#openstack-meeting log

11:00:26 <mugsie> #startmeeting Designate
11:00:27 <openstack> Meeting started Wed Jun 13 11:00:26 2018 UTC and is due to finish in 60 minutes.  The chair is mugsie. Information about MeetBot at http://wiki.debian.org/MeetBot.
11:00:28 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
11:00:30 <openstack> The meeting name has been set to 'designate'
11:00:35 <mugsie> #topic Roll Call
11:02:04 <diman1> hi mugsie
11:02:19 <mugsie> hey
11:03:50 <mugsie> #topic Bug Triage
11:04:13 <mugsie> #link https://bugs.launchpad.net/designate/+bug/1774438
11:04:15 <openstack> Launchpad bug 1774438 in Designate "instances ignore dns servers supplied via dhcp_agein.ini" [Undecided,New]
11:04:36 <mugsie> I think that is a Neutron problem
11:04:42 <mugsie> yeah, definitely
11:04:57 <mugsie> #link https://bugs.launchpad.net/designate/+bug/1772925
11:04:58 <openstack> Launchpad bug 1772925 in Designate "Error in sink formatv4 neutron_floatingip handler" [Undecided,New]
11:05:16 <mugsie> erik has already replied, so I will close it out
11:06:12 <mugsie> no other new bugs
11:06:22 <mugsie> #topic Open Discussion
11:06:31 <mugsie> Any off agenda items?
11:06:37 <browny_> yes
11:06:51 <browny_> more granular authorisations
11:06:53 <mugsie> go for it
11:07:08 <mugsie> on a per record basis?
11:07:10 <browny_> we saw that there is this old blueprint for it
11:07:30 <diman1> yes, on a per record basis
11:07:36 <browny_> but we are wondering if a simpler version based on record types would be accepted upsteram
11:07:48 <browny_> as it would not mean changes at the api
11:07:56 <mugsie> yeah, the blueprint was never approved, as no one could propose a design that would work
11:08:00 <browny_> only in policy with addtional roles
11:08:35 <mugsie> Oh. I think that could be done already, as we pass the record type into the policy check already
11:08:41 <mugsie> I *think*
11:08:44 <browny_> so if we would add some chckes like recordset_a, ....
11:08:53 <browny_> default alll allowed
11:09:31 <browny_> diman will check ;-)
11:09:44 <mugsie> yeah - I will warn you that it will cause the DNS service to fail the interop / trademark test suite, but I think we can do it already, and if not, it shouold be a small change
11:10:03 <browny_> would we need to write  blueprint for it?
11:10:29 <mugsie> If we need to change the policy engine, we would need a spec
11:10:54 <mugsie> it doesn't have to be long, but just an overvoew of the behaviour before, after, and where changes will be made
11:10:57 <browny_> i do not think that the policy engine itself would need a change
11:11:10 <browny_> ok we can do this
11:11:40 <browny_> the other authorisation we would like to introduce is a "create sub zone"
11:11:48 <browny_> meaning if
11:12:25 <browny_> you own a zone in your project, you can have an additional policy check like "create_new_sub_zone"
11:13:11 <browny_> this would give you the right to create subzone, but you do not need the more generaal create_zone
11:13:23 <mugsie> Ah! Ok
11:13:36 <mugsie> (i was looking at it from the wrong direction at first)
11:13:45 <mugsie> I think that seems resonable
11:13:59 <browny_> so we can give full control over zone without giving full control over all possible zones...
11:14:33 <mugsie> yeah, no major objections there - no spec needed for that, just a release note in the commit
11:14:49 <browny_> cool, great
11:14:54 <diman1> sounds good
11:15:15 <browny_> then diman has some work to do ;-)
11:15:16 <mugsie> if you want these in r, they need to be pushed up soon
11:15:30 <mugsie> he does :)
11:15:46 <browny_> hurry diman ;-)
11:15:48 <diman1> oki
11:15:50 <mugsie> diman1: feel free to piing me in #openstack-dns if you hit any issues :)
11:16:02 <diman1> sure, thanks
11:16:21 <browny_> thats it form us for now
11:16:28 <diman1> I just wanted to ask about couple of old things as well
11:16:39 <mugsie> sure
11:16:54 <diman1> https://review.openstack.org/#/c/555398/ -> any comments?
11:17:19 <diman1> if that is fine - I'll push also the tempest changes
11:17:31 <mugsie> oh, I thought I pinged you about this, let me look at it
11:18:14 <diman1> oh, maybe I did not see, too many laptops in use(
11:19:00 <mugsie> I think the tempest tests are using invalid data
11:19:14 <mugsie> let me look today, and I will comment in the review
11:19:25 <diman1> alright, thanks mugsie
11:21:38 <mugsie> anything else?
11:22:35 <mugsie> OK, have a good day!
11:22:40 <mugsie> #endmeeting