/delete only certain types of recordsets.

The idea is to keep the default behavior as before with new policy checks to be bound to the same rules.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-19: Fix proposed to designate (master)

Fix proposed to branch: master
Review: https://review.openstack.org/584024

Changed in designate:
assignee:	nobody → Dmitry Galkin (galkindmitrii)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-12-24: Change abandoned on designate (master)

Change abandoned by "Erik Olof Gunnar Andersson <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/designate/+/584024

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.