Tuesday, 2022-05-31

yasufumHi, tacker team!08:01
yasufum#startmeeting tacker08:01
opendevmeetMeeting started Tue May 31 08:01:46 2022 UTC and is due to finish in 60 minutes.  The chair is yasufum. Information about MeetBot at http://wiki.debian.org/MeetBot.08:01
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.08:01
opendevmeetThe meeting name has been set to 'tacker'08:01
yasufum#link https://etherpad.opendev.org/p/tacker-meeting08:02
yasufumBefore starting items, I would like to hear your comment for the next meeting.08:04
yasufumSummit is going to be held on the next Tuesday, so I think to skip the next meeting although how many people are going to join the event from tacker team.08:06
yasufumWhat do you think?08:06
takahashi-tscI think we can skip it.08:08
bkopilovbkopilov, Hi , about RBAC. not sure if i am in the right place but need help with RBAC and cinder...08:09
bkopilovAt least in review process08:09
yasufumbkopilov: thanks for your mention, we'll catch up the change.08:11
yasufumSo, skip the next meeting, thanks.08:12
yasufummanpreetk: can you start your item?08:12
manpreetksure, thanks08:12
manpreetkThis topic is regarding, open issues of OpenStack community-wide goal for Secure RBAC.08:13
manpreetkIn Zed PTG, 'heat' team address few concerns regarding SRBAC policy.08:13
manpreetkThe Secure RBAC policy requires the appropriate scope according to the resources.08:13
manpreetkFor example, project resources like instance, volume or network can be created by project-scoped token.08:13
manpreetkAnd project resources like flavor, user, project or role can be created by system-scoped token.08:13
manpreetkThe Heat's `create_stack` API creates both project and system resources, but it uses a single token provided by the user in a single stack API call.08:13
manpreetkProposed Solution, is to "split stack", i.e. create stacks as per scope, one need to create two separate heat stacks and call heat stack API separately using different credentials (or token).08:13
manpreetkTacker Impact, "create vnf" API internally calls "create_stack", so in order to address "split stack" we need to divide vnf creation process in two parts as well.08:13
manpreetkWould like to know other than one mention above, what all impact/challenge you think Tacker might face with new SRBAC policy.08:13
yasufumThanks for sharing the problem.08:18
yasufumhirofumi-noguchi: Do you have any comment because might be interested in the changes about Heat?08:20
hirofumi-noguchiSorry, I just joined the meeting now.08:22
hirofumi-noguchiI have not heard the discussion.08:22
hirofumi-noguchiAlso, I cannot see discussion log.08:24
yasufumPls find the first topic on the ethernet.08:24
yasufum#link https://etherpad.opendev.org/p/tacker-meeting08:24
yasufummanpreetk has just shared the problem08:24
yasufumand ask us to give a feedback to community.08:25
hirofumi-noguchiyasufum: thank you for sharing.08:29
hirofumi-noguchiI understood the point.08:29
hirofumi-noguchiAs mentioned in etherpad, I'm concerned about the impact on existing workflows.08:30
manpreetkhirofumi-noguchi: Yes that is one of the major impact, which even heat team was fully concerned. 08:32
hirofumi-noguchiLet me confirm it, does this chage affect only workflow or a Tacker implementation?08:33
manpreetkHigh level analysis, atleast  impacts workflow.08:34
manpreetkExisting API needs some tweeks or alteration, hope I ans your query.08:35
hirofumi-noguchiI think even if tacker supprts split-stack,  both split-stack configuration and existing one scope configuration can be operated.08:37
hirofumi-noguchiIs my understanding correct?08:37
manpreetkHmm, one scope configuration would be a question (as it depends on heat migration plan) which is still in discussion, honestly i have no idea about it.08:39
manpreetkIn policy popup meetings heat people are not that active, but yes such backward compatibility concerns are raised there.08:40
hirofumi-noguchiOK, thanks. I think we have to consider the backward compatibility and need investigation.08:43
manpreetkSure agree.08:43
yasufummanpreetk: BTW, should we give some response soon for the discussion although we need to take a time for understanding our impact actually.08:54
yasufumI mean for "the discussion" on ML you shared.08:55
manpreetkyasufum: In my opinion we should discuss about this as team first, rest I ll convey in policy popup meeting to grant us some time for revert.08:56
manpreetkWhat do you think?08:56
yasufumThanks, I agree!08:57
yasufumIs there any other comment?09:01
manpreetkNothing from my side. Thanks everyone.09:01
yasufumIt's the end of the time of this meeting.09:03
yasufumSo wrap up the meethg if no more items here.09:03
yasufumThanks for joining, bye!09:04
hirofumi-noguchithanks, bye09:04
manpreetkThanks bye.09:04
opendevmeetMeeting ended Tue May 31 09:04:57 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)09:04
opendevmeetMinutes:        https://meetings.opendev.org/meetings/tacker/2022/tacker.2022-05-31-08.01.html09:04
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/tacker/2022/tacker.2022-05-31-08.01.txt09:04
opendevmeetLog:            https://meetings.opendev.org/meetings/tacker/2022/tacker.2022-05-31-08.01.log.html09:04
*** whoami-rajat__ is now known as whoami-rajat13:42
bkopilovyasufum, thanks for your time about reviewing :https://review.opendev.org/c/openstack/cinder-tempest-plugin/+/84295414:16
bkopilovyasufum, it will be nice to read comments about14:16

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!