Add support for Oslo Policies to Trove

The Oslo Policy library provides support for RBAC policy enforcement across all OpenStack services. Update the devstack plugin to copy the default policy file over to /etc/trove in the gate environments. Note: Not adding a rule for 'reset-password' instance action as that API was discontinued years ago and is now just waiting for removal (Bug: 1645866). DocImpact Co-Authored-By: Ali Adil <aadil@tesora.com> Change-Id: Ic443a4c663301840406cad537159eab7b0b5ed1c Implements: blueprint trove-policy
author: Petr Malik <pmalik@tesora.com> 2016-06-27 16:01:42 -0400
committer: Petr Malik <pmalik@tesora.com> 2016-12-06 21:51:21 +0000
commit: 21250cf20c0efbe6d57c4a712c51b80667e53b44 (patch)
tree: d18e6ee84986b798e7654e254a2a6894dc8d54f4 /releasenotes/notes
parent: 77fd7014c0007c83652dd4fb1f9d3316a97b1ed3 (diff)
download: trove-21250cf20c0efbe6d57c4a712c51b80667e53b44.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/releasenotes/notes/use-oslo-policy-bbd1b911e6487c36.yaml b/releasenotes/notes/use-oslo-policy-bbd1b911e6487c36.yaml
new file mode 100644
index 00000000..5e6138d7
--- /dev/null
+++ b/releasenotes/notes/use-oslo-policy-bbd1b911e6487c36.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - Add RBAC (role-based access control)
+    enforcement on all trove APIs.
+    Allows to define a role-based access rule
+    for every trove API call
+    (rule definitions are available in
+     /etc/trove/policy.json).
author	Petr Malik <pmalik@tesora.com>	2016-06-27 16:01:42 -0400
committer	Petr Malik <pmalik@tesora.com>	2016-12-06 21:51:21 +0000
commit	21250cf20c0efbe6d57c4a712c51b80667e53b44 (patch)
tree	d18e6ee84986b798e7654e254a2a6894dc8d54f4 /releasenotes/notes
parent	77fd7014c0007c83652dd4fb1f9d3316a97b1ed3 (diff)
download	trove-21250cf20c0efbe6d57c4a712c51b80667e53b44.tar.gz