[Forum] Feedback - Proposed Forum Schedule
Ben Nemec
openstack at nemebean.com
Wed Mar 20 16:13:46 UTC 2019
On 3/20/19 10:21 AM, Mohammed Naser wrote:
> On Wed, Mar 20, 2019 at 10:40 AM Matt Riedemann <mriedemos at gmail.com> wrote:
>>
>> On 3/18/2019 4:40 PM, melanie witt wrote:
>>> I wanted to run the idea by operators and users to get feedback.
>>
>> Let me be frank and ask if we (nova) have specific operators and users
>> that are clamoring for these changes and if so, do they plan on not only
>> attending the session but engaging in the development of these pretty
>> massive shifts in how nova works? I know we've been talking about this
>> stuff for a long time, but the demand just doesn't feel like it's there
>> from the operators community, and as a development team we're already
>> spread thin.
>
> I think implementing the new RBAC stuff is pretty important. We've had
> countless requests on things like a "read-only" user which is not currently
> achievable without quite a significant overhaul of the existing policies.
Yep, we have multiple customers who have asked for this and up until now
the only way we've been able to do it is to rewrite most of the policy
rules for every service. That's extremely error-prone and difficult to
maintain.
Also, doesn't this work address the longstanding complaint about there
being no way to scope an admin account to a single project?
I know at one point we had someone who was doing work upstream to
improve this, but I think that kind of tailed off. It seems like there
is a compelling business case for us to have someone work on this, but
the business and I have disagreed on the definition of "compelling"
before, so I make no promises. :-)
More information about the openstack-discuss
mailing list