[openstack-dev] [policy] AWS IAM session

Lance Bragstad lbragstad at gmail.com
Wed Oct 25 19:58:28 UTC 2017

I'm not sure how I didn't include -operators the first time around, but
adding them to this thread now.


We're going through policy/RBAC for other systems to get an idea of how
we want to shape OpenStack's policy and RBAC model. We're going to meet
next Wednesday at 15:00 UTC. The meeting will be recorded. Previous
context and information is in this thread.


On 10/25/2017 01:29 PM, Lance Bragstad wrote:
> I've recapped the notes from today's session and I'll post a follow up
> with the recording as soon as it's available. All notes can be found
> in the etherpad (agreement and outcomes are in *bold*)**[0]. Next week
> at the same time (15:00 UTC) we will continue going through AWS IAM
> flows.
> While today's discussion was helpful, it was very free-form. Let's aim
> to target a very specific flow for next week. What do we want that to be?
> Thanks!
> [0] https://etherpad.openstack.org/p/analyzing-other-policy-systems
> On 10/24/2017 02:02 PM, Lance Bragstad wrote:
>> Gentle reminder that this will be happening tomorrow. See you then!
>> On 10/20/2017 09:46 AM, Lance Bragstad wrote:
>>> I just sent a calendar invite to everyone who responded to this
>>> thread or voted in the agenda. The session will be recorded if you
>>> are unable to make it.
>>> Thanks!
>>> On 10/18/2017 10:10 AM, Lance Bragstad wrote:
>>>> Now that we have some good feedback on the doodle, it looks like we
>>>> have two sessions that will work for everyone. One is October 25th
>>>> from 15:00 - 16:00 UTC and the other is also the 25th from 16:00 -
>>>> 17:00.
>>>> Let's shoot to meet at *15:00 UTC* on *October 25th* and if the
>>>> meeting goes over, we have time allocated for that. Would anyone
>>>> like a formal calendar invite? If so, I can send one out. The
>>>> etherpad [0] will act as our "schedule", but we'll likely just work
>>>> through the cases we've documented.
>>>> Thanks!
>>>> [0] https://etherpad.openstack.org/p/analyzing-other-policy-systems
>>>> On 10/16/2017 08:45 AM, Lance Bragstad wrote:
>>>>> Sending out a gentle reminder to vote for time slots that work for
>>>>> you [0]. We'll keep the poll open for a few more days, or until we
>>>>> reach quorum. Thanks!
>>>>> [0] https://beta.doodle.com/poll/ntkpzgmcv3k6v5qu
>>>>> On 10/11/2017 01:48 PM, Lance Bragstad wrote:
>>>>>> Oh - one note about the doodle [0]. All proposed times are in
>>>>>> UTC, so just keep that in mind when selecting your availability.
>>>>>> Thanks!
>>>>>> [0] https://beta.doodle.com/poll/ntkpzgmcv3k6v5qu
>>>>>> On 10/11/2017 01:44 PM, Lance Bragstad wrote:
>>>>>>> In today's policy meeting we went through and started prepping
>>>>>>> for the session. Relevant information has been captured in the
>>>>>>> etherpad [0].
>>>>>>> We're going to hold the meeting using *Google* *Hangouts*. I'll
>>>>>>> update the etherpad with a link to the hangout once we settle on
>>>>>>> a date. If you plan on attending, please *vote* *for*
>>>>>>> *available* *times* [1]. I've proposed a bunch of time slots (4
>>>>>>> each day for the next two weeks) to try and find a time that
>>>>>>> works for everyone. People from US, AU, and EU will be trying to
>>>>>>> attended, so we're not going to find a perfect time for
>>>>>>> everyone. Having said that, *we're going to record the session*.
>>>>>>> Most of what we talked about in the meeting today uncovered the
>>>>>>> need to go over the basics of AWS IAM. That should be something
>>>>>>> we can do with a free account, which I'm going to sign up for.
>>>>>>> If we need more time we can have another session or look at
>>>>>>> options for upgrading the account.
>>>>>>> [0] https://etherpad.openstack.org/p/analyzing-other-policy-systems
>>>>>>> [1] https://doodle.com/poll/ntkpzgmcv3k6v5qu
>>>>>>> On 10/09/2017 04:23 PM, Lance Bragstad wrote:
>>>>>>>> I've put a scheduling session on the books for the next policy
>>>>>>>> meeting [0][1]. Advertising it here since folks who want to be
>>>>>>>> involved have responded to the thread.
>>>>>>>> Let's use this meeting time to iron out account details and
>>>>>>>> figure out what exactly we want to get out of the session.
>>>>>>>> [0] http://eavesdrop.openstack.org/#Keystone_Policy_Meeting
>>>>>>>> [1] https://etherpad.openstack.org/p/keystone-policy-meeting
>>>>>>>> On 10/05/2017 02:24 AM, Colleen Murphy wrote:
>>>>>>>>> On Tue, Oct 3, 2017 at 10:08 PM, Lance Bragstad
>>>>>>>>> <lbragstad at gmail.com <mailto:lbragstad at gmail.com>> wrote:
>>>>>>>>>     Hey all,
>>>>>>>>>     It was mentioned in today's keystone meeting [0] that it
>>>>>>>>>     would be useful
>>>>>>>>>     to go through AWS IAM (or even GKE) as a group. With all
>>>>>>>>>     the recent
>>>>>>>>>     policy discussions and work, it seems useful to get our
>>>>>>>>>     eyes on another
>>>>>>>>>     system. The idea would be to spend time using a video
>>>>>>>>>     conference/screen
>>>>>>>>>     share to go through and play with policy together. The end
>>>>>>>>>     result should
>>>>>>>>>     keep us focused on the implementations we're working on
>>>>>>>>>     today, but also
>>>>>>>>>     provide clarity for the long-term vision of OpenStack's
>>>>>>>>>     RBAC system.
>>>>>>>>>     Are you interested in attending? If so, please respond to
>>>>>>>>>     the thread.
>>>>>>>>>     Once we have some interest, we can gauge when to hold the
>>>>>>>>>     meeting, which
>>>>>>>>>     tools we can use, and setting up a test IAM account.
>>>>>>>>>     Thanks,
>>>>>>>>>     Lance
>>>>>>>>>     [0]
>>>>>>>>>     http://eavesdrop.openstack.org/meetings/keystone/2017/keystone.2017-10-03-18.00.log.html#l-119
>>>>>>>>>     <http://eavesdrop.openstack.org/meetings/keystone/2017/keystone.2017-10-03-18.00.log.html#l-119>
>>>>>>>>> Please count me in.
>>>>>>>>> Colleen
>>>>>>>>> __________________________________________________________________________
>>>>>>>>> OpenStack Development Mailing List (not for usage questions)
>>>>>>>>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171025/30212a4f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171025/30212a4f/attachment.sig>

More information about the OpenStack-dev mailing list