I am in the process of standardizing[0] the role names in WMCS cloud-vps
to conform with upstream conventions[1]. That requires me to rename two
existing user roles, 'user' and 'projectadmin':
- The role previously called 'user' will now be called 'reader'
- The role previously called 'projectadmin' will now be called 'member'
Despite the (IMO) less obvious names, a 'reader' can still log into
project VMs, and a 'member' can still create and delete VMs. Taavi has
thoughtfully upgraded the documentation about what roles can do what;
the complete docs can be found at
https://wikitech.wikimedia.org/wiki/Help:Cloud_services_user_roles_and_righ…
This renaming is phase one; phase two will involve switching to the
default upstream access rules for these two new roles.
Right now the old and new roles are co-existing in our system, but soon
I will entirely delete the old 'user' and 'projectadmin' roles. In the
meantime, please let me know if you find stray references to the old
role names, or if you find yourself unable to perform Horizon actions[1]
that you were previously able to do. Or, more seriously, able to do
things that you were not previously able to do!
Sorry for any inconvenience caused!
-Andrew
[0] Our OpenStack deployment has a very long history; it is older than
most deployments. That means that many conventions established in our
cloud now differ from the consensus standards created among newer
clouds. Periodically I try to update our cloud to conform to these new
standards; it reduces tech debt and also increases the chances that
official OpenStack documentation will be useful to our users.
[1]
https://phabricator.wikimedia.org/T330759
[2] There is one edge case in Horizon that may require you to switch
projects in order to refresh the role permissions.
_______________________________________________
Cloud-announce mailing list -- cloud-announce(a)lists.wikimedia.org
List information:
https://lists.wikimedia.org/postorius/lists/cloud-announce.lists.wikimedia.…