Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stabilize Domain Manager Role Standard #586

Merged
merged 11 commits into from
Nov 13, 2024
Merged

Stabilize Domain Manager Role Standard #586

merged 11 commits into from
Nov 13, 2024

Conversation

markus-hentsch
Copy link
Contributor

Moves Domain Manager Standard from Draft to Stable

@markus-hentsch
Copy link
Contributor Author

markus-hentsch commented May 7, 2024
edited
Loading

Currently blocked by #585 (obsolete)

Currently blocked by:

  • figure out which Keystone release is the earliest that supports enforce_scope/enforce_new_defaults in conjunction with the Domain Manager implementation of this standard
    • if it is 2024.2, wait until it is released and couple the standard to this version
    • if it is a version already released for the next SCS release, stabilize this standard

@markus-hentsch
Copy link
Contributor Author

Currently blocked by #585 (obsolete)

Currently blocked by:

  • figure out which Keystone release is the earliest that supports enforce_scope/enforce_new_defaults in conjunction with the Domain Manager implementation of this standard

    • if it is 2024.2, wait until it is released and couple the standard to this version
    • if it is a version already released for the next SCS release, stabilize this standard

Since the upcoming SCS release R7 will be based on 2024.1 ("Caracal"), I tested the stable/2024.1 branch of Keystone with the enforce_scope/enforce_new_defaults options on my DevStack together with the Domain Manager standard policy rules and can confirm it works without issue. Hence:

  • the limitation about Domain Managers being able to see all domains will not be an issue anymore in R7 (2024.1 contains the bugfix for that)
  • we do not need to require disabling enforce_scope/enforce_new_defaults for the SCS Domain Manager implementation to work
  • the transition from SCS implementation to native Domain Manager in future OpenStack releases will be seamless for users (same behavior)

Since the native integration of Domain Manager in upstream OpenStack won't be available before 2024.2 ("Dalmatian"), we should stabilize this standard for SCS R7 to have a transitional solution and feature availability until an SCS release will be based on 2024.2 or later.

I adjusted the standard accordingly and added a note about the upcoming native integration.

@markus-hentsch markus-hentsch force-pushed the domain-manager-stabilize branch 3 times, most recently from 1df5d77 to c93a237 Compare August 30, 2024 14:47
@markus-hentsch markus-hentsch added the SCS-VP10 Related to tender lot SCS-VP10 label Aug 30, 2024
@markus-hentsch markus-hentsch marked this pull request as ready for review August 30, 2024 15:00
This was referenced Aug 30, 2024
Draft
Open
@markus-hentsch markus-hentsch marked this pull request as draft September 11, 2024 09:23
@markus-hentsch
Copy link
Contributor Author

Moving this PR back to draft as a result of today's IaaS community call discussion:

Standard is still relevant with respect to the concept, as this does not change. Our implementation with policy.yaml will become obsolete with 2024.2 -- move the description of implementation and a note that the downstrweam implementation should be dropped with the upgrade to 2024.2 to the "test and implementation notes" document. Merge this standard as stable as soon as this is done. Could be included as a recommended requirement in SCS-compatible IaaS-v5 (late Oct/early Nov).

@markus-hentsch
Copy link
Contributor Author

Moving this PR back to draft as a result of today's IaaS community call discussion:

Standard is still relevant with respect to the concept, as this does not change. Our implementation with policy.yaml will become obsolete with 2024.2 -- move the description of implementation and a note that the downstrweam implementation should be dropped with the upgrade to 2024.2 to the "test and implementation notes" document. Merge this standard as stable as soon as this is done. Could be included as a recommended requirement in SCS-compatible IaaS-v5 (late Oct/early Nov).

I split the standard into standard and implementation notes and moved the SCS downstream implementation using API policies into the implementation notes. I rewrote the standard section and implementation notes' introduction to differentiate between OpenStack Keystone releases and also integrated some upgrade instructions about dropping the old policies.

With this, the standard should now be fully agnostic concerning the Keystone version and can be applied universally.

Removing the draft marker.

@markus-hentsch markus-hentsch marked this pull request as ready for review September 17, 2024 12:12
josephineSei
josephineSei reviewed Sep 18, 2024
View reviewed changes
Standards/scs-0302-v1-domain-manager-role.md Outdated
@@ -1,17 +1,27 @@
---
title: Domain Manager configuration for Keystone
type: Standard
status: Draft
status: Stable
stabilized_at: 2024-08-30
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please do not forget to update the date, when merging :)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh and did we discuss to stabilize this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here: https://github.com/SovereignCloudStack/minutes/blob/main/iaas/20240911.md#domain-manager-standard-markus-hentsch

josephineSei
josephineSei reviewed Sep 18, 2024
View reviewed changes
Copy link
Contributor

@josephineSei josephineSei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall a good split. I have made a few comments inline.

Standards/scs-0302-v1-domain-manager-role.md Outdated Show resolved Hide resolved
Standards/scs-0302-v1-domain-manager-role.md Outdated Show resolved Hide resolved
Standards/scs-0302-v1-domain-manager-role.md Outdated
@@ -1,17 +1,27 @@
---
title: Domain Manager configuration for Keystone
type: Standard
status: Draft
status: Stable
stabilized_at: 2024-08-30
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh and did we discuss to stabilize this?

Standards/scs-0302-w1-domain-manager-implementation-notes.md Show resolved Hide resolved
josephineSei
josephineSei approved these changes Sep 23, 2024
View reviewed changes
Copy link
Contributor

@josephineSei josephineSei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall I think this is in a good shape. Just that one line removal please ;)

Standards/scs-0302-w1-domain-manager-implementation-notes.md Show resolved Hide resolved
@mbuechse mbuechse mentioned this pull request Nov 6, 2024
Open
@mbuechse
Copy link
Contributor

mbuechse commented Nov 6, 2024

Note that the link check only fails because this isn't yet merged...

markus-hentsch and others added 9 commits November 13, 2024 09:40
@markus-hentsch @mbuechse
Stabilize Domain Manager Role Standard
3a085b5 
Moves Domain Manager Standard from Draft to Stable

Signed-off-by: Markus Hentsch <[email protected]>
@markus-hentsch @mbuechse
Restructure standard to align with updated template
2deeeb0 
Signed-off-by: Markus Hentsch <[email protected]>
@markus-hentsch @mbuechse
Remove outdated limitation not applicable to 2024.1
8972b9e 
Signed-off-by: Markus Hentsch <[email protected]>
@markus-hentsch @mbuechse
Add info admonition banner for upcoming native integration
cfd4815 
Signed-off-by: Markus Hentsch <[email protected]>
@markus-hentsch @mbuechse
Add stabilization date
0589e42 
Signed-off-by: Markus Hentsch <[email protected]>
@markus-hentsch @mbuechse
Restructure and update Domain Manager standard
2e7b409 
Split standard into standard document and implementation notes.
Move the downstream policy-based implementation into the implementation
notes and differentiate instructions based on the Keystone release used.
Add the upstream spec to related documents and update the standard
according to the latest changes.

Signed-off-by: Markus Hentsch <[email protected]>
@markus-hentsch @mbuechse
Be more explicit about upgrade to native integration
5fbf13c 
Signed-off-by: Markus Hentsch <[email protected]>
@markus-hentsch @mbuechse
Address review comments
be64f62 
Signed-off-by: Markus Hentsch <[email protected]>
@markus-hentsch @josephineSei @mbuechse
Update Standards/scs-0302-w1-domain-manager-implementation-notes.md
c67d6e5 
Co-authored-by: josephineSei <[email protected]>
Signed-off-by: Markus Hentsch <[email protected]>
@mbuechse mbuechse merged commit 0cccea1 into main Nov 13, 2024
7 of 8 checks passed
@mbuechse mbuechse deleted the domain-manager-stabilize branch November 13, 2024 09:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josephineSei josephineSei josephineSei approved these changes

@gtema gtema gtema approved these changes

Assignees
No one assigned
Labels
SCS-VP10 Related to tender lot SCS-VP10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@markus-hentsch @mbuechse @gtema @josephineSei