[all][operator][policy] Operator feedback on 'Consistent and Secure RBAC" (new design for RBAC)

Dan Smith dms at danplanet.com
Thu Jun 9 13:30:08 UTC 2022

> So, one thought. Ironic views system scope as *critical* for our usage
> based upon the consensus we built before the direction change, because
> the system fundamentally is the owner/manager of $things. We can and
> likely should extend that out to project admin (granted, I suspect at
> least one ironic admin will reply with a strong -1 to such a change...
> :\. ) given the direction change. We also have had some operators jump
> on it, but... again, entirely different models of usage/interaction
> given the base state. If system scope were to suddenly disappear or be
> completely redefined, it would be a hard break for us at this point.

I don't think system scope would (or could) disappear at this point, so
I don't think there's much to worry about. I think it's totally
reasonable to say that there are certain things that a user would never
interact with directly, which are entirely system-scoped. This might be
things like ironic and maybe even placement. You could also make the
argument that a good chunk of keystone's API is system-only. If people
are already using ironic with scopes turned on, it proves the point that
it's isolated enough that it doesn't suffer from all the other problems
that caused the direction change.


More information about the openstack-discuss mailing list