#openstack-keystone log

19:06:54 <lbragstad> #startmeeting keystone-office-hours
19:06:55 <openstack> Meeting started Tue Feb 20 19:06:54 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:06:56 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:06:59 <openstack> The meeting name has been set to 'keystone_office_hours'
19:07:22 <lbragstad> alright - today i'm going to focus on the opposite of what we should be doing for office hours
19:07:44 <lbragstad> in other words, i'm going to open a bunch of bugs to document the FIXMEs for scope types
19:13:09 <openstackgerrit> Merged openstack/keystonemiddleware master: Identify the keystone service when raising 503  https://review.openstack.org/546108
20:23:12 <lbragstad> gagehugo ping
20:23:29 <lbragstad> still in a workshop?
20:23:45 <gagehugo> o/
20:23:54 <gagehugo> yeah but multitasking
20:25:04 <lbragstad> ok - i'm trying to wrap my head around https://github.com/openstack/keystone/blob/68df7bf1f3b3d6ab3f691f59f1ce6de6b0b1deab/keystone/common/policies/project.py#L101-L108 but it can wait
20:25:08 <lbragstad> if you're busy
20:25:30 <lbragstad> i'm not sure i'd be able to multitask with the questions i'm asking myself right now :)
20:25:56 <gagehugo> that todo seems correct imo
20:26:15 <gagehugo> project admin should be able to tag their project, system admin tag all
20:27:22 <lbragstad> ok - so projects tags aren't intended for things like billing/accounting, even though they totally could be used for it according to the current implementation
20:27:41 <gagehugo> preferably not haha
20:27:44 <gagehugo> but yeah
20:29:20 <gagehugo> are you thinking they should probably be project only?
20:36:35 <lbragstad> well- i'm just thinking about it
20:37:04 <lbragstad> because i'm trying to write some acceptance criteria for how they should behave with different scopes
20:37:54 <lbragstad> and it led me to "should we assume people are going to use this feature for things like billing and accounting?"
20:38:25 <lbragstad> if so - how does that affect how the API should work from an RBAC perspective
20:39:22 <lbragstad> when you tag an nova instance or neutron network, as the creator of the resource do you have power to tag it?
20:54:19 <gagehugo> nova yes
20:54:20 <gagehugo> https://github.com/openstack/nova/blob/master/nova/policies/server_tags.py
20:54:29 <gagehugo> ADMIN_OR_OWNER
20:58:40 <lbragstad> ok
20:58:56 <lbragstad> so - then we'd be somewhat consistent
20:59:04 <lbragstad> with that approach
20:59:48 <gagehugo> yeah we tried to follow the other projects in terms of policy if I remember correctly
20:59:57 <lbragstad> yep
22:07:26 <lbragstad> #endmeeting