Merge branch 'main' into feat/add-iaas-diskless-flavor

Signed-off-by: Kurt Garloff <[email protected]>

Author: garloff

.github/workflows/build.yml

@@ -14,7 +14,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
       - name: Cache dependencies
         uses: actions/cache@v3
         with:

.github/workflows/build_and_deploy.yml

@@ -20,7 +20,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
 
       - name: Cache dependencies
         uses: actions/cache@v3

.github/workflows/build_and_staging.yml

@@ -18,7 +18,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
 
       - name: Cache dependencies
         uses: actions/cache@v3

.github/workflows/link-validator.yml

@@ -1,5 +1,7 @@
 on: [pull_request]
 name: Check links for modified files
+permissions:
+  contents: read
 jobs:
   markdown-link-check:
     runs-on: ubuntu-latest

community/cloud-resources/cloud-resources.md

@@ -22,25 +22,27 @@ As suggested in [#155](https://github.com/SovereignCloudStack/standards/issues/1
 > **Note**
 > ATM this is not directly connected to the SovereignCloudStack github org membership, accounts will be created manually for now.
 
+<!-- markdownlint-disable search-replace -->
+
 Example:
 
-|github handle | plusserver login    |
-|:-----------: | :-----------------: |
-| frosty-geek  | u500924-frosty-geek |
-|     fkr      |     u500924-fkr     |
-|              |                     |
+| github handle |  plusserver login   |
+| :-----------: | :-----------------: |
+|  frosty-geek  | u500924-frosty-geek |
+|      fkr      |     u500924-fkr     |
+|               |                     |
 
 ### SCS2 Service Users
 
 Service users will have their default_project_id set to a specific project and will NOT be granted full access to other projects by default.
 
 |        Unique Identifier         | Service User Name          | Full Access on            | Community Contact        | Description                                   | Needed until |
 | :------------------------------: | -------------------------- | ------------------------- | ------------------------ | --------------------------------------------- | :----------: |
-| 9a1576af59644a2dbbace773ad17158d | u500924-svc-sig-monitoring | p500924-sig-monitoring1   | fkr                      | Service User - SIG Monitoring                 | 31.12.2023  |
-| 4925967416894fd78be6701689059653 | u500924-svc-cloudmon       | p500924-cloudmon-target   | Erik-Kostelansky-dNation | Service User - VP12 Test Project              | 31.12.2024  |
+| 9a1576af59644a2dbbace773ad17158d | u500924-svc-sig-monitoring | p500924-sig-monitoring1   | fkr                      | Service User - SIG Monitoring                 |  31.12.2023  |
+| 4925967416894fd78be6701689059653 | u500924-svc-cloudmon       | p500924-cloudmon-target   | Erik-Kostelansky-dNation | Service User - VP12 Test Project              |  31.12.2024  |
 | f89b3d64ddff4d9d8cadb5e06fa22299 | u500924-svc-healthmonitor  | p500924-scs-healthmonitor | garloff                  | Service User - SCS Health Monitor             |      ∞       |
 | 49cc3d72fbdf41fe8dc407f57f026dbf | u500924-svc-standards      | p500924-scs-healthmonitor | garloff                  | Service User - SCS Standards Compliance Check |      ∞       |
-| 1b6bb583fc5e40e49f2a7e9b4301de65 | u500924-svc-zuul           | p500924-scs-zuul          | o-otte                   | Service User - SCS Zuul                       | 30.11.2024  |
+| 1b6bb583fc5e40e49f2a7e9b4301de65 | u500924-svc-zuul           | p500924-scs-zuul          | o-otte                   | Service User - SCS Zuul                       |  30.11.2024  |
 |                                  |                            |                           |                          |                                               |              |
 
 ### SCS2 Projects
@@ -54,12 +56,12 @@ Service users will have their default_project_id set to a specific project and w
 | 34d3d89fc74e4db5a6df1c9ebf2f3a2a | p500924-scs-zuul            | garloff           | SCS Zuul                          |      ∞       |
 | 293b765e3492413ba8b0067b7edcb3a3 | p500924-monitoring          | garloff           | SCS Monitoring                    |      ∞       |
 | f2eccb67b16f4430b6d5e70afb515f9d | p500924-harbor              | chess-knight      | SCS Registry (Harbor)             |      ∞       |
-| 45b5e27a5fe3431083e450cf2d13e71b | p500924-kaas-playground1    | jschoone          | Playground1 for Hackathon         | 30.09.2025  |
-| ef12fed77f114eb4a20068f0422a8109 | p500924-kaas-playground2    | jschoone          | Playground2 for Hackathon         | 30.09.2025  |
+| 45b5e27a5fe3431083e450cf2d13e71b | p500924-kaas-playground1    | jschoone          | Playground1 for Hackathon         |  30.09.2025  |
+| ef12fed77f114eb4a20068f0422a8109 | p500924-kaas-playground2    | jschoone          | Playground2 for Hackathon         |  30.09.2025  |
 | bf8d511728a44072b7c97b1fe00947b8 | p500924-kaas-playground3    | jschoone          | Moin Cluster                      |      ∞       |
-| 61b315797c75431787dc20a61cbaf052 | p500924-kaas-playground4    | jschoone          | Playground4 for Hackathon         | 30.09.2025  |
-| 94f7c7507be1484a9ce6aba20d19d1c6 | p500924-kaas-playground5    | jschoone          | Playground5 for Hackathon         | 30.09.2025  |
-|                                  | p500924-openDesk-playground | gerbsen           | Playground for openDesk           | 30.11.2025  |
+| 61b315797c75431787dc20a61cbaf052 | p500924-kaas-playground4    | jschoone          | Playground4 for Hackathon         |  30.09.2025  |
+| 94f7c7507be1484a9ce6aba20d19d1c6 | p500924-kaas-playground5    | jschoone          | Playground5 for Hackathon         |  30.09.2025  |
+|                                  | p500924-openDesk-playground | gerbsen           | Playground for openDesk           |  30.11.2025  |
 
 ## Wavecon
 
@@ -76,3 +78,5 @@ Service users will have their default_project_id set to a specific project and w
 | 718964b4b87446688ac04b151519fb51 | scs                | garloff           | SCS Health Monitor |      ∞       |
 | c46ccc9e695c4b23bacee2ad11145d9a | scs-health-monitor | garloff           | SCS Health Monitor |      ∞       |
 | 00de553df86949b49365baee6375fb5a | scs-standards      | itrich            | SCS Health Monitor |      ∞       |
+
+<!-- markdownlint-enable search-replace -->

docs/05-iam/domain-manager-setup-and-usage.md

@@ -1,12 +1,5 @@
 # Domain Manager setup and usage
 
-:::info
-
-The following documentation refers to a SCS standard that is still in draft state.
-It is not meant for productive use yet but CSPs are encouraged to test-drive and provide feedback!
-
-:::
-
 ## Preface
 
 SCS defines the **Domain Manager** standard, introducing a special persona to the OpenStack Keystone identity manager.
@@ -15,19 +8,10 @@ Its intended use case is to offer extensive identity management self-service cap
 
 This guide will explain setup, configuration and usage of the SCS Domain Manager standard.
 
-### Warning regarding the exposure of domain names
-
-Due to architectural limitations currently existing in OpenStack Keystone, assigning the `manager` role to users while the configuration of the SCS Domain Manager standard has been applied will **enable them to see the IDs and names of all existing domains**.
-This includes domains other than their own, meaning that other tenant's identities might be exposed depending on the relation between them and the name of their domain.
-CSPs aiming to appoint Domain Manager users must be aware of this limitation and should exclusively **use pseudonymized domain names across the whole infrastructure**.
-If CSPs strictly follow the [SCS naming conventions](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0301-v1-naming-conventions.md) for domains this is already addressed.
-If this is not feasible for the CSP, they may opt to refrain from making use of the Domain Manager functionality at all, i.e. never assign the `manager` role to tenant users.
-
 :::info
 
-This architectural limitation will be fixed in upcoming OpenStack and SCS releases.
-
-See [https://bugs.launchpad.net/keystone/+bug/2041611](https://bugs.launchpad.net/keystone/+bug/2041611)
+The Domain Manager functionality was natively integrated into OpenStack starting with release 2024.2 ("Dalmatian").
+When using an OpenStack release equal to 2024.2 or later, you can omit the instructions for Keystone API policy adjustments.
 
 :::
 
@@ -89,15 +73,6 @@ Refer to the SCS Domain Manager standard for more information.
 
 The following sections describe actions available to CSP operators that possess the `admin` role.
 
-### Creating domains
-
-:::caution
-
-It is highly recommended to use pseudonymized domain names when creating domains, since Domain Managers will currently be able to see the names of all existing domains.
-See [Warning regarding the exposure of domain names](#warning-regarding-the-exposure-of-domain-names) for more details.
-
-:::
-
 For each tenant for which a self-service area (i.e. a domain) is to be established, a domain should be created before creating any users, projects or groups for this tenant:
 
 ```bash

docs/glossary.md

@@ -125,6 +125,16 @@ Swift is the so-called object storage that can be used by Nova. This is responsi
 
 A Ceph OSD (Object Storage Daemon) logically represents a storage device in a Ceph cluster, which can logically be a hard disk, which is the ideal case. In other cases it can also be a raid, which however leads to considerable performance limitations due to caching or other raid optimization.
 
+## Cluster Stacks
+
+The following terms can be used to distinguish between the various components of the Cluster Stacks.
+
+| Object       | Name                               |
+|--------------|------------------------------------|
+| scs2-*       | scs2 Cluster Stack                 |
+| scs2-1-33-*  | scs2 1.33 Cluster Stack releases   |
+| scs2-1-33-v2 | scs2 1.33 v2 Cluster Stack release |
+
 ## Personas
 
 | Persona             | Description                                                                                                                                                                             |