#openstack-meeting log

17:00:38 <gmann> #startmeeting policy_popup
17:00:38 <opendevmeet> Meeting started Tue May 23 17:00:38 2023 UTC and is due to finish in 60 minutes.  The chair is gmann. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:38 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:38 <opendevmeet> The meeting name has been set to 'policy_popup'
17:00:48 <gmann> #link https://etherpad.opendev.org/p/rbac-goal-tracking#L148
17:00:52 <gmann> today agenda ^^
17:01:03 <dmendiza[m]> 🙋‍♂️
17:01:09 <gmann> dmendiza[m]: hi
17:01:28 <gmann> let's start
17:01:31 <gmann> #topic Previous meeting action item
17:01:39 <gmann> dmendiza[m] to propose change in barbican to drop system scope
17:01:52 <dmendiza[m]> I did do this
17:01:53 <gmann> #link https://review.opendev.org/c/openstack/barbican/+/883526
17:01:56 <dmendiza[m]> let me get a link
17:01:58 <gmann> dmendiza[m]: thanks
17:02:21 <dmendiza[m]> Tempest tests are here:
17:02:23 <dmendiza[m]> #link https://review.opendev.org/c/openstack/barbican-tempest-plugin/+/883527
17:02:28 <gmann> +1, thanks
17:02:34 <gmann> I have only comment there about legacy admin to continue working
17:02:48 <dmendiza[m]> and the follow up to re-enable srbac tests is here:
17:02:49 <dmendiza[m]> #link https://review.opendev.org/c/openstack/barbican/+/883562
17:03:25 <dmendiza[m]> yeah, I want to say we never had support just "admin" role without checking the project, but I don't have a preference either way
17:03:26 <gmann> adding project_admin in defaults will break legacy admin means admin in any project cannot do/see things in other project
17:03:50 <gmann> dmendiza[m]: oh, I think I misunderstood then, what was the old defaults? project_admin only
17:05:03 <dmendiza[m]> actually, I take that back
17:05:04 <gmann> dmendiza[m]: no, it was admin only #link https://review.opendev.org/c/openstack/barbican/+/883526/3/barbican/common/policies/consumers.py#24
17:05:05 <gmann> #link https://review.opendev.org/c/openstack/barbican/+/883526/3/barbican/common/policies/base.py#82
17:05:08 <dmendiza[m]> looks like we did used to allow it
17:05:14 <gmann> yeah
17:05:28 <dmendiza[m]> yep, we're on the same wavelength :)
17:05:35 <gmann> that was one of the feedback we received from operators that to continue support legacy admin
17:05:48 <dmendiza[m]> right ...
17:05:51 <dmendiza[m]> I'll get the patch updated
17:05:59 <gmann> cool, thanks
17:06:29 <gmann> moving next action item
17:06:33 <gmann> gmann to propose keystone change to support project scope
17:06:42 <gmann> I did not propose yet, I will try to do this week
17:06:50 <gmann> #action gmann to propose keystone change to support project scope
17:06:52 <dmendiza[m]> ack
17:07:00 <gmann> gmann to ask for magnum rbac change review on ML
17:07:05 <gmann> I did ask in magnum channel
17:07:43 <gmann> and it seems we have review there from Jake #link https://review.opendev.org/c/openstack/magnum/+/874945/21
17:08:38 <gmann> #topic Review of
17:08:44 <gmann> Keystone
17:09:04 <gmann> #link https://review.opendev.org/c/openstack/keystone/+/822601
17:09:11 <gmann> #link https://review.opendev.org/c/openstack/keystone/+/863420
17:09:26 <gmann> first one need some update, abhishekk will you get chance to check those.
17:09:33 <gmann> 2nd one is ready to review i think
17:09:51 <dmendiza[m]> I'll get to updating/reviewing those eventually...
17:09:57 <dmendiza[m]> Just gotta find the time, heh
17:10:13 <gmann> ok, thanks again
17:10:22 <gmann> I think other review we already talked about
17:10:31 <gmann> and that is all from agenda
17:10:38 <gmann> dmendiza[m]: anything else from you side?
17:10:50 <dmendiza[m]> Nah, I'm good for now.
17:11:12 <gmann> cool, thanks for joining, let's close then
17:11:15 <gmann> #endmeeting