Refactor the authorization and policy logic into a single layer
Bug #1926326 reported by
Lance Bragstad
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
In Progress
|
Undecided
|
Unassigned |
Bug Description
Glance has four different layers that implement some portion of access control logic:
1.) the controller layer
2.) the authorization layer
3.) the policy layer
4.) the database layer
Adding support for system-scope or better policy checks is difficult because it need to be updated in several different places. This can be problematic because it can cause regressions and makes things harder to maintain.
This is a bug to track the work for refactoring the policy logic into a single layer so it's easier to maintain and change. This will likely correlate to an official glance specification that details the work.
To post a comment you must log in.
Will be fixed as a future change, refer, https:/ /review. opendev. org/c/openstack /glance- specs/+ /796753