16:00:03 <lbragstad> #startmeeting policy 16:00:03 <edmondsw> o/ 16:00:04 <openstack> Meeting started Wed Aug 9 16:00:03 2017 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:05 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:07 <lamt> o/ 16:00:08 <edmondsw> o/ 16:00:08 <openstack> The meeting name has been set to 'policy' 16:00:08 <gagehugo> o/ 16:00:13 <ruan_he> o/ 16:00:15 <nhelgeson> o/ 16:00:17 <lbragstad> #link https://etherpad.openstack.org/p/keystone-policy-meeting 16:00:44 <lbragstad> we'll give it a minute for others to show up 16:00:51 <lbragstad> haven't had a policy meeting in a couple weeks 16:01:31 <knikolla> o/ 16:02:30 <lbragstad> #topic external pdp hooks 16:02:32 <lbragstad> ruan_he: o/ 16:02:40 <lbragstad> #link https://review.openstack.org/#/c/491565/ 16:03:28 <ruan_he> we'd like to propose a hook in keystone to redirect authorization requests to an external PDP instead of the native one by oslo.policy 16:04:00 <lbragstad> ruan_he: is the hook suppose to be in keystone or oslo.policy? 16:04:12 <ruan_he> it's similar to the previous Fortress one, but now it's more generic for any external PDP 16:04:55 <edmondsw> ruan_he keystone isn't used for authorization when you talk to nova, cinder, etc... so how does this work with that? 16:05:20 <ruan_he> the hook will be in oslo.policy 16:05:31 <edmondsw> ah 16:05:47 <lbragstad> so we should probably be proposing this specification to oslo 16:05:58 <lbragstad> since it seems more relevant there 16:06:12 <edmondsw> and say oslo.policy, not keystone 16:06:42 <ruan_he> well, my understanding is that all the topics about policy.json, policy.ymal are here 16:07:14 <lbragstad> yeah - this is the policy meeting, but the specification is targeted to keystone-specs 16:07:28 <lbragstad> ruan_he: are you planning on attending the ptg? 16:07:52 <ruan_he> if this topic will be discussed in ptg, I can try to attend the meeting 16:08:18 <ruan_he> where should I put this spec? 16:08:23 <lbragstad> ruan_he: i was going to suggest that if you want to push this forward with the oslo group - you should add it to the list of topics here 16:08:25 <lbragstad> #link https://etherpad.openstack.org/p/oslo-ptg-queens 16:08:47 <lbragstad> oslo has its own specification repository 16:08:50 <lbragstad> #link https://github.com/openstack/oslo-specs 16:09:12 <lbragstad> which follows a similar process to the one used in keystone-specs 16:09:31 <ruan_he> I think that it's a cross-topic, because for authorization, roles are defined in keystone and policy.json file is used in oslo.policy 16:09:59 <edmondsw> oslo conversations are always cross-project :) 16:10:04 <lbragstad> that's true 16:10:14 <edmondsw> ruan_he this is definitely the right meeting to discuss it in, don't get us wrong 16:10:28 <edmondsw> it's the spec that's in the wrong place 16:10:43 <lbragstad> the functionality has to come from oslo.policy i think 16:10:47 <ruan_he> ok, I'll re-submit the spec to oslo 16:11:26 <lbragstad> looping in the oslo folks would be a good idea, too 16:11:37 <lbragstad> i'm certain they'd have some valuable input here 16:11:43 <lbragstad> cc dims gcb ^ 16:12:38 <lbragstad> ruan_he: i'll add the topic to #link https://etherpad.openstack.org/p/oslo-ptg-queens 16:12:40 <dims> lbragstad : ack 16:12:46 <dims> lbragstad : good idea 16:12:57 <lbragstad> ruan_he: if you want to repropose the specification you have to the oslo-specs repository 16:13:05 <ruan_he> just like an external IdP, we would like to support external PDP for authorization 16:13:24 <ruan_he> ok, I'll do that 16:15:23 <lbragstad> ok - done 16:15:35 <lbragstad> ruan_he: anything else you wanted to share on this topic? 16:15:48 <ruan_he> that's all 16:16:00 <ruan_he> just a question 16:16:04 <lbragstad> ruan_he: sure 16:16:31 <ruan_he> I've read the Fortress spec, are there some guys working on that? 16:16:57 <lbragstad> ruan_he: ktychkova was working on it previously, but i'm not sure if she still is or not 16:18:04 <lbragstad> she had a PoC up earlier in the year 16:18:25 <ruan_he> ok, thanks 16:18:30 <lbragstad> no problem 16:18:35 <lbragstad> #topic update on global roles 16:18:52 <lbragstad> #link https://review.openstack.org/#/c/481781/ 16:18:56 <lbragstad> i've had that up for a while 16:19:05 <lbragstad> and i need to start breaking it apart and pushing it forward 16:19:22 <lbragstad> which i should be able to start doing next week for sure once the dust settles from rc1 16:19:44 <lbragstad> knikolla: you mentioned some interest in that work 16:19:48 <lbragstad> knikolla: is that still the case/ 16:20:06 <knikolla> yep 16:20:49 <lbragstad> knikolla: cool - let's sync on friday and see how we can tackle that work with two people 16:20:56 <lbragstad> (or more if anyone else is interested) 16:21:05 <knikolla> lbragstad: sounds great. 16:21:29 <lbragstad> #topic open discussion 16:21:53 <lbragstad> anyone have anything they'd like to discuss? 16:21:59 <gagehugo> do we have a room at the PTG for policy? 16:22:15 <lbragstad> not yet - i believe diablo_rojo_phon was working on lining something up 16:22:26 <gagehugo> alright cool 16:22:29 <lbragstad> i sent a note to the mailing list about getting people together to go through moving policy into code 16:22:49 <lbragstad> #link https://etherpad.openstack.org/p/policy-queens-ptg 16:22:53 <lbragstad> but so far that's been crickets 16:23:08 <lbragstad> (maybe helping the other projects will be easier that i was expecting) 16:24:06 <lbragstad> i would expect that session to be something we cover on monday or tuesday 16:24:14 <lbragstad> or have a room dedicated to policy stuff 16:24:28 <gagehugo> ok 16:24:42 <lbragstad> and since that fits the cross-project bill, I would expect to do that sometime monday or tuesday 16:25:43 <lbragstad> outside of what's already on the etherpad - does anyone have suggestions for policy topics during the PTG? 16:26:42 <lbragstad> alright - looks like we'll get some time back 16:26:44 <lbragstad> thanks for coming! 16:26:47 <lbragstad> #endmeeting