[openstack-dev] This is what disabled-by-policy should look like to the user
Adam Young
ayoung at redhat.com
Wed Sep 9 03:36:37 UTC 2015
On 09/06/2015 03:31 PM, Duncan Thomas wrote:
>
>
> On 5 Sep 2015 05:47, "Adam Young" <ayoung at redhat.com
> <mailto:ayoung at redhat.com>> wrote:
>
> > Then let my Hijack:
> >
> > Policy is still broken. We need the pieces of Dynamic policy.
> >
> > I am going to call for a cross project policy discussion for the
> upcoming summit. Please, please, please all the projects attend. The
> operators have made it clear they need better policy support.
>
> Can you give us a heads up on the perceived shortcomings, please,
> together with an overview of any proposed changes? Turning up to a
> session to hear, unprepared, something that can be introduced in
> advance over email so that people can ruminate on the details and be
> better prepared to discuss them is probably more productive than
> expecting tired, jet-lagged people to think on their feet.
>
> In general, I think the practice of introducing new things at design
> summits, rather than letting people prepare, is slowing us down as a
> community.
>
I've been harping o0n this for a while, both at summits and before.
It starts with:
https://bugs.launchpad.net/keystone/+bug/968696
We can't fix that until we have an approach that lets us unstick the
situations where we need a global admin.
This was the start of it:
https://adam.younglogic.com/2014/11/dynamic-policy-in-keystone/
Submitted this overview spec (which was termed not implementable because
it was an overview)
https://review.openstack.org/#/c/147651/
and a bunch of supporting specs:
https://review.openstack.org/#/q/status:open+project:openstack/keystone-specs+branch:master+topic:dynamic-policy,n,z
We've m,ade very little progress on this since this point 6 months ago.
Had a cross project policy discussion in Vancouver. It was almost all
Keystone folks, with a very few people from other projects.
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150908/b8154cb4/attachment.html>
More information about the OpenStack-dev
mailing list