15:30:27 <dkliban> #startmeeting Pulp Triage 2021-01-05
15:30:27 <dkliban> #info dkliban has joined triage
15:30:27 <dkliban> !start
15:30:27 <pulpbot> Meeting started Tue Jan  5 15:30:27 2021 UTC.  The chair is dkliban. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:30:27 <pulpbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:30:27 <pulpbot> The meeting name has been set to 'pulp_triage_2021-01-05'
15:30:27 <pulpbot> dkliban: dkliban has joined triage
15:30:53 <ggainey> #info ggainey has joined triage
15:30:53 <ggainey> !here
15:30:53 <pulpbot> ggainey: ggainey has joined triage
15:30:54 <ppicka> #info ppicka has joined triage
15:30:54 <ppicka> !here
15:30:54 <pulpbot> ppicka: ppicka has joined triage
15:31:14 <ttereshc> #info ttereshc has joined triage
15:31:14 <ttereshc> !here
15:31:14 <pulpbot> ttereshc: ttereshc has joined triage
15:31:24 <dkliban> I still don't see anything on the agenda for open floor.
15:31:32 <dkliban> Does anyone have any last minute options?
15:31:38 <ggainey> not I
15:31:43 <dkliban> oops ... s/options/topics/
15:32:06 <daviddavis> #info daviddavis has joined triage
15:32:06 <daviddavis> !here
15:32:07 <pulpbot> daviddavis: daviddavis has joined triage
15:32:08 <daviddavis> not me
15:32:15 <dkliban> cool ... let's move into bug triage then
15:32:17 <dkliban> !next
15:32:18 <dkliban> #topic https://pulp.plan.io/issues/8035
15:32:18 <pulpbot> dkliban: 5 issues left to triage: 8035, 8030, 8018, 8000, 7950
15:32:19 <pulpbot> RM 8035 - daviddavis - NEW - pulp-oci-images uses EOL version of Fedora
15:32:20 <pulpbot> https://pulp.plan.io/issues/8035
15:32:28 <ggainey> accept and add
15:32:49 <ggainey> or - should this be a task instead?
15:32:49 <daviddavis> +1
15:32:55 <dkliban> we have a related issue that was to move the oci image to use CentOS stream
15:33:11 <dkliban> i believe that would resolve this issue as well
15:33:23 <dkliban> i am +1 to accepting and adding to the sprint
15:33:28 <dkliban> i'll mark the issues as related
15:33:32 <ggainey> +1
15:33:35 <daviddavis> it's giong to be a problem soon
15:33:39 <ggainey> yus
15:33:40 <daviddavis> once they remove f31 from https://quay.io/repository/fedora/fedora?tab=tags
15:33:53 <daviddavis> moving to centos stream sounds good
15:34:01 <dkliban> yeah ... we will do this work very soon
15:34:05 <daviddavis> +1
15:34:12 <ttereshc> great
15:34:18 <dkliban> it should not be a big effort because centos stream now has all the packages we need
15:34:25 <daviddavis> \o/
15:34:46 * ggainey cheers wildly
15:34:46 <dkliban> #idea Proposed for #8035: accept and add to sprint
15:34:46 <dkliban> !propose other accept and add to sprint
15:34:46 <pulpbot> dkliban: Proposed for #8035: accept and add to sprint
15:34:55 <ggainey> +1
15:35:14 <ttereshc> +1
15:35:19 <dkliban> #agreed accept and add to sprint
15:35:19 <dkliban> !accept
15:35:19 <pulpbot> dkliban: Current proposal accepted: accept and add to sprint
15:35:20 <dkliban> #topic https://pulp.plan.io/issues/8030
15:35:20 <pulpbot> dkliban: 4 issues left to triage: 8030, 8018, 8000, 7950
15:35:21 <pulpbot> RM 8030 - laugmanuel@gmail.com - NEW - pulpcore-manager does not find/read settings from PULP_SETTINGS
15:35:22 <pulpbot> https://pulp.plan.io/issues/8030
15:35:45 <daviddavis> note that they are using settings.yaml instead of settings.py which should work
15:35:51 <daviddavis> not sure why it isn't
15:36:52 <dkliban> hmm
15:37:30 <dkliban> i believe this is a permissions problem
15:37:52 <dkliban> though i think we now produce a message when that is the case
15:38:04 <daviddavis> hmm ok
15:38:15 <dkliban> actually, that's exactly what that error message says
15:38:43 <ttereshc> settings.yaml seems to be readable for pulp group
15:38:49 <ggainey> dkliban: they're runnig as pulp, and settings.yaml is 640
15:38:51 <ggainey> yeah
15:38:57 <dkliban> hmmmmm
15:39:17 <dkliban> ok ... let's accept and add to sprint so someone investigates this
15:39:24 <ggainey> yeah, sounds good
15:39:34 <dkliban> he provided a lot of information here
15:39:36 <daviddavis> +1
15:39:50 <dkliban> #idea Proposed for #8030: accept and add to sprint
15:39:50 <dkliban> !propose other accept and add to sprint
15:39:50 <pulpbot> dkliban: Proposed for #8030: accept and add to sprint
15:39:54 <ggainey> +1
15:40:25 <ttereshc> +1
15:40:28 <dkliban> #agreed accept and add to sprint
15:40:28 <dkliban> !accept
15:40:28 <pulpbot> dkliban: Current proposal accepted: accept and add to sprint
15:40:29 <pulpbot> dkliban: 3 issues left to triage: 8018, 8000, 7950
15:40:29 <dkliban> #topic https://pulp.plan.io/issues/8018
15:40:30 <pulpbot> RM 8018 - mdellweg - POST - viewsets that are not guarded by rbac allow any user known to the system
15:40:31 <pulpbot> https://pulp.plan.io/issues/8018
15:40:40 <ggainey> already has a PR - accept and add
15:40:58 <daviddavis> +1
15:41:19 <dkliban> #idea Proposed for #8018: accept and add to sprint
15:41:19 <dkliban> !propose other accept and add to sprint
15:41:19 <pulpbot> dkliban: Proposed for #8018: accept and add to sprint
15:41:30 <dkliban> +1
15:41:33 <ttereshc> this is the one which requires feedback on the list
15:41:40 <ttereshc> pulp-dev
15:41:42 <dkliban> yeah ... but we can accept the issue
15:41:46 <ttereshc> sure
15:41:55 <dkliban> #agreed accept and add to sprint
15:41:55 <dkliban> !accept
15:41:55 <pulpbot> dkliban: Current proposal accepted: accept and add to sprint
15:41:56 <dkliban> #topic https://pulp.plan.io/issues/8000
15:41:56 <pulpbot> dkliban: 2 issues left to triage: 8000, 7950
15:41:57 <pulpbot> RM 8000 - gw0101 - NEW - user improperly authenticated via valid cert
15:41:58 <pulpbot> https://pulp.plan.io/issues/8000
15:42:09 <ggainey> this is a Pulp2 issue
15:42:27 * daviddavis flees under the cover of darkness
15:42:32 <ggainey> heh
15:42:43 <dkliban> lol
15:43:37 <dkliban> i don't want to fix this ...
15:43:53 <ggainey> so this involves cert-auth - is it not the case that apcahe-cert-auth handles cert-revocation?
15:44:01 <ttereshc> is there a way to disable a session in pulp2? to remove an earlier  validated cert
15:44:13 <dkliban> i have no idea
15:44:57 <ggainey> me either, alas
15:45:16 <dkliban> so what should we do about this issue?
15:45:56 <ggainey> so , two issues w/this issue - cert-revocation is the Right Way to handle this, not inside-pulp, and "Pulp2 is EOL and we're not fixing stuff like this", yeah?
15:46:30 <dkliban> yeah
15:46:32 <ttereshc> yeah, that should do
15:46:43 <dkliban> ggainey: you want to do the honors?
15:46:46 <daviddavis> hey wait
15:46:51 <ggainey> the cert-revocation I'm not as certain about, because I am not familiar with what pulp itself gives the user access to
15:46:51 <dkliban> hey ok ....
15:46:57 <daviddavis> if I am reading this correctly, this is a serious problem
15:47:08 <daviddavis> like it escalates the consumer's privledges?
15:47:39 <ttereshc> yes it sounds like it however it's been there forever I guess
15:47:57 <daviddavis> when you remove the user, they get the default privs which may be higher than their priv
15:48:36 <dkliban> yeah it does
15:49:17 <ggainey> hm
15:49:24 <ggainey> daviddavis: this is a really good point
15:49:25 <ggainey> alas
15:49:26 <ggainey> :)
15:50:02 <daviddavis> does this affect all pulp 2 releases?
15:50:09 <daviddavis> or 2.21+
15:50:16 <dkliban> i am guessing all
15:50:24 <dkliban> this has not changed in years
15:50:32 <ggainey> since whenever auth-by-cert was introduced
15:51:00 <daviddavis> yea
15:51:39 <daviddavis> I recognize that no one has time to work on this
15:51:43 <daviddavis> so I am not sure what to do
15:51:52 <ggainey> so are we talking about the consumer-cert? as described here ? https://docs.pulpproject.org/en/2.21/user-guide/consumer-client/register.html#pre-registration-authentication
15:52:32 <dkliban> i think he is talking about users
15:52:42 <dkliban> even though he uses the term consumer
15:52:46 <dkliban> REST API user
15:52:50 <ggainey> yeah, hence my confusion
15:54:28 <daviddavis> I vote we skip for now and get more opinions
15:54:34 <ggainey> yeah ok
15:55:05 <dkliban> so it sounds like we need to accept and investigate
15:55:18 <ggainey> as I'm still a little unclear on exactly what's going on here - other than "I don't like it", whatever it is :)
15:55:47 <ggainey> dkliban: I think that's correct, it's a problem and we need to at least look into it
15:55:59 <ttereshc> +1 to skip, and there is not much apart from the post request https://docs.pulpproject.org/en/2.21/dev-guide/integration/rest-api/authentication.html
15:56:28 <ggainey> ttereshc: ah! this is *exactly* what I needed, thank you!
15:56:35 <ttereshc> I don't see a way to sign out
15:57:13 <dkliban> so should we add to the sprin?
15:57:21 <ggainey> yeah, let's add
15:57:40 <daviddavis> +1
15:57:52 <dkliban> #idea Proposed for #8000: accept and add to sprint
15:57:52 <dkliban> !propose other accept and add to sprint
15:57:52 <pulpbot> dkliban: Proposed for #8000: accept and add to sprint
15:58:24 <ggainey> +1
15:58:32 <dkliban> #agreed accept and add to sprint
15:58:32 <dkliban> !accept
15:58:32 <pulpbot> dkliban: Current proposal accepted: accept and add to sprint
15:58:33 <pulpbot> dkliban: 1 issues left to triage: 7950
15:58:33 <dkliban> #topic https://pulp.plan.io/issues/7950
15:58:34 <pulpbot> RM 7950 - newswangerd - NEW - Backport 7912
15:58:35 <pulpbot> https://pulp.plan.io/issues/7950
15:58:49 <ttereshc> this is waiting on the bugfix
15:58:55 <ttereshc> so we keep skipping it
15:58:59 <dkliban> let's skip again
15:59:04 <ttereshc> +1
15:59:08 <daviddavis> +1
15:59:13 <dkliban> !skip
15:59:14 <pulpbot> dkliban: No issues to triage.
15:59:41 <dkliban> awesome! thank you all for your time!
15:59:49 <dkliban> #endmeeting
15:59:49 <dkliban> !end