-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Put PS recommendations into a proposal / ADR #284
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like we have to document what we mean with "domain admin group" ...
Customers have at least two roles:
- "Domain admins" can do things like creating projects, creating users and granting users access to some projects (within the domain of course)
- "Users" can create and view resources within the projects that they have been granted access to by the "domain admin"
The thus defined terms then can be matched against PS recommendations.
``` | ||
|
||
For the customer also a domain admin group and a project admin group are | ||
created. This are not related in any way with openstack. This groups use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"These are not related in any way with OpenStack." (note the corrected spelling)
I don't understand this statement though.
Later on we execute commands openstack group create gd000001-member
and
openstack role add --group gd000001-member --project p000001-scs_dev_project $role; openstack role add --group gp000001-scs_dev_project-member --project p000001-scs_dev_project $role
so the "domain admin group" and "project admin group" concepts seems to correspond to OpenStack concepts ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, this is a misunderstanding from the notes .
In the notes it says:
hint: “domain admin” and “project admin” are from a customers point of view, they are NOT in anyway related to the openstack admin role
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've made a proposal to address Kurts' comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Proposals to make the github markdown linter happy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Duplicate line
this still looks good to me... @garloff i guess this only needs a number assigned to it or is there anything else left to do here? |
Added block with federation information |
Signed-off-by: Juan Pedro Torres <torres-munoz.extern@univention.de>
Signed-off-by: Juan Pedro Torres <torres-munoz.extern@univention.de>
Co-authored-by: Arvid Requate <reqa@users.noreply.github.com> Signed-off-by: Juan Pedro Torres <JuanP.95.torres@gmail.com>
Co-authored-by: Arvid Requate <reqa@users.noreply.github.com> Signed-off-by: Juan Pedro Torres <JuanP.95.torres@gmail.com>
Co-authored-by: Arvid Requate <reqa@users.noreply.github.com> Signed-off-by: Juan Pedro Torres <JuanP.95.torres@gmail.com>
remove duplicate line Signed-off-by: Juan Pedro Torres <JuanP.95.torres@gmail.com>
Signed-off-by: Juan Pedro Torres <torres-munoz.extern@univention.de>
Number 0301 would seem appropriate (track IAM, next free number). |
One point that I also emphasized in a few calls: By releasing recommendations we have a very good way of moving CSPs towards adopting good/better practices BEFORE we than (once they've been more and more adopted) move it from recommendation to mandatory. |
Signed-off-by: Kurt Garloff <kurt@garloff.de>
Sidenote: No need to fork the repository. Please create a branch. git checkout main
git pull
git checkout -b feat/add-naming-convention
[...] to create the branch and work on it. |
SovereignCloudStack/issues#317