Created
November 14, 2016 13:07
-
-
Save ashcrow/aeb05fa036408bd77a84648b8cec66a4 to your computer and use it in GitHub Desktop.
commissaire-log-2016-14-11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
07:32:59 ashcrow | Agenda Item 1: Presentations. None this week. | |
07:33:19 ashcrow | Agenda Item 2: Open PR Discussions | |
07:33:39 ashcrow | We do have 2 PRs in progress that came in Friday. (will update agenda) | |
07:34:00 ashcrow | - Clusterexec service: https://github.com/projectatomic/commissaire-service/pull/27 | |
07:34:01 mbarnes | mine should be ready today (https://github.com/projectatomic/commissaire-service/pull/27) | |
07:34:29 ashcrow | - Container Manager Config: https://github.com/projectatomic/commissaire/pull/50 | |
07:34:52 ashcrow | - Vagrant Update:https://github.com/projectatomic/commissaire/pull/53 | |
07:35:12 ashcrow | - Model._validate no longer updates signature: https://github.com/projectatomic/commissaire/pull/52 | |
07:35:14 ashcrow | make that 4 :-D | |
07:36:03 ashcrow | Folks who have time please take a look and review/pre-review PR's. That's always helpful. I'll take a look myself at Clusterexec and Vagrant ones today. | |
07:36:15 mbarnes | will do | |
07:36:16 gbraad | I will do this week | |
07:36:18 ashcrow | Any questions about the current in fight PR's? | |
07:36:28 gbraad | which has higher prio? | |
07:36:49 ashcrow | gbraad: of the 4, clusterexec has the highest I'd say. | |
07:36:55 gbraad | OK | |
07:37:32 ashcrow | We ended up merging a ton of work since last meeting. Good job :-D | |
07:37:43 ashcrow | 24 PR's merged | |
07:37:55 portdirect | well some of us did :/ well done everyone else | |
07:38:23 gbraad | not breaking a laptop might help ;-) | |
07:38:28 ashcrow | lol | |
07:38:56 portdirect | the authn stuff looks great | |
07:39:14 gbraad | portdirect feedback appreciated | |
07:39:58 ashcrow | Agenda Item 3: Open Issue Discussions | |
07:40:10 ashcrow | Current issues open are: | |
07:40:17 ashcrow | - Configurable Logging | |
07:40:19 ashcrow | - Reusable Service Parser | |
07:40:23 ashcrow | - Port Model Validation | |
07:40:26 ashcrow | - Docs | |
07:40:41 ashcrow | ... rolled up to a high level | |
07:41:23 portdirect | working on logging again atm - will have this done either thisafternoon of first thing tomorrow | |
07:41:29 ashcrow | portdirect: gbraad was curious abiyt status https://github.com/projectatomic/commissaire/issues/26#issuecomment-259072241 | |
07:41:57 portdirect | could do with a bit of input re config files, I've been using this: https://gist.github.com/intlabs/245847636214fca9381a83fa00881044 | |
07:42:02 ashcrow | portdirect: perfect! If you run into any issues let us know and we'll lend a hand too! | |
07:42:22 ashcrow | mbarnes: mind taking a gander at that his morning? | |
07:42:23 mbarnes | all in one, nice! | |
07:42:27 mbarnes | will do | |
07:42:48 portdirect | that answers my question: is it better in one or two files? | |
07:43:26 * | gbraad afk | |
07:44:07 portdirect | I like it in one - but a sperate file might be better as it could be shared between services? | |
07:45:27 ashcrow | I tend to agree. If it is something to be used across multiple executables then having a seperate file to reuse probably would be nicer. However, other factors may be involved. | |
07:46:08 ashcrow | Each service uses different logger names so no matter what updating would be required. | |
07:46:28 ashcrow | And different subsystems in commissaire-http do as well, etc.. | |
07:46:49 ashcrow | gbraad noted that the docs are still ongoing (which is expected) | |
07:47:16 gbraad | yes. especially authn will need addiitonal notes | |
07:47:53 ashcrow | The other issues noted are open and meant as helpful areas the project could use outside help/"low hanging fruit" to get folks in to the code. | |
07:48:11 ashcrow | Agenda Item 4: Open Floor | |
07:48:31 ashcrow | gbraad asked "What about the scope for keystone token authentication" | |
07:48:54 ashcrow | I believe this is targeted to portdirect as it is related to Keystone Authentication. | |
07:48:59 portdirect | so thats an interesting one... | |
07:49:11 gbraad | atm this code has been removed, as portdirect was also unsure about the usage | |
07:49:27 portdirect | ashcrow/mbarns familiar with keystone? | |
07:49:41 ashcrow | Somewhat, but not deeply | |
07:50:50 portdirect | ok, there are two kinds ok tokens: scoped and unscoped. scopeed ones are tied to the context of a keystone domain/project | |
07:51:23 gbraad | this means that it dpeends on the setup of the openstack deployment | |
07:51:35 gbraad | i added the code that allows to use it when specified. | |
07:51:54 gbraad | therefore it was up to the admin on how to use it... | |
07:52:58 portdirect | we would need to use a scoped context if commissaire was going to then call openstack apis on the users behalf | |
07:53:11 portdirect | (when the user does not have admin access) | |
07:54:27 portdirect | but it's not possible (as far as I know) to determin what project a scoped toke has been issued to without making an admin call to keystone? (gbraad correct me if I'm wrong) | |
07:55:50 portdirect | so if we were to use scoped access in commissaire, then we would need to pass both the token, and the scope for which it's for | |
07:56:29 portdirect | but before we get there it would be good to get an idead of what sort of RBAC/ABAC access controll was being thought of for the wider project? | |
07:56:38 ashcrow | So unscoped is like an admin service account and scoped is a privledged account for a specific "project"? | |
07:57:28 ashcrow | portdirect: agreed. I think we should use unscoped for the moment, add a design work card/issue for RBAC and then come back to this after RBAC is implemented. | |
07:57:35 ashcrow | thoughts? | |
07:57:39 portdirect | +1 | |
07:58:12 mbarnes | sounds reasonable | |
07:58:37 portdirect | that makes the most sense i think at the moment | |
07:59:56 ashcrow | mbarnes / portdirect / gbraad: Any other items for the open floor? | |
08:00:20 mbarnes | none for me | |
08:00:54 portdirect | I'm good, though is there a mailing list I should be on? | |
08:01:11 ashcrow | portdirect: yes :-) atomic-devel@projectatomic.io | |
08:01:30 portdirect | sweet - I'm much bettwer at that than twiter :) | |
08:02:20 ashcrow | portdirect: traditionally there hasn't been much chatter about commissaire on the list but I'd like to change that. Feel free to post questions/ideas/etc.. there and mbarnes, gbraad, and myself (who are all on it too) will chime in. | |
08:03:36 ashcrow | The next meeting will be on Nov 28th. Same time, same place. | |
08:04:09 ashcrow | This concludes this weeks meeting. Thanks everybody! | |
08:04:20 portdirect | have a good week guys :) | |
08:04:21 mbarnes | we'll all be wide awake for that one, I'm sure :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment