settingsLogin | Registersettings


Experts on rbac

Armando_M.   Adam_Young   Lance_Bragstad

Recent questions tagged rbac

0 votes
0 responses 4 views

Hey all, We noticed a couple days ago that the feedback session for the policy roadmap [0] conflicted with feedback for application credentials [1]. To avoid having to split the team for coverage, we've moved the RBAC roadmap session to ...

asked Nov 3, 2017 in openstack-dev by Lance_Bragstad (11,080 points)   2 3 4
0 votes
18 responses 18 views

So the application credentials spec has merged - huge thanks to Monty and the Keystone team for getting this done: ...

asked Oct 30, 2017 in openstack-dev by Zane_Bitter (21,640 points)   3 5 9
4 x  
0 votes
16 responses 14 views

Hey all, It was mentioned in today's keystone meeting [0] that it would be useful to go through AWS IAM (or even GKE) as a group. With all the recent policy discussions and work, it seems useful to get our eyes on another system. The idea ...

asked Oct 18, 2017 in openstack-dev by Lance_Bragstad (11,080 points)   2 3 4
10 x  
0 votes
2 responses 8 views

The OpenStack Forum Committee is pleased to present the draft of our Forum schedule! I can attest that the discussions were pretty intense, as we went 2.5 hours over our original meeting time. Thanks again to the committee for the patience ...

asked Oct 12, 2017 in openstack-dev by Mike_Perez (13,120 points)   2 3 4
3 x  
0 votes
22 responses 29 views

On Wednesday at the PTG, TripleO held a session around our current use of Ansible and how to move forward. I'll summarize the results of the session. Feel free to add anything I forgot and provide any feedback or questions. We discussed the ...

asked Oct 11, 2017 in openstack-dev by James_Slagle (7,000 points)   1 3 3
3 x  
0 votes
0 responses 6 views

Hey all, In the weekly meeting on Tuesday, we talked about possible forum sessions for Sydney. I proposed the following based on the etherpad [0]. * Keystone User & Operator Feedback [1] * Application Credentials Feedback [2] * RBAC/Policy ...

asked Sep 28, 2017 in openstack-dev by Lance_Bragstad (11,080 points)   2 3 4
0 votes
0 responses 272 views

I'm having a real head-scratcher with Ocata glance right now. v1 API is deprecated and marked for deletion in Pike, so creating images from a remote URL is not as easy as it used to be. When using Horizon to create an image, setting the ...

asked Aug 16, 2017 in openstack-operators by Abel_Lopez (4,820 points)   1 3 4
0 votes
41 responses 47 views

Trove has evolved rapidly over the past several years, since integration in IceHouse when it only supported single instances of a few databases. Today it supports a dozen databases including clusters and replication. The user survey [1] ...

asked Jul 18, 2017 in openstack-dev by amrith.kumar_at_gmai (3,580 points)   2 2
0 votes
2 responses 4 views

Hello, operators, If you have moved mission critical application to OpenStack cloud, it's running in one region or multi-region? Or if you plan to move your mission critical applications to OpenStack based cloud, what's your proposal to ...

asked Jul 18, 2017 in openstack-operators by joehuang (17,140 points)   2 5 8
0 votes
20 responses 14 views

Hi everyone, One of the areas identified as a priority by the Board + TC + UC workshop in March was the need to better close the feedback loop and make unanswered requirements emerge. Part of the solution is to ensure that groups that look ...

asked Jul 5, 2017 in openstack-dev by Thierry_Carrez (57,480 points)   3 8 12
2 x  
0 votes
1 response 10 views

Hi, Current gnocchi code supports RBAC at operation level [gnocchi/gnocchi/rest/policy.json]. Is it possible to add RBAC for attributes in a resource? For eg: Restrict resource search/show should display specific attributes only when query ...

asked Jun 23, 2017 in openstack-dev by Deepthi_V_V (280 points)  
0 votes
22 responses 5 views

Hey all, To date we have two proposed solutions for tackling the admin-ness issue we have across the services. One builds on the existing scope concepts by scoping to an admin project [0]. The other introduces global role assignments [1] as ...

asked May 31, 2017 in openstack-dev by Lance_Bragstad (11,080 points)   2 3 4
0 votes
8 responses 142 views

Hi, after a first test architecture of openstack (juno then upgrade to kilo), installed from scratch, and because we use Ansible in our organization, we decided to deploy our next openstack generation architecture from the project ...

asked May 29, 2017 in openstack-dev by Fabrice_Grelaud (780 points)   3 5
0 votes
0 responses 4 views

These are my reflections on the three VM and Baremetal working group sessions at the summit. Many thanks to everyone who was able to attend and helped kick start these discussions. The etherpad is available here: ...

asked May 19, 2017 in openstack-operators by John_Garbutt (15,460 points)   3 4 5
0 votes
6 responses 13 views

Yes, I am recreating the wheels :-) I am sending this email not intend to say Qinling[1] project is a better option than others as a project of function as a service, I just provide another possibility for developers/operators already in ...

asked May 16, 2017 in openstack-dev by Lingxian_Kong (5,600 points)   1 3 4
0 votes
0 responses 8 views

Hey all, We have a couple sessions to start off the week and I wanted to send out the links to the etherpads [0] [1] [2]. Let me know if you have any questions. Otherwise feel free to catch up or pre-populate the etherpads with content if ...

asked May 8, 2017 in openstack-dev by Lance_Bragstad (11,080 points)   2 3 4
0 votes
0 responses 4 views

Hi all, I spent some time today summarizing a discussion [0] about global roles. I figured it would help build some context for next week as there are a couple cross project policy/RBAC sessions at the Forum. The first patch is a very ...

asked May 5, 2017 in openstack-dev by Lance_Bragstad (11,080 points)   2 3 4
0 votes
1 response 3 views

We ended up cancelling today's policy meeting, but policy discussions carried on throughout the day in #openstack-keystone [0]. We have several specs up for review [1][2][3][4]. Some are nova specs and a couple are proposed to keystone. ...

asked Apr 6, 2017 in openstack-dev by Lance_Bragstad (11,080 points)   2 3 4
0 votes
3 responses 1 view

If I create networks in a project and define the networks to be non-shared, I still can use these networks from other projects. Not via Horizon but via the Openstack CLI commands (openstack, nova, neutron etc) and via Heat (heat templates ...

asked Apr 6, 2017 in openstack by Lars-Erik_Helander (560 points)   1 1
0 votes
3 responses 19 views

Hello, folks: As i known, the secrets are saved in a user's domain, and other project/user can not retrieve the secrets. But i have a situation that many users need retrieve a same secret. After looking into the castellan usage, I see the ...

asked Mar 31, 2017 in openstack-dev by (260 points)