Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write Decision Record for desired domain-manager role #215

Closed
garloff opened this issue Feb 14, 2023 · 2 comments
Closed

Write Decision Record for desired domain-manager role #215

garloff opened this issue Feb 14, 2023 · 2 comments
Assignees
@markus-hentsch
Labels
IaaS Issues or pull requests relevant for Team1: IaaS IAM Issues or pull requests relevant for SIG IAM SCS-VP10 Related to tender lot SCS-VP10 standards Issues / ADR / pull requests relevant for standardization & certification upstream Implemented directly in the upstream

Comments

@garloff
Copy link
Member

garloff commented Feb 14, 2023
edited by markus-hentsch
Loading

Decisions that led to the current Domain Manager standard draft, its limitations and specifics need to be documented as a Decision Record in the standards repository.
@garloff garloff added the IaaS Issues or pull requests relevant for Team1: IaaS label Feb 14, 2023
@garloff garloff added upstream Implemented directly in the upstream IAM Issues or pull requests relevant for SIG IAM standards Issues / ADR / pull requests relevant for standardization & certification labels Feb 14, 2023
@fkr fkr mentioned this issue Feb 14, 2023
Closed
@reqa reqa changed the title Write ADR for desired domain-admin role Write ADR for desired domain-manager role Aug 9, 2023
@anjastrunk anjastrunk changed the title Write ADR for desired domain-manager role Write Decision Recordfor desired domain-manager role Aug 31, 2023
@anjastrunk anjastrunk changed the title Write Decision Recordfor desired domain-manager role Write Decision Record for desired domain-manager role Aug 31, 2023
@anjastrunk anjastrunk added the SCS-VP10 Related to tender lot SCS-VP10 label Aug 31, 2023
@anjastrunk anjastrunk mentioned this issue Aug 31, 2023
Closed
6 tasks
@markus-hentsch
Copy link
Contributor

I have marked

As a SCS Customer I have rights to manage my resources to define roles and map them to access privileges.

in the issue description for removal because it is technically impossible to achieve this.

Defining roles (along with access privileges) is only possible via each OpenStack service's policy.yaml configuration file. The RBAC privilege mappings of APIs (as per oslo.policy's policy.yaml) are not exposed via APIs and thus cannot be modified by customers. Creating and assigning roles via Keystone API has no effect unless a matching role mapping is properly included in the oslo.policy files.

@markus-hentsch markus-hentsch mentioned this issue Sep 26, 2023
Closed
@markus-hentsch
Copy link
Contributor

As agreed upon with @fkr the decision record history was integrated into the standard document itself as an appendix. It was merged together with the draft in #343.

Closing.

@github-project-automation github-project-automation bot moved this from Backlog to Done in Sovereign Cloud Stack Oct 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markus-hentsch markus-hentsch

Labels
IaaS Issues or pull requests relevant for Team1: IaaS IAM Issues or pull requests relevant for SIG IAM SCS-VP10 Related to tender lot SCS-VP10 standards Issues / ADR / pull requests relevant for standardization & certification upstream Implemented directly in the upstream
Projects
Sovereign Cloud Stack
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WIP: Add Decision Record for Domain Manager standard SovereignCloudStack/standards
3 participants
@garloff @anjastrunk @markus-hentsch