Join us November 13-15, 2018 in

Berlin, Germany

CityCube
OnSite registration is open at CityCube.

Event Details


OpenStack Policy 101

OpenStack has had the policy file based Access control mechanism since Keystone was first introduced. Despite its maturity, developers, deployers, and operators still have some points of confusion with regard to what options are available and how it all ties together.

We aim to clear the air by describing the following:

  • How policy works in OpenStack today with respect to developers and operators
  • The motivation behind OpenStack's oslo.policy library and what it provides
  • How to write policies for your services incorporating oslo.policy
  • How to override a service's default policies
  • How to use external services to evaluate policies
  • How to write oslo.policy enforcer drivers

What can I expect to learn?

We aim to give an approachable talk to help interested parties better understand:

  • How policy works in OpenStack today with respect to developers and operators
  • The motivation behind OpenStack's oslo.policy library and what it provides
  • How to write policies for your services incorporating oslo.policy
  • How to override a service's default policies
  • How to use external services to evaluate policies
  • How to write oslo.policy enforcer drivers
Tuesday, November 13, 1:40pm-2:20pm
Will be recorded
Difficulty Level: Beginner
Red Hat
Juan Antonio (Ozz) is a member of Red Hat's OpenStack Identity team and acore developer on Barbican, the secret storage as a service solution forOpenStack; and TripleO (OpenStack over OpenStack), a cloud installer.In Red Hat, he has been actively working with the community to enablesecurity features in the product. FULL PROFILE
Red Hat
Adam Young is a Cloud Solutions Architect at Red Hat, responsible for helping people develope their cloud strategies. He has been a long time core developer on Keystone, the authentication and authorization service for OpenStack. Adam has worked on various systems management tools, including the Identity Management component of Red Hat Enterprise Linux based on the FreeIPA technology. A 20 year... FULL PROFILE