Make an authorization plugin/middleware for OpenStack

[hsluoyz]

OpenStack (https://www.openstack.org/) is the de-facto open-source IaaS cloud solution across the world. It's developed in Python. Even many commercial public or private clouds are based on OpenStack. OpenStack has Keystone (https://docs.openstack.org/keystone/latest/) as its authentication (AuthN) and authorization (AuthZ) center.

I don't know if Keystone provides a plugin system for an external authorizer like Casbin to work in the middle of it. We can either create a plugin, or directly fork its code and embed Casbin into it if former is impossible.

This is a crucial step for Casbin to extend its usage to cloud scenarios.

Of course we will use PyCasbin (https://github.com/casbin/pycasbin) for integration. Putting this issue here is just for wider visibility.

Update

For how to write a authorization middleware for OpenStack, here are some materials:

1. Paper: OpenStack Security Modules: A Least-Invasive Access Control Framework for the Cloud: https://ieeexplore.ieee.org/document/7820254 , in case you cannot download it from IEEE, a PDF copy is also provided here: IEEE CLOUD-2016-OpenStack Security Modules a Least-Invasive Access Control Framework for the Cloud.pdf

2. The code for the above paper: https://github.com/casbin/openstack-patron

[hsluoyz]

@Zxilly @ffyuanda can anyone take this?

[ffyuanda]

@hsluoyz I'm about to take a look at it.

[hsluoyz]

@Zxilly @ffyuanda see the update: