18:00:08 <lbragstad> #startmeeting keystone
18:00:09 <openstack> Meeting started Tue Oct  3 18:00:08 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:10 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:11 <samueldmq> o/
18:00:12 <openstack> The meeting name has been set to 'keystone'
18:00:14 <samueldmq> hello!
18:00:15 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting
18:00:16 <spilla> o/
18:00:18 <lamt> o/
18:00:19 <lbragstad> agenda ^
18:00:25 <lbragstad> alighty - let's try this again
18:00:41 <hrybacki> o/
18:00:57 <edmondsw> o/
18:01:06 <rodrigods> o/
18:01:08 <lbragstad> we'll give folks a few minutes to trickle in
18:01:48 <knikolla> o/
18:02:31 <lbragstad> #topic Sydney Media Session
18:02:54 <lbragstad> gagehugo: added this to the agenda but he's not here - so i can explain it
18:03:13 <lbragstad> #link http://eavesdrop.openstack.org/meetings/security/2017/security.2017-09-28-17.01.log.html
18:03:15 <lbragstad> context ^
18:03:36 <lbragstad> if anyone is interested in participating in a security discussion in sydney please feel free to ping gagehugo or lhinds
18:03:54 <lbragstad> they are looking to do some interviews focused on OpenStack + security
18:04:23 <lbragstad> if that sounds interesting to you or if you want to participate in those, ping gagehugo
18:04:58 <lbragstad> #topic trello sync
18:05:05 <lbragstad> #link https://trello.com/b/5F0h9Hoe/keystone
18:05:31 <lbragstad> one of my action items from the retrospective in Denver was to be better about communicating with various people driving things throughout the release
18:05:46 <lbragstad> now that we have a trello board, this seems like a natural fit
18:05:56 * hrybacki nods
18:06:09 <lbragstad> i figured we could spend a few minutes getting a quick status on where folks are at, if they need help/reviews, etc...
18:06:26 <lbragstad> we can start with the in progress column
18:06:34 <lbragstad> #link https://trello.com/c/b5ovuvqG/1-project-tags
18:06:47 <lbragstad> #topic trello status: project tags
18:07:19 <lbragstad> i reviewed most of that stuff last week and it's looking really good - i don't see anything preventing us from landing that in queens-1
18:07:46 <lbragstad> spilla: lamt ^ anything you want to add there? anything you need help with outside of reviews?
18:08:21 <lamt> lbragstad I am good. I think that's what's left, and some filtering work for the client left
18:08:39 <spilla> just a few kinks were working out with comparators, but other than that reviews are always greatly appreciated!
18:08:59 <lbragstad> cool - i'll revisit the reviews be EOW for sure
18:09:02 <lbragstad> by*
18:09:20 <lbragstad> for server at least, i imagine the client bits will be easier once we have the keystone implementation landed
18:09:45 <lamt> yeah
18:10:07 <lbragstad> #action keystone team to finish reviewing project tags implementation
18:10:14 <samueldmq> I will make sure to revisit them too
18:10:22 <samueldmq> (project tags)
18:10:23 <lbragstad> samueldmq: ++ thanks
18:10:40 <lbragstad> #topic trello status: v2.0 API removal
18:10:43 <lbragstad> #link https://trello.com/c/XTkAiqaB/21-remove-v20-apis
18:10:53 <lbragstad> we have a bunch of patches in flight and they are passing
18:11:15 <lbragstad> but we're really just hung up on https://review.openstack.org/#/c/499783/
18:11:37 <lbragstad> mainly due to the zuul switch over
18:11:52 <lbragstad> nothing really to do here until that enters the gate
18:12:05 <ayoung> Don't you need something more than recheck for the merge pipeline kmalloc ?
18:12:38 <lbragstad> kmalloc: reapplied a +2/+A last night, and i checked with infra this morning
18:12:40 <ayoung> like reverify or summat
18:12:58 <lbragstad> they merged those two things iirc
18:13:15 <lbragstad> sounds like a zuul restart is the answer at this point
18:13:39 <lbragstad> there is a thread going on the topic
18:13:42 <lbragstad> #link http://lists.openstack.org/pipermail/openstack-dev/2017-October/123049.html
18:13:57 <ayoung> its in the check queue
18:14:35 <lbragstad> cool - that must have happened since this morning
18:14:43 <ayoung> thrid from the top, 1hr26 until its up
18:15:00 <lbragstad> awesome - i'll keep an eye on it, we should start seeing the rest of those patches go through
18:15:05 <lbragstad> once that's in
18:15:20 <ayoung> Second from top, actually, behind a Cinder one...
18:15:50 <ayoung> at some point I should actually learn how Zuul works
18:16:11 <lbragstad> yeah... it'd be helpful for giving the infra team a hand at times like this
18:16:26 <ayoung> If only we knew someone that worked on it
18:16:32 <lbragstad> ... right
18:16:46 * ayoung looks around trying to make eye contact.  Fails
18:16:57 <lbragstad> #topic trello status: system scoping
18:17:00 <lbragstad> #link https://trello.com/c/9jYTqjgc/22-implement-system-scoping
18:17:23 <lbragstad> i have patches up the start the implementation here - i also have the specification up
18:17:27 <lbragstad> all reviews welcome
18:18:04 <lbragstad> if you're curious about getting your hands dirty with the code, let me know - i have several patches in flight
18:18:15 <ayoung> Couplea questions on that
18:18:32 <ayoung> are we going to have something that indicates "all services"  and "this subset of endpoints?"
18:19:02 <lbragstad> ayoung: right now - we're not even getting that far
18:19:17 <lbragstad> but the initial implementation shouldn't prevent us from doing that in the future
18:19:18 <ayoung> Does system imply all services the way it is written?
18:19:46 <lbragstad> I rewrote the specification to summarize everything we discussed at the PTG
18:19:48 <lbragstad> #link https://review.openstack.org/#/c/464763/
18:20:00 <lbragstad> ditching the global approach with a system approach
18:20:16 <lbragstad> I also added a section in the current spec why we chose that route
18:20:53 <ayoung> lbragstad, so,  I'd argue you dropped some wisdom from previous discussions in that spec:
18:21:13 <ayoung> we have discussed service scoped roles many times in the past, and that seemed to be the best mapping for what you have here
18:21:30 <ayoung> a service scoped role is a system scoped role the way you wrote it, but it CAN be more specific
18:21:38 <ayoung> I'd go for an approach that allows us to move that way
18:22:01 <lbragstad> if there is a seem where we can add it in the spec - let me know and i'll try and work it in
18:22:02 <ayoung> i.e. this token is only valid on Nova systems, or is only valid on this specific nova endpoint.  etc
18:22:15 <ayoung> lbragstad, will do
18:22:18 <lbragstad> s/seem/seam/
18:22:50 <lbragstad> i think the conclusion at the PTG was that kind of thing is powerful and we should have a system that lets us move that direction if we want to
18:23:34 <lbragstad> #topic trello status: policy community goal
18:23:39 <lbragstad> #link https://trello.com/c/XzM8IXy4/10-cross-project-policy-work
18:24:03 <lbragstad> we're making progress
18:24:13 <lbragstad> #link http://lists.openstack.org/pipermail/openstack-dev/2017-October/123040.html
18:24:19 <lbragstad> i send an update ^
18:24:47 <lbragstad> if you're interested in helping, let me know
18:25:07 <lbragstad> #topic trello status: oslo policy deprecation tools
18:25:45 <lbragstad> #link https://trello.com/c/Z6pUPEJu/3-oslopolicy-deprecation i have plans to start this implementation by EOW - once i get most of the projects started on the community goal
18:26:14 <lbragstad> i'm still hoping to have that done by queens-1 so that projects can start consuming it
18:26:44 <edmondsw> lbragstad any more discussion with the oslo.config guys on how to support changing policy/conf defaults?
18:27:02 <lbragstad> i haven't seen any updates on the specs i've proposed, yet
18:28:19 <lbragstad> i did respin the oslo specs to include details from the PTG discussions though
18:28:41 <lbragstad> so the current specs should be up-to-date
18:29:13 <lbragstad> #link https://review.openstack.org/#/c/500141/
18:29:27 <lbragstad> #link https://review.openstack.org/#/c/500207/
18:29:56 <lbragstad> #topic trello status: oslo policy scope
18:30:01 <lbragstad> #link https://trello.com/c/ZjsNk84y/4-oslopolicy-scope
18:30:06 <lbragstad> this is in the same boat
18:31:08 <lbragstad> #topic trello status: keystonemiddleware work
18:31:12 <lbragstad> #link https://trello.com/c/CQeSTZgP/18-keystonemiddleware-work
18:31:40 <lbragstad> cmurphy: has been pushing the ball forward there
18:31:44 <lbragstad> thanks cmurphy!
18:31:51 <lbragstad> i need to review those patches
18:32:46 <lbragstad> does anyone have things related to keystonemiddleware work they need to share besides reviews?
18:34:12 * hrybacki shakes his head
18:34:23 <lbragstad> cool - that should do it for all things "In Progress"
18:37:15 <lbragstad> next topic
18:37:25 <lbragstad> #topic: next policy session
18:38:02 <cmurphy> o/
18:38:23 <lbragstad> ayoung: had an idea for the next policy meeting, which is tomorrow
18:38:53 <ayoung> Yeah.  Should we walk through the Amazon IAM page to get a sense of what the other side is doing?
18:39:11 <ayoung> It is quite elaborate, and will, I think, lead to a lot of questions about how we do stuff in the future
18:39:27 <lbragstad> i like the idea
18:39:50 <ayoung> If we have < 10 people, we can do Google Hangouts.  I can also set up Bluejeans for a larger group if that is acceptable
18:39:53 <lbragstad> i think a group exercise to go through it would be useful
18:40:02 <hrybacki> ayoung +1
18:40:25 <ayoung> And we should not plan on getting through the whole thing at once, just gett started on it
18:40:44 <ayoung> and walk through a few use cases, like how a new user would get things done.
18:40:57 <lbragstad> ayoung: is a ML thread appropriate?
18:41:04 <ayoung> might overwhelm if we do
18:41:13 <ayoung> maybe a small group first time, something larger after that?
18:41:39 <edmondsw> lbragstad ayoung I won't be able to make the policy mtg tomorrow
18:41:59 <ayoung> plus...I only want people that are somewhat involved with implementing to think about it to start, as we might generate more work for ourselves han we can handle with the larger audience
18:42:12 <ayoung> edmondsw, have you worked with IAM in the past?
18:42:20 <edmondsw> ayoung no
18:42:49 <ayoung> Ah...well...we can postpone a couple weeks if we won't have a quorum. I'm out next week
18:43:16 <ayoung> Or we could go tomorrow, and then someone that is there can walk through it with you later...I'
18:43:29 <ayoung> d be happy to do a one on one with you say later on this week
18:43:35 <hrybacki> ayoung: could we record the session?
18:43:37 <edmondsw> or find another time that would work for everyone this week?
18:43:37 <lbragstad> +1
18:45:33 <lbragstad> ayoung: do you want to forward the info you have to the wider list or do you want me to?
18:45:37 <lbragstad> or kmalloc to?
18:45:52 <lbragstad> (if that is the next step)
18:46:04 * lbragstad is open to suggestions
18:46:11 <kmalloc> O/
18:46:28 <kmalloc> Back
18:46:46 <ayoung> lbragstad, go for it. I'll be enabler, but you've been running this thus far
18:47:00 <lbragstad> ayoung: ack
18:47:37 <lbragstad> #action lbragstad to start openstack-dev thread for next policy meeting on IAM sessions
18:49:10 <lbragstad> ayoung: thanks for driving this
18:49:39 <ayoung> My pleasure.  I've been looking into it for my day job already
18:50:17 <lbragstad> #topic open discussion
18:50:49 <hrybacki> We've officially lost jamie to other things :(
18:51:05 <edmondsw> boo
18:51:51 <lbragstad> :(
18:52:02 <lbragstad> for those who haven't seen it yet
18:52:07 <lbragstad> #link http://lists.openstack.org/pipermail/openstack-dev/2017-October/123001.html
18:53:12 <ayoung> I blame btopol
18:53:30 <hrybacki> Have not heard from him in awhile either!
18:54:20 <lbragstad> jamie did ping me saying that he is going to be wrapping things up over the next few weeks
18:54:22 <samueldmq> lbragstad: that's sad :/
18:56:21 <lbragstad> a big thanks to jamie for all he's done
18:56:29 <edmondsw> amen
18:56:36 <hrybacki> +1
18:57:00 <samueldmq> ++
18:57:56 <lbragstad> if there isn't anything else, we can get a few minutes back before office hours.
18:58:18 <hrybacki> nope
18:58:45 <lbragstad> thanks for coming!
18:58:49 <lbragstad> #endmeeting