[all][operator][policy] Operator feedback on 'Consistent and Secure RBAC" (new design for RBAC)
gmann at ghanshyammann.com
Wed Jun 8 16:49:57 UTC 2022
---- On Wed, 08 Jun 2022 09:43:59 -0500 Dan Smith <dms at danplanet.com> wrote ----
> Julia Kreger <juliaashleykreger at gmail.com> writes:
> > Is that Nova's interpretation, specifically the delineation that
> > non-project owned should only be viewable by system, or was system
> > scope changed at some point? I interpreted it differently, but haven't
> > circled back recently. I guess interpretation and evolution in
> > specific pockets after initial implementation work started ultimately
> > resulted in different perceptions.
> Nope, not a Nova thing. Here's the relevant course correction from two
> PTGs ago:
> Mohammed is going to be there and primed to discuss this as well. I
> think he's pretty well caught up on the current state of things. Having
> your experience with what it means in Ironic, as well as his context
> from the sticky implementation issues in the other projects should mean
> we have pretty good coverage.
Yes. and it is more than just a single service use case especially when heat discussion
came up and the scope complexity for heat/NVF users is brought up. We want to make
sure by introducing scope at the service level which is all good for us does not break
others users/tooling like heat, tacker, and deployment projects.
We discussed one solution for heat which is sent on ML for feedback not still now response and that
is why operators' feedback is critical before we try to implement something that can break them.
More information about the openstack-discuss