Implement full_match mapping compination matching rule
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Wishlist
|
Unassigned |
Bug Description
Hello,
As a OpenStack administrator I would like to federate flexible access policies to Openstack projects from identity provider.
For example, I have projects Green and Red, and Admin and User roles. From identity provider Keystone receives an array like: "Green_
I tried to implement "full match" logic with something like:
any_one_of: Green_Admin
any_one_of: Red_User
not_any_of: Green_User, Red_Admin
But in real life example with a dozen of projects and several roles I ended up with 50MB mappings JSON that Keystone can't accept.
Best Regards,
Alex.
Changed in keystone: | |
importance: | Undecided → Wishlist |