Event Details


Increasing API accessibility with granular policy and default roles

The identity service consumed default roles and additional scopes during the Stein release. This session is meant to describe the work, what it means for users, how operators can benefit from it, and how other services can leverage it to improve security and consistency across OpenStack.

We will briefly introduce the topic, concept of scopes, and default roles. Next, we'll go through how developers can make various compute APIs more self-serviceable to all users. Additionally, we'll look at ways to implement better hard tenancy. Finally, we'll look at refactoring that allows for a single layer of policy enforcement in the compute API as opposed to existing implementations sprinkled across various components of the stack. We're using the compute API as an example, but these cases are applicable to services across OpenStack and not just the compute API.

Operators, users, and developers are welcome to attend. The majority of the content will focus on operators and users, but focus can shift to discussing how other services can adapt and learn from the patterns the identity team implemented during Stein. Outcomes from this session will shape developer-focused sessions at the PTG later in the week.

Wednesday, May 1, 4:20pm-5:00pm
Difficulty Level: Intermediate
Red Hat, Software Engineer
I am a software developer focused on OpenStack's Identity program. I am passionate about open-source software and sharing knowledge. I constantly look for ways to improve the performance and scalability of whatever project I'm work on. When I'm not writing or reviewing code I enjoy cooking and tackling restoration projects with my wife. FULL PROFILE
Red Hat
Melanie is a core reviewer on the OpenStack Nova project. FULL PROFILE