[all][operator][policy] Operator feedback on 'Consistent and Secure RBAC" (new design for RBAC)
juliaashleykreger at gmail.com
Wed Jun 8 05:49:18 UTC 2022
On Tue, Jun 7, 2022 at 8:10 PM Ghanshyam Mann <gmann at ghanshyammann.com>
> Hello Everyone,
> As you might know, we are redesigning the OpenStack default RBAC. The new
> design target two things:
> 1. 'new defaults (reader role)'
> 2. "Scope" concept
> It is hard to explain the details in email but the below doc is a good
> place to start understanding this:
> We as a community think 1st target (reader role) is a good thing to do and
> it will definitely be useful
> in many cases.
> But we need feedback on the "Scope" concept. To understand what it is and
> how it can impact your existing
> use case/deployment, please ref the documentation mentioned in the
> etherpad (if there is any question
> about its design/usage we are planning, feel free to reply here or contact
> us in #openstack-tc IRC channel).
> * If you are an operator, we really need your feedback if the 'Scope'
> concept is a useful thing for your deployment/use-case
> or not.
> * If you are attending events have operators also attending (for example,
> project operator feedback (like nova), forum sessions
> in berlin summit, ops meetup or any local operator event), please
> communicate about the required feedback.
> * Due to various reasons, many of us involved in RBAC work are not
> travelling to Berlin and
> we have this topic to be discussed in Berlin ops meetup but we
> require someone knowing RBAC new design moderate
> this topic. Please reach out to us if you would like to help.
I previously volunteered to facilitate this at the operators meet up and
given others have had to drop out, I discussed it with the ops meetup
leaders and will be facilitating a session with the interested operators on
I know from previous discussions I’ve had, there was quite an interest in
the system level of scope access to be able to see everything across a
system, so I suspect there is tons of value there, but our developer
perception is obvious different if we’re questioning it at this point.
> Central Etherpad to collect feedback (this can be used to collect from
> various forums/places):
> * https://etherpad.opendev.org/p/rbac-operator-feedback
>  https://etherpad.opendev.org/p/rbac-operator-feedback
>  https://etherpad.opendev.org/p/nova-berlin-meet-and-greet
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openstack-discuss