| *** mklejn_ is now known as mklejn | 08:36 | |
| Luzi | #startmeeting image_encryption | 13:00 |
|---|---|---|
| opendevmeet | Meeting started Mon Feb 19 13:00:10 2024 UTC and is due to finish in 60 minutes. The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot. | 13:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 13:00 |
| opendevmeet | The meeting name has been set to 'image_encryption' | 13:00 |
| Luzi | #topic Roll Call | 13:00 |
| Luzi | waiting for people to join | 13:02 |
| fungi | oh, hey there! | 13:05 |
| Luzi | hi fungi | 13:05 |
| fungi | sorry, got sidetracked with some code reviews | 13:05 |
| Luzi | no problem | 13:05 |
| Luzi | this will be a short meeting again | 13:05 |
| Luzi | #topic Image Encryption Patches | 13:05 |
| Luzi | well i got positive signs from scs to help with testing, but they have a lot of things to do too.. so i think this will be a good starting point for the next cycle | 13:06 |
| Luzi | besides that, i don't have anything for today | 13:07 |
| Luzi | do you have any topic? | 13:07 |
| fungi | that's a great update, thanks for following up! | 13:08 |
| fungi | no, i didn't have anything | 13:08 |
| Luzi | okay, well then that was it for today | 13:08 |
| Luzi | thank you for joining and have anice week | 13:08 |
| fungi | have a great week! | 13:08 |
| Luzi | #endmeeting image_encryption | 13:08 |
| opendevmeet | Meeting ended Mon Feb 19 13:08:40 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 13:08 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/image_encryption/2024/image_encryption.2024-02-19-13.00.html | 13:08 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/image_encryption/2024/image_encryption.2024-02-19-13.00.txt | 13:08 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/image_encryption/2024/image_encryption.2024-02-19-13.00.log.html | 13:08 |
| Luzi | btw, are you involved in the secure RBAC topic? | 13:09 |
| fungi | Luzi: i haven't followed it as closely as i would like, but if you have questions i can try to help get some answers for you | 13:13 |
| fungi | i think i'm fairly up on the current state and planned direction openstack-wide, but less certain what the per-project situation is at the momenyt | 13:14 |
| Luzi | okay thank you, do you know how long the "old" policies can still be used? | 13:15 |
| Luzi | so i mean, for the caracal release, it seems, like there is still a difference in progress for many projects | 13:16 |
| Luzi | can the old policies still be applied with this release? And is there a plan on when the new policies will be mandatory? | 13:16 |
| fungi | Luzi: from what i've seen, not all projects have completed the current phase of adding the read-only role. i'm also not sure the plan included any guidance (beyond the normal configuration handling requirement for upgrades) about backward-compatibility for policies. though also at least the nova team has traditionally considered policy files to be service data rather than | 13:19 |
| fungi | configuration so even there the compatibility guarantees may vary | 13:19 |
| Luzi | okay thank you fungi | 13:20 |
| fungi | Luzi: by "old" policies are you referring to the json formatted ones, or the non-rbac ones? | 13:20 |
| fungi | i think the policy yaml transition happened a while ago | 13:21 |
| Luzi | the unscoped ones, that can be changed in the yaml file | 13:21 |
| fungi | okay, that's what i thought you meant, just making sure | 13:22 |
| fungi | Luzi: the goal writeup refers to a status tracking pad at https://etherpad.opendev.org/p/rbac-goal-tracking | 13:22 |
| fungi | the timeslider indicates it was last updated a couple of weeks ago, so may be reasonably current | 13:23 |
| fungi | from that, it looks like cinder may be the lone holdout of the commonly-deployed projects (not counting tacker) for phase 1 completion | 13:24 |
| Luzi | yeah, i know that one - i am just a little bit concerned about the different defaults | 13:25 |
| Luzi | well, we will see | 13:25 |
| fungi | Luzi: it might be worth asking the secure rbac pop-up team to amend https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html with backward compatibility guidance/parameters as part of the timeframe laid out therein | 13:27 |
| fungi | in particular, with clarification around the slurp upgrade cadence which didn't exist when that plan was originally drafted | 13:28 |
| fungi | the only mention of backwards compatibility i see is about halfway through the direction change section where it talks about allowing system users to operate on project-owned resources with system-scoped tokens | 13:30 |
| *** NeilHanlon is now known as nhanlon | 19:00 | |
| *** nhanlon is now known as NeilHanlon | 19:02 | |
| gmann | fungi: ack, yeah I need to update that rbac goal doc and with some of the timeline also. I will do it sometime in this week. thanks for notice | 19:16 |
| fungi | gmann: no worries, probably fine if it's discussed at the ptg really | 19:17 |
| gmann | yeah, I was supposed to update those but always missed to do that. but I added it in my this week TODO | 19:19 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!