18:00:03 #startmeeting keystone 18:00:04 Meeting started Tue Sep 5 18:00:03 2017 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:04 ayoung, breton, cmurphy, dstanek, edmondsw, gagehugo, henrynash, hrybacki, knikolla, lamt, lbragstad, lwanderley, notmorgan, rderose, rodrigods, samueldmq, spilla, aselius, dpar 18:00:05 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:00:07 The meeting name has been set to 'keystone' 18:00:09 o/ 18:00:11 #link https://etherpad.openstack.org/p/keystone-weekly-meeting 18:00:11 o/ 18:00:13 agenda ^ 18:00:15 o/ 18:00:18 o/ 18:00:22 o/ 18:00:24 o/ 18:00:33 o/ 18:01:24 #topic announcements: ptg planning 18:01:35 #link https://etherpad.openstack.org/p/keystone-queens-ptg 18:01:49 PTG is next week already, so the schedule is pretty much set at this point 18:01:56 i haven't heard of many conflicts 18:02:04 with out proposed sessions anyway 18:02:10 i'm also still waiting on room information 18:02:15 but i'll up that as soon as possible 18:02:24 lbragstad: my only issue is I won't be there Monday until ~noon 18:02:41 assuming no plane issues. Irma may decide to alter those plans 18:02:53 hrybacki: ack 18:03:14 yeah 18:03:18 meeting time or something o/ 18:03:21 the etherpads for specific sessions should be good to go 18:03:36 raildo when is your oslo secret protection session going to be? 18:03:47 let me know if you see information missing 18:04:01 otherwise - they should be used to prepare for sessions 18:04:21 edmondsw https://etherpad.openstack.org/p/oslo-ptg-queens 18:04:22 edmondsw, it will be on Monday in the oslo room, at 1:30-2:10pm 18:05:02 so that's gonna conflict a bit, at least for me 18:05:11 edmondsw, and we are gonna to have other session, related to the tripleo/k8s discussion about it, after that session in the tripleo room 18:05:55 edmondsw, damn =/ 18:06:15 you and I should talk sometime before that meeting... IBM has already written code you might use 18:06:15 edmondsw: is there anything the keystone schedule can do to mitigate it? 18:06:24 I'm trying to pull together more info on that for you 18:06:53 lbragstad probably not, because in this case the conflict is us meeting with the VM and Baremetal guys, so it's really their schedule 18:06:55 i might make it to the 2nd half of monday 18:06:58 edmondsw, I intend to be in the Keystone policy in code session, before that meeting 18:07:02 i def. am going to miss-policy-in-code 18:07:12 i wont be arriving until around noon on monday 18:07:13 iirc 18:07:22 edmondsw: ack - is there a set schedule for that group/sig somewhere? 18:07:37 edmondsw: i've just kinda lumped our related topics into a big block to bring to them 18:07:41 lbragstad I was just looking at what you had put in https://etherpad.openstack.org/p/keystone-queens-ptg 18:07:43 and hoping we can discuss them 18:07:46 ok 18:07:53 so - we're on the same page 18:08:14 i've reached out to the baremetal/vm sig a couple times but i haven't seen an actual schedule 18:08:24 (which kinda makes it tough to schedule the rest of things) 18:08:52 * lbragstad has the feeling he's going to be chasing people down monday and tuesday 18:08:59 lbragstad if we could firm that up in a way that doesn't conflict with the oslo discussion, that would be great 18:09:14 edmondsw: i'll see if i can reach out to johnthetubaguy again 18:09:26 i'd be happy to help them schedule it 18:09:34 but i don't know if someone else has already started doing that 18:10:08 #action lbragstad to reach out to baremetal/vm sig about firming up their schedule 18:10:24 anyone have anything for PTG stuff? 18:10:31 mostly just wanted to advertise it 18:10:42 with the etherpads for pre-session reading 18:11:12 alrighty - moving on 18:11:18 you're giving us homework? ;) 18:11:18 #topic project tags character limit 18:11:23 edmondsw: you know it 18:11:30 it wouldn't be the PTG without it ;) 18:11:37 tru dat 18:11:54 gagehugo: o/ 18:11:58 amrith 18:12:04 * kmalloc has an easy answer here.... 18:12:09 * kmalloc waits to hear more though 18:12:19 * edmondsw thinks he knows kmalloc's answer... 18:12:22 I'd like to avoid having it configurable 18:12:29 ++ 18:12:31 me too 18:12:33 hello 18:12:34 do not make it configurable 18:12:45 i would -2 configurable, ftr 18:12:49 amrith project tags character limit? 18:12:55 amrith: o/ 18:12:55 yes 18:12:59 hi lance 18:13:19 amrith: you have a use case for a higher limit of tags, right? 18:13:23 kmalloc doesn't want to make it configurable. oK then make the limit large 18:13:34 yes, the idea is to have a hierarchy of tags 18:13:40 each tag is stored as a row in the db? 18:13:48 kmalloc: yes 18:13:49 with a project->many tag relationsiop? 18:13:50 and for that a longer name would be required 18:13:59 then 255 varchar is the max i support 18:14:12 kmalloc: yeah - it'a many-to-many relationship 18:14:13 i don't mind if you're anywhere under or equal to 255 18:14:20 for the tag name. 18:14:36 i'm fine with that 18:14:38 Morgan, I think 255 would be OK to start with; is the db field capped at 255? 18:14:40 amrith: so is the concern the *number* of tags or the lenght of a tag? 18:14:44 how many levels of hierarchy are we talking here? 18:14:46 kmalloc is Morgan, yes? 18:14:46 for DB reasons in MySQL it is 18:14:50 yeah. 18:15:17 don't exceed 255 unless it's really needed... and then we talk about indexes and indexing text fields 18:15:18 and blobs 18:15:20 edmondsw no idea. 2 or 3 at most, I think 18:15:25 255 sounds fine 18:15:27 in short, 255 is fine. 18:15:40 even at 5 levels, 255 allows for 50 character names 18:15:54 amrith: in the db it shouldn't matter 18:16:05 because you're many tags to one project 18:16:08 yes, can we make the default (in code) larger 18:16:13 you should store it a relational forms 18:16:18 I was gonna say we could possibly set a lower limit on tag length, and then support up to 255 for something like "tag:tag:tag" 18:16:37 I assumed we'd have tag.tag.tag.tag.tag 18:16:48 since the format is tag, value 18:16:57 or tag.tag.tag.tag, value 18:17:14 sure, I don't care what the delimiter is 18:17:16 * kmalloc would push this to more relational. 18:17:20 as the case may be 18:17:26 kmalloc I agree 18:17:31 and not tied to text string concat 18:17:44 fine by me, happy if we want to make it relational 18:17:50 it solves the issue 18:17:55 but may be overkill 18:18:02 but i wont argue too much for /against 18:18:08 kmalloc ditto 18:18:10 kmalloc assign a UUID per tag, and then each tag can be associated with a parent? 18:18:14 just as long as the column(s) in the db are 255 varchar 18:18:16 I won't argue too much against/for :) 18:18:22 make sure PKs are auto-inc int 18:18:24 kmalloc +1 18:18:34 and you can use a uuid if you need externally referenceable 18:18:38 (just not as PK) 18:18:44 and so long as a user doesn't have to change code to get the whole 255 18:18:57 asking them to change a config is fine, change code is not 18:19:08 please do not make this configurable 18:19:09 at all 18:19:16 kmalloc I won't heh 18:19:17 i'm not seeing how we could actually 18:19:26 fine, let's remove it from the config in that case 18:19:30 we're talking about the length of an attribute in the database 18:19:35 sorry from that file (whatever it was) 18:19:42 which is defined by schema, right? 18:19:47 yeah 18:20:03 anyway, my requirements are: primary-key is autoinc-int, varchar fields cannot be > 255 (and these need indexes so, please use varchar for the string data) 18:20:10 i thought this specific concern was around the actual *number* of tags that could be associated to a project 18:20:26 if it's relational data 18:20:36 lbragstad there were two 18:20:41 one was to make the overall length greater 18:20:42 it doesn't matter, unless you want to just say 50 tags. or some such 18:20:43 ok - i missed the second one then 18:20:47 make it high but reasonable 18:20:55 don't make it a config option :) 18:20:57 and when I was told that it could be changed, I asked for configurable, and also that max tags be configurable 18:21:06 start with it not configurable 18:21:16 and a high/reasonable max 18:21:16 and reasonably right 18:21:18 if you set one 18:21:19 high* 18:21:20 so 80 -> 255 18:21:44 gagehugo: for which one, the database column length or the number of tags a project can have? 18:21:57 * kmalloc has to re-read the state of the code 18:22:03 lbragstad column length 18:22:07 but it sounds like it is all as i imagine 18:22:42 ok - sounds like we all agree that the column length should be 255 characters 18:23:34 do we all agree that the number of tags a project should have is 80 and non-configurable? 18:23:51 lbragstad it's currently 50 tags per project 18:24:04 we can up that to 80, idc 18:24:14 amrith: does 50 work for you? 18:24:33 lbragstad i think it is more than enough for me 18:24:58 PLease make it relational 18:24:59 gagehugo: cool - wanna go to 80 so that we're consistent with what nova does? 18:25:15 and go to 255 18:25:40 ok 18:25:44 why would you limit the number of tags a project can have? 18:25:57 #agreed project tag length needs to be increased to 255 characters and be relational 18:26:00 ayoung: to prevent some malicious "add a billion tags to slow things down" 18:26:24 #agreed set the number of tags a project can have to 80 to be consistent with nova 18:26:25 who owns the tags? 18:26:33 if I create a tag, do I own it? 18:26:36 tags is just an attribute of project 18:26:38 can only I set it on a project? 18:26:39 ayoung: mostly it's a "set something reasonable and high" where if someonone hits the limit... they did something crazy. set it at 100 or 200, just not "unlimited" 18:26:52 currently - admins can tag projects 18:26:58 gagehugo, watch out for the word "just" 18:27:09 by modifying the project itself 18:27:13 RBAC "folks may tag projects, RBAC", admin is default 18:27:27 lbragstad, admins? We're in 968696 territory with that term...but 18:27:35 like i said, be defensive, but not insane 18:27:46 set the limit at 200 or even 100 18:27:54 if we have complaints that is too low, we can adjust 18:27:55 tags need to be treated as full entities, not just strings in a string table 18:28:14 ayoung why's that? 18:28:28 gagehugo, IFF they are going to have any non-trivial usage 18:28:39 lets say I have a tag "non-billable" 18:29:09 now, it might be find to have a tag table like kmalloc suggests 18:29:17 but then you are going to have a shared resource 18:29:30 i.e. if I delete a tag, is it garbage collected? 18:29:31 etc 18:29:38 just need to think through the proposal 18:30:06 is "Admin" and "admin" going to map to the same tag? 18:30:20 Are we going to make Tags URL safe? 18:30:21 no, they are case-sensitive 18:30:29 are they going to allow spaces? 18:30:34 yes 18:30:38 full utf-8? 18:30:51 ayoung: yeah should be. 18:30:56 yes 18:31:12 only characters not allowed are "," and "/" 18:31:26 as per https://specs.openstack.org/openstack/api-wg/guidelines/tags.html 18:31:43 OK. Go for it. Just please provide electric shock therapy for anyone that wants to use them for any security purpose, to include billing 18:32:04 lol 18:32:15 heh 18:32:17 #action gagehugo to implement electric shock therapy in keystone 18:32:28 anything else on tags? 18:33:18 #topic open discussion 18:33:57 We've got more people beating us up over Read Only Roles 18:34:25 thats all 18:34:41 ack - we have nearly an entire day dedicated to it at the ptg 18:35:45 Cool. The Part of Adam Young will be played by hrybacki 18:35:54 they upgraded the actor 18:36:02 ;) 18:36:07 he's not as handsome as the last however 18:36:17 he played much better infront of the studio audience 18:36:28 * ayoung was an Infantryman 18:36:31 * ayoung ugly 18:36:36 is he allowed mic privileges? 18:37:00 lbragstad, he was a Commo SGT in the Army. He can fix the mike. 18:37:10 lol 18:37:11 perfect 18:37:51 alright - unless we have other things to discuss it looks like we can get some time back 18:38:13 \o/ 18:38:19 thanks all! 18:38:21 #endmeeting