---- On Wed, 08 Jun 2022 09:43:59 -0500 Dan Smith <dms@danplanet.com> wrote ----
Julia Kreger <juliaashleykreger@gmail.com> writes:
Is that Nova's interpretation, specifically the delineation that non-project owned should only be viewable by system, or was system scope changed at some point? I interpreted it differently, but haven't circled back recently. I guess interpretation and evolution in specific pockets after initial implementation work started ultimately resulted in different perceptions.
Nope, not a Nova thing. Here's the relevant course correction from two PTGs ago:
https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rba...
Mohammed is going to be there and primed to discuss this as well. I think he's pretty well caught up on the current state of things. Having your experience with what it means in Ironic, as well as his context from the sticky implementation issues in the other projects should mean we have pretty good coverage.
Yes. and it is more than just a single service use case especially when heat discussion[1] came up and the scope complexity for heat/NVF users is brought up. We want to make sure by introducing scope at the service level which is all good for us does not break others users/tooling like heat, tacker, and deployment projects. We discussed one solution for heat[2] which is sent on ML for feedback not still now response and that is why operators' feedback is critical before we try to implement something that can break them. [1] https://etherpad.opendev.org/p/rbac-zed-ptg#L104 [2] http://lists.openstack.org/pipermail/openstack-discuss/2022-May/028490.html -gmann
Thanks!
--Dan