16:02:09 #startmeeting policy 16:02:09 Meeting started Wed Feb 1 16:02:09 2017 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:02:10 ping raildo, ktychkova, dolphm, dstanek, rderose, htruta, atrmr, gagehugo, lamt, thinrichs, edmondsw, ruan, ayoung, stevemar, ravelar, morgan 16:02:11 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:02:11 ping johnthetubaguy if you're around! 16:02:13 The meeting name has been set to 'policy' 16:03:46 o/ 16:04:02 o/ 16:04:09 o/ 16:04:28 hi ruan_20 - sorry for not pinging, I never know which irc nick you'll have each week 16:04:41 ruan_20 right now I just ping with ruan 16:05:17 o/ 16:06:10 we'll give it another minute here for folks to show up 16:07:16 #topic announcements 16:07:30 agenda #link https://etherpad.openstack.org/p/keystone-policy-meeting 16:07:41 we have a really light agenda this week (similar to last week) 16:08:09 because i know most of us are tied up with finishing up the release 16:08:40 I'm hoping that we can start planning things out for the PTG soon 16:08:48 specifically the policy work 16:08:51 in this case, is it possible to make a summery? 16:09:24 ruan_20, you are still pursuing the Fortress approach, right? 16:09:43 Yes 16:10:10 I'd like to make sure folks weigh in the policy stuff here https://etherpad.openstack.org/p/keystone-pike-ptg so that we ensure we have a dedicated and meaningful session on in in ATL 16:10:11 #link https://etherpad.openstack.org/p/keystone-pike-ptg 16:10:12 ruan_20, so I won't be at the PTG, but we are trying to find out who will to discuss it 16:10:34 #topic open discussion 16:11:43 lbragstad, I need coding help 16:12:00 top priority is the Bug 968696 work 16:12:00 bug 968696 in OpenStack Identity (keystone) ""admin"-ness not properly scoped" [High,In progress] https://launchpad.net/bugs/968696 - Assigned to Adam Young (ayoung) 16:12:09 ayoung are you working on fortress integration? 16:12:13 I'm not going to be able to get to it myself, looking to hand it off 16:12:22 oh wow, fortress 16:12:31 lbragstad, no. FOrtress is outside my world 16:12:38 ayoung oh 16:12:44 my favorite bug! 16:12:52 dstanek, mine too 16:13:06 we need work on tempest, I think, in order to close that out 16:13:29 ayoung noted - i know we merged your spec and I think it was bumped to pike 16:13:33 basically, the tempest tests put a bunch of admin stuff under the dynamically created domains and projects, and those break with the stricter rules 16:14:00 lbragstad, not even talking RBAC here, just base "scoping admin" work 16:14:36 lbragstad, for example https://review.openstack.org/#/c/384148/ 16:15:04 that one passes unit tests, but fails Tempest 16:15:35 oh - this is evaluating is_admin_project 16:15:41 lbragstad, yes 16:15:46 or making nova evaluate it 16:16:06 lbragstad, I think fixing things in Tempest will get the tests to pass for all the other projects, Keystone included 16:16:29 see open reviews on https://review.openstack.org/#/q/topic:bug/968696 16:17:27 Keystone needs https://review.openstack.org/#/c/387161/ and https://review.openstack.org/#/c/387710/ before the patch, too 16:17:47 https://review.openstack.org/#/c/257636/ is failing tempest for the same reasons 16:18:53 lbragstad, I think knikolla is going to take the RBAC work, but this stuff here, this is fundamental. It needs a full court press, and needs to be finished 16:19:25 jamielennnox did the heavy lifting. But this is the last mile. 16:19:35 And I can't get the time to work on it anymore 16:20:09 ok - but this is something that can be done in parallel with knikolla's RBAC work? 16:20:48 lbragstad, yes 16:21:04 looks like there are only 4 patches left 16:21:20 well, I expect that there will be a bunch of Tempest patches when we are done 16:21:24 not including the patches needed to tempest 16:21:44 and, once these are in, need to make sure the other projects are all good. 16:23:07 ok - I'd like to work on getting policy into code soon too, which is another thing we can do in parallel, but maybe the folks working on all the policy efforts can hop back and forth? 16:23:09 the final state will be one for cinder, one for glance one for Neutron, 16:23:15 neutron has not been written yet 16:23:24 perhaps swift 16:23:43 and then all of the other projects in the big tent need to play nice, too 16:24:09 ayoung that's where I want to lean on documentation 16:24:11 we *need* to have docs around this kind of stuff 16:24:21 yep, but we need code first 16:24:26 at least for nova and Keystone 16:24:32 otherwise, it is meaningless 16:24:38 instead of going around and policing everyone to make sure they do it right, we need to provide them with the information and guidance so that we don't need to police them 16:26:53 regardless - i'd expect anyone picking up this work to be in touch with other folks working on policy 16:29:23 does anyone have *specific* things they want to work on/talk about at the PTG? 16:29:40 or things they want others to bring to the PTG for them? 16:30:18 s/specific/specific policy/ 16:33:29 ok - does anyone have anything else they'd like to talk about/ 16:35:16 alright - well I'll give everyone some time back. remember to fill out the pike ptg etherpad if you have specifics you want discussed in ATL, we'll be starting the planning phase soon 16:35:28 thanks for coming! 16:35:31 #endmeeting