18:00:08 <lbragstad> #startmeeting keystone 18:00:09 <openstack> Meeting started Tue Oct 3 18:00:08 2017 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:10 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:00:11 <samueldmq> o/ 18:00:12 <openstack> The meeting name has been set to 'keystone' 18:00:14 <samueldmq> hello! 18:00:15 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting 18:00:16 <spilla> o/ 18:00:18 <lamt> o/ 18:00:19 <lbragstad> agenda ^ 18:00:25 <lbragstad> alighty - let's try this again 18:00:41 <hrybacki> o/ 18:00:57 <edmondsw> o/ 18:01:06 <rodrigods> o/ 18:01:08 <lbragstad> we'll give folks a few minutes to trickle in 18:01:48 <knikolla> o/ 18:02:31 <lbragstad> #topic Sydney Media Session 18:02:54 <lbragstad> gagehugo: added this to the agenda but he's not here - so i can explain it 18:03:13 <lbragstad> #link http://eavesdrop.openstack.org/meetings/security/2017/security.2017-09-28-17.01.log.html 18:03:15 <lbragstad> context ^ 18:03:36 <lbragstad> if anyone is interested in participating in a security discussion in sydney please feel free to ping gagehugo or lhinds 18:03:54 <lbragstad> they are looking to do some interviews focused on OpenStack + security 18:04:23 <lbragstad> if that sounds interesting to you or if you want to participate in those, ping gagehugo 18:04:58 <lbragstad> #topic trello sync 18:05:05 <lbragstad> #link https://trello.com/b/5F0h9Hoe/keystone 18:05:31 <lbragstad> one of my action items from the retrospective in Denver was to be better about communicating with various people driving things throughout the release 18:05:46 <lbragstad> now that we have a trello board, this seems like a natural fit 18:05:56 * hrybacki nods 18:06:09 <lbragstad> i figured we could spend a few minutes getting a quick status on where folks are at, if they need help/reviews, etc... 18:06:26 <lbragstad> we can start with the in progress column 18:06:34 <lbragstad> #link https://trello.com/c/b5ovuvqG/1-project-tags 18:06:47 <lbragstad> #topic trello status: project tags 18:07:19 <lbragstad> i reviewed most of that stuff last week and it's looking really good - i don't see anything preventing us from landing that in queens-1 18:07:46 <lbragstad> spilla: lamt ^ anything you want to add there? anything you need help with outside of reviews? 18:08:21 <lamt> lbragstad I am good. I think that's what's left, and some filtering work for the client left 18:08:39 <spilla> just a few kinks were working out with comparators, but other than that reviews are always greatly appreciated! 18:08:59 <lbragstad> cool - i'll revisit the reviews be EOW for sure 18:09:02 <lbragstad> by* 18:09:20 <lbragstad> for server at least, i imagine the client bits will be easier once we have the keystone implementation landed 18:09:45 <lamt> yeah 18:10:07 <lbragstad> #action keystone team to finish reviewing project tags implementation 18:10:14 <samueldmq> I will make sure to revisit them too 18:10:22 <samueldmq> (project tags) 18:10:23 <lbragstad> samueldmq: ++ thanks 18:10:40 <lbragstad> #topic trello status: v2.0 API removal 18:10:43 <lbragstad> #link https://trello.com/c/XTkAiqaB/21-remove-v20-apis 18:10:53 <lbragstad> we have a bunch of patches in flight and they are passing 18:11:15 <lbragstad> but we're really just hung up on https://review.openstack.org/#/c/499783/ 18:11:37 <lbragstad> mainly due to the zuul switch over 18:11:52 <lbragstad> nothing really to do here until that enters the gate 18:12:05 <ayoung> Don't you need something more than recheck for the merge pipeline kmalloc ? 18:12:38 <lbragstad> kmalloc: reapplied a +2/+A last night, and i checked with infra this morning 18:12:40 <ayoung> like reverify or summat 18:12:58 <lbragstad> they merged those two things iirc 18:13:15 <lbragstad> sounds like a zuul restart is the answer at this point 18:13:39 <lbragstad> there is a thread going on the topic 18:13:42 <lbragstad> #link http://lists.openstack.org/pipermail/openstack-dev/2017-October/123049.html 18:13:57 <ayoung> its in the check queue 18:14:35 <lbragstad> cool - that must have happened since this morning 18:14:43 <ayoung> thrid from the top, 1hr26 until its up 18:15:00 <lbragstad> awesome - i'll keep an eye on it, we should start seeing the rest of those patches go through 18:15:05 <lbragstad> once that's in 18:15:20 <ayoung> Second from top, actually, behind a Cinder one... 18:15:50 <ayoung> at some point I should actually learn how Zuul works 18:16:11 <lbragstad> yeah... it'd be helpful for giving the infra team a hand at times like this 18:16:26 <ayoung> If only we knew someone that worked on it 18:16:32 <lbragstad> ... right 18:16:46 * ayoung looks around trying to make eye contact. Fails 18:16:57 <lbragstad> #topic trello status: system scoping 18:17:00 <lbragstad> #link https://trello.com/c/9jYTqjgc/22-implement-system-scoping 18:17:23 <lbragstad> i have patches up the start the implementation here - i also have the specification up 18:17:27 <lbragstad> all reviews welcome 18:18:04 <lbragstad> if you're curious about getting your hands dirty with the code, let me know - i have several patches in flight 18:18:15 <ayoung> Couplea questions on that 18:18:32 <ayoung> are we going to have something that indicates "all services" and "this subset of endpoints?" 18:19:02 <lbragstad> ayoung: right now - we're not even getting that far 18:19:17 <lbragstad> but the initial implementation shouldn't prevent us from doing that in the future 18:19:18 <ayoung> Does system imply all services the way it is written? 18:19:46 <lbragstad> I rewrote the specification to summarize everything we discussed at the PTG 18:19:48 <lbragstad> #link https://review.openstack.org/#/c/464763/ 18:20:00 <lbragstad> ditching the global approach with a system approach 18:20:16 <lbragstad> I also added a section in the current spec why we chose that route 18:20:53 <ayoung> lbragstad, so, I'd argue you dropped some wisdom from previous discussions in that spec: 18:21:13 <ayoung> we have discussed service scoped roles many times in the past, and that seemed to be the best mapping for what you have here 18:21:30 <ayoung> a service scoped role is a system scoped role the way you wrote it, but it CAN be more specific 18:21:38 <ayoung> I'd go for an approach that allows us to move that way 18:22:01 <lbragstad> if there is a seem where we can add it in the spec - let me know and i'll try and work it in 18:22:02 <ayoung> i.e. this token is only valid on Nova systems, or is only valid on this specific nova endpoint. etc 18:22:15 <ayoung> lbragstad, will do 18:22:18 <lbragstad> s/seem/seam/ 18:22:50 <lbragstad> i think the conclusion at the PTG was that kind of thing is powerful and we should have a system that lets us move that direction if we want to 18:23:34 <lbragstad> #topic trello status: policy community goal 18:23:39 <lbragstad> #link https://trello.com/c/XzM8IXy4/10-cross-project-policy-work 18:24:03 <lbragstad> we're making progress 18:24:13 <lbragstad> #link http://lists.openstack.org/pipermail/openstack-dev/2017-October/123040.html 18:24:19 <lbragstad> i send an update ^ 18:24:47 <lbragstad> if you're interested in helping, let me know 18:25:07 <lbragstad> #topic trello status: oslo policy deprecation tools 18:25:45 <lbragstad> #link https://trello.com/c/Z6pUPEJu/3-oslopolicy-deprecation i have plans to start this implementation by EOW - once i get most of the projects started on the community goal 18:26:14 <lbragstad> i'm still hoping to have that done by queens-1 so that projects can start consuming it 18:26:44 <edmondsw> lbragstad any more discussion with the oslo.config guys on how to support changing policy/conf defaults? 18:27:02 <lbragstad> i haven't seen any updates on the specs i've proposed, yet 18:28:19 <lbragstad> i did respin the oslo specs to include details from the PTG discussions though 18:28:41 <lbragstad> so the current specs should be up-to-date 18:29:13 <lbragstad> #link https://review.openstack.org/#/c/500141/ 18:29:27 <lbragstad> #link https://review.openstack.org/#/c/500207/ 18:29:56 <lbragstad> #topic trello status: oslo policy scope 18:30:01 <lbragstad> #link https://trello.com/c/ZjsNk84y/4-oslopolicy-scope 18:30:06 <lbragstad> this is in the same boat 18:31:08 <lbragstad> #topic trello status: keystonemiddleware work 18:31:12 <lbragstad> #link https://trello.com/c/CQeSTZgP/18-keystonemiddleware-work 18:31:40 <lbragstad> cmurphy: has been pushing the ball forward there 18:31:44 <lbragstad> thanks cmurphy! 18:31:51 <lbragstad> i need to review those patches 18:32:46 <lbragstad> does anyone have things related to keystonemiddleware work they need to share besides reviews? 18:34:12 * hrybacki shakes his head 18:34:23 <lbragstad> cool - that should do it for all things "In Progress" 18:37:15 <lbragstad> next topic 18:37:25 <lbragstad> #topic: next policy session 18:38:02 <cmurphy> o/ 18:38:23 <lbragstad> ayoung: had an idea for the next policy meeting, which is tomorrow 18:38:53 <ayoung> Yeah. Should we walk through the Amazon IAM page to get a sense of what the other side is doing? 18:39:11 <ayoung> It is quite elaborate, and will, I think, lead to a lot of questions about how we do stuff in the future 18:39:27 <lbragstad> i like the idea 18:39:50 <ayoung> If we have < 10 people, we can do Google Hangouts. I can also set up Bluejeans for a larger group if that is acceptable 18:39:53 <lbragstad> i think a group exercise to go through it would be useful 18:40:02 <hrybacki> ayoung +1 18:40:25 <ayoung> And we should not plan on getting through the whole thing at once, just gett started on it 18:40:44 <ayoung> and walk through a few use cases, like how a new user would get things done. 18:40:57 <lbragstad> ayoung: is a ML thread appropriate? 18:41:04 <ayoung> might overwhelm if we do 18:41:13 <ayoung> maybe a small group first time, something larger after that? 18:41:39 <edmondsw> lbragstad ayoung I won't be able to make the policy mtg tomorrow 18:41:59 <ayoung> plus...I only want people that are somewhat involved with implementing to think about it to start, as we might generate more work for ourselves han we can handle with the larger audience 18:42:12 <ayoung> edmondsw, have you worked with IAM in the past? 18:42:20 <edmondsw> ayoung no 18:42:49 <ayoung> Ah...well...we can postpone a couple weeks if we won't have a quorum. I'm out next week 18:43:16 <ayoung> Or we could go tomorrow, and then someone that is there can walk through it with you later...I' 18:43:29 <ayoung> d be happy to do a one on one with you say later on this week 18:43:35 <hrybacki> ayoung: could we record the session? 18:43:37 <edmondsw> or find another time that would work for everyone this week? 18:43:37 <lbragstad> +1 18:45:33 <lbragstad> ayoung: do you want to forward the info you have to the wider list or do you want me to? 18:45:37 <lbragstad> or kmalloc to? 18:45:52 <lbragstad> (if that is the next step) 18:46:04 * lbragstad is open to suggestions 18:46:11 <kmalloc> O/ 18:46:28 <kmalloc> Back 18:46:46 <ayoung> lbragstad, go for it. I'll be enabler, but you've been running this thus far 18:47:00 <lbragstad> ayoung: ack 18:47:37 <lbragstad> #action lbragstad to start openstack-dev thread for next policy meeting on IAM sessions 18:49:10 <lbragstad> ayoung: thanks for driving this 18:49:39 <ayoung> My pleasure. I've been looking into it for my day job already 18:50:17 <lbragstad> #topic open discussion 18:50:49 <hrybacki> We've officially lost jamie to other things :( 18:51:05 <edmondsw> boo 18:51:51 <lbragstad> :( 18:52:02 <lbragstad> for those who haven't seen it yet 18:52:07 <lbragstad> #link http://lists.openstack.org/pipermail/openstack-dev/2017-October/123001.html 18:53:12 <ayoung> I blame btopol 18:53:30 <hrybacki> Have not heard from him in awhile either! 18:54:20 <lbragstad> jamie did ping me saying that he is going to be wrapping things up over the next few weeks 18:54:22 <samueldmq> lbragstad: that's sad :/ 18:56:21 <lbragstad> a big thanks to jamie for all he's done 18:56:29 <edmondsw> amen 18:56:36 <hrybacki> +1 18:57:00 <samueldmq> ++ 18:57:56 <lbragstad> if there isn't anything else, we can get a few minutes back before office hours. 18:58:18 <hrybacki> nope 18:58:45 <lbragstad> thanks for coming! 18:58:49 <lbragstad> #endmeeting