Wednesday, 2023-02-15

« Monday, 2023-02-13 Index Thursday, 2023-02-16 »
opendevreviewMerged openstack/glance master: Drop tag assertion from README  https://review.opendev.org/c/openstack/glance/+/83433408:53
pranaligmann, removing deprecated ``enforce_secure_rbac`` option after switching to new defaults, https://review.opendev.org/c/openstack/glance/+/873372 is causing failure for other existing tempest jobs14:15
pranalias the rbac conf options are not enabled in those14:15
pranalihttps://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_e28/873372/5/check/tempest-integrated-storage-import/e2801d5/testr_results.html14:16
pranaliand of course passing for the new job added in the parent patch14:16
pranaliso should skip adding the new job in the parent patch 872522 and enable the conf options for all tempest jobs ? or14:17
pranaliwe should keep the parent patch as it is and remove the enforce_secure_rbac option in next cycle ?14:17
pranali*should we14:19
pranalidansmith ^14:19
abhishekkIMO adding new job just for few moments does not makes sense to me, I think either remove the config option in next cycle or just migrate existing jobs to use new defaults instead of adding new job 14:37
dansmithyeah we need to keep the config for at least a couple cycles after switching the default to new, IMHO14:41
dansmithswitching the default it when most people will even realize this is a thing, and won't have noticed before14:41
dansmiththey will have to rejigger their roles and users to make that work across all their services.. so just yanking out the rug is not likely to be very popular14:42
abhishekk++14:43
pranaliyeah that's right.. 14:46
pranaliso could please give your vote to https://review.opendev.org/c/openstack/glance/+/872522 so that we can have it in m3 :)14:47
croelandtpranali: Shouldn't we abandon https://review.opendev.org/c/openstack/python-glanceclient/+/773532 ?14:52
abhishekkpranali, also I think without changing default value of the config option I think you should add those values in the job it self14:56
abhishekkbecause now as you have enforced the values in the code our functional and unit tests will enforce rbac policies and CI jobs (except new one) will be legacy policy enforcement14:56
abhishekkbut this is my opinion though 15:01
abhishekkcroelandt, yes15:03
abhishekkthat needs to be abandoned15:03
croelandtI'll do that and look at the patch for which you pinged me on Slack :)15:03
abhishekkthanks :D15:03
pranaliabhishekk, yeah that makes sense but let's see what gmann says on this because for nova those values are enforced 15:17
abhishekkack15:17
gmanndansmith: but this is about glance extra config enforce_secure_rbac not the oslo one. that was deprecated in wallaby and duplicate of olso config options which we are enabling by default15:19
gmannpranali: existing jobs running on old defaults should not be impacted, let me check the failure15:19
abhishekkgmann, earlier glance use to have authentication layer where we used to have additional checks other than old policies15:23
abhishekksince we have removed that and old policy was open to all that single test related to image sharing is affecting the old jobs15:24
gmannabhishekk: this one ? https://review.opendev.org/c/openstack/glance/+/873372/5/glance/api/v2/image_members.py#b7615:24
abhishekkyeah15:24
abhishekkline #92 to be specific15:25
gmannabhishekk: pranali: replied it should pass test now. https://review.opendev.org/c/openstack/glance/+/873372/5/glance/api/v2/image_members.py#b99 15:29
gmannbasically we are keeping the old policy but they are disabled by default. but they can be enabled by operator so we should have that old check but with oslo conjfig option checks 15:30
abhishekkgmann, ack15:30
gmanndansmith: do you think replacing the glance specific config with oslo config create the upgrade impact. glance specific config option is duplicate of oslo one and was marked deprecated-for-removal since wallaby https://review.opendev.org/c/openstack/glance/+/873372/5/glance/api/v2/image_members.py#b9915:31
gmannpranali: sorry I did not look into that specific glance code in my early review15:34
gmanndansmith: if we do that in any cycle, it will be same impact. I am thinking to clearly mentioning that this glance specific deprecated config option is removed now and use olso one for the same purpose15:37
gmannwhich pranali already added https://review.opendev.org/c/openstack/glance/+/873372/5/releasenotes/notes/remove-enforce-secure-rbac-ec9a0249870460c2.yaml15:38
dansmithsorry in a call15:38
gmannk. not urgent15:42
gmannfor now15:42
dansmithgmann: ah, no, no need to keep the glance specific one I think, I just thought this was talking about both because of the need for the jobs15:51
pranaligmann, ack, Thanks I will update the patch accordingly15:54
gmannk15:57
opendevreviewPranali Deore proposed openstack/glance master: Enabled new defaults and scope checks by default  https://review.opendev.org/c/openstack/glance/+/87252218:10
opendevreviewPranali Deore proposed openstack/glance master: Remove deprecated ``enforce_secure_rbac`` option  https://review.opendev.org/c/openstack/glance/+/87337218:10
abhishekkdansmith, if you are around, do you think this needs to be removed?18:24
abhishekkhttps://review.opendev.org/c/openstack/glance/+/873372/5/glance/tests/functional/v2/test_images_api_policy.py#b22018:24
abhishekkno hurry, please add comment on the patch 18:26
dansmithabhishekk: replied, but it seems like. the test is still valid.. the error message just might be different now18:35
abhishekkdansmith, ack, thank you!18:35
opendevreviewMerged openstack/glance master: Further robustification of format_inspector  https://review.opendev.org/c/openstack/glance/+/86412923:34
« Monday, 2023-02-13 Index Thursday, 2023-02-16 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!