Keystone auth ACL elements could be roles too
Bug #1709108 reported by
Jeremy Freudberg
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
Per-container ACLs when using Keystone auth can have project-id and user-id elements. But this means for an application to share a container with many users, it has to maintain a long list, which can get messy.
(basically, where do you keep track, how do you remove just one user from the list, etc)
Role-based ACLs could do a great job of making ACLs easier to maintain.
If roles can be consumed, then granting access to a container becomes much simpler. The operator can set a standard ACL referring to a custom role, and instead of constantly talking to Swift to modify an unwieldy list, he may simply assign the role to a user as he sees fit.
Changed in swift: | |
importance: | Undecided → Wishlist |
To post a comment you must log in.
I think this is already supported but not documented, see bug https:/ /bugs.launchpad .net/swift/ +bug/1705300