13:00:21 <alex_xu> #startmeeting nova api 13:00:22 <openstack> Meeting started Wed Jan 25 13:00:21 2017 UTC and is due to finish in 60 minutes. The chair is alex_xu. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:00:23 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:00:25 <openstack> The meeting name has been set to 'nova_api' 13:00:33 <alex_xu> who is here today? 13:00:40 <Kevin_Zheng> o/ 13:00:52 <gmann> o/ 13:01:44 <alex_xu> looks like just three of us 13:01:54 <gmann> yea 13:02:10 <Kevin_Zheng> https://review.openstack.org/#/c/421760/ 13:02:27 <Kevin_Zheng> please also review he doc patch if have time? 13:02:31 <gmann> or let's wait for few min for johnthetubaguy sdague 13:02:33 <alex_xu> Kevin_Zheng: yea 13:02:56 <Kevin_Zheng> I may update again tommorow 13:02:58 <gmann> Kevin_Zheng: sure, ll check in morning tomorrow 13:03:10 <johnthetubaguy> oops, hello 13:03:51 <alex_xu> #link https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:master+topic:bp/add-whitelist-for-server-list-filter-sort-parameters 13:03:57 <alex_xu> ^ the last three patches 13:04:16 <alex_xu> johnthetubaguy: the policy one is ready, hope you can take a look at it 13:05:59 <johnthetubaguy> so the logging, we probably don't want to do all that logging on every API request 13:06:27 <johnthetubaguy> maybe we can check that in the API controller constructor? would that work? 13:06:58 <alex_xu> emm...yea, that is a little annoying 13:07:00 <gmann> johnthetubaguy: you mean for old rule? 13:07:09 <johnthetubaguy> yeah 13:07:31 <alex_xu> in the controller constructor sounds doable 13:08:12 <gmann> but that will be only when all_tenants 13:08:31 <johnthetubaguy> its really logging to the operators about their config 13:08:41 <johnthetubaguy> its not really anything to do with a particular API request as such 13:08:56 <alex_xu> we have another warning at https://github.com/openstack/nova/blob/master/nova/policy.py#L83 13:09:02 <gmann> ah i see your point 13:09:47 <alex_xu> that warn on every policy config change 13:09:50 <johnthetubaguy> alex_xu: ah, well remembered, we should probably copy that pattern 13:09:59 <johnthetubaguy> I had forgotten about that one 13:10:34 <gmann> +1 13:11:04 <alex_xu> we can put that warning in the policy.init() also 13:11:41 <johnthetubaguy> I was kinda expecting to have the defaults deal with falling back to the old rules 13:11:44 <johnthetubaguy> did that not work? 13:11:44 <gmann> with is_rule_override check it can be more aligned when old rules are overridden 13:12:38 <johnthetubaguy> all_tenants_visible = rule:detail:get_all_tenants and rule:index:get_all_tenants (or something like that) 13:13:08 <johnthetubaguy> I guess thats been done in code, just wondering what pattern we should choose for these things 13:13:45 <gmann> johnthetubaguy: but if operator use to have policy.json from the sample and override the interesting one then it might be issue 13:13:54 <gmann> but not sure if they do this way 13:14:18 <johnthetubaguy> thats fine, they overrode it, so it does the right thing 13:14:45 <alex_xu> johnthetubaguy: that doesn't work for new deployer. due to the old one always return 403 when fail 13:15:05 <johnthetubaguy> why? all the rules have the same default? 13:15:30 <johnthetubaguy> oh, wait, I see your point now 13:15:33 <alex_xu> the new behaviour expect no 403 when fail. 13:15:36 <johnthetubaguy> you are trying to keep the 403 behaviour 13:15:54 <johnthetubaguy> hmm... I wasn't expecting us doing that 13:16:11 <gmann> i think no 403 and give at least their own servers 13:16:46 <johnthetubaguy> doesn't that change need a microversion, with the new rule we 403 before it, and after it everyone leaves it soft 13:17:31 <johnthetubaguy> I guess its dropping an error, so maybe thats OK 13:17:37 <alex_xu> emm...whether it return 403 still depend on policy config 13:18:46 <alex_xu> that isn't something resolved by microversion. it should be resovled by policy discovery 13:20:33 <johnthetubaguy> lets step back 13:21:26 <johnthetubaguy> right now, all_tenants sends 403 if an admins (or whatever policy says) 13:21:52 <alex_xu> yup 13:21:53 <johnthetubaguy> after this, we don't send 403... unless the admin has overridden the old policy rule, which we want to delete next cycle 13:22:18 <gmann> yea 13:22:21 <johnthetubaguy> I think my comment about working with the old policy has confused things here 13:22:54 <johnthetubaguy> what I mean is, you can only view other tenants servers when you pass a certainly policy rule 13:23:34 <johnthetubaguy> we are basically renaming that rule 13:23:49 <johnthetubaguy> so across upgrade, we need to respect settings on the old rules for now 13:23:54 <johnthetubaguy> I think we are all agreed with that aim 13:24:05 <alex_xu> yes 13:24:06 <gmann> yes 13:24:09 <johnthetubaguy> cool 13:24:12 <Kevin_Zheng> yeah 13:24:21 <johnthetubaguy> so you could consider that one patch 13:24:28 <johnthetubaguy> now there is a second patch in there 13:25:27 <johnthetubaguy> when you pass all_tenants=True, the API should return as many instance as you are allowed to see given your token, rather than doing 403 if you fail a policy check to list instances from all tenants in the system 13:25:52 <johnthetubaguy> part of me wonders if that needs a microversion 13:26:19 <johnthetubaguy> it feels strange to me for the API to flip between the old behaviour and new behaviour based on the policy file, given we want to kill the old behaviour next cycle 13:26:19 <gmann> but that is with new policy rule. 13:26:51 <johnthetubaguy> no, we want the new behaviour 13:27:01 <johnthetubaguy> we could keep the old policy rules 13:27:40 <johnthetubaguy> but with the new behaviour, the old policy rule names don't really make any sense 13:28:06 <johnthetubaguy> I am not every good at describing my concern here I guess 13:28:38 <alex_xu> so you want to rename it first 13:28:46 <alex_xu> then microversion with behaviour change 13:30:10 <johnthetubaguy> actually my preferece is the other way around 13:30:12 <cdent> ah microversions... :) 13:31:16 <johnthetubaguy> whether we want a microversion or not is a different debate, it feels like we are changing the API to me, but I could be looking at this wrongly 13:31:26 <gmann> even that is something depends on policy setting and each cloud can have different behavior based on their policy setting 13:32:14 <gmann> but yea if cloud with same policy setting then, API can behave differently 13:33:10 <johnthetubaguy> I don't think we want different behaviours based on config 13:34:34 <johnthetubaguy> we do want admins to be able to upgrade without accidentally changing who is able to list all the instances on the system, because they have modified their policy rules, and we didn't warn them about the change 13:35:27 <johnthetubaguy> we can have different behaviours based on different microversions though, that seems just fine 13:37:03 <alex_xu> so microversion with new behaviour. but new rule just copy the rule of old one 13:38:15 <gmann> but when policy rules are modified, anyways behavior can be changed when admin upgrade (currently also) 13:38:48 <johnthetubaguy> gmann: thats fairly terrible, we should stop that 13:39:14 <johnthetubaguy> now we need oslo.policy to help us more, eventually, but we just are not there yet 13:39:42 <johnthetubaguy> my concern is based on this 13:39:42 <johnthetubaguy> https://governance.openstack.org/tc/reference/tags/assert_supports-upgrade.html#requirements 13:39:53 <johnthetubaguy> and because I believe policy = configuration 13:42:08 <alex_xu> johnthetubaguy: yes, we just implement that. so you concern on microversion? 13:42:17 <alex_xu> sorry, i'm a little lost... 13:42:21 <gmann> humm 13:42:46 <Kevin_Zheng> old rule can work on the current patch, I think 13:44:23 <johnthetubaguy> alex_xu: that was just a comment about how we have failed to do this properly in the past 13:44:24 <gmann> johnthetubaguy: can new rule be considered as new config option kinnda ? 13:44:38 <johnthetubaguy> so it is a new config, effectively 13:44:48 <johnthetubaguy> I really don't like us changing the API behaviour based on a config 13:45:04 <johnthetubaguy> the odd bit, is we plan on removing the old behaviour and old config next cycle 13:45:17 <gmann> yea that's true 13:45:23 <alex_xu> yea 13:45:26 <johnthetubaguy> that just seems odd to me, struggling to describe why 13:45:40 <gmann> now i got your point 13:45:47 <johnthetubaguy> for me, we use microversions to create API behaviour changes 13:45:57 <johnthetubaguy> and advertise them correctly, etc 13:46:22 <gmann> agree on this now. 13:46:39 <Kevin_Zheng> ok 13:46:40 <gmann> otherwise it can be interop issue 13:47:17 <johnthetubaguy> now I think its easier to think about this in two steps 13:47:52 <johnthetubaguy> one change adds a microversion to make all_tenants no longer trigger 403, the old policy rules just decide if you show servers from all tenants, when you request all_tenants=True 13:48:24 <johnthetubaguy> the second change can rename the policy rules, with some backwards compatibility, because the old rule names don't really make sense with the new behaviour 13:49:25 <alex_xu> so whether we return 403 in old microversion? 13:49:52 <johnthetubaguy> in the old microversion, yes, the new policy rule decides if its 403 or allowed 13:50:04 <johnthetubaguy> just like the old ones did before it 13:50:18 <gmann> but with old rule support right 13:50:52 <johnthetubaguy> the rename of the rule has to be backwards compatible, yes 13:51:41 <johnthetubaguy> whatever those rules say, it gets used in the old microversion to return 403, and in the new microversion its a silent ignore or list instances across all tenants on the system 13:51:59 <gmann> yea 13:52:14 <johnthetubaguy> now, there is a debate of whether its worth a microversion or not, but I don't think the policy settings should decide the behaviour 13:52:51 <johnthetubaguy> if there is no microversion, I think everyone should have the new behaviour 13:53:44 <Kevin_Zheng> maybe a microversion bump when remove the old rule and change the behaviour for new rule? 13:53:57 <gmann> but still that change behavior if doing for everyne 13:54:18 <johnthetubaguy> yeah, as long as its the same behaviour for everyone, that could work for me 13:54:45 <gmann> i mean app moving from upgareded cloud to old cloud can break 13:55:00 <gmann> no 403 -> 403 13:55:14 <alex_xu> 5 mins left 13:55:27 <johnthetubaguy> really its only people depending on getting 403 that would break 13:55:53 <johnthetubaguy> but yeah, a break is possible, unless its microversioned 13:56:21 <gmann> yea it can break interoperability 13:56:44 <alex_xu> yea, althought the 403 is generic error people processed 13:57:25 <johnthetubaguy> you could use that 403 to check if you had an admin token, duno why you would, but you could 13:57:54 <gmann> also app, on upgraded cloud where no 403 if decide to move to old non-upgraded cloud where 403 13:57:55 <alex_xu> emm...yes 13:58:37 <gmann> i mean we changing error to success which is issue. error-> good error only ok 13:58:38 <alex_xu> one news, I will start the vacation from tomorrow. Kevin_Zheng will be there for tomorrow? 13:58:56 <Kevin_Zheng> yeah 13:59:00 <johnthetubaguy> alex_xu: have a good break 13:59:00 <alex_xu> probably I will help on the patch tonight. but i'm not sure I have network tomorrow evening 13:59:04 <gmann> alex_xu: i can take up those updates, i am in for next week 13:59:13 <alex_xu> johnthetubaguy: gmann thanks 13:59:49 <Kevin_Zheng> could you also update the doc one? already did some work 13:59:49 <gmann> so we should go with microversion on behavior change ? as johnthetubaguy mentioned on 2 changes 13:59:52 <alex_xu> ok, we should back to nova channel, it is time to close the meeting 13:59:57 <gmann> Kevin_Zheng: sure ll do 14:00:09 <alex_xu> #endmeeting