19:00:18 <amitgandhinz> #startmeeting Poppy Weekly Meeting
19:00:19 <openstack> Meeting started Thu Feb 19 19:00:18 2015 UTC and is due to finish in 60 minutes.  The chair is amitgandhinz. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:20 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:00:22 <openstack> The meeting name has been set to 'poppy_weekly_meeting'
19:00:26 <amitgandhinz> #topic RollCall
19:00:29 <malini> o/
19:00:33 <amitgandhinz> o/
19:00:34 <obulpathi> o/
19:00:46 <wbrothers> o/
19:01:29 <sriram> o/
19:02:43 <megan_w_> \o
19:03:02 <amitgandhinz> #link https://wiki.openstack.org/wiki/Meetings/Poppy
19:03:18 <amitgandhinz> #topic Last Week Today
19:03:25 <amitgandhinz> #link http://eavesdrop.openstack.org/meetings/poppy_weekly_meeting/2015/poppy_weekly_meeting.2015-02-12-18.59.html
19:03:34 <catherineR> o/
19:03:41 <amitgandhinz> only one action item - did everyone review the api changes proposed?
19:03:47 <cpowell> o/
19:04:17 <malini> :^) no
19:04:25 <malini> tht was supposed to be :-$
19:04:29 <amitgandhinz> smh
19:04:35 * malini even more embarassed now
19:04:40 <obulpathi> Opps .. me too
19:05:03 <sriram> I'll go through it after this meeting . :|
19:05:05 <amitgandhinz> ok everyone needs to review it
19:05:27 <amitgandhinz> i plan to have tonytan4ever start the SSL stuff next week when he returns
19:05:39 <obulpathi> amitgandhinz: I did go though the log delivery stuff
19:05:45 <obulpathi> thats seemed good to me
19:05:50 <sriram> cool
19:06:08 <amitgandhinz> #action everyone read the api changes - secure certificates, content section, log delivery
19:06:15 <amitgandhinz> obulpathi: cool
19:06:34 <malini> the everyone tag makes it somebody else's responsibility
19:06:38 <malini> just saying ;)
19:06:48 <amitgandhinz> #action malini to read the api changes
19:06:53 <sriram> ha
19:06:53 <malini> duh
19:06:54 <amitgandhinz> #action sriram to read the api changes
19:06:55 <cpowell> burn
19:07:02 <amitgandhinz> #action obulpathi to read the api changes
19:07:09 <amitgandhinz> how's that?
19:07:14 <amitgandhinz> muwahahaha
19:07:16 <obulpathi> hahaa
19:07:17 <malini> #action amitgandhinz to read the api changes
19:07:19 <obulpathi> got it
19:07:19 <malini> BWAHAAHAA
19:07:22 <sriram> well done, sir.
19:07:24 <amitgandhinz> i wrote it !
19:07:24 <sriram> well done.
19:07:35 <malini> tht doesnt prevent u from reading it
19:07:39 <sriram> lol
19:07:42 <mpanetta> hah
19:07:49 * amitgandhinz smh
19:08:13 <amitgandhinz> #topic Bugs and Blueprints
19:08:17 <amitgandhinz> #link https://launchpad.net/poppy/+milestone/kilo-3
19:08:31 <amitgandhinz> sriram: taskflow driver
19:08:39 <sriram> ready to go.
19:08:49 <sriram> have tested both patches with api tests.
19:08:52 <sriram> and they pass.
19:09:00 <malini> yayy
19:09:07 <obulpathi> yay
19:09:15 <amitgandhinz> -)
19:09:27 <obulpathi> so when are we pushing to preview?
19:09:36 <cpowell> I am working on it now
19:09:37 <obulpathi> oops sorry
19:09:56 <obulpathi> this is openstack channel
19:10:07 <amitgandhinz> once cpowell gives the ok i will merge it
19:11:06 <sriram> cool
19:11:22 <amitgandhinz> miqui - home doc
19:11:36 <amitgandhinz> he's not here today, but i saw a patchset from him
19:11:40 <amitgandhinz> there were comments
19:12:02 <sriram> yeah, I think he'll be back with a new patch incorporating the comments.
19:12:07 <amitgandhinz> ya
19:12:12 <sriram> he popped by earlier in the channel, and mentioned that.
19:12:22 <amitgandhinz> ok, i didnt see that.  cool
19:12:24 <amitgandhinz> ok
19:12:26 <amitgandhinz> amitgandhinz: Make API Tests run successfully at the Gate
19:12:31 <amitgandhinz> im currently working on this
19:12:39 <malini> woot!!
19:12:41 <sriram> woo, this would be a major win.
19:13:02 <amitgandhinz> basically cleaning up our tox file and making it work with mimic since we cant upload conf files that talk to akamai/fastly/cloudfront/maxcdn with real creds
19:13:13 <amitgandhinz> once i get it working easily with mimic
19:13:17 <sriram> amitgandhinz: +1
19:13:22 <amitgandhinz> then i will update the infra jobs to run them
19:13:32 <sriram> how's that coming along?
19:13:33 <obulpathi> awesome :)
19:13:35 <sriram> mimic stuff.
19:13:51 <amitgandhinz> i have tox working with mimic.  i currently dont believe mimic is kicking in
19:13:59 <amitgandhinz> also malini, we still pull mimic from your fork
19:14:03 <amitgandhinz> and i dont see akamai in there
19:14:06 <amitgandhinz> only fastly
19:14:20 <malini> wbrothers was going to get tht merged to mimic master
19:14:50 <malini> wbrothers: ping
19:14:51 <amitgandhinz> we can talk about it later
19:14:54 <malini> ok
19:15:02 <sriram> cool
19:15:53 <amitgandhinz> ok moving on to bugs now..
19:15:55 <amitgandhinz> https://bugs.launchpad.net/poppy/+bug/1420945
19:15:57 <openstack> Launchpad bug 1420945 in Poppy "default ttl not automatically assigned" [Medium,New] - Assigned to Amit Gandhi (amit-gandhi)
19:16:05 <amitgandhinz> i have started working on this
19:16:40 <amitgandhinz> the challenge is setting the default rules for existing services created... its a work in progress
19:16:40 <wbrothers> The mimic stuff is not merge as of yet
19:17:22 <amitgandhinz> wbrothers: ok, any idea when it will be?
19:17:43 <wbrothers> Depends on what is set for priority
19:18:14 <wbrothers> And I will be out of the office starting next Friday
19:18:23 <amitgandhinz> ok, we can talk about it later
19:18:29 <wbrothers> np
19:18:33 <malini> I can take that up
19:19:01 <amitgandhinz> any other bugs or bp's needing to be discussed?
19:19:01 <wbrothers> thank you malini
19:19:10 <malini> np wbrothers
19:19:18 <obulpathi> https://bugs.launchpad.net/poppy
19:19:24 <sriram> I just created a new blueprint
19:19:27 <obulpathi> there are a bunch of bugs we clean up
19:19:29 <malini> amitgandhinz: which mimic driver shud we get in first?
19:19:35 <malini> fastly or akamai?
19:19:40 <obulpathi> but we have not marked them for kilo-3
19:19:43 <sriram> https://blueprints.launchpad.net/poppy/+spec/taskflow-tests-for-flows
19:20:01 <sriram> we can take a look at this, when we decide to merge taskflow stuff.
19:20:43 <amitgandhinz> ok i will clean up those bugs afterwards, i dont think we need to spend time in this meeting cleaning that up
19:20:59 <sriram> cool
19:21:17 <obulpathi> cool
19:22:10 <amitgandhinz> sriram: you want to talk about your bp
19:22:36 <sriram> amitgandhinz: yeah sure.
19:22:54 <sriram> the blueprint aims to address testing of actual flows themselves.
19:23:04 <sriram> rather than testing the tasks contained within the flows.
19:23:21 <sriram> malini pointed out that it should be possible to do.
19:23:25 <amitgandhinz> does the api tests capture the whole flow?
19:23:36 <amitgandhinz> who you want to be able to do it within the unit/fn tests?
19:23:36 <sriram> yes it does.
19:23:41 <amitgandhinz> s/who/or
19:24:07 <sriram> it would be a functional test, with a mocked zookeeper I guess.
19:24:26 <amitgandhinz> ok
19:25:15 <sriram> I'm not entirely sure of the scope of the test, but I think it'd best to try first. If we decide, that api tests would be enough, we can close the bp.
19:25:20 <sriram> malini: thoughts?
19:25:29 <sriram> would you like to chime in?
19:25:59 <malini> let me look at it again
19:26:05 <malini> I will update the bp with my comments
19:26:21 <sriram> awesome thanks macbook-uxs!
19:26:22 <sriram> err
19:26:32 <sriram> malini :P
19:26:35 <malini> :D
19:26:41 <sriram> wrong tab completion :P
19:27:29 <amitgandhinz> ok cool
19:27:57 <amitgandhinz> #topic open discussion
19:28:06 <amitgandhinz> anything else to discuss this week?
19:28:27 <malini> none from me
19:28:46 <amitgandhinz> did everyone vote for the presentation?
19:28:53 <mpanetta> Yeppers
19:29:01 <malini> I did :)
19:29:04 <catherineR> Yes!
19:29:06 <sriram> amitgandhinz: I'm still thinking about it :P
19:29:08 <sriram> jk
19:29:10 <obulpathi> amitgandhinz: I have couple of comments on API docs
19:29:13 <amitgandhinz> sriram: your fired =P
19:29:24 <sriram> *you're
19:29:26 <mpanetta> lol
19:29:31 <amitgandhinz> obulpathi: go for it
19:29:34 <mpanetta> I was wondering if someone was gonna do that :P
19:29:37 <amitgandhinz> sriram: ugh grammar policia
19:29:47 <malini> sriram can easily find another IRC channel :D
19:29:49 <obulpathi> regarding geography, I am thinking it would be good to have a whitelist and blacklist
19:29:57 <amitgandhinz> i agree
19:30:02 <obulpathi> that way it will be easy for UI as well
19:30:09 <amitgandhinz> maybe a flag on the rule
19:30:25 <obulpathi> or each of them can be a list
19:30:30 <amitgandhinz> rule : {name = blah, geography = x, whitelist = true}
19:30:31 <obulpathi> whitelist list
19:30:50 <obulpathi> anything works as long as we have both lists
19:30:56 <obulpathi> under content section
19:31:02 <obulpathi> for cookies and headers
19:31:04 <amitgandhinz> i dont want to have another list
19:31:28 <sriram> there should be validation. we dont want a country to be both blacklisted and whitelisted :O
19:31:48 <obulpathi> does the use needs have one ruler per cookie
19:32:01 * amitgandhinz depends on the size of the cookie
19:32:07 <obulpathi> ok, I think I got this
19:32:09 <obulpathi> hahhaah
19:32:30 <obulpathi> I was thinking we can implement this using a list of cookies to forward
19:32:37 <amitgandhinz> if each rule has a flag, then we follow the rule of order is important
19:32:40 <obulpathi> but lists is not a good idea
19:32:40 <amitgandhinz> and last one wins
19:32:56 <obulpathi> got it
19:32:58 <obulpathi> thanks :)
19:33:15 <amitgandhinz> do we like the whitelist/blacklist nouns?
19:33:23 <amitgandhinz> or go with something like "allow/disallow"
19:33:28 <amitgandhinz> or other ideas?
19:33:46 <amitgandhinz> we can look at what other api's are doing here
19:34:01 <catherineR> Is there an industry standard term?
19:34:06 <sriram> I'm ok with whitelist, blacklist. I mean its pretty clear what each means.
19:34:36 <malini> whitelist, blacklist sounds better to me
19:35:24 <obulpathi> whitelisting and blacklisting  +1
19:36:06 <amitgandhinz> but if its an item, and not a list
19:36:11 <amitgandhinz> does list make sense?
19:36:31 <obulpathi> hahaha
19:36:44 <obulpathi> allow/disallow make sense then
19:36:48 <malini> whitestuff & blackstuff :/
19:37:13 <sriram> lol
19:37:18 <amitgandhinz> allowed and blocked?
19:37:19 <mpanetta> Are we bikeshedding here?? :P
19:37:34 <sriram> aah, the *stuff*'s the best.
19:37:43 <mpanetta> Oreostuff
19:37:46 <amitgandhinz> allowedsttuff and blockedstuff?
19:37:56 <obulpathi> redstuff/greenstuff??
19:37:56 <malini> mpanetta: tht is black AND white!
19:37:59 * mpanetta now wants an oreo
19:38:04 <obulpathi> flows with traffic :)
19:38:08 <mpanetta> malini: Yep!
19:38:19 <amitgandhinz> this meeting is derailing
19:38:19 <malini> I vote for just whitelist & blacklist
19:38:19 <sriram> Ok, I think we officially de-railed this meeting. :)
19:38:33 <wbrothers> how about redlight and greenlight
19:38:43 <amitgandhinz> i like allowed and blocked as its explicit
19:38:51 <amitgandhinz> whitelist makes me wonder if white is good or bad
19:39:08 <sriram> alright.
19:39:08 <mpanetta> They are both good in oreos :P
19:39:10 <malini> "A whitelist is a list or register of those that are being provided a particular privilege, service, mobility, access or recognition"
19:39:12 <amitgandhinz> ok lets noodle on it
19:39:18 <malini> http://en.wikipedia.org/wiki/Whitelist
19:39:25 * sriram noodles
19:39:42 <malini> amitgandhinz: u have a good point ! it creates wrong associations!
19:39:42 <amitgandhinz> anything else to discuss?
19:40:09 <malini> oreos?
19:40:14 <obulpathi> also
19:40:23 <mpanetta> Dubblestufft plz
19:40:26 <obulpathi> I have seen default rule for geo in couple of places
19:40:32 <obulpathi> I can't remember where
19:40:45 <obulpathi> so if a country does not match the allow/disallow
19:40:51 <obulpathi> what is the default behaviour?
19:41:20 <mpanetta> Hmm
19:41:45 <amitgandhinz> hmm, so if you have no geo rule, everything is allowed
19:41:47 <mpanetta> Why can't one set a default policy (allow all/dissalow all) and then set explicit allows or denys?
19:41:48 <sriram> by default we should allow stuff right?
19:41:59 <amitgandhinz> if you have an allowed item, then only those are allowed and all others are blocked
19:42:00 <mpanetta> This is how firewalls work for example.
19:42:04 <sriram> mpanetta: nice, like a firewall policy.
19:42:06 <mpanetta> Yes
19:42:17 <amitgandhinz> mpanetta: +1
19:42:18 <malini> tht is a great idea
19:42:28 <obulpathi> so if we have a disallow item
19:42:34 <obulpathi> everything else is allowd?
19:42:50 <sriram> yes
19:43:00 <obulpathi> but, what if the user have both?
19:43:10 <obulpathi> so we only allow either allow or disallow
19:43:15 <obulpathi> nand not both?
19:43:21 <sriram> err.
19:43:22 <mpanetta> You can't have bth
19:43:28 <sriram> we validate that?
19:43:29 <sriram> right?
19:43:47 <obulpathi> yes, we can validate
19:43:57 <amitgandhinz> hmmm....how do we reflect this clearly
19:43:58 <obulpathi> but what do we want to have?
19:44:08 <malini> mpanetta: how will a sample entry look like?
19:44:33 <mpanetta> well in the firewall world you say the default policy is allow all (for example) but disallow x, y and z.
19:44:52 <mpanetta> OR you deny all by default and allow a, b, c
19:44:57 <mpanetta> You can't have both.
19:45:02 <malini> Can you allow: cake, disallow: oreo ?
19:45:07 <amitgandhinz> so do we create a geography rule where geography = "*", allow = True
19:45:20 <mpanetta> No, not usually
19:45:21 <amitgandhinz> and then all other geo rules are blocked
19:45:36 <cpowell> depends on what you are doing, sometimes is easier to do whitelisting over blacklisting
19:45:40 <malini> that makes sense..
19:45:43 <mpanetta> Yeah
19:45:54 <malini> we wont need to allow one geo & disallow another
19:46:07 <amitgandhinz> for geo, may just want to block one or two countries, and not whitelist 200 countries
19:46:13 <cpowell> right
19:46:14 <mpanetta> Yeah
19:46:16 <sriram> I think we should be able to control granulairty.
19:46:21 <cpowell> I think for this use case, blacklisting is better
19:46:23 <sriram> with regions and country codes.
19:46:37 <sriram> block 2 countries, allow all regions
19:46:38 <obulpathi> lot of websites, whitelist too
19:46:45 <mpanetta> Would we use our own list and then map those to the provider names?
19:46:52 <amitgandhinz> thats why i think you set a deafult geo rule for * and allow/disallow it.  and then get granular with the rest
19:46:58 <malini> sriram: tht wud be disallow: 2 countries & everything else get in -rt?
19:47:00 <mpanetta> amitgandhinz: ++
19:47:09 <sriram> malini: yes
19:47:41 <sriram> so if we have control over granularity, there shouldnt be issues when we configure.
19:48:36 <obulpathi> we can let the user have either whitelist / blacklist
19:48:41 <obulpathi> and decide the default based on it
19:48:53 <obulpathi> we validate and make sure that user can not have both
19:49:03 <amitgandhinz> so does the api generate the default rule ?
19:49:08 <amitgandhinz> or do we let the user create it
19:49:21 <obulpathi> we can have default whitelisted
19:49:38 <malini> will that cause problems in any geos, megan_w_ ?
19:49:40 <sriram> api generates it.
19:49:52 <amitgandhinz> so by default allow all?
19:49:55 <amitgandhinz> or block all?
19:49:59 <obulpathi> allow all
19:50:01 <amitgandhinz> ok
19:50:05 <amitgandhinz> works for me
19:50:05 <sriram> amitgandhinz: I vote for allow all
19:50:15 <malini> Will that create issues in certain countries?
19:50:33 <sriram> malini: could you explain?
19:50:57 <amitgandhinz> #agreed, geo will by default ALLOW ALL, user can specify what geo's to BLOCK.  User can edit the default to be BLOCK ALL
19:51:38 <sriram> +1
19:51:45 <malini> I mean if countries with strict censorship etc. want to block content, our users could get into trouble
19:51:57 <malini> or maybe they shud know better?
19:52:07 <mpanetta> Hmm
19:52:11 <amitgandhinz> the user can create the appropriate rule
19:52:22 <malini> I vote to make the user specify to whitelist or blacklist
19:52:34 <malini> why wud we want to allow all by default?
19:52:41 <amitgandhinz> we are a democracy
19:52:57 <obulpathi> when we create the service using UI, we want to make it really easy
19:53:10 <amitgandhinz> most users will want to allow all geo's
19:53:19 <obulpathi> that way user can create basic stuff first like domain and origins and then add other rules later
19:53:26 <sriram> if we make it complicated, might confuse users.
19:53:28 <amitgandhinz> if you block all by default, then customers lose traffic and business
19:53:40 <malini> megan_w_: what do u think?
19:53:40 <amitgandhinz> we should explicitly show the rules applied
19:53:52 <amitgandhinz> so then the user can change it if they want to
19:54:15 <malini> I am worried abt that poor user who will end up in jail because of our API :'(
19:54:17 <cpowell> default allow all: +1
19:54:19 * amitgandhinz 5 min warning
19:54:24 <mpanetta> I don't think it s the responsibility of the content provider to cater to the laws of other countries, Usually it is the person in the country with the crazy rules that is responsable...
19:54:35 <mpanetta> malini: I don't think it works that way
19:54:56 <mpanetta> If someone is providing content against the laws of the coutry they are in then they should not be providing it at all...
19:55:02 <wbrothers> mpanetta: Think about Google and China
19:55:06 <malini> ok..the majority wins here
19:55:08 <megan_w_> here's my take..
19:55:19 <megan_w_> from what i've heard, habing both allow and deny is preferable
19:55:32 <mpanetta> wbrothers: That is different, google isn't providing content, they are finding it, and filtering the results.
19:55:57 <wbrothers> But they are filtering the content
19:56:01 <malini> grr..I dont want to give examples & be politically incorrect
19:56:07 <mpanetta> Not the content, just the results.
19:56:14 <megan_w_> amitgandhinz: i assume geo needs to follow the same parameters of all the other rules, right?
19:56:14 <cpowell> we can take it offline
19:56:17 <wbrothers> And the are required to provide information to the government
19:56:18 <mpanetta> They don't link to banned content...
19:56:24 <mpanetta> Hrm
19:56:28 <megan_w_> yeah, perhaps offline is better
19:56:42 <amitgandhinz> megan_w_: yes, what we decide here would apply to all restriction rules
19:56:45 <mpanetta> I personally think the whole thing is out of scope... But that is me :P
19:56:53 <malini> mpanetta: it probably is
19:56:54 <amitgandhinz> so referrer restrictions will also get a ALLOW ALL/ DENY ALL option
19:56:58 <megan_w_> mpanetta: all rules out of scope??
19:57:03 <amitgandhinz> as will Client ip etc
19:57:08 <mpanetta> The customer is responsible for the content not us.
19:57:10 <amitgandhinz> httpmethods
19:57:13 <wbrothers> I think legal needs to weigh in on the content subject
19:57:15 <megan_w_> all other providers have rules
19:57:19 <megan_w_> its a standard feature
19:57:21 <mpanetta> megan_w_: Not the rules, just worrying about blocking content.
19:57:40 <megan_w_> they want to be able to block at the edge so it doesn't hit their origin
19:57:53 <amitgandhinz> where to block content for who from who is out of our scope
19:58:00 <mpanetta> Then let them.  I am just saying the legality of things is out of scope for us.
19:58:00 <amitgandhinz> we just provide teh tools to be able to do so
19:58:06 <mpanetta> amitgandhinz: Yes
19:58:09 <megan_w_> amitgandhinz: right
19:58:16 <megan_w_> ok, one more question on this
19:58:20 <sriram> mpanetta: +1
19:58:25 <megan_w_> amitgandhinz: what'st he point in an ALLOW ALL
19:58:38 <amitgandhinz> ALLOW ALL countries, but BLOCK USA
19:58:40 <megan_w_> wouldn't you just not create a rule?
19:59:04 <amitgandhinz> if i say BLOCK USA, ALLOW NZ
19:59:22 <cpowell> yes
19:59:23 <megan_w_> that's redundant.  you just want to allow nz
19:59:28 <amitgandhinz> then what does that block and allow?  does it block all countries and just allow NZ, or allow all countries and just block USA
19:59:33 <malini> megan_w_: +1
19:59:55 <amitgandhinz> if i just say allow NZ, then its implied that the rest is blocked
20:00:01 <cpowell> yes
20:00:03 <malini> yes
20:00:04 <amitgandhinz> why not inject the deafult rule that says DENY ALL
20:00:08 <amitgandhinz> and then the user can edit it
20:00:09 <malini> time is out
20:00:12 <amitgandhinz> but its explicit
20:00:17 <amitgandhinz> timeup
20:00:19 <megan_w_> lets take this to the poppy channel
20:00:22 <amitgandhinz> ok
20:00:26 <amitgandhinz> thanks everyone
20:00:28 <amitgandhinz> #endmeeting