#pulp-meeting log

14:30:29 <fao89> #startmeeting Pulp Triage 2020-07-21
14:30:29 <fao89> #info fao89 has joined triage
14:30:29 <fao89> !start
14:30:29 <pulpbot> Meeting started Tue Jul 21 14:30:29 2020 UTC.  The chair is fao89. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:30:29 <pulpbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:30:29 <pulpbot> The meeting name has been set to 'pulp_triage_2020-07-21'
14:30:29 <pulpbot> fao89: fao89 has joined triage
14:30:35 <daviddavis> #info daviddavis has joined triage
14:30:35 <daviddavis> !here
14:30:35 <pulpbot> daviddavis: daviddavis has joined triage
14:30:39 <ggainey> #info ggainey has joined triage
14:30:39 <ggainey> !here
14:30:39 <pulpbot> ggainey: ggainey has joined triage
14:30:40 <ppicka> #info ppicka has joined triage
14:30:40 <ppicka> !here
14:30:40 <pulpbot> ppicka: ppicka has joined triage
14:30:51 <fao89> !next
14:30:52 <fao89> #topic https://pulp.plan.io/issues/7179
14:30:52 <pulpbot> fao89: 2 issues left to triage: 7179, 7178
14:30:53 <pulpbot> RM 7179 - ekohl - POST - Set a default DJANGO_SETTINGS_MODULE in content app
14:30:54 <ipanova> #info ipanova has joined triage
14:30:54 <ipanova> !here
14:30:55 <pulpbot> https://pulp.plan.io/issues/7179
14:30:56 <pulpbot> ipanova: ipanova has joined triage
14:31:21 <ipanova> let's triage as is
14:31:24 <fao89> #idea Proposed for #7179: accept and add to sprint
14:31:24 <fao89> !propose other accept and add to sprint
14:31:24 <pulpbot> fao89: Proposed for #7179: accept and add to sprint
14:31:27 <ttereshc> #info ttereshc has joined triage
14:31:27 <ttereshc> !here
14:31:27 <pulpbot> ttereshc: ttereshc has joined triage
14:31:28 <ggainey> +1
14:31:46 <ttereshc> it's a story or a task
14:31:52 <dkliban> #info dkliban has joined triage
14:31:52 <dkliban> !here
14:31:52 <pulpbot> dkliban: dkliban has joined triage
14:31:55 <ggainey> ah, good point
14:32:04 <ttereshc> and maybe we should keep it on hold while bmbouter is looking at it
14:32:07 <fao89> I'm just proposing to add to sprint because it is in post
14:32:30 <bmbouter> #info bmbouter has joined triage
14:32:30 <bmbouter> !here
14:32:30 <pulpbot> bmbouter: bmbouter has joined triage
14:32:37 <bmbouter> yes please hold
14:32:52 <ipanova> ok :)
14:32:59 <fao89> what is the action? skip?
14:33:04 <bmbouter> yes
14:33:05 <dkliban> yes
14:33:07 <ttereshc> hold! :)
14:33:13 * daviddavis holds
14:33:14 <fao89> !hold
14:33:14 <pulpbot> fao89: Error: "hold" is not a valid command.
14:33:23 <daviddavis> fao89: don't listen to ttereshc
14:33:27 <daviddavis> she's trying to confuse you
14:33:28 <ttereshc> exactly!
14:33:31 <daviddavis> skip
14:33:31 <fao89> !skip
14:33:32 <fao89> #topic https://pulp.plan.io/issues/7178
14:33:32 <pulpbot> fao89: 1 issues left to triage: 7178
14:33:33 <pulpbot> RM 7178 - ekohl - NEW - Recommended installation layout
14:33:34 <pulpbot> https://pulp.plan.io/issues/7178
14:34:04 <ipanova> !skip
14:34:43 <dkliban> this one makes my head hurt
14:34:48 <daviddavis> ha
14:34:51 <bmbouter> agreed
14:35:22 <daviddavis> it's a long list of grievances
14:36:23 <fao89> I have no idea what to propose
14:36:28 <bmbouter> issue wise this is not clear enough to accept
14:36:34 <bmbouter> we could discuss some at open floor perhaps
14:36:57 <dkliban> let's do that
14:37:09 <fao89> !skip
14:37:10 <pulpbot> fao89: No issues to triage.
14:37:42 <fao89> Open floor!
14:37:46 <daviddavis> \o/
14:38:03 <fao89> so we can discuss the grievances
14:38:28 <fao89> https://hackmd.io/SVCMjpwXTfOMqF2OeyyLRw
14:38:40 <fao89> topic:Back up fixtures and take them down https://pulp.plan.io/issues/6649
14:39:00 <daviddavis> oo this was me
14:39:02 <ttereshc> +1
14:39:13 <mikedep333> #info mikedep333 has joined triage
14:39:13 <mikedep333> !here
14:39:13 <pulpbot> mikedep333: mikedep333 has joined triage
14:39:23 <daviddavis> I think we're ready for this?
14:39:28 <dkliban> i think so
14:39:28 <ipanova> +1
14:39:31 <bmbouter> +1
14:39:33 <ggainey> concur
14:39:34 <ppicka> +1
14:39:41 <daviddavis> follow up question: who has access to the pulp account on fedorapeople.org?
14:40:41 <bmbouter> dkliban I believe
14:40:58 <dkliban> i do
14:41:09 <daviddavis> ok I'll work with dkliban to backup and remove them then
14:41:14 <fao89> next topic: Repo name uniqueness constraint per repository type
14:41:14 <dkliban> sounds good
14:41:16 * daviddavis high fives dkliban
14:41:31 <dkliban> there is a thread on pulp-dev mailing list about this topic
14:41:35 <ggainey> yus
14:41:36 <dkliban> i did not get a lot of responses
14:41:45 <dkliban> so i wanted to follow up about it here
14:41:58 <ggainey> dkliban: I just wanted to clarify that we're talking about making the UQ (name, pulp_type)
14:42:00 <ggainey> yeah?
14:42:05 <dkliban> yes
14:42:12 <ggainey> ok cool
14:42:18 <ipanova> dkliban: will this change be only for repo names?
14:42:28 <ggainey> I realized that I had 'assumed' that, without making it explicit, and panicked :)
14:42:44 <ipanova> dkliban: i think we identified that base path for distributions should also be included?
14:42:45 <daviddavis> well I did hear the suggestion that there should be no uniq constraint on name at all
14:43:12 <ggainey> daviddavis: I would think that would be bad UX, to put it mildly
14:43:13 <bmbouter> +1 to no uniqueness constraint
14:43:33 <dkliban> ipanova: that;s a separate discussion. but i want to discuss it also.
14:43:33 <bmbouter> let me share some info about why
14:43:38 <ipanova> dkliban: ack
14:43:41 <ggainey> bmbouter: a) breaks import/export, and b) means I can have two rhel8-base-x86_64 - how does the user tell which is which?
14:44:03 <bmbouter> queryset scoping will cause a multi-user system to segment objects based on access
14:44:29 <bmbouter> so really I think the uniqueness constraint needs to align w/ the query set scoping feature
14:44:36 <bmbouter> if there is any constraint at all
14:45:11 <bmbouter> but on a multiuser system, with rbac, if we keep what we have, user A creates repo 'foo' user B can't see repo 'foo' user B goes to create 'foo' and user B is told 'foo' already exists...
14:45:48 <ttereshc> how is the admin case handled? when user has access to all repos?
14:45:59 <ggainey> but under your approach, a creates 'foo', b creates 'foo', RBAC for a,b, or foo changes and now b can see 'foo' twice
14:46:20 <bmbouter> yes and I wonder to myself is that an issue
14:46:34 <bmbouter> pk's are unique names really aren't
14:47:04 <daviddavis> at the very least, we'll have to have a natural key and whatever that is, whoever implements it will have to update the import/export code to use it
14:47:07 <ggainey> bmbouter: if we apply this globally, then import/export is, honestly, screwed :(
14:47:35 <ggainey> because what you're saying is that uniqueness only applies inside a given instance, with a specific set of RBAC in place
14:48:06 <daviddavis> yea acutally, what if downstream doesn't have the same users/perms/etc
14:48:13 <ggainey> it won't
14:49:13 <ggainey> I have a real problem with linking object-identity and current-permissions
14:49:16 <bmbouter> how is removing the contraint entirely creating a problem?
14:49:27 <bmbouter> there would be no link in that case so that's orthogonal
14:49:49 <daviddavis> bmbouter: how do we match upstream repos to downstream repos?
14:49:52 <ggainey> bmbouter: because there's no way to uniquely-identify the thing
14:49:54 <daviddavis> if there's no unique field
14:50:04 <ttereshc> dkliban, was there an ask from some users like wibbit to use names instead of pks for repos? I'm not sure I remember
14:50:15 <dkliban> there was
14:50:28 <bmbouter> can we look at a specific object's uniqueness together
14:50:34 <bmbouter> so like FileRepository is that an example?
14:50:38 <dkliban> yes
14:51:29 <ggainey> bmbouter: you can certainly have multi-key uqs, yes
14:51:34 <ggainey> is that what you were asking?
14:51:53 <dkliban> bmbouter: i am hearing the following concern from ggainey and daviddavis
14:52:49 <bmbouter> I'm reading the code and I see FileRepository inherits from Repository and defines no extra uniqueness stuff
14:52:57 <bmbouter> https://github.com/pulp/pulp_file/blob/fbe4a2af270a894983e0233022db6d633e7abe10/pulp_file/app/models.py#L43
14:53:19 <dkliban> when performing an incremental export, how can i decide what needs to be exported if i don't have a set of unique fields to compare against my previous export. when importing, how do i determine what was updated and what was additionally created
14:53:24 <ggainey> bmbouter: because it inherits, it gets (name, pulp_type)
14:53:32 <bmbouter> and I see that Repository does use name https://github.com/pulp/pulpcore/blob/b94abd64d76ea4554e6750ff38ce458eaa888cc8/pulpcore/app/models/repository.py#L146-L153
14:53:45 <ggainey> (well - it has name today, original proposal would add pulp_type as well)
14:54:18 <bmbouter> let's try to turn this question back to the folks who know this better than I
14:54:31 <dkliban> ggainey: daviddavis: am i understanding the concern correctly?
14:54:32 <ggainey> dkliban: I have the additional concern of 'RBAC roles are temporal, using them to determine UQ means what's unique today might not be tomorrow'
14:54:33 <bmbouter> because I'm wondering what they would recommend about my concern from ^ regarding the naming problem and RBAC
14:55:57 <ipanova> ggainey: good point
14:56:00 <dkliban> If there is no uniqueness constraint, then every resource needs to have an 'export-id' or 'upstream-id' that is filled out when the resource is imported
14:56:11 <bmbouter> ggainey: and daviddavis does my concern from ^ make sense?
14:56:32 <ggainey> dkliban: that's a workaround, that in many cases will break when an entity is exported/imported, deleted upstream, recreated upstream, and then reimported
14:57:28 <dkliban> i agree
14:57:54 <ggainey> bmbouter: honestly, it's an artifact of object-level RBAC that I don't think I've ever seen work any other way. "You can create this object, but not if one already exists, that you're not allowed to see" is an RBAC edge-case
14:58:14 <bmbouter> ggainey: I disagree it's likely going to be impacting many more users thatn PIE
14:58:42 <bmbouter> let's find a way to have all features go forward
14:58:46 <ggainey> bmbouter: and when my role changes so now I can see all the repos?
14:59:00 <bmbouter> I'm struggling in tthis convo because what I'm hearing is nothing can change in the data model
14:59:04 <ggainey> how do I clarify which one is 'mine', vs the one you created yesterday at the same time?
14:59:16 <bmbouter> which is incompatible with my observation that something must change
14:59:21 <ggainey> bmbouter: what I'm saying is, RBAC is orhtogonal to the data-model
14:59:50 <ggainey> and what *I'm* hearing is, "everything in the data modele has to change to address an RBAC issue"
15:00:27 <bmbouter> let's step back this is getting unproductive
15:00:32 <ggainey> sure
15:01:19 <bmbouter> my observation is rooted in a user's experience, I don't see how we can call pulp a multi-user system with what we've got
15:01:32 <bmbouter> and rbac is really a piece of making pulp multi-user
15:01:52 <ipanova> do we want to move this convo to the email thread or scheduling a meeting would be helpful?
15:01:55 <ggainey> sure
15:02:10 <dkliban> i think we should do a little more email
15:02:26 <ipanova> i see valid points form both sides
15:02:28 <ggainey> I'd suggest that "multi-user" and "multi-*tenant*" are different things
15:02:43 <ggainey> but yeah, more discussion def warrented
15:03:12 <bmbouter> I can reply to the thread that is ok w/ me
15:03:20 <ggainey> sounds good
15:03:38 <daviddavis> +1
15:04:09 <dkliban> thank you bmbouter
15:05:12 <ipanova> let's move on?
15:05:17 <ggainey> +1
15:05:21 <dkliban> yeah
15:05:27 <fao89> topic: Adding ‘user’ field to tasks
15:05:35 <fao89> https://pulp.plan.io/issues/7180
15:06:11 <ggainey> I def like the idea (as long as it isn't a FK-relationship somehow, since users can come and go)
15:06:27 <ggainey> "who did this" is a really common question an admin asks :)
15:06:55 <ipanova> do we want to add to the sprint bmbouter?
15:07:18 <bmbouter> yes I'd like to because the rbac work should port onto it and itwould come w/ rbac PR in pulpcore
15:07:33 <bmbouter> along w/ like 6-7 other issues at this point (each clear and small, the changleogs will show them)
15:07:33 <ipanova> bmbouter: ack, will add the FK note?
15:07:53 <ipanova> will you add*
15:08:13 <bmbouter> ipanova: I will
15:08:21 <bmbouter> what are we doing w.r.t the name?
15:08:39 <ipanova> i have no objections around adding it to the sprint
15:09:06 <ipanova> bmbouter:  +1 to created_by
15:09:22 <bmbouter> yeah I think that's the clearest probably
15:09:26 <bmbouter> let's use that one
15:09:34 <ggainey> created_by works
15:09:35 <ggainey> sure
15:09:37 <dkliban> +1
15:09:39 <bmbouter> I'll put these two revisions in the ticket and add to sprint if others think that is ok
15:09:39 <ttereshc> I agree, +1 ti created_by
15:09:45 <ggainey> +1
15:10:18 <fao89> topic: Reminder: add topics to pulpcon agenda  https://hackmd.io/hIOjFsFiSkGJR7VqtAJ8eQ
15:10:53 <daviddavis> oh this is just a reminder to add pulpcon topics
15:11:00 <daviddavis> I added a couple today
15:11:23 <daviddavis> also +1 to topics that you're interested in would be helpful
15:11:53 <ggainey> good reminder
15:13:51 <ipanova> yeah, i think this was the last item on the agenda?
15:14:32 <fao89> yep
15:14:43 <fao89> #endmeeting
15:14:43 <fao89> !end