Tuesday, 2019-09-17

« Monday, 2019-09-16 Index Wednesday, 2019-09-18 »
*** markvoelker has quit IRC00:02
*** gyee has quit IRC00:14
*** jamesmcarthur has joined #openstack-meeting-alt00:21
*** jamesmcarthur has quit IRC00:23
*** jamesmcarthur has joined #openstack-meeting-alt00:23
*** lseki has quit IRC00:37
*** hongbin has joined #openstack-meeting-alt01:03
*** jamesmcarthur has quit IRC01:05
*** igordc has quit IRC01:08
*** macz has quit IRC01:36
*** markvoelker has joined #openstack-meeting-alt02:03
*** markvoelker has quit IRC02:08
*** apetrich has quit IRC02:11
*** rfolco has quit IRC02:28
*** jamesmcarthur has joined #openstack-meeting-alt02:38
*** persia has quit IRC02:50
*** persia has joined #openstack-meeting-alt02:56
*** jamesmcarthur has quit IRC02:57
*** radeks has quit IRC03:00
*** dave-mccowan has quit IRC03:00
*** baojg has quit IRC03:15
*** persia has quit IRC03:18
*** baojg has joined #openstack-meeting-alt03:23
*** persia has joined #openstack-meeting-alt03:24
*** jamesmcarthur has joined #openstack-meeting-alt03:56
*** jamesmcarthur has quit IRC03:56
*** jamesmcarthur has joined #openstack-meeting-alt03:57
*** hongbin has quit IRC04:01
*** hongbin has joined #openstack-meeting-alt04:08
*** hongbin has quit IRC04:10
*** baojg has quit IRC04:27
*** macz has joined #openstack-meeting-alt04:28
*** macz has quit IRC04:33
*** jamesmcarthur has quit IRC04:51
*** baojg has joined #openstack-meeting-alt04:54
*** radeks has joined #openstack-meeting-alt05:01
*** radeks has quit IRC05:03
*** radeks has joined #openstack-meeting-alt05:05
*** jamesmcarthur has joined #openstack-meeting-alt05:21
*** boxiang has joined #openstack-meeting-alt05:47
*** zhubx has quit IRC05:47
*** diablo_rojo has joined #openstack-meeting-alt06:04
*** jamesmcarthur has quit IRC06:10
*** jtomasek has joined #openstack-meeting-alt06:22
*** slaweq has joined #openstack-meeting-alt06:26
*** kopecmartin|off is now known as kopecmartin06:31
*** jamesmcarthur has joined #openstack-meeting-alt06:32
*** jamesmcarthur has quit IRC06:37
*** jamesmcarthur has joined #openstack-meeting-alt06:45
*** markvoelker has joined #openstack-meeting-alt06:47
*** markvoelker has quit IRC06:52
*** jbadiapa has quit IRC07:08
*** diablo_rojo has quit IRC07:10
*** jamesmcarthur has quit IRC07:17
*** diablo_rojo has joined #openstack-meeting-alt07:20
*** jbadiapa has joined #openstack-meeting-alt07:24
*** diablo_rojo has quit IRC07:27
*** ttsiouts has joined #openstack-meeting-alt07:29
*** apetrich has joined #openstack-meeting-alt07:40
*** ttsiouts has quit IRC07:42
*** ttsiouts has joined #openstack-meeting-alt07:43
*** slaweq has quit IRC07:43
*** priteau has joined #openstack-meeting-alt07:43
*** jamesmcarthur has joined #openstack-meeting-alt07:44
*** ttsiouts has quit IRC07:47
*** rcernin has quit IRC07:47
*** jamesmcarthur has quit IRC07:50
*** jamesmcarthur has joined #openstack-meeting-alt07:52
*** slaweq has joined #openstack-meeting-alt07:52
*** browny_ has joined #openstack-meeting-alt08:05
*** browny has quit IRC08:07
*** lpetrut has joined #openstack-meeting-alt08:07
*** lpetrut has quit IRC08:08
*** ttsiouts has joined #openstack-meeting-alt08:12
*** jamesmcarthur has quit IRC08:15
*** jamesmcarthur has joined #openstack-meeting-alt08:16
*** igordc has joined #openstack-meeting-alt08:20
*** igordc has quit IRC08:28
*** derekh has joined #openstack-meeting-alt08:33
*** bobmel has joined #openstack-meeting-alt08:38
*** e0ne has joined #openstack-meeting-alt08:41
*** slaweq has quit IRC08:52
*** masahito has joined #openstack-meeting-alt08:55
*** bertys has joined #openstack-meeting-alt08:58
priteau#startmeeting blazar09:00
openstackMeeting started Tue Sep 17 09:00:16 2019 UTC and is due to finish in 60 minutes.  The chair is priteau. Information about MeetBot at http://wiki.debian.org/MeetBot.09:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.09:00
*** openstack changes topic to " (Meeting topic: blazar)"09:00
openstackThe meeting name has been set to 'blazar'09:00
priteau#topic Roll call09:01
*** openstack changes topic to "Roll call (Meeting topic: blazar)"09:02
bertyso/09:02
priteauHi bertys, nice to see you09:02
bertysHi09:02
priteaumasahito: hi09:04
masahitoo/09:05
priteauI don't see tetsuro online09:06
priteauHere is the agenda for today:09:07
priteauEnabling Review-Priority flag in Gerrit09:07
priteauPTG and virtual PTG09:07
priteauTrain release09:07
priteauCode review priorities09:07
priteauAOB09:07
priteauAnything else you would like to add?09:07
priteau #topic Enabling Review-Priority flag in Gerrit09:09
priteauCome on openstack bot09:09
priteau#topic Enabling Review-Priority flag in Gerrit09:09
*** openstack changes topic to "Enabling Review-Priority flag in Gerrit (Meeting topic: blazar)"09:09
priteauI am working on other OpenStack projects which have enabled an additional flag in Gerrit called Review-Priority09:10
*** slaweq has joined #openstack-meeting-alt09:10
priteauI think it would be useful for us to identify patches that need attention09:11
priteauIt needs to be implemented in openstack/project-config09:12
priteauExample: https://review.opendev.org/#/c/295253/13/gerrit/acls/openstack/designate-dashboard.config09:12
priteauI would like to propose a similar change for Blazar repos, if you are happy to have it?09:13
masahito+1 for the change.09:14
priteauThanks, I will prepare a patch then.09:15
bertysokay for me as well for all repos09:15
priteauThanks09:16
priteau#action priteau will propose Review-Priority patches09:17
priteau#topic PTG and virtual PTG09:17
*** openstack changes topic to "PTG and virtual PTG (Meeting topic: blazar)"09:17
priteauReminder that for the PTG we have a Project Onboarding session, and the possibility of having technical discussions scheduled on the fly in the shared space09:18
priteauWe need to plan a virtual PTG as well to include everyone in the discussion. I would like to have it before the summit, would you be available during the week of the 28 of October?09:19
masahitoOn Tuesday?09:21
priteauNot necessarily, if another day is good for you.09:22
priteauThere's also the possibility of including Chameleon folks in the discussion, but it may be difficult to schedule due to timezone differences09:22
masahitoGot it. Mon-Thu works for me.09:23
priteauThis is the timezones if we wanted to involve Chameleon people in the discussion: https://www.timeanddate.com/worldclock/meetingtime.html?day=28&month=10&year=2019&p1=248&p2=64&p3=195&iv=009:24
priteauThis slot is in the middle of the night for them09:25
priteauThere are some possibilities if some are happy to have a meeting quite early or late during the day. But I think the best approach would be for me to have two meetings, one with Chicago and one with the rest of the community (Japan, maybe NTT data too?)09:26
priteauI'll start an Etherpad to collect discussion ideas09:28
masahitoyup09:28
priteauDo you know if NTT Data people will be Shanghai?09:30
masahitoSorry, I don't know..09:31
*** jamesmcarthur has quit IRC09:31
priteauI'll ask them directly09:31
priteauAsmita has been quite active this cycle, it would be good to keep her involved.09:32
*** jamesmcarthur has joined #openstack-meeting-alt09:32
priteau#topic Train release09:33
*** openstack changes topic to "Train release (Meeting topic: blazar)"09:33
priteaupython-blazarclient 2.2.1 was released last week: https://pypi.org/project/python-blazarclient/09:34
*** masahito has quit IRC09:34
priteauWe managed to get floating IP update functionality inside, thanks for your reviews09:34
*** masahito has joined #openstack-meeting-alt09:35
masahitosorry, disconnected.09:35
priteauNow focus is on preparing the release of the main Blazar service09:35
priteauYesterday while testing floating IP again I noticed a big regression09:36
priteauThanksfully the fix was easy09:36
priteauhttps://review.opendev.org/#/c/682416/09:36
priteauThis would be Review-Priority +2 if we had the flag ;-)09:36
priteauAlso added more floating IP docs, please review https://review.opendev.org/#/c/682411/09:36
bertysGot it09:36
priteauIn general if you are able to do some testing, now is the time09:37
priteauI'll try to merge the last patch from Asmita as an exception because it's been up for a long time, but then we'll be in freeze mode09:38
priteauRC1 during week of Sep 23 - Sep 27 and final RC (if needed) week of Oct 07 - Oct 1109:38
priteauI'll try to add some floating IP tests to tempest, it's really needed as it would have caught the problem caused by the microversion patch09:39
*** boxiang has quit IRC09:39
*** boxiang has joined #openstack-meeting-alt09:40
priteau#topic Code review priorities09:41
*** openstack changes topic to "Code review priorities (Meeting topic: blazar)"09:41
priteauThe two mentioned above:09:41
priteauhttps://review.opendev.org/#/c/682416/09:41
priteauhttps://review.opendev.org/#/c/682411/09:41
priteauAnd a trivial fix: https://review.opendev.org/#/c/682405/09:42
priteauOh, there's also an IPV6 Train goal, for which a patch was proposed but it doesn't pass Zuul checks09:42
priteauhttps://review.opendev.org/#/c/682361/09:42
priteauI haven't looked into it yet.09:42
priteauValue for option os_auth_host from LocationInfo(location=<Locations.user: (4, True)>, detail='/etc/blazar/blazar.conf') is not valid: [::1] is not a valid host address09:45
priteauFrom the end of https://storage.bhs1.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_258/682361/1/check/blazar-devstack-dsvm-ipv6-only/258dffd/logs/devstacklog.txt.gz09:46
priteauIf you are able to work on a fix, please do so09:47
priteauI also need to try the PDF docs build (another community goal)09:49
priteau#topic AOB09:50
*** openstack changes topic to "AOB (Meeting topic: blazar)"09:50
priteauAnything else to discuss?09:50
masahitoNot about Blazar, but I noticed Tetsuro is nominated to Placement PTL09:51
priteauIndeed, congratulations to him. I hope he will still have some time for Blazar.09:51
masahitohttp://lists.openstack.org/pipermail/openstack-discuss/2019-September/009274.html09:53
priteauIt's good news for us that Placement has an active leader, even better that it is someone very familiar with Blazar09:54
priteauIf that's all for this week, we can end here.09:56
priteauThanks a lot for joining, please remember to look at the high priority patches09:56
bertysthanks all09:57
priteau#endmeeting09:57
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"09:57
openstackMeeting ended Tue Sep 17 09:57:06 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)09:57
masahitothanks09:57
openstackMinutes:        http://eavesdrop.openstack.org/meetings/blazar/2019/blazar.2019-09-17-09.00.html09:57
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/blazar/2019/blazar.2019-09-17-09.00.txt09:57
openstackLog:            http://eavesdrop.openstack.org/meetings/blazar/2019/blazar.2019-09-17-09.00.log.html09:57
*** bertys has quit IRC09:57
*** tetsuro has joined #openstack-meeting-alt09:57
*** ttsiouts has quit IRC10:03
*** ttsiouts has joined #openstack-meeting-alt10:04
*** jamesmcarthur has quit IRC10:07
*** ttsiouts has quit IRC10:08
*** tetsuro has quit IRC10:20
*** tetsuro has joined #openstack-meeting-alt10:22
*** masahito has quit IRC10:26
*** tetsuro has quit IRC10:27
*** tetsuro has joined #openstack-meeting-alt10:38
*** tetsuro has quit IRC10:38
*** jamesmcarthur has joined #openstack-meeting-alt10:40
*** carloss has joined #openstack-meeting-alt10:53
*** zhubx has joined #openstack-meeting-alt10:58
*** boxiang has quit IRC11:00
*** ttsiouts has joined #openstack-meeting-alt11:01
*** jamesmcarthur has quit IRC11:12
*** boxiang has joined #openstack-meeting-alt11:15
*** zhubx has quit IRC11:18
*** brault has joined #openstack-meeting-alt11:31
*** brault has quit IRC11:36
*** panda is now known as panda|ruck11:41
*** raildo has joined #openstack-meeting-alt11:59
*** rfolco has joined #openstack-meeting-alt12:04
*** jamesmcarthur has joined #openstack-meeting-alt12:10
*** jamesmcarthur has quit IRC12:10
*** jamesmcarthur_ has joined #openstack-meeting-alt12:10
*** markvoelker has joined #openstack-meeting-alt12:11
*** dave-mccowan has joined #openstack-meeting-alt12:25
*** jamesmcarthur_ has quit IRC12:26
*** openstack has joined #openstack-meeting-alt12:32
*** ChanServ sets mode: +o openstack12:32
*** macz has quit IRC12:36
*** bobmel has quit IRC12:52
*** bobmel has joined #openstack-meeting-alt12:53
*** bobmel has quit IRC12:55
*** jcoufal has joined #openstack-meeting-alt12:55
*** bobmel has joined #openstack-meeting-alt12:56
*** bobmel has quit IRC12:57
*** bobmel has joined #openstack-meeting-alt13:00
*** yamamoto has joined #openstack-meeting-alt13:20
*** belmoreira has joined #openstack-meeting-alt13:23
*** macz has joined #openstack-meeting-alt13:38
*** lseki has joined #openstack-meeting-alt13:41
*** macz has quit IRC13:43
*** jamesmcarthur has quit IRC13:47
*** jamesmcarthur has joined #openstack-meeting-alt14:17
*** jamesmcarthur has quit IRC14:22
*** lbragstad_ has joined #openstack-meeting-alt14:26
*** jamesmcarthur has joined #openstack-meeting-alt14:27
*** lbragstad has quit IRC14:28
*** jamesmcarthur has quit IRC14:32
*** jamesmcarthur has joined #openstack-meeting-alt14:38
*** jamesmcarthur has quit IRC14:43
*** jamesmcarthur has joined #openstack-meeting-alt14:48
*** ttsiouts has quit IRC14:55
*** ttsiouts has joined #openstack-meeting-alt14:55
*** ttsiouts has quit IRC14:59
*** gagehugo has joined #openstack-meeting-alt15:03
*** ttsiouts has joined #openstack-meeting-alt15:03
*** lbragstad_ is now known as lbragstad15:23
*** boxiang has quit IRC15:27
*** boxiang has joined #openstack-meeting-alt15:28
*** gyee has joined #openstack-meeting-alt15:32
*** carloss has quit IRC15:40
*** jcoufal has quit IRC15:42
*** jcoufal has joined #openstack-meeting-alt15:44
*** e0ne has quit IRC15:48
*** ttsiouts has quit IRC15:57
*** ttsiouts has joined #openstack-meeting-alt15:58
cmurphy#startmeeting keystone16:00
openstackMeeting started Tue Sep 17 16:00:16 2019 UTC and is due to finish in 60 minutes.  The chair is cmurphy. Information about MeetBot at http://wiki.debian.org/MeetBot.16:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
*** openstack changes topic to " (Meeting topic: keystone)"16:00
openstackThe meeting name has been set to 'keystone'16:00
cmurphy#link https://etherpad.openstack.org/p/keystone-weekly-meeting agenda16:00
lbragstado/16:00
bnemeco/16:02
*** ttsiouts has quit IRC16:02
gagehugoo/16:02
cmurphylight attendance today16:03
cmurphy#topic announcements16:04
*** openstack changes topic to "announcements (Meeting topic: keystone)"16:04
cmurphyfeature freeze was last week, i put procedural -2s on some unfinished spec implementations and in general no new features should be approved16:04
cmurphysoft string freeze also in effect, i always have a hard time remembering that one16:05
cmurphyrequirements freeze also in effect so don't approve changes to requirements.txt16:05
bnemecI'm not sure how many strings are still getting translated outside of horizon at this point.16:06
cmurphybnemec: interesting, i guess i haven't seen any translation bot proposals in a long time16:06
cmurphylastly wanted to put out a call again for ptg topics, i haven't done any arrangements since last week so the schedule is still open to expand if there are topics to discuss16:08
cmurphy#link https://etherpad.openstack.org/p/keystone-shanghai-ptg keystone virtual ptg16:08
cmurphy#topic RC116:09
*** openstack changes topic to "RC1 (Meeting topic: keystone)"16:09
cmurphywe targeted all the policy migrations for feature freeze and we mostly completed everything we had bug reports for but lbragstad pointed out that some slipped through the cracks16:10
cmurphyi think it's not unreasonable to get those in before the stable branch is cut next week16:11
cmurphythoughts?16:11
lbragstadi think that sounds good - it'll be tight16:11
lbragstadi think it boils down to four APIs16:11
cmurphyi think the gate is less congested than last week at least16:11
lbragstad1. project tags (done) 2. project endpoints (relatively simple) 3. limits (underway but needs help) and 4. role assignments for project subtrees16:12
bnemecCheck queue is long right now. :-/16:13
lbragstadi think we can address those four areas - we will no longer have rule:admin_required used anywhere16:13
lbragstadwe can also completely remove the policy.v3cloudsample.json file along with the related testing we have for it16:14
cmurphylbragstad: what help do you need with limits?16:14
lbragstadso - i was digging into a big yesterday16:14
lbragstadi think it just needs to be consolidated into a single check string16:14
*** yamamoto has quit IRC16:14
lbragstadi'm not sure why i decided to write it into three check strings16:14
lbragstadoutside of that - i think 95% of the testing for that patch is done, it just needs a little cleanup in the APi16:15
lbragstadcmurphy i think you had a couple comments on additional test cases that would be good to add16:15
lbragstadso - 1. consolidate check strings and policies 2. add the missing tests 3. squash series into a single commit (including removing the limit policies from policy.v3cloudsample.json)16:17
cmurphysounds good16:17
cmurphyi can take a look at the role assignments one16:17
cmurphyi feel like i conquered the grants api last week16:17
lbragstad++16:17
lbragstadall i did was grep the code base for base.RULE_ADMIN_REQUIRED16:18
cmurphygagehugo: any chance you have time for project endpoints?16:18
lbragstadwhich returns a bunch of stuff because most hits are false positives since they're deprecated16:18
cmurphylbragstad: i had a comment on the project tags one, domain admins can't create/update tags for projects in their domain?16:19
lbragstadproject-endpoints are strictly system admin, member, and reader, so it should be straight forward16:19
lbragstadcmurphy they cannot16:19
cmurphylbragstad: why?16:19
lbragstadwe had a design discussion during the specification that project tags are "admin-only"16:20
lbragstade.g., a deployment could use them for billing codes or service memberships16:20
lbragstad(even though we don't recommend that)16:20
cmurphyhuh okay16:20
lbragstadand giving a domain admin the ability to modify those would allow them to bump their memberships16:20
lbragstadhttp://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/project-tags.html#security-impact16:21
cmurphy"Typically, only the project admin should be able to create/edit the tags for a project"16:22
lbragstad^ technically - that means it shouldn't be visible to anyone but system users, but it was implemented in a way that allows domain and project users to query for tag information16:22
cmurphythat seems like the opposite of what you said16:22
lbragstadoh16:22
cmurphygagehugo: can you clarify ^16:22
lbragstadi glossed over project and assumed system16:22
gagehugosorry stepped away16:23
lbragstadpolicy.v3cloudsample.json only appears to let project users view tags, not edit them https://opendev.org/openstack/keystone/src/branch/master/etc/policy.v3cloudsample.json#L16-L1716:24
lbragstadi guess that's what i was going off of ^16:24
lbragstadbut maybe i misinterpreted it16:25
cmurphyi think that policy is in contradiction with the default policy base.RULE_ADMIN_OR_TARGET_PROJECT16:26
gagehugotags are an attribute of a project, so a project's users should be able to view them the same as other attributes16:26
cmurphywhat about modifying them?16:26
gagehugoyeah that sample for get/list should be RULE_ADMIN_OR_TARGET_PROJECT16:26
cmurphythe change in https://review.opendev.org/#/c/682503/3/keystone/common/policies/project.py would have only system admins allowed to modify16:26
cmurphybut the spec makes it seem like project admins should be able to16:26
gagehugowell "admin" of the project can change them already without hitting the /tags url16:27
cmurphy?16:27
lbragstadbecause they're using old/deprecated policies?16:27
cmurphyoh16:27
gagehugoI mean they can do an update on the project itself16:27
gagehugobut only that one, not "all" projects16:28
lbragstadbut - that's in tandem with old and deprecated policies?16:28
cmurphyin a world where 968696 is closed a project admin shouldn't be able to do a PATCH /v3/projects16:28
cmurphyi don't think?16:29
lbragstadyeah - update_project is rule:admin_required16:29
lbragstader - that's the deprecated value)16:29
lbragstadthen we fixed it to be SYSTEM_ADMIN_OR_DOMAIN_ADMIN16:29
lbragstadproject users have no authorization on the PATCH /v3/project/{project_id} api16:29
lbragstadin the new world16:30
gagehugoyes16:30
lbragstadand in the old world of policy, only "project administrators" can update projects (because it's misinterpreted as a cloud admin)16:30
gagehugoyes, any projects16:31
cmurphyso my new-world reading of http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/project-tags.html#security-impact is that project admins can update project tags (but not projects themselves) and implicitly domain admins and system admins should as well16:31
lbragstadso - i guess we either need to update project tag functionality to all domain and project users to modify tags, or we need to update the specification to be inline with the implementation16:32
lbragstadcmurphy i agree with that view16:32
lbragstadif we want the implementation to match the spec16:32
gagehugoa project admin can update the project tags of projects that they have "admin" on, not all projects16:32
lbragstadgagehugo i don't see how the code allows that16:33
gagehugoPATCH /v3/projects/{project_id}16:33
lbragstadthe deprecated policies for project tags use base.RULE_ADMIN_OR_TARGET_PROJECT for only list_project_tags and get_project_tag16:33
lbragstadoh - but that's because of bug 96869616:34
openstackbug 968696 in OpenStack Identity (keystone) ""admin"-ness not properly scoped" [High,In progress] https://launchpad.net/bugs/968696 - Assigned to Colleen Murphy (krinkle)16:34
cmurphygagehugo: we're talking about once the deprecated policies are removed and the default policies don't allow that16:34
gagehugoI mean PATCH /v3/projects/{project_id}, not PUT /v3/projects/{project_id}/tags16:34
gagehugoa "project admin" cannot use PUT /v3/projects/{project_id}/tags on just any project anymore though16:35
cmurphyyes the default policies minus deprecations do not allow a user with role:admin on a project to do PATCH /v3/projects/{project_id}16:35
gagehugooh ok16:35
lbragstadwe fixed that in stein i believe16:35
gagehugoI misunderstood16:35
lbragstadin the future - should project and domain users be able to modify tags to projects they're authorized on?16:36
cmurphyie should they be allowed to PATCH /v3/projects/{project_id}16:36
cmurphyer16:36
cmurphyi meant should they be allowed to PUT /v3/projects/{project_id}/tags16:36
lbragstad^ yes16:36
lbragstadshould they be allowed to modify tags via the tags api directly16:36
gagehugothat was the point of adding a separate API iirc16:37
lbragstadbecause i wrote https://review.opendev.org/#/c/682503/ such that they can only view tags, not modify them16:37
gagehugoone of the points*16:37
cmurphygood point16:37
cmurphylbragstad: so i think 682503 needs to be updated to allow project and domain admins to modify tags16:39
lbragstadok16:39
gagehugoyeah16:39
* lbragstad is digging for something quick 16:40
lbragstaddo we have project tag documentation?16:40
* gagehugo has slept many time since we last discussed tags16:40
gagehugotimes*16:40
gagehugohttps://docs.openstack.org/api-ref/identity/v3/#project-tags ?16:40
lbragstadhmm16:41
lbragstadi swear you had a patch that added security concerns somewhere16:41
gagehugoI can look16:41
lbragstade.g., it was essentially a warning to operators that they shouldn't use tags for important stuff like billing codes or accounting information16:41
*** derekh has quit IRC16:41
lbragstadbecause we didn't want to have them use them for that use case since it creates a conflict of interest for domain and project users16:42
*** carloss has joined #openstack-meeting-alt16:42
gagehugoyeah, I remember that discussion16:43
lbragstadi can't find that information in the spec or the api reference16:44
lbragstadi'm not sure where it went, but i thought we merged it16:44
lbragstadregardless, i think we have consensus?16:44
cmurphyi think so16:44
gagehugohow are server tags handled?16:44
* lbragstad isn't sure16:45
gagehugothink neutron has network tags too16:45
gagehugoI think we have consensus though16:46
lbragstadhttps://github.com/openstack/nova/blob/master/nova/policies/server_tags.py16:46
lbragstadadmin or owner - so it looks like they grant write operations for tags to non-admins16:47
*** diablo_rojo has joined #openstack-meeting-alt16:48
cmurphyokay to close out this topic i had suggested in last week's newsletter that we use today's office hours to prioritize rc1 bugs, does that sounds like a good idea or should we do that asynchronously?16:50
lbragstadi can help16:51
gagehugothat sounds good16:51
lbragstaddo you expect it to take a while16:51
lbragstad?16:51
*** rfolco is now known as rfolco|dentist16:51
cmurphyi would timebox it at no more than an hour16:52
cmurphywould hope for less16:52
lbragstad++16:52
*** brault has joined #openstack-meeting-alt16:52
cmurphy#topic review requests16:53
*** openstack changes topic to "review requests (Meeting topic: keystone)"16:53
cmurphylbragstad: you had some reviews ^16:53
lbragstadi did16:53
lbragstad#link https://review.opendev.org/#/c/682266/16:53
lbragstad^ isn't ready yet, but i plan on ripping out the policy.v3cloudsample.json file asap (pending the other things we've discussed landing first)16:54
lbragstad#link https://review.opendev.org/#/q/I8f0f7a623a1741f461493d872849fae7ef3e807716:54
cmurphywill keep an eye on it16:54
lbragstad^ those fix system-scope when using domain-specific backends, otherwise system-scope tokens completely fail16:54
cmurphyi approved the one on master, i don't think we can merge the stable backports until that one is merged16:54
*** e0ne has joined #openstack-meeting-alt16:55
*** diablo_rojo has quit IRC16:55
gagehugolooking16:55
lbragstad++16:55
cmurphyI'd like reviews on https://review.opendev.org/680788 actually i think it would be best to merge that asap before we get too deep into the rest of the policy fixes16:55
cmurphy#link https://review.opendev.org/68078816:55
lbragstadsounds good16:56
cmurphy#link https://review.opendev.org/682447 fixes CI for OSA16:56
*** zhubx has joined #openstack-meeting-alt16:57
lbragstad+2 on https://review.opendev.org/#/c/680788/316:57
* gagehugo likes seeing the test times go from 50 min to 17 with the protection job 16:57
lbragstad++16:57
cmurphylol16:57
cmurphy#topic open floor16:58
*** openstack changes topic to "open floor (Meeting topic: keystone)"16:58
cmurphyanything else for the next two minutes?16:58
gagehugo+2/+A on https://review.opendev.org/#/c/680788/316:59
cmurphyty16:59
cmurphythanks guys17:00
*** boxiang has quit IRC17:00
cmurphy#endmeeting17:00
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"17:00
openstackMeeting ended Tue Sep 17 17:00:08 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)17:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-09-17-16.00.html17:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-09-17-16.00.txt17:00
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-09-17-16.00.log.html17:00
*** e0ne has quit IRC17:00
*** e0ne has joined #openstack-meeting-alt17:01
*** e0ne has quit IRC17:05
*** kopecmartin is now known as kopecmartin|off17:06
*** brault has quit IRC17:10
*** e0ne has joined #openstack-meeting-alt17:13
*** e0ne has quit IRC17:17
*** priteau has quit IRC17:32
*** e0ne has joined #openstack-meeting-alt17:33
*** yamamoto has joined #openstack-meeting-alt17:40
*** e0ne has quit IRC17:43
*** yamamoto has quit IRC17:48
*** igordc has joined #openstack-meeting-alt18:16
*** brault has joined #openstack-meeting-alt18:42
*** e0ne has joined #openstack-meeting-alt18:59
*** gagehugo has left #openstack-meeting-alt18:59
*** brault has quit IRC19:16
*** brault has joined #openstack-meeting-alt19:26
*** brault has quit IRC19:32
*** e0ne has quit IRC19:38
*** jcoufal has quit IRC19:45
*** priteau has joined #openstack-meeting-alt19:46
*** e0ne has joined #openstack-meeting-alt19:50
*** radeks has quit IRC19:56
*** jtomasek has quit IRC20:11
*** priteau has quit IRC20:28
*** panda|ruck is now known as panda|ruck|off20:29
*** zhubx has quit IRC20:41
*** boxiang has joined #openstack-meeting-alt20:41
*** brault has joined #openstack-meeting-alt20:48
*** brault has quit IRC20:52
*** brault has joined #openstack-meeting-alt20:57
*** brault has quit IRC21:01
*** slaweq has quit IRC21:10
*** slaweq has joined #openstack-meeting-alt21:11
*** raildo has quit IRC21:12
*** slaweq has quit IRC21:16
*** e0ne has quit IRC21:19
*** rfolco|dentist is now known as rfolco21:23
*** e0ne has joined #openstack-meeting-alt21:28
*** e0ne has quit IRC21:28
*** slaweq has joined #openstack-meeting-alt21:32
*** markvoelker has quit IRC21:35
*** slaweq has quit IRC21:36
*** jamesmcarthur has quit IRC22:13
*** macz has joined #openstack-meeting-alt22:40
*** lseki has quit IRC22:45
*** macz has quit IRC22:47
*** zhubx has joined #openstack-meeting-alt23:09
*** boxiang has quit IRC23:10
*** slaweq has joined #openstack-meeting-alt23:11
*** slaweq has quit IRC23:15
*** markvoelker has joined #openstack-meeting-alt23:22
*** jamesmcarthur has joined #openstack-meeting-alt23:24
*** igordc has quit IRC23:39
*** rcernin has joined #openstack-meeting-alt23:44
*** yamamoto has joined #openstack-meeting-alt23:46
*** jamesmcarthur has quit IRC23:50
*** yamamoto has quit IRC23:51
« Monday, 2019-09-16 Index Wednesday, 2019-09-18 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!