Hello Everyone,
As you might know, we are redesigning the OpenStack default RBAC. The new design target two things:
1. 'new defaults (reader role)' 2. "Scope" concept
It is hard to explain the details in email but the below doc is a good place to start understanding this: - https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rba...
We as a community think 1st target (reader role) is a good thing to do and it will definitely be useful in many cases.
But we need feedback on the "Scope" concept. To understand what it is and how it can impact your existing use case/deployment, please ref the documentation mentioned in the etherpad[1] (if there is any question about its design/usage we are planning, feel free to reply here or contact us in #openstack-tc IRC channel).
* If you are an operator, we really need your feedback if the 'Scope' concept is a useful thing for your deployment/use-case or not.
* If you are attending events have operators also attending (for example, project operator feedback (like nova[2]), forum sessions in berlin summit, ops meetup or any local operator event), please communicate about the required feedback.
* Due to various reasons, many of us involved in RBAC work are not travelling to Berlin and we have this topic to be discussed in Berlin ops meetup[3] but we require someone knowing RBAC new design moderate this topic. Please reach out to us if you would like to help.
Central Etherpad to collect feedback (this can be used to collect from various forums/places):
* https://etherpad.opendev.org/p/rbac-operator-feedback
[1] https://etherpad.opendev.org/p/rbac-operator-feedback [2] https://etherpad.opendev.org/p/nova-berlin-meet-and-greet [3]https://etherpad.opendev.org/p/ops-meetup-berlin-2022-planning#L74
-gmann