RFE: Resource Options Implemented for all Resource Types

Bug #1807751 reported by Morgan Fainberg on 2018-12-10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Morgan Fainberg

Bug Description

Resource Options have been built for Users (used for PCI-DSS work). The functionality needs to be expanded to all resource types (projects, domains, roles, etc) for future looking work. The future looking work will include things such as default MFA Rules, restrictions on origin for logging into a given user, user scoped to a domain, user scoped to a project, user scoped to system, etc.

It has been a desire to have the same mechanism(s) for the resource options to be available outside of just users. This bug is meant to track that work.

Changed in keystone:
status: New → Triaged
importance: Undecided → Wishlist
assignee: nobody → Morgan Fainberg (mdrnstm)

Fix proposed to branch: master
Review: https://review.openstack.org/624162

Changed in keystone:
status: Triaged → In Progress
Changed in keystone:
assignee: Morgan Fainberg (mdrnstm) → Colleen Murphy (krinkle)

Reviewed: https://review.opendev.org/624162
Committed: https://git.openstack.org/cgit/openstack/keystone-specs/commit/?id=2d0de7cccd172c6c70349851b0ca50ada8dd5c79
Submitter: Zuul
Branch: master

commit 2d0de7cccd172c6c70349851b0ca50ada8dd5c79
Author: Morgan Fainberg <email address hidden>
Date: Mon Dec 10 10:45:46 2018 -0800

    Add resource-options-for-all specification

    Specification defining the addition of resource options for all
    resources within Keystone isntead of just users.

    Change-Id: I6228e503f908b4bc82aa55b908995314e3e6adf7
    partial-bug: 1807751

summary: - Resource Options Implemented for all Resource Types
+ RFE: Resource Options Implemented for all Resource Types

Fix proposed to branch: master
Review: https://review.opendev.org/678322

Changed in keystone:
assignee: Colleen Murphy (krinkle) → Morgan Fainberg (mdrnstm)

Reviewed: https://review.opendev.org/678322
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=b31ff3f991d16968db65373f3096c8cacb84219b
Submitter: Zuul
Branch: master

commit b31ff3f991d16968db65373f3096c8cacb84219b
Author: morgan fainberg <email address hidden>
Date: Fri Aug 23 12:01:57 2019 -0700

    Implement resource options for roles and projects

    Add in support for resource options for roles and projects (including
    domains). No options are currently implemented for roles or projects.
    Scaffolding has been implemented so that adding options should be
    straight forward. This will allow for implementing options such
    as an immutable flag.

    As a mechanism to isolate SQL Models from the Driver implementation
    especially when adding in complexity of the resource options, the
    models for the Resource backend and the Role Backend (SQL) have been
    move to their own module.

    Partial-Bug: #1807751
    Depends-On: https://review.opendev.org/678379
    Required-By: https://review.opendev.org/678380
    Change-Id: I456a7c19506d28d5846534f884b8abe0d3079c96

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers