14:30:29 #startmeeting Pulp Triage 2020-07-21 14:30:29 #info fao89 has joined triage 14:30:29 !start 14:30:29 Meeting started Tue Jul 21 14:30:29 2020 UTC. The chair is fao89. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:30:29 Useful Commands: #action #agreed #help #info #idea #link #topic. 14:30:29 The meeting name has been set to 'pulp_triage_2020-07-21' 14:30:29 fao89: fao89 has joined triage 14:30:35 #info daviddavis has joined triage 14:30:35 !here 14:30:35 daviddavis: daviddavis has joined triage 14:30:39 #info ggainey has joined triage 14:30:39 !here 14:30:39 ggainey: ggainey has joined triage 14:30:40 #info ppicka has joined triage 14:30:40 !here 14:30:40 ppicka: ppicka has joined triage 14:30:51 !next 14:30:52 #topic https://pulp.plan.io/issues/7179 14:30:52 fao89: 2 issues left to triage: 7179, 7178 14:30:53 RM 7179 - ekohl - POST - Set a default DJANGO_SETTINGS_MODULE in content app 14:30:54 #info ipanova has joined triage 14:30:54 !here 14:30:55 https://pulp.plan.io/issues/7179 14:30:56 ipanova: ipanova has joined triage 14:31:21 let's triage as is 14:31:24 #idea Proposed for #7179: accept and add to sprint 14:31:24 !propose other accept and add to sprint 14:31:24 fao89: Proposed for #7179: accept and add to sprint 14:31:27 #info ttereshc has joined triage 14:31:27 !here 14:31:27 ttereshc: ttereshc has joined triage 14:31:28 +1 14:31:46 it's a story or a task 14:31:52 #info dkliban has joined triage 14:31:52 !here 14:31:52 dkliban: dkliban has joined triage 14:31:55 ah, good point 14:32:04 and maybe we should keep it on hold while bmbouter is looking at it 14:32:07 I'm just proposing to add to sprint because it is in post 14:32:30 #info bmbouter has joined triage 14:32:30 !here 14:32:30 bmbouter: bmbouter has joined triage 14:32:37 yes please hold 14:32:52 ok :) 14:32:59 what is the action? skip? 14:33:04 yes 14:33:05 yes 14:33:07 hold! :) 14:33:13 * daviddavis holds 14:33:14 !hold 14:33:14 fao89: Error: "hold" is not a valid command. 14:33:23 fao89: don't listen to ttereshc 14:33:27 she's trying to confuse you 14:33:28 exactly! 14:33:31 skip 14:33:31 !skip 14:33:32 #topic https://pulp.plan.io/issues/7178 14:33:32 fao89: 1 issues left to triage: 7178 14:33:33 RM 7178 - ekohl - NEW - Recommended installation layout 14:33:34 https://pulp.plan.io/issues/7178 14:34:04 !skip 14:34:43 this one makes my head hurt 14:34:48 ha 14:34:51 agreed 14:35:22 it's a long list of grievances 14:36:23 I have no idea what to propose 14:36:28 issue wise this is not clear enough to accept 14:36:34 we could discuss some at open floor perhaps 14:36:57 let's do that 14:37:09 !skip 14:37:10 fao89: No issues to triage. 14:37:42 Open floor! 14:37:46 \o/ 14:38:03 so we can discuss the grievances 14:38:28 https://hackmd.io/SVCMjpwXTfOMqF2OeyyLRw 14:38:40 topic:Back up fixtures and take them down https://pulp.plan.io/issues/6649 14:39:00 oo this was me 14:39:02 +1 14:39:13 #info mikedep333 has joined triage 14:39:13 !here 14:39:13 mikedep333: mikedep333 has joined triage 14:39:23 I think we're ready for this? 14:39:28 i think so 14:39:28 +1 14:39:31 +1 14:39:33 concur 14:39:34 +1 14:39:41 follow up question: who has access to the pulp account on fedorapeople.org? 14:40:41 dkliban I believe 14:40:58 i do 14:41:09 ok I'll work with dkliban to backup and remove them then 14:41:14 next topic: Repo name uniqueness constraint per repository type 14:41:14 sounds good 14:41:16 * daviddavis high fives dkliban 14:41:31 there is a thread on pulp-dev mailing list about this topic 14:41:35 yus 14:41:36 i did not get a lot of responses 14:41:45 so i wanted to follow up about it here 14:41:58 dkliban: I just wanted to clarify that we're talking about making the UQ (name, pulp_type) 14:42:00 yeah? 14:42:05 yes 14:42:12 ok cool 14:42:18 dkliban: will this change be only for repo names? 14:42:28 I realized that I had 'assumed' that, without making it explicit, and panicked :) 14:42:44 dkliban: i think we identified that base path for distributions should also be included? 14:42:45 well I did hear the suggestion that there should be no uniq constraint on name at all 14:43:12 daviddavis: I would think that would be bad UX, to put it mildly 14:43:13 +1 to no uniqueness constraint 14:43:33 ipanova: that;s a separate discussion. but i want to discuss it also. 14:43:33 let me share some info about why 14:43:38 dkliban: ack 14:43:41 bmbouter: a) breaks import/export, and b) means I can have two rhel8-base-x86_64 - how does the user tell which is which? 14:44:03 queryset scoping will cause a multi-user system to segment objects based on access 14:44:29 so really I think the uniqueness constraint needs to align w/ the query set scoping feature 14:44:36 if there is any constraint at all 14:45:11 but on a multiuser system, with rbac, if we keep what we have, user A creates repo 'foo' user B can't see repo 'foo' user B goes to create 'foo' and user B is told 'foo' already exists... 14:45:48 how is the admin case handled? when user has access to all repos? 14:45:59 but under your approach, a creates 'foo', b creates 'foo', RBAC for a,b, or foo changes and now b can see 'foo' twice 14:46:20 yes and I wonder to myself is that an issue 14:46:34 pk's are unique names really aren't 14:47:04 at the very least, we'll have to have a natural key and whatever that is, whoever implements it will have to update the import/export code to use it 14:47:07 bmbouter: if we apply this globally, then import/export is, honestly, screwed :( 14:47:35 because what you're saying is that uniqueness only applies inside a given instance, with a specific set of RBAC in place 14:48:06 yea acutally, what if downstream doesn't have the same users/perms/etc 14:48:13 it won't 14:49:13 I have a real problem with linking object-identity and current-permissions 14:49:16 how is removing the contraint entirely creating a problem? 14:49:27 there would be no link in that case so that's orthogonal 14:49:49 bmbouter: how do we match upstream repos to downstream repos? 14:49:52 bmbouter: because there's no way to uniquely-identify the thing 14:49:54 if there's no unique field 14:50:04 dkliban, was there an ask from some users like wibbit to use names instead of pks for repos? I'm not sure I remember 14:50:15 there was 14:50:28 can we look at a specific object's uniqueness together 14:50:34 so like FileRepository is that an example? 14:50:38 yes 14:51:29 bmbouter: you can certainly have multi-key uqs, yes 14:51:34 is that what you were asking? 14:51:53 bmbouter: i am hearing the following concern from ggainey and daviddavis 14:52:49 I'm reading the code and I see FileRepository inherits from Repository and defines no extra uniqueness stuff 14:52:57 https://github.com/pulp/pulp_file/blob/fbe4a2af270a894983e0233022db6d633e7abe10/pulp_file/app/models.py#L43 14:53:19 when performing an incremental export, how can i decide what needs to be exported if i don't have a set of unique fields to compare against my previous export. when importing, how do i determine what was updated and what was additionally created 14:53:24 bmbouter: because it inherits, it gets (name, pulp_type) 14:53:32 and I see that Repository does use name https://github.com/pulp/pulpcore/blob/b94abd64d76ea4554e6750ff38ce458eaa888cc8/pulpcore/app/models/repository.py#L146-L153 14:53:45 (well - it has name today, original proposal would add pulp_type as well) 14:54:18 let's try to turn this question back to the folks who know this better than I 14:54:31 ggainey: daviddavis: am i understanding the concern correctly? 14:54:32 dkliban: I have the additional concern of 'RBAC roles are temporal, using them to determine UQ means what's unique today might not be tomorrow' 14:54:33 because I'm wondering what they would recommend about my concern from ^ regarding the naming problem and RBAC 14:55:57 ggainey: good point 14:56:00 If there is no uniqueness constraint, then every resource needs to have an 'export-id' or 'upstream-id' that is filled out when the resource is imported 14:56:11 ggainey: and daviddavis does my concern from ^ make sense? 14:56:32 dkliban: that's a workaround, that in many cases will break when an entity is exported/imported, deleted upstream, recreated upstream, and then reimported 14:57:28 i agree 14:57:54 bmbouter: honestly, it's an artifact of object-level RBAC that I don't think I've ever seen work any other way. "You can create this object, but not if one already exists, that you're not allowed to see" is an RBAC edge-case 14:58:14 ggainey: I disagree it's likely going to be impacting many more users thatn PIE 14:58:42 let's find a way to have all features go forward 14:58:46 bmbouter: and when my role changes so now I can see all the repos? 14:59:00 I'm struggling in tthis convo because what I'm hearing is nothing can change in the data model 14:59:04 how do I clarify which one is 'mine', vs the one you created yesterday at the same time? 14:59:16 which is incompatible with my observation that something must change 14:59:21 bmbouter: what I'm saying is, RBAC is orhtogonal to the data-model 14:59:50 and what *I'm* hearing is, "everything in the data modele has to change to address an RBAC issue" 15:00:27 let's step back this is getting unproductive 15:00:32 sure 15:01:19 my observation is rooted in a user's experience, I don't see how we can call pulp a multi-user system with what we've got 15:01:32 and rbac is really a piece of making pulp multi-user 15:01:52 do we want to move this convo to the email thread or scheduling a meeting would be helpful? 15:01:55 sure 15:02:10 i think we should do a little more email 15:02:26 i see valid points form both sides 15:02:28 I'd suggest that "multi-user" and "multi-*tenant*" are different things 15:02:43 but yeah, more discussion def warrented 15:03:12 I can reply to the thread that is ok w/ me 15:03:20 sounds good 15:03:38 +1 15:04:09 thank you bmbouter 15:05:12 let's move on? 15:05:17 +1 15:05:21 yeah 15:05:27 topic: Adding ‘user’ field to tasks 15:05:35 https://pulp.plan.io/issues/7180 15:06:11 I def like the idea (as long as it isn't a FK-relationship somehow, since users can come and go) 15:06:27 "who did this" is a really common question an admin asks :) 15:06:55 do we want to add to the sprint bmbouter? 15:07:18 yes I'd like to because the rbac work should port onto it and itwould come w/ rbac PR in pulpcore 15:07:33 along w/ like 6-7 other issues at this point (each clear and small, the changleogs will show them) 15:07:33 bmbouter: ack, will add the FK note? 15:07:53 will you add* 15:08:13 ipanova: I will 15:08:21 what are we doing w.r.t the name? 15:08:39 i have no objections around adding it to the sprint 15:09:06 bmbouter: +1 to created_by 15:09:22 yeah I think that's the clearest probably 15:09:26 let's use that one 15:09:34 created_by works 15:09:35 sure 15:09:37 +1 15:09:39 I'll put these two revisions in the ticket and add to sprint if others think that is ok 15:09:39 I agree, +1 ti created_by 15:09:45 +1 15:10:18 topic: Reminder: add topics to pulpcon agenda https://hackmd.io/hIOjFsFiSkGJR7VqtAJ8eQ 15:10:53 oh this is just a reminder to add pulpcon topics 15:11:00 I added a couple today 15:11:23 also +1 to topics that you're interested in would be helpful 15:11:53 good reminder 15:13:51 yeah, i think this was the last item on the agenda? 15:14:32 yep 15:14:43 #endmeeting 15:14:43 !end