Comment 2 for bug 1807697
Revision history for this message
| Yang Youseok (ileixe) wrote Re: [RFE] Token returns Project's extra properties | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
@Morgan Hi Morgan.
First, thank you for the comment, I was very appreciated since I never heard of implementation detail from the developer.
Actually I tried to find right purpose of 'extra' flag in project but it exists at the very first so I did not notice the background you said (At least, it looks weird since it just json blob though). It make sense not to use of it.
Before investigating your suggestion more (new property in Project I understand), I realize there are the existed features can likely be used for my purpose. Since our deployment is very behind (we are using Newton) and I have no change to deep dive the codebase, I did not know there is such a function. I found two viable solutions.
1) https:/
I found keystone Domain was changed to Project, and Project can have child Project recursively. From my current understanding, If I create parent Project for containing several projects, and make new policy of the parent project, I can achieve ACL per group of project. If it goes on, maybe the RFE should be changed that "Token returns parent project ID"
2) https:/
We are using Tag API in Neutron to assign specific deployment property (e.g. Development / Production), and I realize it's general API which is available on cross-projects. If the Tag can be leaked from the Token, imo it can be also useful to make policy rule in oslo.policy.
I wonder how others think of it. Thanks!