Join us November 13-15, 2018 in

Berlin, Germany

The next Open Infrastructure Summit is going to be in Denver, April 29-May 1. Check out the agenda.

Event Details

Please note: All times listed below are in Central Time Zone

OpenStack Patrole – Foolproofing your OpenStack Deployment

OpenStack provides a robust Role-based access control(RBAC) framework that governs the authorization within OpenStack. These RBAC policies, if incorrectly configured on production environment could restrict valid users to perform certain actions or provide over-permissions to certain tasks which could prove catastrophic. 

Patrole is an OpenStack project that solves this problem by automating the policy verification process and ensuring that the RBAC policies are correctly enforced. It runs Tempest-based API tests using specified RBAC roles, thus allowing deployments to verify that only intended roles have access to those APIs.


Validation of in-code policy definitions
Validation of custom policy definitions (or) roles that overrides default policy definitions (or) roles.

This workshop will provide the audience;

-  An Overview on Patrole
-  How it works?
-  Playaround with various configurations & complex scenarios to run RBAC tests

What can I expect to learn?

Attendees will get to learn the following 

  • Overview on Patrole and it's design principles
  • How patrole works
  • Various configurations with Patrole 
  • How to enable Patrole and run RBAC test
  • Write a sample testcase with Patrole for Glance
  • Walk through some of the complex scenarios with Nova where we would need to toggle roles for nested API invocation. 
Thursday, November 15, 4:20pm-5:50pm (3:20pm - 4:50pm UTC)
Slides: Slide Deck
Difficulty Level: Beginner
Ericsson Global India Pvt Ltd
He is a software developer at Ericsson working on the Airship Project which makes operating open infrastructure simple, repeatable, and resilient. He has been an active member of open source community and contributor of multiple open source projects. During his free time he likes to play cricket, listen music and read books. FULL PROFILE
Ericsson India Global Services Private Limited, Solution Architect
Pradeep Kumar, currently working as a NFVi Solution Architect at Ericsson India Pvt Ltd. He has worked on various flagship cloud programs including Openstack, Platform management, SaaS(Software-as-a-Service) Integration projects and also has been an avid language-agnostic programmer contributing to many of the Opensource projects on cloud including OpenStack. In the recent past, Pradeep has... FULL PROFILE
Ericsson Global India Pvt Ltd
Hemanth works with Ericsson Inc as Solution Architect contributing to AT&T Network Cloud with focus on Solutioning, Airship/OpenStack/Openstack-Helm feature enhancements and the ecosystem opensource tools. Prior to Ericsson, he has worked with TCS Cloud R&D labs designing solution accelerators on OpenStack/NFV/SDN platform. FULL PROFILE
Ericsson India Global Services Private Limited, Solution Architect
Smruti Soumitra Khuntia has around 15 years of experience in working in Information Technologies with rich experience in platform management and cloud based product development. Currently working as Cloud Architect and developer in Ericsson India Global Services, designing and developing Openstack Cloud Management software for Telco needs.  He is a  contributor to OpenStack upstream for... FULL PROFILE