14:01:07 #startmeeting cloudkitty 14:01:07 Meeting started Mon Sep 2 14:01:07 2024 UTC and is due to finish in 60 minutes. The chair is rafaelweingartner. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:01:07 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:01:07 The meeting name has been set to 'cloudkitty' 14:01:10 Hello guys! 14:01:12 Roll count 14:01:15 \o 14:01:23 o/ 14:02:20 o/ 14:03:11 #topic Impact of oslo.policy bump 14:03:25 I see that you added this topic in the meeting. Would you like to expand on this one? 14:04:25 Hello 14:04:34 This is only something I discovered today 14:05:02 gmann has sent the following email to the mailing list: https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/MPHSVG222OFHJL2AQD2A7CJGTH57SRCJ/ 14:05:36 TL;DR: oslo.policy 4.4.0 enables the RBAC new defaults by default, which means those will be enabled for all the OpenStack services unless they have disabled them by overriding the default value 14:05:58 However, we have not received any patches related to this, unlike many other projects 14:06:17 I saw the email as weill, but I did not fully understand it. 14:06:21 What is it about? 14:06:49 It is about this general RBAC change in OpenStack: https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html 14:07:50 So it is possible that as soon as https://review.opendev.org/c/openstack/requirements/+/925464 merges we will break, which would affect the project for Dalmatian 14:08:11 I think for this release we can disable the new defaults (this was done in some other projects) 14:08:40 But we will have to catch up in the next release (Epoxy) with a backlog of changes we haven't made 14:09:09 It is more a heads-up than a call for action. I think mattcrees and I can handle it. 14:10:25 I still did not think. You mean, the default is going to be scoped tokens? 14:12:15 Not really. I think we are supposed to make some admin calls system-scope only 14:12:26 I need to review this RBAC policy change in full 14:12:58 I thought that would not affect much, as these policies are defined in that policy.json file, right? 14:13:18 that maps an API call security path to a set of attributes that describe the user in the token 14:14:57 The policy file (yaml now, json is deprecated) is only for the admin overrides 14:15:02 Policy is defined in code now 14:16:15 Anyway, I will pursue the conversation with gmann to understand the impact and push some changes if needed (probably with help from mattcrees) 14:16:20 ok 14:16:22 thanks 14:18:49 Besides this topic, we do not have any new topics 14:18:57 I mean, nothing that we see from our side 14:19:02 do you guys have something else to add? 14:19:23 ah, there is something 14:19:24 #link https://github.com/gnocchixyz/gnocchi/pull/1396 14:19:40 this patch in Gnocchi, it will require some changes on CloudKitty side to now overload Gnocchi 14:19:54 as soon as a new release of Gnocchi is made, we will propose this patch in CloudKitty 14:22:01 thanks 14:22:35 This reminds me that a colleague of mine had issues with cloudkitty/gnocchi/ceilometer recently 14:22:42 He has posted a bug on storyboard: https://storyboard.openstack.org/#!/story/2011217 14:24:03 I haven't looked at the issue with him yet. Any input is welcome. 14:29:04 I saw it 14:29:09 but we would need more details 14:30:11 I will ask for some details there 14:32:46 is there something else from your side guys? 14:33:16 nothing new from me this time 14:33:54 There was the Elasticsearch topic? 14:34:37 we decided to "remove any deprecation message in both logs and code" 14:34:45 do we need to go back on this decision? 14:37:36 No, I think we should undeprecate 14:37:43 But we should do it now, before Dalmatian release 14:39:04 Do we have a patch up? I don't remember 14:39:31 not yet 14:39:35 I will create a patch for it then 14:41:17 Thanks 14:51:33 Thank you guys for participating. Have a nice week. 14:51:41 #endmeeting