16:01:03 <cmurphy> #startmeeting keystone 16:01:04 <openstack> Meeting started Tue Oct 1 16:01:03 2019 UTC and is due to finish in 60 minutes. The chair is cmurphy. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:01:05 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:01:08 <lbragstad> o/ 16:01:09 <openstack> The meeting name has been set to 'keystone' 16:01:12 <gagehugo> o/ 16:01:12 <cmurphy> #link https://etherpad.openstack.org/p/keystone-weekly-meeting agenda 16:01:46 <vishakha> o/ 16:02:14 <bnemec> o/ 16:03:37 <cmurphy> I don't have much for today's agenda 16:03:49 <cmurphy> #topic RC1 released 16:04:06 <bnemec> \o/ 16:04:24 <cmurphy> we're in the RC period, if your organization does ci on stable branches or RCs now would be the time to get it set up and report bugs 16:05:53 <cmurphy> #topic review requests 16:06:04 <cmurphy> any reviews to call out? 16:08:24 <lbragstad> #link https://review.opendev.org/#/c/682266/ 16:08:50 <lbragstad> i know cmurphy already reviewed that - but it would be good to fully remove that file before we ship train, if possible 16:08:57 <lbragstad> and wxy 16:09:11 <cmurphy> should that be backported? 16:09:18 <lbragstad> to stable/train? 16:09:26 <cmurphy> yeah 16:09:30 <lbragstad> we could 16:09:34 <lbragstad> but it's up to you i think 16:10:22 <lbragstad> the only thing users/deployers should notice is the presence of another policy file or not 16:10:42 <lbragstad> so - i would adovcate for simplicity by not shipping policy.v3cloudsample.json 16:11:11 <lbragstad> the remaining tests in test_v3_protection.py pass with the in-code defaults + system scope work we did 16:11:24 <lbragstad> (but we do need to enforce_scope on those tests, too) 16:11:58 <lbragstad> otherwise - it should just be a matter of making sure those tests are relatively sane and we probably already have versions of those tests in keystone.tests.protection 16:13:02 <cmurphy> well i left a couple of questions on it already but otherwise lgtm 16:14:14 <lbragstad> ok - i can get that patch respun today 16:14:40 <lbragstad> do people wnat me to just remove all the test_v3_protection tests? 16:14:46 <lbragstad> or leave them? 16:14:56 <lbragstad> i don't really care either way 16:15:01 <cmurphy> wasn't there a second patch for that? 16:15:06 <lbragstad> no - not yet 16:15:21 <cmurphy> are you sure everything in that file is covered by the other protection tests? 16:15:26 <lbragstad> i was going to propose it as a followup - only to show that we have coverage with the in-code defaults 16:16:29 <lbragstad> since removing them in the same patch wouldn't show gaps since those tests wouldn't be run 16:16:45 <cmurphy> right 16:17:10 <lbragstad> i haven't read all tests in test_v3_protection 16:17:17 <lbragstad> yet 16:17:22 <cmurphy> heh 16:17:40 <lbragstad> but i imagine they're mostly duplicated with what we already have in keystone.tests.protection 16:17:56 <lbragstad> it should just be a matter of confirming that 16:19:47 <cmurphy> cool 16:20:23 <lbragstad> i'll address the comments in the review and propose a follow-up to remove the other tests 16:20:32 <cmurphy> thanks lbragstad 16:20:43 <vishakha> ++ 16:20:51 <lbragstad> if we don't get around to merging the follow-up for train, that's fine (IMO?) 16:21:48 <cmurphy> in other reviews this ksc patch for access rules has been ready for a while https://review.opendev.org/677585 16:22:03 <cmurphy> would have been nice to get it in for train but that ship has sailed 16:22:11 <cmurphy> but no reason not to get eyes on it now 16:23:27 <lbragstad> ++ will review 16:23:31 <cmurphy> ty 16:24:05 <cmurphy> #topic open floor 16:24:14 <cmurphy> any other reviews or topics? 16:26:37 <cmurphy> as an fyi I started working on a PoC for more generalized rbac testing with tempest, will be polishing it up and starting a discussion with the qa team soon 16:27:12 <lbragstad> speaking of that - we should probably update https://docs.openstack.org/keystone/latest/admin/service-api-protection.html for train, too? 16:28:29 <lbragstad> cmurphy do you have something on the qa meeting agenda? 16:28:35 <cmurphy> not yet 16:28:37 <lbragstad> or when do you plan on discussion with them? 16:28:56 <knikolla> sorry for missing the meeting. feeling feverish today and took a sick day. 16:29:29 <cmurphy> lbragstad: haven't arranged it, i'll be sure to ping you when i do 16:29:38 <lbragstad> cool - thanks 16:29:51 <vishakha> cmurphy: I will also be interested in that 16:30:12 <lbragstad> don't plan it around me - i don't need to be there 16:30:24 <lbragstad> but i'm curious 16:31:25 <cmurphy> cool 16:32:19 <cmurphy> lbragstad: do you want to take on updating https://docs.openstack.org/keystone/latest/admin/service-api-protection.html ? 16:32:41 <lbragstad> yeah - i have it on my list 16:32:57 <cmurphy> great 16:33:03 <lbragstad> that's what led me down the rabbit hole of https://review.opendev.org/#/c/685783/ 16:33:14 <lbragstad> but i might punt https://review.opendev.org/#/c/685783/ for the time being until i find a better way to do it 16:33:33 <lbragstad> and just update the docs with some generate info about what we' 16:33:35 <lbragstad> we've done 16:33:56 <cmurphy> sounds good, lmk when you want reviews 16:34:13 <lbragstad> will do - it'll be a separate patch 16:37:14 <cmurphy> if there's nothing else we can call it early 16:37:35 <cmurphy> thanks everyone 16:37:38 <cmurphy> #endmeeting