| opendevreview | Radomir Dopieralski proposed openstack/horizon master: Add system scope support to context switcher https://review.opendev.org/c/openstack/horizon/+/816368 | 10:57 |
|---|---|---|
| opendevreview | Radomir Dopieralski proposed openstack/horizon master: Add system scope support to context switcher https://review.opendev.org/c/openstack/horizon/+/816368 | 12:55 |
| opendevreview | Radomir Dopieralski proposed openstack/horizon master: Add system scope support to context switcher https://review.opendev.org/c/openstack/horizon/+/816368 | 14:44 |
| vishalmanchanda | #startmeeting horizon | 15:00 |
| opendevmeet | Meeting started Wed Nov 17 15:00:22 2021 UTC and is due to finish in 60 minutes. The chair is vishalmanchanda. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'horizon' | 15:00 |
| rdopiera | o/ | 15:00 |
| vishalmanchanda | hi all | 15:01 |
| vishalmanchanda | #link https://etherpad.opendev.org/p/horizon-release-priorities (at line 30) | 15:01 |
| vishalmanchanda | let's wait for few minutes if more people joins us. | 15:02 |
| tmazur | o/ | 15:02 |
| vishalmanchanda | ok let's start the meeting. | 15:03 |
| vishalmanchanda | #topic Notices | 15:04 |
| vishalmanchanda | This week is Yoga-1 milestone. | 15:04 |
| vishalmanchanda | Yoga Schedule https://releases.openstack.org/yoga/schedule.html | 15:04 |
| vishalmanchanda | that's the only announcement from my side for this week, If anyone else have any announcement to make please go ahead. | 15:04 |
| vishalmanchanda | moving to next topic | 15:05 |
| vishalmanchanda | #topic Django3 Support | 15:05 |
| vishalmanchanda | Patch to bump Django lower version to 3.2 is already merged in openstack/requirements. | 15:06 |
| vishalmanchanda | #link https://review.opendev.org/c/openstack/requirements/+/815096 | 15:06 |
| vishalmanchanda | So Now we can drop the Django2.2 support from horizon and a patch for the same is already up and gate jobs are passing. | 15:07 |
| vishalmanchanda | https://review.opendev.org/c/openstack/horizon/+/817814 | 15:07 |
| vishalmanchanda | Please take a look at patch, so we can drop Django2.2 support asap. | 15:08 |
| vishalmanchanda | moving to next topic | 15:08 |
| vishalmanchanda | #topic drop django launch instance implementation | 15:08 |
| vishalmanchanda | Just an reminder CI is passing for the patch now so please so we can drop it early in this cycle. | 15:08 |
| vishalmanchanda | https://review.opendev.org/c/openstack/horizon/+/816303 | 15:09 |
| vishalmanchanda | e0ne: ^^ | 15:09 |
| vishalmanchanda | next topic | 15:09 |
| vishalmanchanda | #topic System Scope support in horizon | 15:09 |
| vishalmanchanda | rdopiera: Please let me know once your patch is ready to review. | 15:09 |
| vishalmanchanda | #link https://review.opendev.org/c/openstack/horizon/+/816368 | 15:10 |
| rdopiera | vishalmanchanda: it should be ready as soon as the tests pass, but I keep finding things I forgot about | 15:10 |
| rdopiera | I would like to ask about opinions on how to proceed from this patch | 15:11 |
| vishalmanchanda | rdopiera: good, Do I have to apply python-keystoneclinet patch as well in my env to test it? | 15:11 |
| rdopiera | It only adds the "system scope" menu entry to the context switcher, but we still need to display the correct panels when that is selected | 15:12 |
| rdopiera | vishalmanchanda: I made it so that if the keystone client doesn't have that method, it falls back to just trying to get the token and catching the error if it fails | 15:12 |
| rdopiera | vishalmanchanda: so it should work with any version of keystone client | 15:12 |
| rdopiera | however, I noticed that our tests run with keystone api v2 configured, and we need v3 for this to work | 15:13 |
| amotoki | rdopiera: which part of our tests uses keystone v2? | 15:14 |
| vishalmanchanda_ | sorry I got disconnected. | 15:14 |
| rdopiera | amotoki: I got test failures with: AttributeError: 'AccessInfoV2' object has no attribute 'system_scoped' | 15:17 |
| rdopiera | for example here: https://zuul.opendev.org/t/openstack/build/6f981fa3fcbe4e2789e5c34eb79bb8d7 | 15:17 |
| rdopiera | I made it fall back to False in such cases | 15:18 |
| amotoki | thanks for the pointer. it seems v2 is still the default somewhere... | 15:21 |
| amotoki | I see auth_ref contains keystone v2 information... | 15:22 |
| rdopiera | for now I worked around this | 15:22 |
| rdopiera | I also found another problem with tokens: it seems like we always provide the domain paramater when creating the token, and oslo.policy seems to think that the resulting token is a domain-scoped token, and issues a warning when we try to use it for project-scope actions | 15:23 |
| rdopiera | I'm not sure if the check in oslo.policy is wrong, or if we really are getting domain-scoped token | 15:24 |
| rdopiera | however, the warning says that it will become an error in the next version | 15:24 |
| vishalmanchanda_ | rdopiera: Also, some of the panel are completely broken like flavor panel. | 15:27 |
| rdopiera | vishalmanchanda_: you mean when the system scope is selected? | 15:27 |
| vishalmanchanda_ | rdopiera: yes. | 15:28 |
| rdopiera | vishalmanchanda_: the next step is to only display the panels that work with system scope when it is selected | 15:28 |
| rdopiera | I'm unsure as to how to implement this exactly | 15:28 |
| rdopiera | I will probably just add a flag in the panel definitions | 15:29 |
| amotoki | rdopiera: re: domain_id waring, I think we need to adjust _user_to_credentials() in openstack_auth.policy. domain information is unnecesary for a project scope credential, but I need to confirm oslo.policy side too. | 15:29 |
| vishalmanchanda_ | amotoki: how can we decide to display which panel or not, any documentation for that? | 15:30 |
| rdopiera | amotoki: I tested that the warning goes away when we remove the domain info from that function | 15:30 |
| rdopiera | vishalmanchanda_: right now we check for the admin role, but that is going to be obsolete with system scope | 15:30 |
| rdopiera | I think it is, at least | 15:31 |
| rdopiera | I'm a bit fuzzy on the details | 15:31 |
| amotoki | vishalmanchanda_: yeah, panel visibility is determined based on "permissions" and "policy_rules" fields in panels. | 15:32 |
| amotoki | in addition, "admin" check might be affected since the initial impl. | 15:32 |
| amotoki | s/be affected/affect/ | 15:32 |
| vishalmanchanda_ | rdopiera: amotoki ok. | 15:33 |
| amotoki | I don't think we have a doc on this :p | 15:33 |
| vishalmanchanda_ | amotoki: yeah we have to check policy rules for each backend services. | 15:34 |
| rdopiera | another thing that worries me, is that when we switch to the system scope token, all apis stop working, including the ones that should work with system scope | 15:34 |
| rdopiera | not sure if we need to configure something on the other side | 15:34 |
| rdopiera | for instance, admin->system should probably work | 15:35 |
| rdopiera | but it doesn't | 15:35 |
| amotoki | at the moment, in TC discussion we don't plan to enforce system-scope in Yoga. There are still a lot of work required. | 15:36 |
| amotoki | you can find some notes in https://etherpad.opendev.org/p/policy-popup-yoga-ptg (around L.548 - 569) | 15:37 |
| rdopiera | thanks | 15:38 |
| amotoki | rdopiera: what about the identity panel? | 15:38 |
| amotoki | I think the identity dashboard is expected to work most. | 15:38 |
| rdopiera | let me quickly check | 15:39 |
| rdopiera | that works | 15:40 |
| amotoki | awesome | 15:40 |
| vishalmanchanda_ | rdopiera: amotoki yeah Identity dashboard is working fine, just checked with rdopiera patch | 15:41 |
| rdopiera | so it's probably on nova side | 15:41 |
| rdopiera | or we need to do something special, like a system-scope token that also specifies a project | 15:42 |
| rdopiera | I will try to find out | 15:43 |
| amotoki | there is a discussion in the rbac meeting on how to handle a project-specific information with system-scoped tokens. | 15:43 |
| rdopiera | amotoki: where is that meeting? | 15:44 |
| amotoki | rdopiera: it is a meeting on RBAC | 15:44 |
| amotoki | aka the policy-pop-up meeting | 15:44 |
| rdopiera | ah the etherpad you linked | 15:44 |
| amotoki | yes | 15:45 |
| rdopiera | thanks, I will look into that | 15:45 |
| rdopiera | that's it from me on the system-scope token | 15:45 |
| amotoki | the current direction is to use a projet-scoped token for such cases but we are trying to document such things | 15:46 |
| amotoki | in the governance patch https://review.opendev.org/c/openstack/governance/+/815158 | 15:46 |
| amotoki | there are many corner cases to be addressed. | 15:46 |
| amotoki | nothing more from me | 15:47 |
| vishalmanchanda_ | ok let's keep discussing this topic in further meetings. | 15:48 |
| vishalmanchanda_ | Also, glance and neutron panels are also working if switch to system-scope | 15:49 |
| vishalmanchanda_ | rdopiera: nice work:) | 15:49 |
| vishalmanchanda_ | moving to next topic | 15:50 |
| vishalmanchanda_ | #topic Bug deputy report | 15:50 |
| vishalmanchanda_ | We have 3 new bugs reported in last 2 weeks. | 15:50 |
| vishalmanchanda_ | First one https://bugs.launchpad.net/horizon/+bug/1950933 need to be verified. | 15:51 |
| vishalmanchanda_ | Second looks like duplicate of some existing bug and for last a patch is already merged. | 15:52 |
| amotoki | vishalmanchanda_: I think it is a report on a different project named "horizon" :p | 15:52 |
| vishalmanchanda_ | amotoki: yeah, I will mark it as invalid. | 15:53 |
| rdopiera | written in C++ | 15:53 |
| vishalmanchanda_ | I cannot see any topic to discuss in On-Demand Agenda | 15:55 |
| vishalmanchanda_ | If nothing else to discuss, we can end this meeting. | 15:55 |
| amotoki | marked bug 1950933 as Invalid | 15:55 |
| vishalmanchanda_ | amotoki: thanks | 15:55 |
| amotoki | my comment is "We never use C++. I believe you filed a bug to a wrong bug tracker." :-) | 15:56 |
| vishalmanchanda_ | Last just a review request from the author https://review.opendev.org/c/openstack/horizon/+/805360 | 15:56 |
| vishalmanchanda_ | tmazur: Could you also take a look at above patch as code is in angular, thanks. | 15:58 |
| amotoki | it is in my queue but I was busy with internal stuffs.... anyway I will check the qos one. | 15:58 |
| vishalmanchanda_ | amotoki: thanks. | 15:58 |
| tmazur | I will | 15:58 |
| vishalmanchanda_ | tmazur: cool. | 15:58 |
| vishalmanchanda_ | Thanks everyone for joining, See you next week. | 15:59 |
| vishalmanchanda_ | #endmeeting | 15:59 |
| amotoki | o/ | 16:00 |
| rdopiera | thanks | 16:03 |
| amotoki | vishalmanchanda_: tmazur: please do not approve the QoS patch. I just checked the python side, but it already turns out It still needs a lot of cleanups unfortunately. | 16:20 |
| tmazur | amotoki: ok, thank you for reviewing the patch. I'm checking the angular part now, and there's some minor nits so far | 16:29 |
| amotoki | I am a bit afraid such python codes get +2..... should horizon be a pure JS project? (half joking) | 16:32 |
| vishalmanchanda_ | amotoki: I also raised a point about min packet rate but then nitish mentioned in release notes as a issues, So i thought we can accept that. | 16:34 |
| amotoki | vishalmanchanda_: I don't think we accepted non-working code in our history. | 16:35 |
| amotoki | I see no reason to accept non-working code | 16:35 |
| amotoki | in addition, the release note is not a good place to mention such things. | 16:36 |
| vishalmanchanda_ | amotoki: a patch to add those attribute is already up in python-neutronclient | 16:36 |
| amotoki | vishalmanchanda_: but there is no corresponding code in openstack_dashboard/api/neutron.py | 16:36 |
| amotoki | vishalmanchanda_: I know it, but if so, the direction should be either to use Depends-On or to land the whole code without the neutronclient patch. | 16:37 |
| amotoki | anyway, new code related to min packet rate needs to be added in openstack_dashboard/api/neutron.py later, so why not adding the whole code on min packet rate later. | 16:39 |
| vishalmanchanda_ | amotoki: code for the minimum packet rule is also added in openstack_dashboard/api/neutron.py https://review.opendev.org/c/openstack/horizon/+/805360/20/openstack_dashboard/api/neutron.py#2131 | 16:39 |
| vishalmanchanda_ | amotoki: yeah, that make sense or use depends-on tag. | 16:40 |
| amotoki | vishalmanchanda_: ah, I missed that part somehow. thanks | 16:41 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!