Wednesday, 2017-08-23

« Tuesday, 2017-08-22 Index Thursday, 2017-08-24 »
*** edmondsw has quit IRC00:00
*** yamahata has quit IRC00:47
*** iyamahat has quit IRC00:48
*** edmondsw has joined #openstack-meeting-cp01:43
*** aselius has quit IRC01:46
*** feisky has joined #openstack-meeting-cp01:46
*** edmondsw has quit IRC01:48
*** gouthamr has joined #openstack-meeting-cp01:55
*** _pewp_ has quit IRC02:41
*** _pewp_ has joined #openstack-meeting-cp02:45
*** nhelgeson has quit IRC03:13
*** edmondsw has joined #openstack-meeting-cp03:32
*** edmondsw has quit IRC03:36
*** markvoelker has quit IRC04:03
*** dims has quit IRC05:02
*** eglute has quit IRC05:02
*** dhellmann has quit IRC05:02
*** ildikov has quit IRC05:02
*** tommylikehu has quit IRC05:02
*** kencjohnston_ has quit IRC05:02
*** tommylikehu has joined #openstack-meeting-cp05:02
*** ildikov has joined #openstack-meeting-cp05:02
*** dhellmann has joined #openstack-meeting-cp05:03
*** iyamahat has joined #openstack-meeting-cp05:04
*** eglute has joined #openstack-meeting-cp05:04
*** kencjohnston has joined #openstack-meeting-cp05:04
*** dims has joined #openstack-meeting-cp05:04
*** edmondsw has joined #openstack-meeting-cp05:19
*** edmondsw has quit IRC05:24
*** markvoelker has joined #openstack-meeting-cp06:04
*** coolsvap has joined #openstack-meeting-cp06:05
*** iyamahat_ has joined #openstack-meeting-cp06:15
*** iyamahat has quit IRC06:16
*** markvoelker has quit IRC06:38
*** gouthamr has quit IRC06:47
*** edmondsw has joined #openstack-meeting-cp07:08
*** edmondsw has quit IRC07:12
*** iyamahat_ has quit IRC07:23
*** iyamahat_ has joined #openstack-meeting-cp07:34
*** markvoelker has joined #openstack-meeting-cp07:35
*** iyamahat_ has quit IRC07:41
*** MarkBaker has joined #openstack-meeting-cp07:56
*** markvoelker has quit IRC08:08
*** edmondsw has joined #openstack-meeting-cp08:56
*** edmondsw has quit IRC09:00
*** markvoelker has joined #openstack-meeting-cp09:06
*** MarkBaker has quit IRC09:08
*** MarkBaker has joined #openstack-meeting-cp09:20
*** markvoelker has quit IRC09:39
*** feisky has quit IRC10:06
*** markvoelker has joined #openstack-meeting-cp10:36
*** edmondsw has joined #openstack-meeting-cp10:44
*** edmondsw has quit IRC10:48
*** markvoelker has quit IRC11:09
*** brault has quit IRC11:57
*** markvoelker has joined #openstack-meeting-cp12:07
*** kencjohnston has quit IRC12:12
*** ildikov has quit IRC12:12
*** knikolla has quit IRC12:13
*** kencjohnston has joined #openstack-meeting-cp12:14
*** ildikov has joined #openstack-meeting-cp12:15
*** knikolla has joined #openstack-meeting-cp12:15
*** brault has joined #openstack-meeting-cp12:17
*** markvoelker has quit IRC12:19
*** markvoelker has joined #openstack-meeting-cp12:20
*** brault has quit IRC12:22
*** brault has joined #openstack-meeting-cp12:22
*** markvoelker has quit IRC12:32
*** edmondsw has joined #openstack-meeting-cp12:32
*** markvoelker has joined #openstack-meeting-cp12:34
*** edmondsw has quit IRC12:36
*** edmondsw has joined #openstack-meeting-cp13:13
*** david-lyle has quit IRC13:36
*** gouthamr has joined #openstack-meeting-cp13:47
*** gouthamr has quit IRC13:49
*** gouthamr has joined #openstack-meeting-cp13:49
*** rarcea has joined #openstack-meeting-cp14:08
*** david-lyle has joined #openstack-meeting-cp14:10
*** MarkBaker has quit IRC14:21
*** coolsvap has quit IRC14:25
*** MarkBaker has joined #openstack-meeting-cp14:35
*** zhipeng has joined #openstack-meeting-cp14:50
*** zhipeng has quit IRC14:53
*** zhipeng has joined #openstack-meeting-cp15:04
*** aselius has joined #openstack-meeting-cp15:19
*** hemna_ has joined #openstack-meeting-cp15:24
*** Rockyg has joined #openstack-meeting-cp15:53
*** xyang1 has joined #openstack-meeting-cp15:57
*** zhipeng has quit IRC15:59
*** blancos has joined #openstack-meeting-cp15:59
*** zhipeng has joined #openstack-meeting-cp16:00
lbragstad#startmeeting policy16:00
openstackMeeting started Wed Aug 23 16:00:05 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.16:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
lbragstadping raildo, ktychkova, rderose, htruta, hrybacki, atrmr, gagehugo, lamt, thinrichs, edmondsw, ruan_he, ayoung, morgan, raj_singh, johnthetubaguy, knikolla, nhelgeson16:00
*** openstack changes topic to " (Meeting topic: policy)"16:00
openstackThe meeting name has been set to 'policy'16:00
edmondswo/16:00
lbragstad#link https://etherpad.openstack.org/p/keystone-policy-meeting16:00
lbragstadagenda ^16:00
blancoso/16:00
lbragstado/16:00
knikollao/16:00
lamto/16:00
lbragstadi know we have a couple more folks join - so we'll wait a minute16:01
lbragstadjoining*16:01
lbragstadalright - let's get started16:03
lbragstadshort agenda today16:03
lbragstad#topic global roles update16:03
*** openstack changes topic to "global roles update (Meeting topic: policy)"16:03
lbragstad#link  #link https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:bp/global-roles16:03
lbragstad^ there is the implementation for global role assignments for users and groups16:03
hrybackio/16:03
lbragstadi plan to get a patch up that allows you to get a globally scoped token by the end of the week16:04
lbragstadonce i get a little more planning done for the PTG i'll start that16:04
lbragstadbut please feel free to start playing with the implementation and reviewing16:04
lbragstadi'm always a fan of early feedback16:04
lbragstadmore information on what we'll be doing for the PoC in Denver can be found in another etherpad16:05
lbragstad#link https://etherpad.openstack.org/p/keystone-global-roles-poc16:05
lbragstadthat's about all i had for an update - does anyone have questions?16:06
hrybackinot atm, thanks for spear heading that lbragstad16:06
lbragstadyep! happy to16:06
edmondsw+116:06
lbragstad#topic open discussion16:06
*** openstack changes topic to "open discussion (Meeting topic: policy)"16:06
lbragstadfloor is open16:07
hrybackilbragstad: if no one has anything else, let's talk about global role vision per our earlier convo16:07
lbragstadhrybacki:  go for it16:07
hrybackiokay, so tl;dr we want to think about where we would be in an ideal world e.g. what are the services fully responsible for vs keystone*16:08
hrybackiin a world where global roles are already a thing*16:08
hrybacki1 second, my client is acting up16:09
*** zhipeng has quit IRC16:10
*** Rocky_g has joined #openstack-meeting-cp16:11
*** markvoelker_ has joined #openstack-meeting-cp16:11
lbragstadhrybacki: still having issues?16:12
hrybackimy browser keeps freezing up, sorry16:12
lbragstadhrybacki: just with irccloud?16:13
*** Rockyg has quit IRC16:13
*** markvoelker has quit IRC16:13
lbragstadok - i can pick things up until hrybacki get's things squared away16:13
lbragstadi guess what he wanted clarification on was what policy definition/maintenance looks like after global roles are in place16:14
lbragstadand my initial response was that policy at the service should not consist of a scope check in policy, but in code, and the policy just consists of a mapping from the role to the action16:15
knikollayes16:16
edmondsw+116:16
lbragstadis there anything else that should be tacked on to that?16:16
*** coolsvap has joined #openstack-meeting-cp16:16
hrybackiback, thanks lbragstad16:16
lbragstadhrybacki: get it working?16:16
hrybackiI think so. Maybe I just need to do some solid tab-closing maintenance16:17
edmondswso the service responsibility is to do proper scope checking in code16:17
lbragstadedmondsw: yeah - i'd agree with that16:17
hrybackiWhat if we have a set of standard (Default) global roles16:18
lbragstadi think that will be easy to build on once projects have defaults in code16:18
hrybackiWhat if an operator decides to add a new global role16:18
edmondswhrybacki you mean standard roles... it is an assignment that adds scope, and we don't have standard assignments16:18
edmondswi.e., standard roles, not standard global roles16:19
hrybackiedmondsw: I'm thinking down the road. What if were to have standard global roles16:19
lbragstadstandard roles being "project_admin"16:19
edmondswwe won't16:19
hrybackiagreed upon by the community e.g. a global observer16:19
edmondswthat would just be observer, not global observer16:19
edmondswand then if you want bob to have that role globally, you give them a global role assignment. If you want julie to have that role on a specific project, you give them a project-specific assignment16:20
lbragstadyeah - then you can give something the `observer` role globally, to a project, or on a domain16:20
hrybacki /me nods16:20
edmondswthat's one of the beautiful things about what we're doing here... we avoid all that nonsense from previous discussions about the role itself having global scope16:21
knikollaagree with that.16:22
lbragstadthen when projects move scope checks into code, the scope check enforces things automatically16:22
lbragstadoperation.scope == 'global' but not context.global:16:22
lbragstad    raise Forbidden16:22
hrybackiokay, thanks for fielding my questions :)16:23
lbragstaddoes that clear things up?16:23
hrybackifor now. I need to re-read the BPs keeping this in mind16:24
lbragstadanyone have anything else?16:24
lbragstadlooks like we can get some time back16:25
lbragstadthanks for coming!16:25
*** zhipeng has joined #openstack-meeting-cp16:25
lbragstad#endmeeting16:25
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings"16:25
openstackMeeting ended Wed Aug 23 16:25:33 2017 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:25
openstackMinutes:        http://eavesdrop.openstack.org/meetings/policy/2017/policy.2017-08-23-16.00.html16:25
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/policy/2017/policy.2017-08-23-16.00.txt16:25
openstackLog:            http://eavesdrop.openstack.org/meetings/policy/2017/policy.2017-08-23-16.00.log.html16:25
*** blancos has quit IRC16:25
hrybackio/16:25
*** rarcea has quit IRC16:29
*** zhipeng has quit IRC16:43
*** zhipeng has joined #openstack-meeting-cp16:43
*** zhipeng has quit IRC16:50
*** zhipeng has joined #openstack-meeting-cp16:55
*** zhipeng has quit IRC17:00
*** Rocky_g has quit IRC17:21
*** MarkBaker has quit IRC17:26
*** diablo_rojo has joined #openstack-meeting-cp17:41
*** diablo_rojo has quit IRC17:50
*** diablo_rojo has joined #openstack-meeting-cp17:50
*** gouthamr has quit IRC17:57
*** iyamahat has joined #openstack-meeting-cp18:00
*** gouthamr has joined #openstack-meeting-cp18:00
*** yamahata has joined #openstack-meeting-cp18:16
*** coolsvap has quit IRC18:25
*** brault has quit IRC18:44
*** diablo_rojo has quit IRC18:55
*** diablo_rojo has joined #openstack-meeting-cp19:05
*** aselius has quit IRC20:29
*** aselius has joined #openstack-meeting-cp20:39
*** diablo_rojo has quit IRC20:44
*** gouthamr has quit IRC20:58
*** edmondsw has quit IRC21:30
*** gouthamr has joined #openstack-meeting-cp21:35
*** xyang1 has quit IRC21:58
*** diablo_rojo has joined #openstack-meeting-cp22:08
« Tuesday, 2017-08-22 Index Thursday, 2017-08-24 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!