18:01:04 #startmeeting policy-popup 18:01:06 Meeting started Thu May 28 18:01:04 2020 UTC and is due to finish in 60 minutes. The chair is raildo. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:01:07 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:01:09 The meeting name has been set to 'policy_popup' 18:01:14 o/ 18:01:14 #link https://wiki.openstack.org/wiki/Consistent_and_Secure_Default_Policies_Popup_Team#Agenda 18:01:15 o/ 18:01:24 thanks for starting, just finished my lunch 18:01:33 hey all, how things are going? :) 18:01:39 o/ 18:02:40 #topic common/pre-work items to be finished for all projects 18:03:10 gmann, this topic is on you? 18:03:25 One things for sure we need to work on is policy file format usage 18:03:52 policy.json and re-generated one is causing issue on adopting the new policy in backword compatible way 18:04:15 #link for context http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2020-04-27.log.html#t2020-04-27T13:46:37 18:04:30 we will be discussing it in nova-oslo cross project session in PTG Monday 15 UTC is schedule - https://etherpad.opendev.org/p/nova-victoria-ptg 18:05:16 if you have any early feedback idea, feel free to add on etherpad ^^ 18:05:19 gmann, cool, I suppose that what get defined that will be used for other services too? 18:05:37 yeah. 18:05:45 I mean, it's not only nova that will be affected by the policy file format when it's re-generated 18:06:29 it will be all project start doing scope things. so re generation of file from oslo tool does not add deprecated rule in file so old deployment break 18:07:17 removing/deprecating the json format is one idea and keeping yaml suported where operator can comment out the rules so that default-in-code take care of the thigns 18:07:49 gmann, cool, we do have a policy topic on the oslo etherpad as well 18:07:51 #link https://etherpad.opendev.org/p/oslo-victoria-topics 18:08:02 would be nice to sync with oslo folks on this topic as well 18:08:14 Can we schedule that later than 1500? I would prefer to get the Oslo-specific bits of our PTG out of the way before we dive into the controversial stuff. 18:08:30 bnemec: ohk, we need to talk to gibi for that. 18:08:50 I have a feeling this and the healthcheck discussion are likely to go a bit long. :-) 18:08:52 bnemec, sounds great to me 18:09:09 And I only scheduled two hours for Oslo itself because we didn't have that much to talk about. 18:09:10 bnemec: yeah that is right assumption :) 18:09:26 I love the controversial topics, makes our work funnier hehe 18:09:32 i am ok for later also, let's talk to gibi on nova channel 18:09:56 Sounds good. I was kind of planning to try to sit down and figure out how much time we'll need for Oslo topics today anyway. 18:10:04 I will be done by 15 UTC for my QA PTG do after that on that day is all fine for me 18:10:29 bnemec, thank you sir! 18:11:00 gmann, anything else that you have in mind? 18:11:15 That was a whole lot of weasel words on my part, wasn't it? ;-) 18:11:20 nothing else for today. 18:11:51 cool 18:11:54 #topic Progress from projects 18:12:22 we know cyborg started the things in ussuri, spec was merged and code not. 18:12:55 I'm planning to introduce this work on the barbican PTG as well 18:13:11 #link https://review.opendev.org/#/c/699102/ 18:13:11 patch 699102 - cyborg - Add new default policy - 6 patch sets 18:13:15 cyborg work ^^ 18:13:19 raildo: great. 18:13:22 I saw that we have neutron and cinder as candidates, do we have anything planned for those projects for the PTG? 18:13:51 i have not checked but neutron was waiting for nova to finish the things as we talked in shangahi PTG 18:14:31 and i will say waiting for the policy format stuff is something need to be fixed before neutron start. 18:14:38 gmann, ack, I believe that we can spoke with them during this PTG, since nova is almost done with it... at least try to bring the attention for this topic again 18:14:45 hum... 18:14:58 they have very embedded policies with resource and attributes level 18:15:12 or may be that is valid for all the projects ? 18:15:16 gmann, ack.. any idea if the same applies for cinder? 18:15:29 gmann, that would be my guess 18:15:44 yeah, it will be same as many packaging things generate the policy file in same way for all services 18:16:15 but during their PTG discussion if they are planning, we can add these things and other part keep going. 18:16:38 and they can add policy file things as one of dependency. 18:17:27 #topic Making sure that we have some policy topic discussion on each etherpad's related project for the PTG 18:17:56 so I'm joining all the related etherpads that we need to have a topic for each service 18:18:14 gmann, can you double check if everything is ok on that side as well? 18:18:57 raildo: nova, oslo we are discussing but not checked on other PTG. 18:19:04 gouthamr is here, we can get manila plan at least ofr something need help from our side 18:19:37 i will check those etherpad after meeting 18:20:20 cool 18:20:31 #topic open discussion 18:20:37 anything else for today? 18:21:16 gmann: hi! yes, i was just reading passively here... we haven't started working on this, but are interested to start by auditing our hard dependency on an "admin" role in most cases... and then create a plan a la nova to do the granular scoped policies... we'll discuss this next week at our PTG a bit 18:22:09 gouthamr: +1. that is good plan. 18:22:22 gouthamr, that would be great :) I would love to join the discussion 18:24:17 ack raildo - we're planning to talk about this 1450 - 1530 UTC on Monday, June 1st 18:24:39 * raildo taking notes 18:24:57 raildo: would you be available then? 18:24:58 the draft schedule for manila PTG is here: https://etherpad.opendev.org/p/vancouver-ptg-manila-planning 18:25:28 we'll be here: https://www.openstack.org/ptg/rooms/cactus for it :) 18:25:51 gouthamr, I believe so.. I don't see any conflict at top of my head 18:26:02 awesome, ty raildo 18:26:45 awesome, any other topic? 18:26:58 nothing else from me. 18:27:45 cool, so have a good one folks! 18:27:53 #endmeeting