#openstack-meeting-alt log

16:01:03 <cmurphy> #startmeeting keystone
16:01:04 <openstack> Meeting started Tue Oct  1 16:01:03 2019 UTC and is due to finish in 60 minutes.  The chair is cmurphy. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:01:05 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:01:08 <lbragstad> o/
16:01:09 <openstack> The meeting name has been set to 'keystone'
16:01:12 <gagehugo> o/
16:01:12 <cmurphy> #link https://etherpad.openstack.org/p/keystone-weekly-meeting agenda
16:01:46 <vishakha> o/
16:02:14 <bnemec> o/
16:03:37 <cmurphy> I don't have much for today's agenda
16:03:49 <cmurphy> #topic RC1 released
16:04:06 <bnemec> \o/
16:04:24 <cmurphy> we're in the RC period, if your organization does ci on stable branches or RCs now would be the time to get it set up and report bugs
16:05:53 <cmurphy> #topic review requests
16:06:04 <cmurphy> any reviews to call out?
16:08:24 <lbragstad> #link https://review.opendev.org/#/c/682266/
16:08:50 <lbragstad> i know cmurphy already reviewed that - but it would be good to fully remove that file before we ship train, if possible
16:08:57 <lbragstad> and wxy
16:09:11 <cmurphy> should that be backported?
16:09:18 <lbragstad> to stable/train?
16:09:26 <cmurphy> yeah
16:09:30 <lbragstad> we could
16:09:34 <lbragstad> but it's up to you i think
16:10:22 <lbragstad> the only thing users/deployers should notice is the presence of another policy file or not
16:10:42 <lbragstad> so - i would adovcate for simplicity by not shipping policy.v3cloudsample.json
16:11:11 <lbragstad> the remaining tests in test_v3_protection.py pass with the in-code defaults + system scope work we did
16:11:24 <lbragstad> (but we do need to enforce_scope on those tests, too)
16:11:58 <lbragstad> otherwise - it should just be a matter of making sure those tests are relatively sane and we probably already have versions of those tests in keystone.tests.protection
16:13:02 <cmurphy> well i left a couple of questions on it already but otherwise lgtm
16:14:14 <lbragstad> ok - i can get that patch respun today
16:14:40 <lbragstad> do people wnat me to just remove all the test_v3_protection tests?
16:14:46 <lbragstad> or leave them?
16:14:56 <lbragstad> i don't really care either way
16:15:01 <cmurphy> wasn't there a second patch for that?
16:15:06 <lbragstad> no - not yet
16:15:21 <cmurphy> are you sure everything in that file is covered by the other protection tests?
16:15:26 <lbragstad> i was going to propose it as a followup - only to show that we have coverage with the in-code defaults
16:16:29 <lbragstad> since removing them in the same patch wouldn't show gaps since those tests wouldn't be run
16:16:45 <cmurphy> right
16:17:10 <lbragstad> i haven't read all tests in test_v3_protection
16:17:17 <lbragstad> yet
16:17:22 <cmurphy> heh
16:17:40 <lbragstad> but i imagine they're mostly duplicated with what we already have in keystone.tests.protection
16:17:56 <lbragstad> it should just be a matter of confirming that
16:19:47 <cmurphy> cool
16:20:23 <lbragstad> i'll address the comments in the review and propose a follow-up to remove the other tests
16:20:32 <cmurphy> thanks lbragstad
16:20:43 <vishakha> ++
16:20:51 <lbragstad> if we don't get around to merging the follow-up for train, that's fine (IMO?)
16:21:48 <cmurphy> in other reviews this ksc patch for access rules has been ready for a while https://review.opendev.org/677585
16:22:03 <cmurphy> would have been nice to get it in for train but that ship has sailed
16:22:11 <cmurphy> but no reason not to get eyes on it now
16:23:27 <lbragstad> ++ will review
16:23:31 <cmurphy> ty
16:24:05 <cmurphy> #topic open floor
16:24:14 <cmurphy> any other reviews or topics?
16:26:37 <cmurphy> as an fyi I started working on a PoC for more generalized rbac testing with tempest, will be polishing it up and starting a discussion with the qa team soon
16:27:12 <lbragstad> speaking of that - we should probably update https://docs.openstack.org/keystone/latest/admin/service-api-protection.html for train, too?
16:28:29 <lbragstad> cmurphy do you have something on the qa meeting agenda?
16:28:35 <cmurphy> not yet
16:28:37 <lbragstad> or when do you plan on discussion with them?
16:28:56 <knikolla> sorry for missing the meeting. feeling feverish today and took a sick day.
16:29:29 <cmurphy> lbragstad: haven't arranged it, i'll be sure to ping you when i do
16:29:38 <lbragstad> cool - thanks
16:29:51 <vishakha> cmurphy: I will also be interested in that
16:30:12 <lbragstad> don't plan it around me - i don't need to be there
16:30:24 <lbragstad> but i'm curious
16:31:25 <cmurphy> cool
16:32:19 <cmurphy> lbragstad: do you want to take on updating https://docs.openstack.org/keystone/latest/admin/service-api-protection.html ?
16:32:41 <lbragstad> yeah - i have it on my list
16:32:57 <cmurphy> great
16:33:03 <lbragstad> that's what led me down the rabbit hole of https://review.opendev.org/#/c/685783/
16:33:14 <lbragstad> but i might punt https://review.opendev.org/#/c/685783/ for the time being until i find a better way to do it
16:33:33 <lbragstad> and just update the docs with some generate info about what we'
16:33:35 <lbragstad> we've done
16:33:56 <cmurphy> sounds good, lmk when you want reviews
16:34:13 <lbragstad> will do - it'll be a separate patch
16:37:14 <cmurphy> if there's nothing else we can call it early
16:37:35 <cmurphy> thanks everyone
16:37:38 <cmurphy> #endmeeting