[glance][ptg] Glance Xena PTG summary
Hello Everyone, Apologies for delay in sending the PTG summary and Thank you to everyone who attended the Glance Xena PTG. We had extremely eventful discussions around Secure RBAC and some new ideas for improvement in Glance. Here is a short summary of the discussions. See the Etherpad [1] for full notes. Tuesday, April 20 # Wallaby Retrospective On the positive note, we merged a number of useful features this cycle. We managed to implement a project scope of secure RBAC for images API and Distributed image import stuff. On the other side we had usual problems of review bandwidth and we were not able to keep our focus on reducing/managing the glance bugs backlog. We really need more people in the community helping out with reviews, and ideally moving to become members of the core team. We are happy to onboard new members with appropriate help. # Bug squashing per milestone Unfortunately (due to lack of contributors) glance community was unable to keep track of its bug backlog for the past couple of cycles. This cycle our main focus is to revisit old bugs and reduce the bug backlogs for glance, glance_store and python-glanceclient. We agreed to discuss existing bugs in our weekly meeting after every two weeks for 15-20 minutes. # Interop WG interlock During this session we discussed the state of existing glance tempest coverage and what action needs to be taken if there are any API changes or new API is introduced. Wednesday, April 21 # Secure RBAC - OSSN-0088 This entire day we discussed implementing Secure RBAC in glance. We also decided to discuss with Lance/Gmann whether it is fine to add deprecation warnings for OSSN-0088 on master branch or we should add those directly to stable/wallaby branch where we have defaulted some metaded APIs to admin only. # Glance policy - revisit, restructure We also discussed to revisit and restructure our policy layer. At the moment glance is injecting policies at different layers and most of the policies are injected closed to the database layer. This approach is causing problems in implementing the secure RBAC for location/tasks APIs. During this cycle we are going to experiment on restructuring the policy layer of glance (approach will be to work on restructuring modiffy_image policy and then submit the spec on the basis of that finding before moving forward). # Secure RBAC - Hardening project scope, Implementing System scope/personas During discussion on this topic we identified that to implement system scope in glance we first need to restructure the glance policy layer. Which means we need to keep our focus on restructuring the glance policy layer in this cycle. Also at the moment only publicize_image policy is an appropriate candidate for system scope. So we need to identify whether there are any other APIs which can also use system scope. Thursday, April 22 # Native Image Encryption As this work has dependency on Barbican which is yet to be completed, we decided to revisit the progress of the same around Milestone 2 and decide whether we are ready to implement this feature in Xena cycle or postpone it to next cycle. # Multi-format images We need to identify regression on Nova if we decide to implement the same. I need to connect with dansmith to understand more about it. If there are no side effects then we will be working on design/specification for this feature in this cycle and implement the same in the next cycle. Erno also suggested that we should improve the image conversion plugin based on multiple stores support. # Cinder - Glance cross project discussion During this discussion Rajat (cinder driver maintainer for glance) walked us through the current state of cinder driver of glance and how we could add support for the new attachment API for cinder driver. Friday, April 23 # Cache-API We already agreed on implementation design about the same, the only reason it is pending is we shifted our focus on RBAC in the last cycle. So it is decided to wait for a couple of weeks in this cycle if we get any new contributor to work on it or else implement the same during milestone 1. # Glance Quotas This topic was raised on the fly by belmoreira during the PTG so we discussed the same. We decided to assess the use of keystone's unified limits and put up a design/specification in glance to add quotas for images. Apart from above topics during Open discussion we also discussed some of the swift related bugs which we will be addressing during this cycle. You will find the detailed information about the same in the PTG etherpad [1] along with the recordings of the sessions. I would once again like to thank everyone for joining us in the PTG. [1] https://etherpad.opendev.org/p/xena-glance-ptg Thanks and Regards, Abhishek
participants (1)
-
Abhishek Kekane