@aborrero thinks I should be a "cloud admin" and "cloud-wide root" (as defined by https://wikitech.wikimedia.org/wiki/Help:Access_policies). This would let me run Cumin commands on all projects and make myself a member of any project, which would be let me work on cloud vps infrastructure services spread accross various service projects. I meet the policy-mandated requirements as I already am a project admin on Toolforge.
I generated a new SSH key (with a strong passphraise and other relevant security practices) that can be used as a cloud-wide root key:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOH8BG56Gh6c9ggaMGP04R9xY/bf06HFdT0ThkvN/jC taavi wmcs-wide root key
@Majavah , I've merged your root key and granted you the 'admin' role both in the 'admin' project and in the default domain.
It's probably worth confirming that your root key works in a half hour or so. The new openstack roles will make Horizon look funny (it'll show more options and features, some of them broken) but shouldn't restrict anything you could do before.