Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Put PS recommendations into a proposal / ADR #284

Merged
merged 11 commits into from
Aug 2, 2023
Merged

Put PS recommendations into a proposal / ADR #284

merged 11 commits into from
Aug 2, 2023

Conversation

JuanPTM
Copy link
Contributor

@JuanPTM JuanPTM commented May 1, 2023
edited
Loading

@JuanPTM JuanPTM changed the title Put PS recommendations into a proposal / ADR #317 Put PS recommendations into a proposal / ADR May 1, 2023
@reqa reqa assigned reqa and unassigned reqa May 3, 2023
@reqa reqa self-requested a review May 3, 2023 10:00
@garloff garloff self-requested a review May 17, 2023 10:26
garloff
garloff reviewed Jun 7, 2023
View reviewed changes
Copy link
Contributor

@garloff garloff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like we have to document what we mean with "domain admin group" ...
Customers have at least two roles:

  • "Domain admins" can do things like creating projects, creating users and granting users access to some projects (within the domain of course)
  • "Users" can create and view resources within the projects that they have been granted access to by the "domain admin"
    The thus defined terms then can be matched against PS recommendations.

Drafts/scs-XXXX-v0-naming-conventions.md Outdated Show resolved Hide resolved
Drafts/scs-XXXX-v0-naming-conventions.md Outdated
```

For the customer also a domain admin group and a project admin group are
created. This are not related in any way with openstack. This groups use
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"These are not related in any way with OpenStack." (note the corrected spelling)
I don't understand this statement though.
Later on we execute commands openstack group create gd000001-member and
openstack role add --group gd000001-member --project p000001-scs_dev_project $role; openstack role add --group gp000001-scs_dev_project-member --project p000001-scs_dev_project $role
so the "domain admin group" and "project admin group" concepts seems to correspond to OpenStack concepts ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, this is a misunderstanding from the notes .

In the notes it says:

hint: “domain admin” and “project admin” are from a customers point of view, they are NOT in anyway related to the openstack admin role

frosty-geek
frosty-geek approved these changes Jun 8, 2023
View reviewed changes
Copy link
Member

@frosty-geek frosty-geek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

reqa
reqa requested changes Jun 9, 2023
View reviewed changes
Copy link
Contributor

@reqa reqa left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've made a proposal to address Kurts' comments.

Drafts/scs-XXXX-v0-naming-conventions.md Outdated Show resolved Hide resolved
Drafts/scs-XXXX-v0-naming-conventions.md Outdated Show resolved Hide resolved
reqa
reqa requested changes Jun 13, 2023
View reviewed changes
Copy link
Contributor

@reqa reqa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Proposals to make the github markdown linter happy.

Drafts/scs-XXXX-v0-naming-conventions.md Outdated Show resolved Hide resolved
Drafts/scs-XXXX-v0-naming-conventions.md Outdated Show resolved Hide resolved
reqa
reqa requested changes Jun 14, 2023
View reviewed changes
Copy link
Contributor

@reqa reqa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate line

@frosty-geek
Copy link
Member

this still looks good to me... @garloff i guess this only needs a number assigned to it or is there anything else left to do here?

@JuanPTM
Copy link
Contributor Author

JuanPTM commented Jul 5, 2023
edited
Loading

Added block with federation information

Juan Pedro Torres and others added 9 commits July 6, 2023 15:03
@reqa
Put PS recommendations into a proposal / ADR #317
e4dd47e 
Signed-off-by: Juan Pedro Torres <torres-munoz.extern@univention.de>
@reqa
added suggestions from MR
ee06619 
Signed-off-by: Juan Pedro Torres <torres-munoz.extern@univention.de>
@JuanPTM @reqa
Update Drafts/scs-XXXX-v0-naming-conventions.md
b6592be 
Co-authored-by: Arvid Requate <reqa@users.noreply.github.com>
Signed-off-by: Juan Pedro Torres <JuanP.95.torres@gmail.com>
@JuanPTM @reqa
Update Drafts/scs-XXXX-v0-naming-conventions.md
5c767f5 
Co-authored-by: Arvid Requate <reqa@users.noreply.github.com>
Signed-off-by: Juan Pedro Torres <JuanP.95.torres@gmail.com>
@JuanPTM @reqa
Apply suggestions from code review
4265570 
Co-authored-by: Arvid Requate <reqa@users.noreply.github.com>
Signed-off-by: Juan Pedro Torres <JuanP.95.torres@gmail.com>
@JuanPTM @reqa
Update scs-XXXX-v0-naming-conventions.md
40c1cda 
remove duplicate line

Signed-off-by: Juan Pedro Torres <JuanP.95.torres@gmail.com>
@reqa
Added federation notes regarding naming
dcc1ab1 
Signed-off-by: Juan Pedro Torres <torres-munoz.extern@univention.de>
@reqa
fixup
0d5178f 
Signed-off-by: Juan Pedro Torres <torres-munoz.extern@univention.de>
@reqa
lint fix
8a1322d 
Signed-off-by: Juan Pedro Torres <torres-munoz.extern@univention.de>
@fkr fkr added the IAM Issues or pull requests relevant for SIG IAM label Jul 25, 2023
@fkr fkr added this to the R5 (v6.0.0) milestone Jul 25, 2023
@fkr fkr requested a review from garloff July 25, 2023 18:29
@garloff
Copy link
Contributor

garloff commented Jul 26, 2023

Number 0301 would seem appropriate (track IAM, next free number).
This is a (draft) standard -- and we should have an good discussion whether or not we can make this certification agreement or whether it is a recommendation (and thus optional) only, I guess.

@fkr
Copy link
Member

fkr commented Jul 26, 2023

One point that I also emphasized in a few calls: By releasing recommendations we have a very good way of moving CSPs towards adopting good/better practices BEFORE we than (once they've been more and more adopted) move it from recommendation to mandatory.
So releasing something as a recommendation is a very good stepping stone without placing the burden of a mandatory item on everyone from the beginning.

@garloff
Copy link
Contributor

garloff commented Aug 2, 2023

Sidenote: No need to fork the repository. Please create a branch.
Feature branches would have names like feat/add-naming-convention, so you'd do

git checkout main
git pull
git checkout -b feat/add-naming-convention
[...]

to create the branch and work on it.
Next time ...

@garloff garloff merged commit 8dd1261 into SovereignCloudStack:main Aug 2, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frosty-geek frosty-geek frosty-geek approved these changes

@reqa reqa reqa approved these changes

@garloff garloff Awaiting requested review from garloff

Assignees
No one assigned
Labels
IAM Issues or pull requests relevant for SIG IAM
Projects
Sovereign Cloud Stack
Archived in project
Milestone
R5 (v6.0.0)
Development

Successfully merging this pull request may close these issues.
5 participants
@JuanPTM @frosty-geek @garloff @fkr @reqa