On 3/20/19 10:21 AM, Mohammed Naser wrote:
On Wed, Mar 20, 2019 at 10:40 AM Matt Riedemann <mriedemos@gmail.com> wrote:
On 3/18/2019 4:40 PM, melanie witt wrote:
I wanted to run the idea by operators and users to get feedback.
Let me be frank and ask if we (nova) have specific operators and users that are clamoring for these changes and if so, do they plan on not only attending the session but engaging in the development of these pretty massive shifts in how nova works? I know we've been talking about this stuff for a long time, but the demand just doesn't feel like it's there from the operators community, and as a development team we're already spread thin.
I think implementing the new RBAC stuff is pretty important. We've had countless requests on things like a "read-only" user which is not currently achievable without quite a significant overhaul of the existing policies.
Yep, we have multiple customers who have asked for this and up until now the only way we've been able to do it is to rewrite most of the policy rules for every service. That's extremely error-prone and difficult to maintain. Also, doesn't this work address the longstanding complaint about there being no way to scope an admin account to a single project? I know at one point we had someone who was doing work upstream to improve this, but I think that kind of tailed off. It seems like there is a compelling business case for us to have someone work on this, but the business and I have disagreed on the definition of "compelling" before, so I make no promises. :-)