Wednesday, 2017-06-21

« Tuesday, 2017-06-20 Index Thursday, 2017-06-22 »
*** fredli__ has joined #openstack-meeting-cp01:01
*** markvoelker has quit IRC01:40
*** markvoelker has joined #openstack-meeting-cp01:41
*** markvoelker has quit IRC01:45
*** yamahata_ has quit IRC01:56
*** fredli__ has quit IRC02:02
*** yamahata_ has joined #openstack-meeting-cp03:00
*** markvoelker has joined #openstack-meeting-cp03:29
*** aselius has quit IRC03:47
*** gouthamr has quit IRC04:43
*** MarkBaker has joined #openstack-meeting-cp04:49
*** MarkBaker has quit IRC04:55
*** MarkBaker has joined #openstack-meeting-cp05:00
*** MarkBaker has quit IRC05:10
*** pewp has quit IRC05:40
*** pewp has joined #openstack-meeting-cp05:44
*** diablo_rojo has quit IRC05:57
*** MarkBaker has joined #openstack-meeting-cp06:08
*** MarkBaker has quit IRC06:17
*** markvoelker has quit IRC07:00
*** markvoelker has joined #openstack-meeting-cp07:00
*** markvoelker has quit IRC07:01
*** markvoelker has joined #openstack-meeting-cp07:01
*** markvoelker has quit IRC07:01
*** edmondsw has joined #openstack-meeting-cp07:03
*** markvoelker has joined #openstack-meeting-cp07:07
*** edmondsw has quit IRC07:08
*** f13o has joined #openstack-meeting-cp07:23
*** edmondsw has joined #openstack-meeting-cp08:51
*** edmondsw has quit IRC08:56
*** yamahata_ has quit IRC08:57
*** MarkBaker has joined #openstack-meeting-cp09:29
*** MarkBaker has quit IRC09:42
*** MarkBaker has joined #openstack-meeting-cp09:44
*** f13o has quit IRC10:09
*** f13o has joined #openstack-meeting-cp10:23
*** edmondsw has joined #openstack-meeting-cp10:39
*** edmondsw has quit IRC10:45
*** MarkBaker has quit IRC10:54
*** f13o has quit IRC11:07
*** beekhof has joined #openstack-meeting-cp11:12
*** f13o has joined #openstack-meeting-cp11:20
*** edmondsw has joined #openstack-meeting-cp12:21
*** pewp has quit IRC12:57
*** pewp has joined #openstack-meeting-cp13:04
*** f13o has quit IRC13:06
*** gouthamr has joined #openstack-meeting-cp13:06
*** MarkBaker has joined #openstack-meeting-cp13:18
*** f13o has joined #openstack-meeting-cp13:18
*** MarkBaker_ has joined #openstack-meeting-cp13:42
*** MarkBaker has quit IRC13:43
*** diablo_rojo has joined #openstack-meeting-cp13:47
*** MarkBaker_ has quit IRC13:48
*** MarkBaker has joined #openstack-meeting-cp13:57
*** zhipeng has joined #openstack-meeting-cp13:57
*** MarkBaker has quit IRC14:12
*** felipemonteiro has joined #openstack-meeting-cp14:14
*** felipemonteiro_ has joined #openstack-meeting-cp14:15
*** MarkBaker has joined #openstack-meeting-cp14:16
*** felipemonteiro has quit IRC14:19
*** zhipeng has quit IRC14:26
*** f13o has quit IRC14:27
*** MarkBaker has quit IRC14:28
*** gouthamr has quit IRC14:37
*** gouthamr has joined #openstack-meeting-cp14:37
*** aselius has joined #openstack-meeting-cp14:40
*** markvoelker has quit IRC14:40
*** f13o has joined #openstack-meeting-cp14:40
*** zhipeng has joined #openstack-meeting-cp14:42
*** markvoelker has joined #openstack-meeting-cp14:57
*** yamahata_ has joined #openstack-meeting-cp15:09
*** david-lyle has joined #openstack-meeting-cp15:10
*** f13o has quit IRC15:32
*** felipemonteiro_ has quit IRC15:38
*** Rockyg has joined #openstack-meeting-cp15:41
*** zhipeng has quit IRC15:53
*** blancos has joined #openstack-meeting-cp15:58
*** markvoelker has quit IRC15:58
*** markvoelker has joined #openstack-meeting-cp15:59
*** diablo_rojo has quit IRC16:00
lbragstad#startmeeting policy16:00
openstackMeeting started Wed Jun 21 16:00:04 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.16:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
*** gagehugo has joined #openstack-meeting-cp16:00
*** openstack changes topic to " (Meeting topic: policy)"16:00
openstackThe meeting name has been set to 'policy'16:00
lbragstadping raildo, ktychkova, rderose, htruta, hrybacki, atrmr, gagehugo, lamt, thinrichs, edmondsw, ruan, ayoung, morgan, raj_singh, johnthetubaguy, knikolla, nhelgeson16:00
gagehugoo/16:00
blancoso/16:00
hrybackio/16:00
lbragstado/16:00
lbragstad#link https://etherpad.openstack.org/p/keystone-policy-meeting16:00
lbragstadagenda ^16:00
morganJust 10 more minutes... I promise I'll wake up then :P16:00
*** diablo_rojo has joined #openstack-meeting-cp16:00
lbragstadmorgan: sounds like a reason to hit snooze16:01
morganOr.. erm.. I guess I'm here :P16:01
hrybackilol16:01
morganRight!?16:01
lbragstadi say that to my phone every morning16:01
*** gnarld_ is now known as cFouts16:01
edmondswo/16:02
lbragstadalrighty - let's go ahead and get started16:02
lbragstadpretty light agenda today - so we should have plenty of time to discuss open topics16:02
lbragstad#topic policy-docs goal16:02
*** openstack changes topic to "policy-docs goal (Meeting topic: policy)"16:02
lbragstad#link https://review.openstack.org/#/c/469954/16:03
lbragstadqueens goals are getting firmed up16:03
hrybackihow many rolecall votes do we need to land this16:03
lbragstadthose those unfamiliar with that proposal - it would be great to get your feedback on it16:03
lbragstadhrybacki: i believe it needs the majority or unanimous vote from the TC16:03
hrybackihow many members are on the TC?16:04
lbragstadand the members of the TC are the only ones with Rollcall power, I believe16:04
* hrybacki googles16:04
hrybackiokay, 3 more votes and we are gold16:04
lbragstadhrybacki: https://review.openstack.org/#/admin/groups/205,members16:05
lbragstad#link https://review.openstack.org/#/admin/groups/205,members16:05
hrybackilbragstad++16:05
lbragstadwhich leads to our next topic16:05
lbragstad#topic policy-docs patches16:05
*** openstack changes topic to "policy-docs patches (Meeting topic: policy)"16:05
lbragstad#link https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:bp/policy-docs16:05
lbragstadwe only have a few patches left16:06
lbragstadi approved a couple yesterday16:06
hrybackiI'm close with https://review.openstack.org/#/c/449278/ -- trying to resolve one more failing test that's being a pain16:06
lbragstadhrybacki: sounds good16:06
lbragstad#link https://review.openstack.org/#/c/449244/ looks ready to go16:06
lbragstad#link https://review.openstack.org/#/c/449337/ is also ready to go but I proposed it so i'll abstain from merging it16:07
lbragstad#link https://review.openstack.org/#/c/449255/ is in the same boat16:07
hrybackiI'll take a look at the later two after this mtg16:08
lbragstadawesome16:09
lbragstadmoving on16:09
lbragstad#topic global roles work16:09
*** openstack changes topic to "global roles work (Meeting topic: policy)"16:09
lbragstad#link https://review.openstack.org/#/c/464763/ is proposed to backlog16:09
*** felipemonteiro has joined #openstack-meeting-cp16:09
lbragstadwe have several other specs proposed to backlog as well16:09
*** felipemonteiro_ has joined #openstack-meeting-cp16:10
lbragstadeven though we are in specification freeze, I'd be ok merging some of those to backlog (pending reviews) since it won't affect our work for Pike16:10
lbragstadI'm also planning on setting aside time next week to start writing that implementation16:10
lbragstadand get something in review well before the PTG16:10
lbragstad#topic open discussion16:11
*** openstack changes topic to "open discussion (Meeting topic: policy)"16:11
hrybackiout-of-band: how does backlog work for upstream projects?16:11
lbragstadhrybacki: good question - if we generally agree on something we should do as a project, or a spec, but don't have bandwidth to implement in the current cycle, we merge it to backlog16:12
lbragstadwhen we're ready to commit resources to it, its moved from the backlog directory to the release we want to target16:12
hrybackiah I see the directory now16:12
lbragstadduring the move from backlog, we take the opportunity to update any stale information in the spec (like the people picking up the implementation)16:13
* hrybacki nods16:13
hrybackiSo are you envisioning moving this out of backlog before Pike GA?16:13
lbragstadso - in this case, we'd try to merge global roles to backlog, and then as soon as spec freeze is lifted we'd repropose it to queens16:13
*** felipemonteiro has quit IRC16:14
* hrybacki nods16:14
hrybackiI understand now, thanks lbragstad16:14
*** spilla has joined #openstack-meeting-cp16:14
lbragstadhrybacki: anything16:14
lbragstadanytime* rather16:14
lbragstaddo folks have anything else policy wise?16:14
hrybackilbragstad: you feel good about the state of policy and docs in code?16:15
hrybackiin that we'll likely have votes we need in time16:15
lbragstadhrybacki: i think it's a good path forward and it seems to have positive support16:16
lbragstadour next step will be working with the oslo.policy team quite a bit16:16
lbragstadwe'll need to develop some functionality in that library in order for some of the policy-in-code and policy-docs work to be super useful16:17
* hrybacki nods16:17
lbragstadbut that will be work in queens for sure16:17
lbragstadedmondsw: have you heard any follow up on the scoping for global tokens?16:18
lbragstadedmondsw: i believe that discussion was hanging on security vs. usability related concerns16:19
edmondswlbragstad no, I've totally lost track of that16:19
lbragstadedmondsw: ok16:19
edmondswhaven't had a chance to look at anything policy related in a while16:19
lbragstadedmondsw: i haven't heard much either - last thing i did was drop a line in #openstack-security asking for advice16:19
lbragstadmaybe i should go poke again16:20
edmondswdo you remember what the concerns were? or where someone wrote them down?16:20
lbragstadedmondsw: yeah16:20
lbragstadedmondsw: the useability concern was that global roles would be adding yet another scoping mechanism that users have to know about in order to do something16:21
lbragstad(e.g. i want to live migrate, so i need a globally scoped token from keystone)16:21
lbragstadthe argument was that it makes things harder for clients16:21
lbragstadand users to understand16:21
edmondswI just pulled up the global roles spec, and my first comment is going to be that I don't know that live migrate is a great example16:22
lbragstadi believe gyee wrote that concern down in the spec16:22
lbragstadedmondsw: if you can think of a better example, I'll incorporate it into the current revision for sure16:22
edmondswlbragstad the prime example in my mind is something like nova's GET /v2.1/servers?all_tenants16:23
edmondswyou shouldn't be able to see things in all tenants unless you have a global role assignment16:23
lbragstadthat works today if a user has the admin role, right?16:23
edmondswright16:23
lbragstadaha - ok16:23
lbragstadagreed16:23
lbragstadwell...16:24
lbragstadyou need the global role assignment and it needs to match the role required for that policy in nova16:24
lbragstad(if i'm thinking about this right)16:24
edmondswright16:24
lbragstadok - cool16:24
lbragstadwe're on the same page then16:24
edmondswso you could just have an observer role, not necessarily admin, as long as it was globally scoped16:25
lbragstadedmondsw: if you leave a comment, i can update the spec with that example instead16:25
edmondswwill do16:25
lbragstadedmondsw: right - yep16:25
lbragstadsounds like i have a few action itmes16:26
lbragstad#action lbragstad to update the global roles spec with better examples of global operations16:26
lbragstad#action lbragstad to follow up with the security team on the usability vs. security concerns of using unscoped tokens for global roles16:26
lbragstadcool - does anyone have anything else?16:27
*** yamahata_ has quit IRC16:28
lbragstadlooks like we'll get some time back - thanks all!16:28
lbragstad#endmeeting16:28
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings"16:28
openstackMeeting ended Wed Jun 21 16:28:49 2017 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:28
openstackMinutes:        http://eavesdrop.openstack.org/meetings/policy/2017/policy.2017-06-21-16.00.html16:28
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/policy/2017/policy.2017-06-21-16.00.txt16:28
hrybackio/16:28
openstackLog:            http://eavesdrop.openstack.org/meetings/policy/2017/policy.2017-06-21-16.00.log.html16:28
*** blancos has left #openstack-meeting-cp16:30
*** MarkBaker has joined #openstack-meeting-cp16:33
*** gagehugo has left #openstack-meeting-cp16:44
*** harlowja has joined #openstack-meeting-cp17:07
*** yamahata_ has joined #openstack-meeting-cp17:09
*** MarkBaker has quit IRC18:01
*** pewp has quit IRC18:08
*** pewp has joined #openstack-meeting-cp18:11
*** Rockyg has quit IRC18:17
*** stvnoyes has left #openstack-meeting-cp18:19
*** kbyrne has quit IRC18:22
*** kbyrne has joined #openstack-meeting-cp18:23
*** spilla has left #openstack-meeting-cp18:51
*** MarkBaker has joined #openstack-meeting-cp19:34
*** MarkBaker has quit IRC19:46
*** benj_ has quit IRC19:49
*** MarkBaker has joined #openstack-meeting-cp19:49
*** benj_ has joined #openstack-meeting-cp19:51
*** gouthamr has quit IRC20:09
*** gouthamr has joined #openstack-meeting-cp20:48
*** markvoelker has quit IRC22:04
*** markvoelker_ has joined #openstack-meeting-cp22:06
*** markvoelker_ has quit IRC22:11
*** felipemonteiro_ has quit IRC22:12
*** markvoelker has joined #openstack-meeting-cp22:17
*** brault has quit IRC22:51
*** sdague has quit IRC23:11
*** diablo_rojo has quit IRC23:33
« Tuesday, 2017-06-20 Index Thursday, 2017-06-22 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!