[all][tc][goals] : Consistent and Secure Default RBAC: Yoga Timeline updates

Ghanshyam Mann gmann at ghanshyammann.com
Fri Mar 25 15:49:37 UTC 2022

Hello Everyone,

As you know, "Consistent and Secure Default RBAC" is one of the currently selected
community-wide goals and we have divided it into multiple milestones (cycle)[1].

Our first milestone was Yoga release[2] and in this email, I am going to summarize the
progress of Yoga timeline targets. With Lance's role change in his company and we
finalized the direction in between of Yoga cycle, there is less progress than what we

Gerrit Topic: https://review.opendev.org/q/topic:%2522secure-rbac%2522+(status:open+OR+status:merged)
Tracking: https://etherpad.opendev.org/p/rbac-goal-tracking

* Keystone is already implemented the RBAC as per the new direction.
* Nova completed the RBAC as per the new direction[3].

* Neutron has started the policy update as per the new direction[4].

Yoga Targets and their progress:
1. Keystone implements a new default role called manager:
Spec merged[5], implementation yet to start.

2. Keystone implements a new default role called service:
Spec under discussion[6]

3. Keystone enforces scope by default:
Not yet done. We can do it at the start of the Zed cycle.

4. Services start implementing Phase 1:
Done. The target was to do at least in one of the services and Nova completed it.

5. OpenStack-wide Personas Documentation:
Not yet done.

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#completion-date-criteria
[2] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#yoga-timeline-7th-mar-2022
[3] https://blueprints.launchpad.net/nova/+spec/policy-defaults-refresh-2
[4] https://review.opendev.org/c/openstack/neutron/+/821208
[5] https://review.opendev.org/c/openstack/keystone-specs/+/818603
[6] https://review.opendev.org/c/openstack/keystone-specs/+/818616


More information about the openstack-discuss mailing list