11:00:26 #startmeeting Designate 11:00:27 Meeting started Wed Jun 13 11:00:26 2018 UTC and is due to finish in 60 minutes. The chair is mugsie. Information about MeetBot at http://wiki.debian.org/MeetBot. 11:00:28 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 11:00:30 The meeting name has been set to 'designate' 11:00:35 #topic Roll Call 11:02:04 hi mugsie 11:02:19 hey 11:03:50 #topic Bug Triage 11:04:13 #link https://bugs.launchpad.net/designate/+bug/1774438 11:04:15 Launchpad bug 1774438 in Designate "instances ignore dns servers supplied via dhcp_agein.ini" [Undecided,New] 11:04:36 I think that is a Neutron problem 11:04:42 yeah, definitely 11:04:57 #link https://bugs.launchpad.net/designate/+bug/1772925 11:04:58 Launchpad bug 1772925 in Designate "Error in sink formatv4 neutron_floatingip handler" [Undecided,New] 11:05:16 erik has already replied, so I will close it out 11:06:12 no other new bugs 11:06:22 #topic Open Discussion 11:06:31 Any off agenda items? 11:06:37 yes 11:06:51 more granular authorisations 11:06:53 go for it 11:07:08 on a per record basis? 11:07:10 we saw that there is this old blueprint for it 11:07:30 yes, on a per record basis 11:07:36 but we are wondering if a simpler version based on record types would be accepted upsteram 11:07:48 as it would not mean changes at the api 11:07:56 yeah, the blueprint was never approved, as no one could propose a design that would work 11:08:00 only in policy with addtional roles 11:08:35 Oh. I think that could be done already, as we pass the record type into the policy check already 11:08:41 I *think* 11:08:44 so if we would add some chckes like recordset_a, .... 11:08:53 default alll allowed 11:09:31 diman will check ;-) 11:09:44 yeah - I will warn you that it will cause the DNS service to fail the interop / trademark test suite, but I think we can do it already, and if not, it shouold be a small change 11:10:03 would we need to write blueprint for it? 11:10:29 If we need to change the policy engine, we would need a spec 11:10:54 it doesn't have to be long, but just an overvoew of the behaviour before, after, and where changes will be made 11:10:57 i do not think that the policy engine itself would need a change 11:11:10 ok we can do this 11:11:40 the other authorisation we would like to introduce is a "create sub zone" 11:11:48 meaning if 11:12:25 you own a zone in your project, you can have an additional policy check like "create_new_sub_zone" 11:13:11 this would give you the right to create subzone, but you do not need the more generaal create_zone 11:13:23 Ah! Ok 11:13:36 (i was looking at it from the wrong direction at first) 11:13:45 I think that seems resonable 11:13:59 so we can give full control over zone without giving full control over all possible zones... 11:14:33 yeah, no major objections there - no spec needed for that, just a release note in the commit 11:14:49 cool, great 11:14:54 sounds good 11:15:15 then diman has some work to do ;-) 11:15:16 if you want these in r, they need to be pushed up soon 11:15:30 he does :) 11:15:46 hurry diman ;-) 11:15:48 oki 11:15:50 diman1: feel free to piing me in #openstack-dns if you hit any issues :) 11:16:02 sure, thanks 11:16:21 thats it form us for now 11:16:28 I just wanted to ask about couple of old things as well 11:16:39 sure 11:16:54 https://review.openstack.org/#/c/555398/ -> any comments? 11:17:19 if that is fine - I'll push also the tempest changes 11:17:31 oh, I thought I pinged you about this, let me look at it 11:18:14 oh, maybe I did not see, too many laptops in use( 11:19:00 I think the tempest tests are using invalid data 11:19:14 let me look today, and I will comment in the review 11:19:25 alright, thanks mugsie 11:21:38 anything else? 11:22:35 OK, have a good day! 11:22:40 #endmeeting