ashcrow/commissaire-log-2016-14-11.txt

## commissaire-log-2016-14-11.txt
07:32:59      ashcrow | Agenda Item 1: Presentations. None this week.
07:33:19      ashcrow | Agenda Item 2: Open PR Discussions
07:33:39      ashcrow | We do have 2 PRs in progress that came in Friday. (will update agenda)
07:34:00      ashcrow | - Clusterexec service: https://github.com/projectatomic/commissaire-service/pull/27
07:34:01      mbarnes | mine should be ready today  (https://github.com/projectatomic/commissaire-service/pull/27)
07:34:29      ashcrow | - Container Manager Config: https://github.com/projectatomic/commissaire/pull/50
07:34:52      ashcrow | - Vagrant Update:https://github.com/projectatomic/commissaire/pull/53
07:35:12      ashcrow | - Model._validate no longer updates signature: https://github.com/projectatomic/commissaire/pull/52
07:35:14      ashcrow | make that 4 :-D
07:36:03      ashcrow | Folks who have time please take a look and review/pre-review PR's. That's always helpful. I'll take a look myself at Clusterexec and Vagrant ones today.
07:36:15      mbarnes | will do
07:36:16       gbraad | I will do this week
07:36:18      ashcrow | Any questions about the current in fight PR's?
07:36:28       gbraad | which has higher prio?
07:36:49      ashcrow | gbraad: of the 4, clusterexec has the highest I'd say.
07:36:55       gbraad | OK
07:37:32      ashcrow | We ended up merging a ton of work since last meeting. Good job :-D
07:37:43      ashcrow | 24 PR's merged
07:37:55   portdirect | well some of us did :/ well done everyone else
07:38:23       gbraad | not breaking a laptop might help ;-)
07:38:28      ashcrow | lol
07:38:56   portdirect | the authn stuff looks great
07:39:14       gbraad | portdirect feedback appreciated
07:39:58      ashcrow | Agenda Item 3: Open Issue Discussions
07:40:10      ashcrow | Current issues open are:
07:40:17      ashcrow | - Configurable Logging
07:40:19      ashcrow | - Reusable Service Parser
07:40:23      ashcrow | - Port Model Validation
07:40:26      ashcrow | - Docs
07:40:41      ashcrow | ... rolled up to a high level
07:41:23   portdirect | working on logging again atm - will have this done either thisafternoon of first thing tomorrow
07:41:29      ashcrow | portdirect: gbraad was curious abiyt status https://github.com/projectatomic/commissaire/issues/26#issuecomment-259072241
07:41:57   portdirect | could do with a bit of input re config files, I've been using this: https://gist.github.com/intlabs/245847636214fca9381a83fa00881044
07:42:02      ashcrow | portdirect: perfect! If you run into any issues let us know and we'll lend a hand too!
07:42:22      ashcrow | mbarnes: mind taking a gander at that his morning?
07:42:23      mbarnes | all in one, nice!
07:42:27      mbarnes | will do
07:42:48   portdirect | that answers my question: is it better in one or two files?
07:43:26            * | gbraad afk
07:44:07   portdirect | I like it in one - but a sperate file might be better as it could be shared between services?
07:45:27      ashcrow | I tend to agree. If it is something to be used across multiple executables then having a seperate file to reuse probably would be nicer. However, other factors may be involved.
07:46:08      ashcrow | Each service uses different logger names so no matter what updating would be required.
07:46:28      ashcrow | And different subsystems in commissaire-http do as well, etc..
07:46:49      ashcrow | gbraad noted that the docs are still ongoing (which is expected)
07:47:16       gbraad | yes. especially authn will need addiitonal notes
07:47:53      ashcrow | The other issues noted are open and meant as helpful areas the project could use outside help/"low hanging fruit" to get folks in to the code.
07:48:11      ashcrow | Agenda Item 4: Open Floor
07:48:31      ashcrow | gbraad asked "What about the scope for keystone token authentication"
07:48:54      ashcrow | I believe this is targeted to portdirect as it is related to Keystone Authentication.
07:48:59   portdirect | so thats an interesting one...
07:49:11       gbraad | atm this code has been removed, as portdirect was also unsure about the usage
07:49:27   portdirect | ashcrow/mbarns familiar with keystone?
07:49:41      ashcrow | Somewhat, but not deeply
07:50:50   portdirect | ok, there are two kinds ok tokens: scoped and unscoped. scopeed ones are tied to the context of a keystone domain/project
07:51:23       gbraad | this means that it dpeends on the setup of the openstack deployment
07:51:35       gbraad | i added the code that allows to use it when specified.
07:51:54       gbraad | therefore it was up to the admin on how to use it...
07:52:58   portdirect | we would need to use a scoped context if commissaire was going to then call openstack apis on the users behalf
07:53:11   portdirect | (when the user does not have admin access)
07:54:27   portdirect | but it's not possible (as far as I know) to determin what project a scoped toke has been issued to without making an admin call to keystone? (gbraad correct me if I'm wrong)
07:55:50   portdirect | so if we were to use scoped access in commissaire, then we would need to pass both the token, and the scope for which it's for
07:56:29   portdirect | but before we get there it would be good to get an idead of what sort of RBAC/ABAC access controll was being thought of for the wider project?
07:56:38      ashcrow | So unscoped is like an admin service account and scoped is a privledged account for a specific "project"?
07:57:28      ashcrow | portdirect: agreed. I think we should use unscoped for the moment, add a design work card/issue for RBAC and then come back to this after RBAC is implemented.
07:57:35      ashcrow | thoughts?
07:57:39   portdirect | +1
07:58:12      mbarnes | sounds reasonable
07:58:37   portdirect | that makes the most sense i think at the moment
07:59:56      ashcrow | mbarnes / portdirect / gbraad: Any other items for the open floor?
08:00:20      mbarnes | none for me
08:00:54   portdirect | I'm good, though is there a mailing list I should be on?
08:01:11      ashcrow | portdirect: yes :-) atomic-devel@projectatomic.io
08:01:30   portdirect | sweet - I'm much bettwer at that than twiter :)
08:02:20      ashcrow | portdirect: traditionally there hasn't been much chatter about commissaire on the list but I'd like to change that. Feel free to post questions/ideas/etc.. there and mbarnes, gbraad, and myself (who are all on it too) will chime in.
08:03:36      ashcrow | The next meeting will be on Nov 28th. Same time, same place.
08:04:09      ashcrow | This concludes this weeks meeting. Thanks everybody!
08:04:20   portdirect | have a good week guys :)
08:04:21      mbarnes | we'll all be wide awake for that one, I'm sure  :)
	07:32:59 ashcrow \| Agenda Item 1: Presentations. None this week.
	07:33:19 ashcrow \| Agenda Item 2: Open PR Discussions
	07:33:39 ashcrow \| We do have 2 PRs in progress that came in Friday. (will update agenda)
	07:34:00 ashcrow \| - Clusterexec service: https://github.com/projectatomic/commissaire-service/pull/27
	07:34:01 mbarnes \| mine should be ready today (https://github.com/projectatomic/commissaire-service/pull/27)
	07:34:29 ashcrow \| - Container Manager Config: https://github.com/projectatomic/commissaire/pull/50
	07:34:52 ashcrow \| - Vagrant Update:https://github.com/projectatomic/commissaire/pull/53
	07:35:12 ashcrow \| - Model._validate no longer updates signature: https://github.com/projectatomic/commissaire/pull/52
	07:35:14 ashcrow \| make that 4 :-D
	07:36:03 ashcrow \| Folks who have time please take a look and review/pre-review PR's. That's always helpful. I'll take a look myself at Clusterexec and Vagrant ones today.
	07:36:15 mbarnes \| will do
	07:36:16 gbraad \| I will do this week
	07:36:18 ashcrow \| Any questions about the current in fight PR's?
	07:36:28 gbraad \| which has higher prio?
	07:36:49 ashcrow \| gbraad: of the 4, clusterexec has the highest I'd say.
	07:36:55 gbraad \| OK
	07:37:32 ashcrow \| We ended up merging a ton of work since last meeting. Good job :-D
	07:37:43 ashcrow \| 24 PR's merged
	07:37:55 portdirect \| well some of us did :/ well done everyone else
	07:38:23 gbraad \| not breaking a laptop might help ;-)
	07:38:28 ashcrow \| lol
	07:38:56 portdirect \| the authn stuff looks great
	07:39:14 gbraad \| portdirect feedback appreciated
	07:39:58 ashcrow \| Agenda Item 3: Open Issue Discussions
	07:40:10 ashcrow \| Current issues open are:
	07:40:17 ashcrow \| - Configurable Logging
	07:40:19 ashcrow \| - Reusable Service Parser
	07:40:23 ashcrow \| - Port Model Validation
	07:40:26 ashcrow \| - Docs
	07:40:41 ashcrow \| ... rolled up to a high level
	07:41:23 portdirect \| working on logging again atm - will have this done either thisafternoon of first thing tomorrow
	07:41:29 ashcrow \| portdirect: gbraad was curious abiyt status https://github.com/projectatomic/commissaire/issues/26#issuecomment-259072241
	07:41:57 portdirect \| could do with a bit of input re config files, I've been using this: https://gist.github.com/intlabs/245847636214fca9381a83fa00881044
	07:42:02 ashcrow \| portdirect: perfect! If you run into any issues let us know and we'll lend a hand too!
	07:42:22 ashcrow \| mbarnes: mind taking a gander at that his morning?
	07:42:23 mbarnes \| all in one, nice!
	07:42:27 mbarnes \| will do
	07:42:48 portdirect \| that answers my question: is it better in one or two files?
	07:43:26 * \| gbraad afk
	07:44:07 portdirect \| I like it in one - but a sperate file might be better as it could be shared between services?
	07:45:27 ashcrow \| I tend to agree. If it is something to be used across multiple executables then having a seperate file to reuse probably would be nicer. However, other factors may be involved.
	07:46:08 ashcrow \| Each service uses different logger names so no matter what updating would be required.
	07:46:28 ashcrow \| And different subsystems in commissaire-http do as well, etc..
	07:46:49 ashcrow \| gbraad noted that the docs are still ongoing (which is expected)
	07:47:16 gbraad \| yes. especially authn will need addiitonal notes
	07:47:53 ashcrow \| The other issues noted are open and meant as helpful areas the project could use outside help/"low hanging fruit" to get folks in to the code.
	07:48:11 ashcrow \| Agenda Item 4: Open Floor
	07:48:31 ashcrow \| gbraad asked "What about the scope for keystone token authentication"
	07:48:54 ashcrow \| I believe this is targeted to portdirect as it is related to Keystone Authentication.
	07:48:59 portdirect \| so thats an interesting one...
	07:49:11 gbraad \| atm this code has been removed, as portdirect was also unsure about the usage
	07:49:27 portdirect \| ashcrow/mbarns familiar with keystone?
	07:49:41 ashcrow \| Somewhat, but not deeply
	07:50:50 portdirect \| ok, there are two kinds ok tokens: scoped and unscoped. scopeed ones are tied to the context of a keystone domain/project
	07:51:23 gbraad \| this means that it dpeends on the setup of the openstack deployment
	07:51:35 gbraad \| i added the code that allows to use it when specified.
	07:51:54 gbraad \| therefore it was up to the admin on how to use it...
	07:52:58 portdirect \| we would need to use a scoped context if commissaire was going to then call openstack apis on the users behalf
	07:53:11 portdirect \| (when the user does not have admin access)
	07:54:27 portdirect \| but it's not possible (as far as I know) to determin what project a scoped toke has been issued to without making an admin call to keystone? (gbraad correct me if I'm wrong)
	07:55:50 portdirect \| so if we were to use scoped access in commissaire, then we would need to pass both the token, and the scope for which it's for
	07:56:29 portdirect \| but before we get there it would be good to get an idead of what sort of RBAC/ABAC access controll was being thought of for the wider project?
	07:56:38 ashcrow \| So unscoped is like an admin service account and scoped is a privledged account for a specific "project"?
	07:57:28 ashcrow \| portdirect: agreed. I think we should use unscoped for the moment, add a design work card/issue for RBAC and then come back to this after RBAC is implemented.
	07:57:35 ashcrow \| thoughts?
	07:57:39 portdirect \| +1
	07:58:12 mbarnes \| sounds reasonable
	07:58:37 portdirect \| that makes the most sense i think at the moment
	07:59:56 ashcrow \| mbarnes / portdirect / gbraad: Any other items for the open floor?
	08:00:20 mbarnes \| none for me
	08:00:54 portdirect \| I'm good, though is there a mailing list I should be on?
	08:01:11 ashcrow \| portdirect: yes :-) atomic-devel@projectatomic.io
	08:01:30 portdirect \| sweet - I'm much bettwer at that than twiter :)
	08:02:20 ashcrow \| portdirect: traditionally there hasn't been much chatter about commissaire on the list but I'd like to change that. Feel free to post questions/ideas/etc.. there and mbarnes, gbraad, and myself (who are all on it too) will chime in.
	08:03:36 ashcrow \| The next meeting will be on Nov 28th. Same time, same place.
	08:04:09 ashcrow \| This concludes this weeks meeting. Thanks everybody!
	08:04:20 portdirect \| have a good week guys :)
	08:04:21 mbarnes \| we'll all be wide awake for that one, I'm sure :)