#openstack-meeting log

17:01:52 <gmann> #startmeeting policy_popup
17:01:52 <opendevmeet> Meeting started Tue Jul 18 17:01:52 2023 UTC and is due to finish in 60 minutes.  The chair is gmann. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:01:52 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:01:52 <opendevmeet> The meeting name has been set to 'policy_popup'
17:01:54 <gmann> dmendiza[m]: hi
17:02:06 <dmendiza[m]> Hi gmann
17:02:28 <gmann> let's start
17:02:35 <gmann> agenda is in this etherpad #link https://etherpad.opendev.org/p/rbac-goal-tracking#L151
17:03:30 <gmann> #topic Previous meeting action item
17:03:49 <gmann> there is one action item for me
17:03:50 <gmann> gmann to propose keystone change to support project scope
17:04:08 <gmann> this change is more than what I expected especially on the tests side
17:04:37 <gmann> while starting that I found there is no protection tests running in keystone gate so I proposed to add it
17:04:47 <gmann> #link https://review.opendev.org/c/openstack/keystone/+/886434
17:04:55 <gmann> dmendiza[m]: if you can check this
17:05:33 <gmann> I am little busy this week so may be next week I will start on the keystone changes
17:07:00 <gmann> there are other review request also, magnum one which ricolin is updating actively
17:07:01 <dmendiza[m]> Ack, I'll review that patch later today
17:07:06 <gmann> dmendiza[m]: thanks
17:07:17 <gmann> that is all from my side today, dmendiza[m] anything else you have?
17:08:09 <dmendiza[m]> I've been working with d34dh0r53 on this refactor patch:
17:08:11 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/885799
17:08:19 <dmendiza[m]> but I'm not sure we're going to continue it
17:08:36 <dmendiza[m]> with TripleO going away, it may not be worth the effort
17:09:20 <gmann> ohk, yeah. even for any overridden policy testing I will say tempest and tempest plugins tests are not designed for.
17:09:39 <gmann> it need lot of change in framework and design if we want to test customized policy in tempest
17:09:41 <dmendiza[m]> Well, the custom policy really means:
17:10:32 <dmendiza[m]> enforce_scope = False, enforce_new_defaults = True
17:10:48 <dmendiza[m]> Which is a possible deployment option in Keystone, though I am not sure it's intended to be used that way
17:10:55 <dmendiza[m]> but that's what the custom policy is mirroring
17:11:23 <gmann> ok, those config are ok and tempest should test them either they are enabled or disabled
17:11:43 <gmann> otherthan that if any policy is overridden then tempest tests might not work
17:11:45 <dmendiza[m]> I've only seen them either both = False, or both = True, but not a mix
17:11:57 <gmann> yeah both together
17:12:12 <dmendiza[m]> I'll bring it up in the Keystone meeting tomorrow
17:12:52 <gmann> I added my comment on the patch about it
17:13:00 <dmendiza[m]> thanks
17:13:31 <gmann> I remember AT&T was asking for testing the custom policy and that is why patrole project came up which is retired now
17:15:48 <gmann> anything else ? or we can close it early
17:16:15 <dmendiza[m]> Nope, that's all I have
17:16:28 <gmann> ok, thanks dmendiza[m] for joining
17:16:31 <gmann> #endmeeting