<div dir="ltr">Hi Folks,<div><br></div><div>I know the request is very late, but I wasn't aware of this SIG until recently. Would it be possible to present a new project to the Security SIG at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the project, sign on users and contributors and get feedback.<br><div><br></div><div>For the past few months I have been working on a new project - Tatu [1]- to automate the management of SSH certificates (for both users and hosts) in OpenStack. Tatu allows users to generate SSH certificates with principals based on their Project role assignments, and VMs automatically set up their SSH host certificate (and related config) via Nova vendor data. The project also manages bastions and DNS entries so that users don't have to assign Floating IPs for SSH nor remember IP addresses.</div><div><br></div><div>I have a working demo (including Horizon panels [2] and OpenStack CLI [3]), but am still working on the devstack script and patches [4] to get Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post a demo video in the next few days.</div><div><br></div><div>best regards,<br></div><div>Pino</div><div><br></div><div><br></div><div>References:</div><div><ol><li><a href="https://github.com/pinodeca/tatu">https://github.com/pinodeca/tatu</a> (<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Please note this is still very much a work in progress, lots of TODOs in the code, very little testing and documentation doesn't reflect the latest design).</span>
<br></li><li>
<a href="https://github.com/pinodeca/tatu-dashboard" style="color:rgb(17,85,204);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)">https://github.com/pinodeca/tatu-dashboard</a>
<br></li><li><a href="https://github.com/pinodeca/python-tatuclient">https://github.com/pinodeca/python-tatuclient</a><br></li><li><a href="https://review.openstack.org/#/q/tatu">https://review.openstack.org/#/q/tatu</a><br></li></ol></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div><br></div><div> </div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds <span dir="ltr"><<a href="mailto:lhinds@redhat.com" target="_blank">lhinds@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div><div class="gmail_extra"><div class="gmail_quote"><span class="">On Mon, Jan 29, 2018 at 2:29 PM, Adam Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Bug 968696 and System Roles. Needs to be addressed across the Service catalog.<br></div></blockquote><div><br></div></span><div>Thanks Adam, will add it to the list. I see it's been open since 2012!<br> </div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_-512747683943631821gmail-h5">On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds <span dir="ltr"><<a href="mailto:lhinds@redhat.com" target="_blank">lhinds@redhat.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="m_-512747683943631821gmail-h5"><div dir="ltr">Just a reminder as we have not had many uptakes yet..<br><br>Are there any projects (new and old) that would like to make use of the security SIG for either gaining another perspective on security challenges / blueprints etc or for help gaining some cross project collaboration?<br><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds <span dir="ltr"><<a href="mailto:lhinds@redhat.com" target="_blank">lhinds@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div>Hello All,<br><br></div>I am seeking topics for the PTG from all projects, as this will be where we try out are new form of being a SIG.<br><br></div>For this PTG, we hope to facilitate more cross project collaboration topics now that we are a SIG, so if your project has a security need / problem / proposal than please do use the security SIG room where a larger audience may be present to help solve problems and gain x-project consensus.<br><br></div>Please see our PTG planning pad [0] where I encourage you to add to the topics.<br><br>[0] <a href="https://etherpad.openstack.org/p/security-ptg-rocky" target="_blank">https://etherpad.openstack.org<wbr>/p/security-ptg-rocky</a><span class="m_-512747683943631821gmail-m_675569033147061823HOEnZb"><font color="#888888"><span class="m_-512747683943631821gmail-m_675569033147061823m_5386217011277693840HOEnZb"><font color="#888888"><br clear="all"><div><div><div><div><br>-- <br><div class="m_-512747683943631821gmail-m_675569033147061823m_5386217011277693840m_5651169919334559417gmail_signature"><div dir="ltr"><div><div dir="ltr"><span style="font-size:12.8px">Luke Hinds</span></div><div>Security Project PTL<br style="font-size:12.8px"></div></div></div></div>
</div></div></div></div></font></span></font></span></div>
</blockquote></div><br></div></div></div>
<br></div></div>______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>
<br></blockquote></span></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div class="m_-512747683943631821gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span style="font-size:12.8px">Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat</span><br style="font-size:12.8px"><span style="font-size:12.8px">e: </span><a href="mailto:lhinds@redhat.com" style="color:rgb(17,85,204);font-size:12.8px" target="_blank">lhinds@redhat.com</a><span style="font-size:12.8px"> | irc: lhinds @freenode |</span><span style="font-size:12.8px"> t: </span>+44 12 52 36 2483<br style="font-size:12.8px"></div></div></div></div></div></div>
</font></span></div></div></div>
<br>______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
<br></blockquote></div><br></div>