Event Details


Access Control Policy Hands On Lab

The Keystone and oslo.policy based access control system is one of the most powerful mechanisms an operator can use to customize how their organization can interact with OpenStack. However, learning and managing it can be daunting. In this lab, the people that wrote and maintain this system want to help you understand how it works. This Lab will provide you with an OpenStack deployment to use to learn and practice the techniques to customize an access control policy for your own Cloud.

In this lab you will learn:

  • How to modify that policy to add custom rules
  • How to Unit test a custom policy using the oslo.policy command line tool

In this lab, you will customize policy to:

  • Implement a read-only role for system auditing
  • Create a role specific to the  workflows of launching and destroying a virtual machine and Show how to create a application credential with only that role
  • Split out the ability to manipulate networking from other self service operation

What can I expect to learn?

Self Service of infrastructure helps your organization scale.  Anything people can do for themselves frees up central IT staff time.  OpenStack has the promise to allow the tenants of the cloud the ability to manage their own resources.  In order to realize that promise, you need to craft access policies that align users of the cloud with the acceptable operations that they should be able to perform.

Monday, April 29, 3:50pm-5:20pm
Difficulty Level: Intermediate
Red Hat
Harry is a member of Red Hat's OpenStack Identity team. His focus is on providing a high quality, secure product to all conusmers of OpenStack and just being a generally okay, respectful human. FULL PROFILE
Red Hat
Adam Young is a Cloud Solutions Architect at Red Hat, responsible for helping people develope their cloud strategies. He has been a long time core developer on Keystone, the authentication and authorization service for OpenStack. Adam has worked on various systems management tools, including the Identity Management component of Red Hat Enterprise Linux based on the FreeIPA technology. A 20 year... FULL PROFILE
Red Hat
Nathan is a Senior Software Engineering Manager at Red Hat, where he manages the development of the identity and security related components of the Red Hat Enterprise Linux OpenStack Platform, Red Hat Directory Server, and Red Hat Certificate System products.  He has contributed to the Keystone project, and has a long history of working with LDAP and X.509 certificate... FULL PROFILE