14:00:33 #startmeeting magnetodb 14:00:34 Meeting started Thu Dec 4 14:00:33 2014 UTC and is due to finish in 60 minutes. The chair is isviridov. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:35 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:37 The meeting name has been set to 'magnetodb' 14:00:55 Hi everyone 14:00:55 Hello guys 14:00:56 o/ 14:01:01 o/ 14:01:12 ominakov hello 14:01:16 hi guys 14:01:25 achudnovets welcome back 14:01:27 o/ 14:01:32 o/ 14:02:23 So today meeting agenda is following https://wiki.openstack.org/wiki/MagnetoDB/WeeklyMeetingAgenda#Agenda 14:02:43 I think we can start 14:02:58 #topic Go through action items isviridov 14:03:17 ajayaa clarify auth in nova 14:03:19 o/ 14:03:30 hi nunosantos 14:03:52 * isviridov doesn't see ajayaa 14:04:21 Let us go through other topics 14:04:45 #topic Add proposition to add availability to describe table by its uuid aostapenko 14:05:04 #link https://review.openstack.org/137336 14:05:07 aostapenko? 14:05:41 please review a specification shared by isviridov 14:06:31 we are proposing to add an availability to use table uuid in any url, that contains table name 14:06:48 Oh hi! Sorry, I am late. 14:07:31 I will update nova-auth in the end. 14:07:31 and describe, create, delete and list operations will additionally contain table uuid 14:07:35 aostapenko: and we should add uuid in all tersponses that contain table info (describe, delete) 14:07:52 aostapenko: u were faster 14:07:52 ajayaa hi, we would love to hear from you 14:08:20 now? 14:08:27 ajayaa later 14:08:55 Does any body have any thoughts about it? 14:09:21 my head has, actually 14:09:22 Any changes in table list response? 14:09:55 yes. It will additionally contain table name and id 14:09:56 isviridov: i wouldn't add uuid to table list 14:10:30 ikhudoshyn: why? 14:11:00 uuid seems rather aux for me, with restricted usage 14:11:09 how user then be able to find table id then? 14:11:22 describe table by name 14:11:35 we'd allow describe by uuid as well 14:12:23 i think we should keep table name as a primary id and add uuid only as aux id 14:12:39 create table response also will contain table id 14:12:41 i expect uuid usage gonna be limited 14:12:43 ikhudoshyn +1 for keeping list_tables response as is 14:13:13 #link http://magnetodb.readthedocs.org/en/latest/list_tables.html 14:13:19 nova list shows IDs afaik 14:13:45 almost every OS components lists show IDs 14:13:49 they use ID for regular node addressing 14:13:52 yep 14:13:54 we'll use names 14:14:20 look, table name is wellunderstood by al db users and devs 14:14:31 ikhudoshyn: you can use name in nova in most cases 14:14:38 table id is used for some very specific cases 14:15:12 achudnovets: the main consern is, we can't use both everywhere 14:15:25 so we should stick to one 14:15:45 and keep the other where we really need 14:16:04 i see. It can confuse openstack users... 14:16:12 can we try uuid, if not found, then use name? 14:16:32 hey, charlesw, glad to see you joined 14:16:37 we'll do 14:16:52 charles: we are going to do so 14:16:55 sorry morning traffic is bad 14:16:55 but there are some places we wouldn't use ids 14:17:06 like pagination and batches 14:17:31 so for that cases i suggest to use names only 14:17:44 ikhudoshyn: so url patterns will be v1/{project_id}/data/tables/{UUID or table_name} ^ 14:17:48 ? 14:17:59 yes 14:18:02 hm 14:18:10 achudnovets: yep 14:18:12 what about give the choice to user. Add a property: idOrName 14:18:32 charlesw: this wouldn't work for all cases 14:19:34 charlesw do you mean teh URI? 14:19:45 no, in the request body 14:20:20 It means changing the other parts of API, but now we have an extending. 14:20:21 so how do you know that user provides UUID? 14:20:51 achudnovets: UUID has a priority 14:20:59 or, can be in url as query parameter 14:21:11 first we are looking by uuid, if not found - by name 14:21:31 charlesw from other hand the table name is more convinient for usage, that UUID 14:21:39 charlesw: we dont use query params 14:21:49 it's ambiguous as for me 14:22:01 achudnovets: i agree 14:22:17 i'd actually forbid uuids in uris 14:22:41 and only add ability to lookup by uuid 14:22:54 @ikhudoshyn, we do have request parameter, such as limit in listTables 14:23:09 ikhudoshyn: I agree. Forbid uuid or name. And we can use name in query params in GET requests. It's common way 14:23:12 charlesw: yes 14:23:19 ikhudoshyn, +1. I think we would be complicating things by adding uuid everywhere. 14:23:57 there is special usecase where uuid is needed 14:24:17 and there should be a way to find table by uuid 14:24:32 Then add filtering by UUID as filter in query params 14:24:37 +1 for using name as default. If uuid is needed, give user the option to specify it in req body or req parameter 14:25:23 or just add a separate method to find by id 14:26:03 that can clutter the API 14:26:33 and even more, we dont have a good uri for that) 14:26:43 ikhudoshyn +1 14:26:52 charlesw, We can add a filter to list table. 14:27:18 ajayaa: it's not about listing but about describing 14:27:32 like GET .../data/tables/{name} 14:27:33 Let us summarize and go to the next topic 14:27:41 yep. Common way is to use id in query and be able to filter by name... 14:28:06 #idea add lookup call by UUID 14:28:07 it's a common way for OS but not for a DB 14:29:14 achudnovets, is this you talking about: GET .../data/tables/{string}?byName=true? 14:29:27 #idea add uuid in describe table attribute 14:30:25 no. I've speaking about /data/tables?uuid={string} or /data/tables?name={string} in list tables 14:30:27 I think that it will should be more openstack, than DB 14:30:57 And give the priority to UUID 14:31:01 aostapenko: sorry i dont follow you 14:31:11 #idea data/tables?uuid={string} 14:31:16 achudnovets +1 14:31:23 achudnovets, that will have same url as listTables, not good 14:31:34 achudnovets could you share it in specs? 14:31:40 It's for list tables 14:31:42 charlesw: good point 14:32:12 ikhudoshyn agree 14:32:21 for describe table I'd like to see /data/tables/{uuid} 14:32:29 by default 14:32:56 or /data/tables/{name} but not both 14:33:18 achudnovets: there'd be an issue with that 14:33:34 what about GET .../data/tables/{string}?byName=true for describe by bane, GET .../data/tables/{string} for uuid 14:33:51 bane -> name 14:34:13 charlesw: maybe vice versa, 14:34:17 achudnovets charlesw aostapenko ikhudoshyn it seems the topic is wider, let us continue offline 14:34:20 ?byUUid=true 14:34:24 +1 for vice versa. 14:34:32 .../data/tables/{uuid or name} with uuid priority would be good 14:34:48 depending on default behavior we like 14:35:13 Why we can't live it as it is :)? 14:35:29 we need uuids sometimes 14:35:44 achudnovets: we need that lookup 14:35:50 but for real life i like names, too 14:36:47 achudnovets we are intducing UUID in order to identify the table across openstack, but don't have teh way to lookup by uuid now 14:37:28 I started to like ?byUUid=true 14:37:47 and only in describe 14:38:22 aostapenko what is url if so? 14:39:02 isviridov: as it is now 14:39:04 guys how about update table then? 14:39:07 GET .../data/tables/{uuid}?byUUid=true 14:39:17 achudnovets: as it is now 14:39:28 We'll have different urls for GET and PUT 14:39:40 as we do now 14:40:05 #idea extend describe_table with GET .../data/tables/{uuid}?byUUid=true 14:40:08 we use /data/tables/ for put and /data/tables/{name} for get 14:40:28 achudnovets: i assume put=create table 14:40:33 ikhudoshyn: disagree 14:40:53 we have similar urls for get and delete 14:40:53 achudnovets: ? 14:41:08 it's true 14:41:13 and we have no implementtion for update table now ) 14:41:23 so we have no url for it 14:41:29 i thought POST is update 14:41:41 Lets end with lookup by uuid 14:41:45 aostapenko do you have answers now? 14:41:48 and switch a topic 14:42:07 aostapenko +1, what are your next steps? 14:42:08 I assume an answer is GET .../data/tables/{uuid}?byUUid=true 14:42:12 #idea aostapenko to finish the spec and then vote) 14:42:13 so yes. I do 14:42:23 Agreed 14:42:28 ikhudoshyn: ok 14:42:39 #topic Add proposition to add rules to policy.json for service users(monitoring, admin API etc) and use domain scoped tokens. Depends on bp https://blueprints.launchpad.net/magnetodb/+spec/support-roles achudnovets 14:42:48 in fact we could vote by merging the speec 14:42:54 #link https://blueprints.launchpad.net/magnetodb/+spec/support-roles 14:43:33 achudnovets stage is your 14:43:42 It's just an idea to add specific rules to policy.json For service users, like monitoring 14:44:56 achudnovets: why not) 14:45:01 So we can add role "monitoring", assign this role to service user and login as this user with "doman" scope. 14:45:14 achudnovets: +1 14:45:49 achudnovets sounds good, are you going to implement it? 14:46:11 Yep I can. I depens on https://blueprints.launchpad.net/magnetodb/+spec/support-roles 14:46:25 domain scope? 14:46:39 ajayaa: yes 14:46:53 I ->it's 14:46:55 Why exactly domain scope? 14:47:51 we have cases when user don't know tenant id's to make correct request 14:48:07 for example for monitoring API 14:48:32 http://{host}:8480/v1/{project_id}/monitoring/tables/table_name 14:48:43 I think in this url we have project_id. 14:48:47 yep. 14:49:10 ajayaa: there is a refactoring in the line 14:49:16 to monitor all tables user need have some role in all projects 14:49:29 * isviridov greets miqui_ 14:49:41 hey isviridov 14:50:06 Yes. That is not what we want. Agree. 14:50:40 I am sorry. I have not gone through refactoring work. Please add a spec when you implement this. 14:50:45 We can discuss it there. 14:51:10 achudnovets ajayaa I think we will have cluster monitoring data eventually, not pinned to any specific tenant 14:51:26 but even if you have domain scoped token, you still have to add the monitoring user to all projects, right? 14:51:35 ajayaa, https://blueprints.launchpad.net/magnetodb/+spec/api-uri-format-change 14:51:48 charlesw, no 14:51:57 charlesw: no, if projects are in one domain 14:52:09 ajayaa it was discussed last meeting 14:52:32 do you have a pointer? 14:53:11 probably tied to certain version of keystone 14:53:21 charlesw, keystone v3. 14:53:25 Can we use unscoped token, but check teh role only. f.e. monitoring_admin 14:53:44 charlesw, with keystone v3 we can use one user with domain scoped token for operations in all tenants of this domain 14:53:47 isviridov, I am not sure there is an unscoped token with a role in it. 14:54:00 no, unscoped token can only be used to deal with keystone 14:54:13 ajayaa charlesw thx 14:54:55 ominakov, have you tried it? 14:55:30 Who is going to use it? cluster monitoring api? 14:55:31 charlesw: are you speaking about domain scoped tokens? 14:55:47 achudnovets, yes 14:55:51 The mdb service provider or the end user? 14:56:14 charlesw: I tried it on latest keystone. 14:56:22 service provider I think 14:56:52 charlesw, achudnovets, i also tried it 14:56:52 charlesw +1, service provider 14:57:18 Then why limit it to a projects in a domain? 14:57:44 The service provider should get stat for tables in all the projects. 14:58:02 cause we don't want to add monitoring user to every project 14:58:09 The problems sounds like - give a service provider a possibility to check mdb usage by specific tenant, all tenants, overall usage and statistics 14:58:40 ajayaa, we have all our projects (users of mdb) in one domain 14:59:03 ominakov it is specific case and can be different 14:59:13 isviridov +1 14:59:59 Guys we have 1 min left, I think we have to dig it deeper, the thing we see is auth via keystone is a pain for service providers. 15:00:01 charlesw, We don't have to. 15:00:23 He can have the said role in any of the project and use that token. 15:00:46 but only to the same domain 15:00:58 Meeting is over, we can continue discussion 15:01:03 #endmeeting