How to realize policy Authentication in openstack 02/28 Update SLTechnology News&Howtos

How to realize policy Authentication in openstack

2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)05/31 Report--

Editor to share with you how to achieve policy authentication in openstack, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Authentication profile:

Keystone is used for authentication to see whether the user is a legitimate user of the system, and policy authentication is used to check whether the user's operation is allowed. Each project of openstack has its own policy authentication. There is a policy file called policy.json, which defines the rules used for authentication.

Take cinder as an example. The location of the policy file is: / etc/cinder/policy.json. Let's take a look at a few rules first to understand their basic meaning:

The syntax rule is: rule: [result]

Rule: defines the behavior action of this rule, which usually corresponds to an action, which is given in a form similar to scope:action. Scope indicates the scope of action, and action indicates what kind of action to perform.

Result: indicates the result of this rule decision or how to make a decision, such as "volume_extension:quotas:delete": "is_admin:True". If the user performing this operation has the admin role (role), then the result of this decision is True.

There are also nested rules, such as "volume:delete_volume_metadata": "rule:admin_or_owner", which means that the result of the volume:delete_volume_metadata rule is the result of the admin_or_owner rule, while the admin_or_owner rule goes like this: "admin_or_owner": "is_admin:True or project_id:% (project_id) s"

If the role of the user who calls this operation is admin, it returns True, or the project_id to which the user belongs.

The above is all the contents of the article "how to achieve policy authentication in openstack". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.