[all][operator][policy] Operator feedback on 'Consistent and Secure RBAC" (new design for RBAC)

Ghanshyam Mann gmann at ghanshyammann.com
Tue Jun 7 18:05:40 UTC 2022

Hello Everyone,

As you might know, we are redesigning the OpenStack default RBAC. The new design target two things:

1. 'new defaults (reader role)'
2. "Scope" concept

It is hard to explain the details in email but the below doc is a good place to start understanding this:
- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html

We as a community think 1st target (reader role) is a good thing to do and it will definitely be useful
in many cases.

But we need feedback on the "Scope" concept. To understand what it is and how it can impact your existing
use case/deployment, please ref the documentation mentioned in the etherpad[1] (if there is any question
about its design/usage we are planning, feel free to reply here or contact us in #openstack-tc IRC channel).

* If you are an operator, we really need your feedback if the 'Scope' concept is a useful thing for your deployment/use-case
  or not.

* If you are attending events have operators also attending (for example, project operator feedback (like nova[2]), forum sessions
   in berlin summit, ops meetup or any local operator event), please communicate about the required feedback.

* Due to various reasons, many of us involved in RBAC work are not travelling to Berlin and
   we have this topic to be discussed in Berlin ops meetup[3] but we require someone knowing RBAC new design moderate
   this topic. Please reach out to us if you would like to help.

Central Etherpad to collect feedback (this can be used to collect from various forums/places):

*  https://etherpad.opendev.org/p/rbac-operator-feedback

[1] https://etherpad.opendev.org/p/rbac-operator-feedback
[2] https://etherpad.opendev.org/p/nova-berlin-meet-and-greet


More information about the openstack-discuss mailing list