Tuesday, 2023-05-09

« Monday, 2023-05-08 Index Thursday, 2023-05-11 »
yasufumhi tacker team.08:02
manpreetk_hi08:02
uehahi08:02
yu-kinjohi08:02
sairamhi08:02
yuta-kazatohi08:02
yasufum#link https://etherpad.opendev.org/p/tacker-meeting08:02
yasufum#startmeeting tacker08:03
opendevmeetMeeting started Tue May  9 08:03:01 2023 UTC and is due to finish in 60 minutes.  The chair is yasufum. Information about MeetBot at http://wiki.debian.org/MeetBot.08:03
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.08:03
opendevmeetThe meeting name has been set to 'tacker'08:03
yasufum#link https://etherpad.opendev.org/p/tacker-meeting08:03
yasufumIt seems we don't need to have so much time today08:04
yasufumlooking on the etherpad.08:04
yasufum#topic Share the result of proposing OIS forum sessions08:05
yasufumIt's my item.08:05
yasufumJust for sharing our proposals.08:05
yasufumUnfortunately, both of them are not on the schedule already fixed.08:06
yasufumAnyway, thanks for your items for topics were going to be discussed on https://etherpad.opendev.org/p/tacker-forum-feedback-for-etsi-nfv-usecases.08:08
yasufumThat's all for the first item.08:09
yasufumAny comment, or do you have any other items should be discussed?08:10
uehaThanks for your sharing, I have no comment and other items today.08:11
yasufumNothing?08:11
yasufumueha: ok08:12
yasufumgood08:12
yasufumSo, let's close this meeting.08:12
yasufumThank you for joining, bye.08:12
uehathanks, bye08:13
manpreetk_bye!08:13
takahashi-tscbye08:13
yu-kinjobye08:13
yasufum#endmeeting08:13
opendevmeetMeeting ended Tue May  9 08:13:17 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)08:13
opendevmeetMinutes:        https://meetings.opendev.org/meetings/tacker/2023/tacker.2023-05-09-08.03.html08:13
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/tacker/2023/tacker.2023-05-09-08.03.txt08:13
opendevmeetLog:            https://meetings.opendev.org/meetings/tacker/2023/tacker.2023-05-09-08.03.log.html08:13
w-jusobye08:13
yuta-kazatobye08:14
dmendiza[m]🙋‍♂️17:01
gmann#startmeeting policy_popup17:01
opendevmeetMeeting started Tue May  9 17:01:48 2023 UTC and is due to finish in 60 minutes.  The chair is gmann. Information about MeetBot at http://wiki.debian.org/MeetBot.17:01
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.17:01
opendevmeetThe meeting name has been set to 'policy_popup'17:01
gmanndmendiza[m]: hi17:01
dmendiza[m]Hi gmann 17:02
gmannthis is today agenda, #link https://etherpad.opendev.org/p/rbac-goal-tracking#L14817:02
gmanndmendiza[m]: hi, how r u17:02
dmendiza[m]Good, just trying to get back into the SRBAC happenings17:02
gmanngreat17:02
gmannlet me go through the agenda and then we can discuss if anything specific you have 17:03
gmannUpdating the RBAC goal timeline for old rule removal considering the SLURP releases 17:03
gmannI updated it and governance change is merged #link https://review.opendev.org/c/openstack/governance/+/88023817:03
gmannand you might see neutron also switched their new defaults by default17:04
gmann#link https://lists.openstack.org/pipermail/openstack-discuss/2023-May/033579.html17:04
dmendiza[m]Nice17:04
gmannnova, glance already did it in last cycle17:04
dmendiza[m]I can get Barbican and Keystone to switch over this cycle too17:04
gmannthanks17:04
gmannI think we need some work to do in keystone on supporting the project scope for every rule.17:05
gmannI will try to push the changes in this week17:05
dmendiza[m]That's to s/system-scope/admin-role/g right?17:05
gmannthat is needed as all services except ironic dropped the system scope17:05
gmannyeah, basically allow project scope token to keep accessing the APIs as per their original persona 17:06
dmendiza[m]>  supporting the project scope for every rule17:06
dmendiza[m]Will that be a change to Keystone's policies?17:06
gmannyes, it will add 'project' in allowed scope but will keep system scope support also 17:07
gmannI mean just addition of project scope allow and no change in what is allowed currently17:07
dmendiza[m]oh gotcha.  So, not dropping system, but also allowing "admin" role to do those things.17:07
gmannyup17:07
gmannI will try to push the change and then it will be more clear, will add you in review17:08
dmendiza[m]Thanks, yeah, I'll keep an eye out for that.17:08
gmanncool17:08
dmendiza[m]I think we need to do something similar in Barbican17:08
dmendiza[m]there's a few Barbican APIs that still require system scope17:08
gmanndmendiza[m]: but we do not want system scope support in anywhere except ironic and keystone17:09
dmendiza[m]gotcha17:09
dmendiza[m]OK17:09
dmendiza[m]yeah, I'll propose a patch to Barbican to drop system scope17:09
gmannoctavia also dropped system scope recently which is what our goal is17:09
gmanngreat17:09
gmann#action dmendiza[m] to propose change in barbican to drop system scope17:10
gmanndmendiza[m]: ^^ just to have it reminder17:10
gmann#action gmann to propose keystone change to support project scope17:10
dmendiza[m]thanks17:10
gmannnext is review requests17:11
gmannmagnum17:11
gmann#link https://review.opendev.org/c/openstack/magnum/+/87562517:11
gmannit has one +2 and I also reviewed it +1 since last cycle but not merging17:11
gmannI think I need to send it on ML if any other core can merge17:11
gmann#action gmann to ask for magnum rbac change review on ML17:12
gmannnext is keystone17:12
gmannService role #link https://review.opendev.org/c/openstack/keystone/+/86342017:12
gmanndmendiza[m]: I think this is ready ? I also need to review the latest PS17:13
dmendiza[m]I'll add it to the next Keystone Reviewathon.17:13
gmanncool, thanks17:13
dmendiza[m](which won't be until next week because Red Hat has a holiday on Friday)17:13
gmannohk17:14
dmendiza[m]but I'll try to review it before then17:14
gmannthanks, really appreciate, they have been open for long17:14
gmannmanger role #link https://review.opendev.org/c/openstack/keystone/+/82260117:14
gmannthis need some changes as per review comment17:15
gmannI will try to ping abhishek about it17:15
dmendiza[m]Ah yes, I remember this one ... I'll need a refresher though.17:15
gmannthat is all from agenda today17:16
gmanndmendiza[m]: anything else you have to discuss ?17:16
dmendiza[m]Nope.  I was mainly wondering what the status of "system" scope was17:17
dmendiza[m]but we talked about that already17:17
gmannok, yeah we decided to dropped system scope from every project except Ironic and Keystone17:17
gmanndmendiza[m]: this is documentation for that and above section on why we need to do it #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#change-in-scope-implementation17:18
gmannI am keeping this goal document up to dated so any time you can refer it17:19
dmendiza[m]That's good to know.  Thanks for that. 👍️17:19
gmannnp!17:19
gmannok, let's close the meeting, 17:19
gmannthanks dmendiza[m] for joining 17:19
dmendiza[m]Sounds good, thanks gmann 17:19
gmann#endmeeting17:19
opendevmeetMeeting ended Tue May  9 17:19:55 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)17:19
opendevmeetMinutes:        https://meetings.opendev.org/meetings/policy_popup/2023/policy_popup.2023-05-09-17.01.html17:19
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/policy_popup/2023/policy_popup.2023-05-09-17.01.txt17:19
opendevmeetLog:            https://meetings.opendev.org/meetings/policy_popup/2023/policy_popup.2023-05-09-17.01.log.html17:19
« Monday, 2023-05-08 Index Thursday, 2023-05-11 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!