Last modified: 2011-12-22 02:34:55 UTC
All projects should have a role, that is also a posix group. The role should be named <project>-sudo. It should work like other roles (people already in the role can manage the role). The role should be created when the project is created.
This isn't going to work in openstack essex+, where keystone replaces the default authentication system. Roles won't be treated the same way, so we can't extend this concept. Instead puppet is managing sudo, so marking this wontfix.