Refactor the authorization and policy logic into a single layer

Bug #1926326 reported by Lance Bragstad
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
In Progress
Undecided
Unassigned

Bug Description

Glance has four different layers that implement some portion of access control logic:

1.) the controller layer
2.) the authorization layer
3.) the policy layer
4.) the database layer

Adding support for system-scope or better policy checks is difficult because it need to be updated in several different places. This can be problematic because it can cause regressions and makes things harder to maintain.

This is a bug to track the work for refactoring the policy logic into a single layer so it's easier to maintain and change. This will likely correlate to an official glance specification that details the work.

Revision history for this message
Abhishek Kekane (abhishek-kekane) wrote :

Will be fixed as a future change, refer, https://review.opendev.org/c/openstack/glance-specs/+/796753

Changed in glance:
status: New → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.