Event Details

Please note: All times listed below are in Central Time Zone

OpenStack Patrole – Foolproofing your OpenStack Deployment

OpenStack provides a robust Role-based access control(RBAC) framework that governs the authorization within OpenStack. These RBAC policies, if incorrectly configured on production environment could restrict valid users to perform certain actions or provide over-permissions to certain tasks which could prove catastrophic. 

Patrole is an OpenStack project that solves this problem by automating the policy verification process and ensuring that the RBAC policies are correctly enforced. It runs Tempest-based API tests using specified RBAC roles, thus allowing deployments to verify that only intended roles have access to those APIs.


Validation of in-code policy definitions
Validation of custom policy definitions (or) roles that overrides default policy definitions (or) roles.

This workshop will provide the audience;

-  An Overview on Patrole
-  How it works?
-  Playaround with various configurations & complex scenarios to run RBAC tests

What can I expect to learn?

Attendees will get to learn the following 

  • Overview on Patrole and it's design principles
  • How patrole works
  • Various configurations with Patrole 
  • How to enable Patrole and run RBAC test
  • Write a sample testcase with Patrole for Glance
  • Walk through some of the complex scenarios with Nova where we would need to toggle roles for nested API invocation. 
Thursday, November 15, 4:20pm-5:50pm (3:20pm - 4:50pm UTC)
Slides: Slide Deck
Difficulty Level: Beginner
Openstack developer
He is a software developer at Ericsson working on the Airship Project which makes operating open infrastructure simple, repeatable, and resilient. He has been an active member of open source community and contributor of multiple open source projects. During his free time he likes to play cricket, listen music and read books. FULL PROFILE
Cloud Architect
Pradeep Kumar, currently working as a NFVi Solution Architect at Ericsson India Pvt Ltd. He has worked on various flagship cloud programs including Openstack, Platform management, SaaS(Software-as-a-Service) Integration projects and also has been an avid language-agnostic programmer contributing to many of the Opensource projects on cloud including OpenStack. In the recent past, Pradeep has... FULL PROFILE
Ericsson Global India Pvt Ltd
Hemanth is an Open source enthusiast contributing to OpenStack projects since 2014. He worked on OpenStack charms, Airship, OpenStack helm and OpenStack projects along with the ecosystem projects/tools. In the process, he helped customers in solutioning around OpenStack/k8s/NFV/SDN platform, building in-house tools around the Infra ecosystem, custom enhancements to the open source projects as... FULL PROFILE
Solution Architect & Cloud Developer, Ericsson India Global Services Pvt Ltd
Smruti Soumitra Khuntia has around 15 years of experience in working in Information Technologies with rich experience in platform management and cloud based product development. Currently working as Cloud Architect and developer in Ericsson India Global Services, designing and developing Openstack Cloud Management software for Telco needs.  He is a  contributor to OpenStack upstream for... FULL PROFILE