Hello Everyone, As you know, "Consistent and Secure Default RBAC" is one of the currently selected community-wide goals and we have divided it into multiple milestones (cycle)[1]. Our first milestone was Yoga release[2] and in this email, I am going to summarize the progress of Yoga timeline targets. With Lance's role change in his company and we finalized the direction in between of Yoga cycle, there is less progress than what we targeted. Gerrit Topic: https://review.opendev.org/q/topic:%2522secure-rbac%2522+(status:open+OR+status:merged) Tracking: https://etherpad.opendev.org/p/rbac-goal-tracking Completed: ========= * Keystone is already implemented the RBAC as per the new direction. * Nova completed the RBAC as per the new direction[3]. In-progress: ========= * Neutron has started the policy update as per the new direction[4]. Yoga Targets and their progress: ======================== 1. Keystone implements a new default role called manager: Spec merged[5], implementation yet to start. 2. Keystone implements a new default role called service: Spec under discussion[6] 3. Keystone enforces scope by default: Not yet done. We can do it at the start of the Zed cycle. 4. Services start implementing Phase 1: Done. The target was to do at least in one of the services and Nova completed it. 5. OpenStack-wide Personas Documentation: Not yet done. [1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#completion-date-criteria [2] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#yoga-timeline-7th-mar-2022 [3] https://blueprints.launchpad.net/nova/+spec/policy-defaults-refresh-2 [4] https://review.opendev.org/c/openstack/neutron/+/821208 [5] https://review.opendev.org/c/openstack/keystone-specs/+/818603 [6] https://review.opendev.org/c/openstack/keystone-specs/+/818616 -gmann