Horizon should use the authorization API in keystone to build authorization targets for users

Bug #1926345 reported by Lance Bragstad
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Triaged
High
Akihiro Motoki

Bug Description

During the Xena PTG we discussed how to continue integrating the secure RBAC effort into Horizon [0].

One improvement we agreed upon was for Horizon to use the user's unscoped token to fetch authorization scopes (GET /v3/auth/projects, GET /v3/auth/domains, GET /v3/auth/system) [1].

Then horizon can present a list of targets and rescope tokens similar to what it does today. Additionally, this is a good way to start integrating support for system-scoped tokens into Horizon, which horizon will need in the future when it's required by policy.

[0] https://etherpad.opendev.org/p/policy-popup-xena-ptg
[1] https://docs.openstack.org/api-ref/identity/v3/?expanded=get-available-project-scopes-detail#authentication-and-token-management

Changed in horizon:
status: New → Triaged
importance: Undecided → High
Changed in horizon:
assignee: nobody → Akihiro Motoki (amotoki)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.