<div dir="ltr">Keystone is one project that all other OpenStack projects use, so personally I think the change to remove the API which are widely used should be discussed at TC meeting .<div><br></div><div>As far as I know ,not all OpenStack projects support the keystone v3 domain (domain, project,user) as well as keystone, you can see the policy.json of each project to check.</div><div>most of projects have no domain specified role API.</div><div><br></div><div>I'd ask how much effort do we need to maintain the keystone v2 api ? can we just keep the code there? </div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 20, 2017 at 2:41 AM, Alex Schultz <span dir="ltr"><<a href="mailto:aschultz@redhat.com" target="_blank">aschultz@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Thu, Oct 19, 2017 at 11:49 AM, Lance Bragstad <<a href="mailto:lbragstad@gmail.com">lbragstad@gmail.com</a>> wrote:<br>
> Yeah - we specifically talked about this in a recent meeting [0]. We<br>
> will be more verbose about this in the future.<br>
><br>
<br>
</span>I'm glad to see a review of this. In reading the meeting logs, I<br>
understand it was well communicated that the api was going to go away<br>
at some point. Yes we all knew it was coming, but the exact time of<br>
impact wasn't known outside of Keystone. Also saying "oh it works in<br>
devstack" is not enough when you do something this major. So a "FYI,<br>
patches to remove v2.0 to start landing next week (or today)" is more<br>
what would have been helpful for the devs who consume master. It<br>
dramatically shortens the time spent debugging failures if you have an<br>
idea about when something major changes and then we don't have to go<br>
through git logs/gerrit to figure out what happened :)<br>
<br>
IMHO when large efforts that affect the usage of your service are<br>
going to start to land, it's good to send a note before landing those<br>
patches. Or at least at the same time. Anyway I hope other projects<br>
will also follow a similar pattern when they ultimately need to do<br>
something like this in the future.<br>
<br>
Thanks,<br>
-Alex<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
> [0]<br>
> <a href="http://eavesdrop.openstack.org/meetings/keystone/2017/keystone.2017-10-10-18.00.log.html#l-107" rel="noreferrer" target="_blank">http://eavesdrop.openstack.<wbr>org/meetings/keystone/2017/<wbr>keystone.2017-10-10-18.00.log.<wbr>html#l-107</a><br>
><br>
> On 10/19/2017 12:00 PM, Alex Schultz wrote:<br>
>> On Thu, Oct 19, 2017 at 10:08 AM, Lance Bragstad <<a href="mailto:lbragstad@gmail.com">lbragstad@gmail.com</a>> wrote:<br>
>>> Hey all,<br>
>>><br>
>>> Now that we're finishing up the last few bits of v2.0 removal, I'd like to<br>
>>> send out a reminder that Queens will not include the v2.0 keystone APIs<br>
>>> except the ec2-api. Authentication and validation of v2.0 tokens has been<br>
>>> removed (in addition to the public and admin APIs) after a lengthy<br>
>>> deprecation period.<br>
>>><br>
>> In the future can we have a notice before the actual code removal<br>
>> starts? We've been battling various places where we thought we had<br>
>> converted to v3 only to find out we hadn't correctly done so because<br>
>> it use to just 'work' and the only way we know now is that CI blew up.<br>
>> A heads up on the ML probably wouldn't have lessened the pain in this<br>
>> instance but at least we might have been able to pinpoint the exact<br>
>> problem quicker.<br>
>><br>
>> Thanks,<br>
>> -Alex<br>
>><br>
>><br>
>>> Let us know if you have any questions.<br>
>>><br>
>>> Thanks!<br>
>>><br>
>>><br>
>>> ______________________________<wbr>______________________________<wbr>______________<br>
>>> OpenStack Development Mailing List (not for usage questions)<br>
>>> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
>>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
>>><br>
>> ______________________________<wbr>______________________________<wbr>______________<br>
>> OpenStack Development Mailing List (not for usage questions)<br>
>> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
><br>
><br>
<br>
______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Tang Yaguang</div><div><br></div><br><div> </div></div></div>
</div>