17:01:44 <geoffarnold> #startmeeting mercadorproject 17:01:45 <openstack> Meeting started Fri Jul 17 17:01:44 2015 UTC and is due to finish in 60 minutes. The chair is geoffarnold. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:46 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:01:49 <openstack> The meeting name has been set to 'mercadorproject' 17:02:13 <shaleh> good day all 17:02:18 <geoffarnold> Rolle call? 17:02:46 * shaleh waves 17:02:47 <geoffarnold> Rolle? Where did THAT spelling correction come from? 17:03:16 <geoffarnold> gyee and the other Keystone cores are getting food 17:03:38 <shaleh> do we have an agenda today? 17:03:43 <geoffarnold> We're at the Keystone midcycle; we're on a lunch break until 2PM EDT 17:04:16 <geoffarnold> Review some of the findings from the Keystone midcycle 17:04:18 <janonymous_> o/ 17:04:27 <shaleh> sounds good 17:04:29 <geoffarnold> #topic Keystone midcycle fallout 17:05:17 <geoffarnold> Biggest issue is that there are no immediate plans to address domain name uniqueness 17:05:27 <shaleh> ugh 17:06:24 <geoffarnold> So either subscribers will need to limit subdomain name choices, or we add some business logic on top (name mangling) 17:06:36 <shaleh> well, we can limp along and bring a stronger argument for why it is needed. Right? Because mercador is sure to expose more issues. 17:06:46 <geoffarnold> Agreed. 17:07:10 <shaleh> Nothing like ugly names and bad UX to bring change :-) 17:07:19 <geoffarnold> Everybody recognizes that 40 years of hierarchical namespaces has set expectations 17:07:35 <geoffarnold> and we're violating Principle of Least Surprise... 17:07:40 <geoffarnold> but c'est la vie 17:07:57 <geoffarnold> Wait for M to get a decent model in place 17:08:14 <shaleh> we can code as if it was right yes? It just pushes the issue on to the user. 17:08:26 <geoffarnold> Pretty much, yes 17:08:32 <geoffarnold> The second issue... 17:09:21 <geoffarnold> is that while K2K will keep the IdP in the subscriber (where it belongs), the policy will stay in the publisher's Keystone 17:10:02 <geoffarnold> So if a reseller decides to create a role that provides a unique combination of rights, 17:10:10 <geoffarnold> it's not easy to push it down 17:10:34 <geoffarnold> Today, that's not too bad, because nobody uses aggressive RBAC 17:11:10 <shaleh> but again, we will expose a few pain points 17:11:19 <geoffarnold> But based on discussions here on wednesday, we're going to try and encourage much more fine-grained RBAC 17:11:39 <geoffarnold> Yes, Mercador will drive requirements based on what breaks for us 17:11:47 <shaleh> for POC level and early testing we should be OK. Much further and it gets much more painful 17:11:55 <geoffarnold> Agreed 17:12:09 <geoffarnold> One of the other topics here.... 17:12:38 <geoffarnold> ... is testing of capabilities that require multiple clouds to do the functional tests 17:13:03 <geoffarnold> We should be able to leverage what Keystone K2K is spinning up 17:13:33 <geoffarnold> Overall it's been a good midcycle 17:13:39 <shaleh> good to hear 17:14:03 <geoffarnold> gyee and I will do some whiteboarding - delete that, chalk-boarding - later 17:15:14 <shaleh> remember pictures please 17:15:26 <shaleh> try to write a little bigger than you think you should 17:15:27 <geoffarnold> I've added some material to the Wiki at https://wiki.openstack.org/wiki/Mercador 17:15:37 <geoffarnold> Good advice 17:15:56 <geoffarnold> Oh, one thing that popped up yesterday (unexpectedly)... 17:16:42 <geoffarnold> I'd been relying on the Keystone API doc description; it turns out the doc and the spec have diverged seriously 17:16:55 <shaleh> yay.... 17:17:06 <geoffarnold> See this bug: https://bugs.launchpad.net/openstack-api-site/+bug/1448602 17:17:06 <openstack> Launchpad bug 1448602 in openstack-api-site "Policy related operations of Identity v3 API in API Complete Reference need modification." [High,Triaged] 17:17:56 <shaleh> sigh, usual frustration of not tying docs to code 17:18:02 <geoffarnold> I also met with the Mass Open Cloud group on Monday 17:18:32 <geoffarnold> To explore the relationship between Mercador and their fine-grained cross-region Mix & Match project 17:19:55 <geoffarnold> We've made two submissions for Tokyo - one just Mercador (myself and gyee) and one Mercador + Mix&Match (myself and Orran Krieger) 17:20:24 <shaleh> geoffarnold: can you post a link to Mix&Match please 17:20:47 <geoffarnold> Hang on.... 17:21:40 <geoffarnold> ... don't have a link yet - getting one 17:22:50 <geoffarnold> The Keystone etherpad is here: https://etherpad.openstack.org/p/keystone-liberty-midcycle-meetup 17:23:16 <geoffarnold> The link will be on the Etherpad soon 17:23:57 <shaleh> geoffarnold: thanks 17:25:47 <geoffarnold> MOC Mix-and-Match-Federation demo https://github.com/CCI-MOC/moc-public/wiki/Mix-and-Match-Federation 17:27:10 <geoffarnold> Do we have anything else? 17:27:18 <geoffarnold> Nobody else is back from lunch 17:27:28 <shaleh> I suspect not 17:27:41 <shaleh> you guys need to absorb the conversations of the week 17:28:21 <geoffarnold> OK, let's wrap early. Please take a look at (and add to) the wiki page. It's mostly section headings at this point 17:29:53 <geoffarnold> #endmeeting