http://docs.openstack.org/developer/keystone/architecture.html#approach-to-authorization-policy
http://docs.openstack.org/developer/keystone/configuration.html#keystone-api-protection-with-role-based-access-control-rbac <===
http://www.mirantis.com/blog/manage-openstack-projects-using-domains-havana/ <===
1)
* List all Roles
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-list
2)
* Create a new role named "test-role1"
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-create --name test-role1
* The name of the role can't be arbitrary/random. The "test-role1" role has been set in /etc/keystone/policy.json.
http://my.safaribooksonline.com/book/operating-systems-and-server-administration/virtualization/9781849517324/3dot-keystone-openstack-identity-service/id286763411
3)
* List all Roles
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-list
4)
vim /etc/keystone/policy.json
5)
At the moment the Identity panel is only available for users with the admin role, once https://blueprints.launchpad.net/horizon/+spec/separate-identity-dash is implemented in Juno it will be possible to allow more finer grained permissions
http://docs.openstack.org/developer/keystone/configuration.html#keystone-api-protection-with-role-based-access-control-rbac <===
http://www.mirantis.com/blog/manage-openstack-projects-using-domains-havana/ <===
1)
* List all Roles
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-list
2)
* Create a new role named "test-role1"
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-create --name test-role1
* The name of the role can't be arbitrary/random. The "test-role1" role has been set in /etc/keystone/policy.json.
http://my.safaribooksonline.com/book/operating-systems-and-server-administration/virtualization/9781849517324/3dot-keystone-openstack-identity-service/id286763411
3)
* List all Roles
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-list
4)
vim /etc/keystone/policy.json
5)
At the moment the Identity panel is only available for users with the admin role, once https://blueprints.launchpad.net/horizon/+spec/separate-identity-dash is implemented in Juno it will be possible to allow more finer grained permissions
No comments:
Post a Comment