[ptg] Secure RBAC and Policy Xena PTG sessoins

Lance Bragstad lbragstad at gmail.com
Wed Apr 7 19:25:00 UTC 2021


On Wed, Apr 7, 2021 at 1:59 PM Julia Kreger <juliaashleykreger at gmail.com>
wrote:

> I think a 30 minute re-cap session would be good on Friday because not
> everyone is going to be able to attend every session, depending on
> their own resulting schedule and commitments.
>

+1

Tentatively added to the keystone schedule for Friday. I'll see what Kristi
thinks.


>
> -Julia
>
> On Wed, Apr 7, 2021 at 11:56 AM Lance Bragstad <lbragstad at gmail.com>
> wrote:
> >
> > Hey all,
> >
> > Several projects are working through RBAC overhauls and naturally
> sessions are cropping up for the PTG.
> >
> > I tried bouncing around to various policy sessions during the Wallaby
> PTG, but I didn't plan things out very well. As a result, I missed
> sessions, had duplicate conversations with multiple groups, and ended up
> being more reactive than I'd like.
> >
> > To prevent that, Ghanshyam and I have condensed all the policy/RBAC
> sessions we know about in a single etherpad [0].
> >
> > I know most projects are still firming up their schedules, but I've
> written down the session times that we know of and organized them
> chronologically. My hope is that this will help us group similar
> discussions and reach broader consensus on topics easier and quicker.
> >
> > For example, keystone and nova have a cross-project session on Thursday
> to discuss how nova should handle consuming system-scoped tokens for
> project-specific operations. This topic certainly isn't exclusive to nova.
> It'll impact just about every other service and approaching it consistently
> will be huge for end users and operators. Another good example of this
> would be the glance refactor to integrate system-scope support we're going
> to talk about on Wednesday (cinder and barbican are potentially facing very
> similar refactors). Each session in the etherpad [0] has topics, so if a
> topic sounds relevant to your service, please feel free to drop into those
> discussions.
> >
> > A rough outline is that:
> >
> > - Monday we're going to focus on QA and general policy problems (e.g.,
> converting tempest to use system-scope, the JSON->YAML community goal,
> overall status from Wallaby, etc)
> > - Tuesday we're going to find ways to adopt system-scope in cinder
> > - Wednesday we're going to work through system-scope adoption, the meta
> definitions API, and test coverage in glance
> > - Thursday we're going to discuss what the experience should be like for
> operators using system-scoped tokens to do project-specific operations with
> nova (e.g., rebooting instances)
> >
> > I'm contemplating hosting a 30 minute recap session on Friday that
> attempts to summarize everything from the week regarding RBAC discussions.
> If that sounds useful, I'll ask Kristi if I can use one of the keystone
> sessions for that recap.
> >
> > I know, this feels like a lot of focus for one thing and I appreciate
> everyone's help working through this stuff. But, I'm hopeful that better
> organization throughout the PTG week will result in less confusion about
> what we plan to do in Xena with RBAC so we can deliver something useful to
> users and operators.
> >
> > Thanks,
> >
> > Lance
> >
> > [0] https://etherpad.opendev.org/p/policy-popup-xena-ptg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210407/993101ad/attachment.html>


More information about the openstack-discuss mailing list