Adam Young discusses OpenStack’s access policy, then deep dives to create a self trust in Keystone while Lars Kellogg-Stedman helps us manage USB gadgets using systemd as well as using ansible to integrate a password management service, then Pablo Iranzo Gómez shows how OpenStack contributions are peer reviewed.
Scoped and Unscoped access policy in OpenStack by Adam Young
Ozz did a fantastic job laying out the rules around policy. This article assumes you’ve read that. I’ll wait. I’d like to dig a little deeper into how policy rules should be laid out, and a bit about the realities of how OpenStack policy has evolved. OpenStack uses the policy mechanisms describe to limit access to various APIs. In order to make sensible decisions, the policy engine needs to know some information about the request, and the user that is making it.
Systemd unit for managing USB gadgets by Lars Kellogg-Stedman
The Pi Zero (and Zero W) have support for acting as a USB gadget: that means that they can be configured to act as a USB device — like a serial port, an ethernet interface, a mass storage device, etc. There are two different ways of configuring this support. The first only allows you to configure a single type of gadget at a time, and boils down to: Enable the dwc2 overlay in /boot/config.txt, Reboot, modprobe g_serial.
Integrating Bitwarden with Ansible by Lars Kellogg-Stedman
Bitwarden is a password management service (like LastPass or 1Password). It’s unique in that it is built entirely on open source software. In addition to the the web UI and mobile apps that you would expect, Bitwarden also provides a command-line tool for interacting with the your password store.
Creating a Self Trust In Keystone by Adam Young
Lets say you are an administrator of an OpenStack cloud. This means you are pretty much all powerful in the deployment. Now, you need to perform some operation, but you don’t want to give it full admin privileges? Why? well, do you work as root on your Linux box? I hope note. Here’s how to set up a self trust for a reduced set of roles on your token.
Contributing to OSP upstream a.k.a. Peer Review by Pablo Iranzo Gómez
In the article “Contributing to OpenStack” we did cover on how to prepare accounts and prepare your changes for submission upstream (and even how to find low hanging fruits to start contributing). Here, we’ll cover what happens behind the scene to get change published.