Open Stack

Hi,

Dnia piątek, 19 marca 2021 08:20:13 CET Slawek Kaplonski pisze:
> Hi,
> 
> First of all sorry for sending it so late - I simply forgot to send this 
email
> yesterday :)
> For today's drivers meeting we have 1 RFE to discuss:
> * https://bugs.launchpad.net/neutron/+bug/1904559 - it is continuation of 
the
> discussion from last week. Michael Johnson from Designate team provided his
> feedack on it so I think that based on that we can make final decision about
> that RFE on our today's meeting.
> 
> --
> Slawek Kaplonski
> Principal Software Engineer
> Red Hat

One more thing. I would also want to talk about patch [1].
Long story short problem which we have with that is that with new secure rbac 
policies we have personas like SYSTEM_ADMIN and PROJECT_ADMIN. SYSTEM_ADMIN 
don't have any project_id in context.
We set some policies like e.g. create network with provider:physical_network 
given to be available only for SYSTEM_ADMIN user. And the issue with that is 
that such SYSTEM_ADMIN user needs to always pass --project_id as a parameter 
if wants to create such network as network has to have owner and there is no 
project_id in context of such request.
And my question for discussion is: should we relax our default policies as 
patch [1] proposes or not. We discussed that on last team meeting on Tuesday 
but I'm still not convinced if we should really do it. So I want to discuss 
that once again today :)

[1] https://review.opendev.org/c/openstack/neutron/+/780978

-- 
Slawek Kaplonski
Principal Software Engineer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210319/e9282be4/attachment.sig>