Merge branch 'main' into dependabot/pip/compliance-monitor/pip-445d0b7773

Author: garloff

.zuul.d/secure.yaml

@@ -57,6 +57,28 @@
           Vjo5fBpIjEOLNtA40vx0Agx1Red2eMFA5oLcxiDMBSP4nLiI1QNROSnGc7GYoIT5kyq8k
           P5Uw261H4un2xvpO9ZBuHEV5mskTiBazTPDwaqU3yZoyGIvdQl2Uo6S3Glnf41YH+k/hN
           jxzziQB9sT2glnmmzrzZ22xPZg+sTngWS/3svRYV9BXKnMgq8jjR6eIKGYSwyQ=
+      cc_rrze_ac_id: !encrypted/pkcs1-oaep
+        - DUgJ7ozJOzJq1TSmBE6P8RGAW6C+s9LDRbW6mHIbAQlAX3+21d/KgoLk9zEyDdOanK1yd
+          QaEZJDjURsIAcHJh7vh9w/2Z948XKDybxIOb1tcJGJU1LsEmYoNAQXM5G3+l8Z66Crpgw
+          RE+wBlSe1dhXrhiGefH2ykvbRtPggJMFECpy+rVg16GhGSlnzptVk4F2GEGpzkEx84B0J
+          0h/HdX/y40xoeBx6giVZrZsOGnvWmMLqIq5Q5NMa1hdY0yGbpAUruqFrkVYZGU59ygEuo
+          60mJD0R1wQOo14wZtXob67V0DO9AcdRJHZRDRKyclPyGkf/QbCBf8+DCqAd/BKbe9a818
+          Z7M8aeylvO/digVAqJa5zin3vOz5PJUGkv0GZjjcgGkwV+d/7pWwebBsXNjBKj9HgX3Xe
+          eU6ZmfIJHb3pB4X+RySTIFAjp60Tb6QLe7yE1aJ5Ffc8ZsGqLhYcH0Q+SWhh3A6EJirRY
+          T76Ufw5n04L7GT+nP1Cy6Lf2eSPvJCto9y5iSfnayyssWmkDmcgrYVJXhktuR6Gy6sTQu
+          0+s9ynznFVG0PVexLZVo7fCmcFydGHeoupCj0kHIc46hCMogEQI7CI+462jS5Rznhs+2J
+          cK5NYc1gl6woxeJq3fwITw0eGK+zqrUMsBAV1FKrgfkYuFydRA/JRQSd3+vEOI=
+      cc_rrze_ac_secret: !encrypted/pkcs1-oaep
+        - pW3PjqBbzTNc3PfESczT4DXlk1mfiC6PMqkLidggcVRawlEy/UT7Dmynjr+lvkJz6oHIo
+          vnfnviKW7t6VqUgv5h4rRbh3PaCJqrCL35X7hW1uJSvyOgq3he836+78W23j/JhyO/gKk
+          9okn31np0uWguiIueCXjIgfkq2M/rJ3Aq//6siT/BKGmUupu6J7lskd47IHsOFV6oVT/t
+          MT+QrOJEP1KDlIiwbQsoiX9r+39/RR2qvhxMCW5Bh068TJI206oKPmJcR5doDBgygOhhj
+          HFwmox9X6F4jR1uDLAjxzdX7pC/JHaYGEe4rBYJ+RB4HKAH+4p7Fvy152quDkUsQPmJjn
+          ivRk6eR9/NrMPpljsvdIs9J/dPsdbCmM55rnGvo+BBh2lA7LrNzgcAHQ8se1UozaTzzlC
+          AIiZRchy6ivAucQEJv7iKXRgR2YLq4yO3GYOmY0bcGkE+K2Envuq1mz1Dt874Rc4FyGSN
+          diK3gdP7uWp0nVp4BXCXIygscdQe/rMCgrVSFV3l6EEz+nuaZM0AodkPccjuPdFnxainq
+          JQEGmPnox+w8UgMNpR3BSIY3qZpEsIrOejX/L0tM4+z1mozdSnhajJV4dkj8xYreJKQJC
+          lwpQQDNBIyjwvq6GJjreu0ZEWdwBAYmodhaH8odgd/cpctXB/tuzqgpnEwQt2E=
       cnds_ac_id: !encrypted/pkcs1-oaep
         - apArEei+9Eu0NrelesebDZwUjGvbep58dAQowtcCEn1hzbUAqMxWm74Ibk1e+C3prH5Zv
           tcj+okUoyfelP8ExqCZL55cOZVentoyg/VfiwZlR1z9N/p3vDkN3sx8z6o7CJux2oFMkg

Community-Governance/2024-12-project-board-nominees.md

@@ -0,0 +1,8 @@
+# Nominees 2024-12 Project Board
+
+For the term 2024-12 - 2025-12 the following people are nominated / have nominated themselves:
+
+| Name              | Github Handle | E-Mail               |
+| ------------------| ------------- | -------------------- |
+| Christian Berendt | @berendt      | <berendt@osism.tech> |
+| Kurt Garloff      | @garloff      | <scs@garloff.de>     |

Standards/scs-0005-v1-project-governance.md

@@ -0,0 +1,115 @@
+---
+title: Sovereign Cloud Standards
+type: Procedural
+status: Draft
+track: Global
+description: |
+  SCS-0005 outlines the structure and governance of the SCS community by the SCS Project Board and how this is elected.
+---
+
+## Introduction
+
+The [Sovereign Cloud Stack (SCS)](https://scs.community) provides standards
+for a range of cloud infrastructure types as well as a modular open-source
+reference implementation.
+The project is governed by the _SCS Project Board_.
+
+## Role of the _SCS Project Board_
+
+The role of the _SCS Project Board_ is the overall governance of the SCS Community and Project.
+This happens together with the _Forum SCS-Standards_ of the Open Source Business Alliance. To further
+underline this alignment, the _Forum SCS-Standards_ is part of the _SCS Project Board_.
+The _SCS Project Board_ itself is elected by the _SCS Community_.
+
+### Definitions
+
+#### _SCS Project_
+
+The _SCS Project_ is the Open-Source project that consists of the software, documentation, documents, blog posts as well as the people ("_SCS Community_") working on this.
+
+#### _SCS Community_
+
+The collective of people, companies, and organizations promoting the idea of the _SCS Project_ as well as the people working on the various aspects.
+
+#### _SCS GitHub Organization_
+
+The _SCS GitHub Organization_ is this: [https://github.com/sovereigncloudstack](https://github.com/sovereigncloudstack)
+
+### Roles in the _SCS GitHub Organization_
+
+#### Members
+
+Joining the SCS GitHub Organization as a contributor results in being assigned the **member role** in the organization. Members are contributors or collaborators who:
+
+- Actively contribute to projects within the organization.
+- Have repository-specific access based on their contributions.
+- Are eligible to vote in elections and nominate candidates for the _SCS Project Board_.
+- Must adhere to the [Code of Conduct](https://github.com/SovereignCloudStack/.github/blob/main/CODE_OF_CONDUCT.md).
+
+#### Owners
+
+Members of the _SCS Project Board_ are also designated as **owners** of the SCS GitHub organization. Owners have administrative privileges, including:
+
+- Managing organization-level settings.
+- Onboarding new members.
+- Enforcing compliance with governance and community standards.
+
+This alignment ensures that governance roles in the SCS Project Board directly translate into operational responsibilities within the GitHub organization.
+
+## Joining the SCS GitHub Organization
+
+Since being part of the GitHub organization comes with a set of responsibilities, joining the SCS GitHub Organization can be done by:
+
+- being invited by the _SCS Project Board_
+- submitting a request to be onboarded as a member to the _SCS Project Board_
+- have existing members of the GitHub organization nominate you
+
+One of these items is sufficient.
+
+Actively contributing to one or several of the projects under the governance of the SCS project board should typically result in a membership. Please be aware of our [Code of Conduct](https://github.com/SovereignCloudStack/.github/blob/main/CODE_OF_CONDUCT.md).
+
+## Election of the _SCS Project Board_
+
+### Term
+
+The _SCS Project Board_ is elected for the term of one year. Elections are done
+within the last six weeks of the calendar year.
+
+### Seats on the board
+
+The _SCS Project Board_ contains five seats. One of these seats is filled by
+the delegate of the _Forum SCS-Standards_. The other four seats are voted upon.
+
+### Nominations
+
+Every person who is part of the Sovereign Cloud Stack GitHub organization can be
+nominated for the board. Likewise, one can nominate oneself.
+The nomination is done by adding the person with the required data to the file corresponding to the term in the "Community-Governance" folder in the [Standards](https://github.com/sovereignCloudStack/standards/) repository. Obviously, the person, that is to be nominated, should be asked before being added to the file.
+
+### Eligible for voting
+
+Every person who is a member of the GitHub organization "Sovereign Cloud Stack" is eligible for voting. In order to be able to vote an onboarding onto the Identity Management of the SCS community needs to happen.
+
+### Electoral management
+
+The voting process is governed by the _Forum SCS-Standards_.
+Voting is done using the [Condorcet Internet Voting Service](https://civs.cs.cornell.edu). This is the same system as is [being used by the OpenInfra foundation](https://wiki.openstack.org/wiki/Election_Officiating_Guidelines#Running_the_election_itself).
+
+### Voting period
+
+The voting will be open for a week.
+
+### Announcement
+
+The voting will be announced on the SCS-Members Mailinglist as well as on the [General & Announcements](https://matrix.to/#/#scs-general:matrix.org). Enlisted voters will receive e-mails to the email address used in the SCS community's Identity Management system.
+
+### Mechanisms
+
+Each eligible voter is asked to rank the candidates according to their priorities.
+The four favorite choices among all voters will be elected into the _SCS Project Board_.
+
+## Roles in the _SCS Project Board_
+
+Among the elected Project Board a spokesperson is nominated. The spokesperson is
+elected by a simple majority vote among the members of the project board. The
+spokesperson is elected for the whole term.

Tests/config.toml

@@ -19,6 +19,7 @@ scopes = [
 subjects = [
     "gx-scs",
     "artcodix",
+    "cc-rrze",
     "pco-prod1",
     "pco-prod2",
     "pco-prod3",

compliance-monitor/bootstrap.yaml

@@ -25,6 +25,15 @@ accounts:
   - subject: artcodix
     delegates:
       - zuul_ci
+  - subject: cc-rrze
+    delegates:
+      - zuul_ci
+    api_keys:
+      - "$argon2id$v=19$m=65536,t=3,p=4$iLG29t7be88ZY6w1Rui91w$9UwkTMLBMxq/1QyeVfJcc95fhQtY1AC48Rex4S8ZSIU"
+    keys:
+      - public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIF8kQx6ur/WSSY9ThK/mwhrl/VsYnjRk44GSXBy3VfKI"
+        public_key_type: "ssh-ed25519"
+        public_key_name: "primary"
   - subject: pco-prod1
     delegates:
       - zuul_ci

compliance-monitor/templates/overview.md.j2

@@ -14,6 +14,9 @@ Version numbers are suffixed by a symbol depending on state: * for _draft_, †
 | [aov.cloud](https://www.aov.de/) | Community cloud for customers | aov IT.Services GmbH |
 {#- #} [{{ results | pick('aov', iaas) | summary }}]({{ detail_url('aov', iaas) }}) {# -#}
 | [HM](https://health.aov.cloud/) |
+| [CC@RRZE](https://www.rrze.fau.de/) | Private Compute Cloud (CC) for [FAU](https://www.fau.de/) | Regionales Rechenzentrum Erlangen | 
+{#- #} [{{ results | pick('cc-rrze', iaas) | summary }}]({{ detail_url('cc-rrze', iaas) }}) {# -#}
+| (soon) |
 | [CNDS](https://cnds.io/) | Public cloud for customers | artcodix GmbH |
 {#- #} [{{ results | pick('artcodix', iaas) | summary }}]({{ detail_url('artcodix', iaas) }}) {# -#}
 | [HM](https://ohm.muc.cloud.cnds.io/) |

playbooks/clouds.yaml.j2

@@ -19,6 +19,15 @@ clouds:
       application_credential_id: "{{ clouds_conf.cnds_ac_id }}"
       application_credential_secret: "{{ clouds_conf.cnds_ac_secret }}"
       #project_id: 225a7363dab74b69aa1e3f744aced109
+  cc-rrze:
+    region_name: "DE-ERL"
+    interface: "public"
+    identity_api_version: 3
+    auth_type: "v3applicationcredential"
+    auth:
+      auth_url: https://api.cc.rrze.de:5000
+      application_credential_id: "{{ clouds_conf.cc_rrze_ac_id }}"
+      application_credential_secret: "{{ clouds_conf.cc_rrze_ac_secret }}"
   pco-prod1:
     region_name: "prod1"
     interface: "public"