[all][tc][policy] Progress report of consistent and secure default policies pop-up team

Ghanshyam Mann gmann at ghanshyammann.com
Fri Dec 11 01:13:06 UTC 2020

Hello Everyone,

Please find this month's progress on  'Consistent and Secure Default Policies Popup Team'.

Meeting notes:

* We discussed progress on policy format migration from JSON->YAML and updates required in oslo.upgradecheck is merged now.
* As you saw in another email thread by Lance[1], he has started the work on many projects. We will be adding the test coverage also
in those, I will be able to help lance on some of them in next month.
* We will define the common personas in oslo.policy for reusing it on the service side[2]
* Below are the 'Action items, by person':
** gmann to check with abhishekk on glance point in meeting agenda
** gmann to push common persona on oslo policy and release 3.6.1 and lbragstad to review that
** lbragstad/gmann to push common persona on Oslo policy and release 3.6.1 and lbragstad to review that
** lbragstad to finish placement as first
** raildo to update https://review.opendev.org/#/c/743318/

Progress so far:
* Popup team meet twice in a month and discuss and work on progress and pre-work to do.
   - https://wiki.openstack.org/wiki/Consistent_and_Secure_Default_Policies_Popup_Team#Meeting

* Pre-work to provide a smooth migration path to the new policy
<here we will add any pre-work we need to do before more project start moving towards new policy>

** Migrate Default Policy Format from JSON to YAML
- This is now a community-wide goal, refer my separate ML thread for progress
- https://review.opendev.org/q/topic:%22policy-json-to-yaml%22+(status:open%20OR%20status:merged)

** Improving documentation about target resources (oslo.policy)
- https://bugs.launchpad.net/oslo.policy/+bug/1886857
- raildo pushed the patch which is under review: https://review.opendev.org/#/c/743318/

* Team Progress: (list of a team interested or have volunteer to work)

** Keystone (COMPLETED; use as a reference)

** Nova (COMPLETED; use as a reference)

** Cyborg (COMPLETED)

** Work started in other projects
*** https://review.opendev.org/q/topic:%22secure-rbac%22+(status:open%20OR%20status:merged)

[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019313.html
[2] https://review.opendev.org/c/openstack/oslo.policy/+/766536


More information about the openstack-discuss mailing list