17:01:01 #startmeeting policy_popup 17:01:01 Meeting started Tue Nov 7 17:01:01 2023 UTC and is due to finish in 60 minutes. The chair is gmann. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:01 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:01:01 The meeting name has been set to 'policy_popup' 17:02:02 #link https://etherpad.opendev.org/p/rbac-goal-tracking#L170 17:02:28 this is first meeting after PTG and not much update for today from my side 17:02:47 but I will be around if anyone have any question or let me know anyone joined meeting? 17:03:58 🙋 17:04:49 Hi gmann ! ... Not much on my end. I caught a few of the PTG sessions. Do you want to go over action items maybe? 17:05:13 dmendiza[m]: hi 17:05:33 yeah, that is good idea. let me check what all action we have 17:06:09 #link https://etherpad.opendev.org/p/rbac-2024.1-ptg 17:06:15 ^^ this is etherpad 17:07:16 dmendiza[m]: copied those in our meeting agenda #link https://etherpad.opendev.org/p/rbac-goal-tracking#L176 17:07:41 for this 'Add a job to test the project old default with other projects ' we have that now for Nova and Neutron 17:07:50 I will check for other project and add 17:09:13 I can probably help with Keystone and Barbican 17:09:18 dmendiza[m]: as you are here, this is pending since long, can you check this #link https://review.opendev.org/c/openstack/keystone/+/886434 17:09:25 dmendiza[m]: great, thanks 17:10:09 ack, added to my review queue 17:10:14 dmendiza[m]: added notes in etherpad for you to take care of keystone and barbican 17:10:19 thanks 17:10:20 I'll try to get d34dh0r53 to take a look too 17:10:47 great 17:11:12 If you have any examples of the nova/neutron patches, that would be helpful 17:12:05 sure, let me get link 17:12:52 this job where only that service flag is false so that it run that service old defaults #link https://github.com/openstack/nova/blob/b64ecb0cc776bd3eced674b0f879bb23c8a4b486/.zuul.yaml#L751 17:14:52 Got it, thanks 17:15:12 dmendiza[m]: anything else you would like to discuss? otherwise we can close early 17:15:27 Just a question about the service tokens 17:15:45 sure 17:15:50 IIRC, Nova already uses X-Service-Token, I think? And there was talk about another project adding it too? 17:16:06 Wondering if we should consider implementing that in keystonemiddleware instead 17:16:11 so we don't have to duplicate it across every project 17:16:34 another project? 17:16:56 Yeah, I don't remember who else was talking about using Service tokens ... 🤔 17:17:00 ohk 17:17:47 From my pov, it seems like something useful that Barbican could also support 17:17:55 so discussion for service token is to pass both service as well as user token. service token will be sent in header you mentioned and we will use it for authorization purpose but will send both user and service token to oslo policy 17:17:58 i.e. responding to requests for secrets by a service 17:18:23 I need to test if those all work which should as per the current way in keystonemiddleware 17:19:12 plan is for me to implement and test it for Nova and then update the goal document on 'how to pass/use the service token in service-to-service' communication 17:19:41 and yes, we need to do it consistency in all projects once it works 17:19:59 ack, I'll keep an eye on things for now 17:20:35 ++, I will keep update those in meeting and propose goal document 17:20:44 Great 17:20:52 That's all I had on my mind for today 17:20:56 Thanks, gmann 17:21:06 cool, thanks dmendiza[m] for joining. 17:21:16 our next meeting will be on 21st Nov 17:21:20 #endmeeting