15:01:00 #startmeeting horizon 15:01:00 Meeting started Wed Jul 7 15:01:00 2021 UTC and is due to finish in 60 minutes. The chair is vishalmanchanda. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:00 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:00 The meeting name has been set to 'horizon' 15:02:12 hi anyone around for horizon meeting? 15:03:39 o/ 15:03:57 o/ 15:04:09 ok let's start. 15:04:15 o/ 15:04:23 #topic Notices 15:04:55 Just an reminder Xena-2 milestone is next week. 15:05:11 Xena Schedule https://releases.openstack.org/xena/schedule.html 15:06:16 I have sent a mail about moving stable/queens to EOL on open-discuss ML last week. 15:06:25 #link http://lists.openstack.org/pipermail/openstack-discuss/2021-June/023381.html 15:07:12 I can see there is no open patches for stable/queens branch as of today. 15:07:22 https://review.opendev.org/q/project:openstack/horizon%252Bbranch:stable/queens%252Bstatus:open 15:08:09 So I have pushed a patch to release to move stable/queen to EOL. 15:08:30 patch link https://review.opendev.org/c/openstack/releases/+/799543 15:09:24 last announcement is about next Virtual PTG. 15:09:49 It will take place around October 18-22, 2021 15:10:16 Please see ML thread more info http://lists.openstack.org/pipermail/openstack-discuss/2021-June/023370.html 15:11:37 Does anyone have any other announcement, then please go ahead. 15:13:27 ok I have no more specific topics to discuss. 15:13:35 #topic open-discussion 15:14:21 amotoki: rdopiera : Could we merge these open plugin patches to drop nodejs 10 https://review.opendev.org/q/topic:%22drop-nodejs10%22+(status:open%20OR%20status:merged) 15:14:22 There is a bug: https://bugs.launchpad.net/horizon/+bug/1792028 15:14:45 I think we have waited enough for plugins teams. 15:14:59 the bug hasn't been fixed and the solution was to skip 39 tests from the integration tests 15:15:33 is this bug going to be fixed sometime? 39 tests skipped is more than 50 percent of the integration tests not running 15:15:35 vishalmanchanda: it is up to you. Have you requested to merge them for example in the mailing list? 15:16:14 vishalmanchanda: most horizon plugin teams just maintain horizon plugins as their side works along with their main repo 15:16:34 amotoki: not yet. I will send a mail on open-discuss about it by this week. 15:16:47 amotoki: thanks for suggestion. 15:17:26 vishalmanchanda: I personally have no bandwidth to check plugin reviews. 15:17:37 amotoki: ok np. 15:18:17 anyone? 15:19:56 two topics were raised in parallel. I think the topic on nodejs 10 from vishalmanchanda has been done. let's move on to the topic raised by ikanias 15:19:57 ikanias: yeah it looks really bad, Let's try our best to fix those. 15:20:17 skipped integration tests. 15:20:51 it has not been fixed since 2018... 15:21:04 at least the last comment is from that time 15:21:06 at that time skipping the integration tests was reasonable to unblock the gate, but ...... no work has been done since then...... 15:21:30 we miss a lot of tests... we can miss many bugs 15:22:51 ikanias: +1. 15:24:10 so, what is our next step? 15:24:41 I personally write some integration tests for few pages but never pushed it to gerrit, will check if I still have those in my env. 15:25:17 vishalmanchanda: any suggestion as PTL? 15:26:08 I think next step should be fixing those skipped tests, I can help here. 15:27:14 ikanias: can you work on fixing skipped tests with vishalmanchanda? 15:27:14 I will check after the meeting how many such test are skipped an open a new high priority bug for it. 15:27:23 and* 15:27:48 amotoki: yes i can try 15:27:57 ikanias: thanks 15:27:58 ikanias: thanks for bringing this topic:) 15:28:39 but currently these tests are a bit complicated for me to understand...i would like if someone could go over them with me... just saw them last week for the first time 15:29:05 vishalmanchanda: np 15:30:18 rdopiera: Do you have any update on django sass processor patch https://review.opendev.org/c/openstack/horizon/+/794809 15:31:27 vishalmanchanda: no, I haven't done anything since then 15:32:02 rdopiera: ok 15:32:51 if we want to go ahead with that plugin, I believe there were two issues remaining with it 15:33:27 the material theme problem, and a way for people to inject their own css 15:34:48 but If I remember correctly Ivan and amotoki have some workaround for material theme issue atleast. 15:35:09 yes, and we can simply @import a user's scss file 15:35:11 vishalmanchanda: I think it is a differnt issue. 15:36:32 I am not sure what kind of differences we hit when we switch the sass processor though. 15:37:13 there are going to be differences for sure 15:37:49 I didn't go through all views to see if they render correctly 15:38:45 maybe integration tests can check that. 15:38:58 no, they don't care about the looks 15:39:05 they only look at the html 15:39:23 (well, unless something overlaps something) 15:39:33 ohh yeah.. 15:41:05 Do we have any other topic to discuss or we can end this meeting? 15:41:17 this is one reason why if we want to switch, it would be better to do it at the beginning of the cycle, so we have more time to catch bugs 15:41:28 I don't have anything more 15:41:32 id like to discuss https://bugs.launchpad.net/horizon/+bug/1874705 15:42:04 gshippey: please go ahead. 15:42:30 If i were to change the fix patch to use the referrer as a backup would that make people happy 15:42:44 in case the openstack keystone url is not defined 15:43:38 patch link https://review.opendev.org/c/openstack/horizon/+/722685 15:46:11 gshippey: Honestly I have never used websso. 15:46:20 So give me some time to understand the issue or reproduce it. 15:46:53 the only reason we did not have a good progress is the current horizon reviewers have no good experience/kwowledge on websso implementations..... 15:47:33 I wonder how we can move it forward.... 15:48:03 keystone team might help it. they may have more knowledge than us. 15:51:05 amotoki: hmm I have added the keystone team in the launchpad bug Let's see if they respod. 15:51:07 Well if perhaps you'd like to have ago at recreating it and I can check in in another week or two? Otherwise I think I will make changes to make it dropback to the referrer if openstack keystone url is not defined and try get some keystone reviewers eyes on it too 15:51:12 respond* 15:51:16 great 15:53:15 keystone url has to be defined for horizon to work... 15:54:07 I wonder, you don't want the controller node to have access to something that is otherwise publicly accessible? Why? Does it really improve security? 15:55:10 rdopiera: good point 15:56:42 the description of https://bugs.launchpad.net/horizon/+bug/1874705 explains the context more. 15:56:44 I think that using the referer address may actually be a phishing protection mechanism 15:57:02 making sure you talk with the page that the user entered the password in 15:57:37 "Our Openstack services have minimal external connectivity for security reasons." is not really an explanation 15:58:18 in these deployments the internal networks dont route to anywhere 15:58:25 thats a deployer choice 15:59:24 and requests from the end user enter via a well defined loadbalancer / SSL terminator which is the only point that has external connectivity 16:00:31 how about we used the internal endpoint always, but had an additional check in there that the referrer matches the referrer defined in the config? 16:01:09 we would add a config option for the expected referrer 16:01:17 sorry to interrupt I am just ending the meeting 16:01:22 would that be the WEBSSO_KEYSTONE_URL? 16:01:37 #endmeeting