09:33 <@rhallisey> ==== Automation Broker Meeting 4/17 ====
09:33 -!- rhallisey [rhallisey@nat/redhat/x-qwelhdqbiyqrlmjy] has quit [Quit: Leaving]
09:34 -!- rhallisey [rhallisey@nat/redhat/x-dirmbhxrolqqnjog] has joined #asbroker
09:34 < rhallisey> # Attendance
09:34 < rhallisey> hey folks
09:34 < shurley> hey
09:34 < rhallisey> no bot today to assist, but we'll make it work
09:34 < maleck13> hey
09:35 <@jmontleon> is there any way to tell what image a loaded apb spec came from?
09:35 <@jmontleon> i think i pushed something by accident and now it is periodically popping up
09:35 < rhallisey> jmontleon, I don't know of a way
09:35 < rhallisey> # News
09:35 < rhallisey> # State proposal implementation update
09:36 <@jmontleon> rhallisey, that would be a nice feature if we could find a way
09:36 <@jmontleon> i pushed a bad/old apb spec on a image somewhere
09:36 < rhallisey> jmontleon, agreed. Folks from the kubevirt side have asked for it too.
09:36 <@jmontleon> and it's not where i think it is
09:36 < rhallisey> jmontleon, I'm hacking on a script to do something similar
09:37 < rhallisey> What did folks want to bring up about the state proposal?
09:37 < maleck13> So I have finally been freed from planning and meeting hell and I am now actively working on this with @philipgough
09:37 < maleck13> :) so hope to have something for review by the end of the week
09:37 < dzager> awesome
09:37 < rhallisey> +1
09:37 < shurley> +1 that is awsome!
09:38 <@dymurray> +1 great news :)
09:38 < rhallisey> # Dynamic hide show params
09:38 < rhallisey> # https://github.com/openshift/ansible-service-broker/issues/859
09:38 < maleck13> so just wanted to mention on this issue that I will be looking into possible solutions
09:39 < maleck13> and progressing either a proposal or assessing the previous PR
09:39 < maleck13> I once I am focusing on it and understand the problem space better, I will likely loop in UX too to see how best to progress
09:39 < rhallisey> nice
09:40 < rhallisey> this would be a great add
09:40 < maleck13> it is hitting mobile at the moment as we want to have a mobile-client binding and a service to service binding
09:40 < dzager> +1 looking forward to seeing that move forward
09:40 < maleck13> which can ll be done with params but the user experience is poor
09:40 < maleck13> as all the params for each type of binding will be shown
09:41 < rhallisey> cool
09:41 < rhallisey> # Bugs/Issue triage
09:41 < rhallisey> # Allow pod termination log to be configured
09:41 < rhallisey> # https://github.com/openshift/ansible-service-broker/issues/889
09:41 < rhallisey> actually this should be in feature
09:42 < rhallisey> but we can discuss it first
09:42 < rhallisey> looks like action item on this is a proposal
09:42 < maleck13> I was happy with where we got to on that one
09:43 <@jmontleon> i think i found it at least; fortunately images are listed by time and i wasn't messing with that image yesterday
09:43 < rhallisey> actually, I didn't scroll far enough down.  maleck13 what are the next steps here?
09:43 < shurley> maleck13: would you want to close it?
09:43 < maleck13> Once it was understood why it was failing, I think the solutions outlined in the issue were fine so happy to close
09:44 < rhallisey> ack, closing
09:44 < rhallisey> # Allow bundle-lib to have an option to deploy bundle in the target namespace
09:45 < rhallisey> # https://github.com/automationbroker/bundle-lib/issues/51
09:46 < rhallisey> shurley, did you have any comments here?
09:46 < shurley> nope thought we need futher discussion
09:46 < rhallisey> nothing from me.  I think it makes sense
09:46 < shurley> I personally don't understand the need from the ASB but it appears that this something others want
09:46 < fabianvf> This was prompted by ALM exploration, we didn't have cluster level permissions so creating the sandbox was impossible
09:46 < rhallisey> I think it's also really cool to see how we can create a plugin
09:47 < shurley> rhallisey: can you explain what you mean by that?
09:47 < rhallisey> shurley, sure
09:48 < rhallisey> my thoughts are that a plugin like this demonstrates how you can alter the behavior of the broker with a plugin change. Which is really cool
09:48 <@mhrivnak> It would be helpful to describe the use cases for this on the issue.
09:48 < rhallisey> my comment about development was in case folks want to develop apbs without the namespace buffer, they can if they build with this
09:49 < rhallisey> I don't think we need to support it or anything, but I'm it would be neat to document how you can do it
09:49 < shurley> I'm sorry guys I am not following here. this just might be me
09:49 < shurley> but are you asking use to add a new code path in the ASB to use this feature?
09:50 < dzager> shurley: I'm thinking he's talking about creating something else entirely, not necessarily into the broker...I think :)
09:50 < shurley> because I don't think that is something we should do IMO. so how could it be used as a plugin? I am just not following how this works
09:51 < rhallisey> I was thinking the plugin would like in bundle-lib
09:51 < rhallisey> but I think what your saying is that it won't
09:51 < dzager> to be fair, I'm not following well. maybe adding it into the issue will allow the amount of detail for it to be clear?
09:52 < dzager> rhallisey: ^
09:52 < rhallisey> that fine.  I'm not blocking on this issue. Just throwing out some ideas
09:52 < shurley> this might be derailed at this point
09:52 < shurley> do people understand why we need this? mhrivnak you menthioned the need for a use case
09:53 < shurley> is this not sufficent? > The bundle lib at times will need to deploy the apb into the same namespace as the target of the apb.
09:53 < shurley> and what more would peole like, so I can add it
09:53 < rhallisey> that's prefect.  I think this is resolved
09:54 < rhallisey> I can create issue as I see fit as this is implemtned
09:54 < rhallisey> I don't see a blocker
09:54 <@mhrivnak> shurley I could certainly just take that as a given, but it would help to see an example.
09:54 < dzager> my understanding is that bundle-lib right now primarily exists in the broker. but we want it to be flexible so that we can create bundle-cli, alm stuff, etc. So we want the ability to use bundle-lib to execute bundles without creating a sandbox namespace. That is how I understand it
09:55 < rhallisey> mhrivnak, ok let's go with an example.  I think we can finish the discussion in the issue
09:56 < rhallisey> # Features
09:56 < rhallisey> I have nothing listed here. Anyone have anything to bring up?
09:56 < rhallisey> no wish list items?
09:57 < maleck13> not currently :)
09:57 < maleck13> I've got a couple for the catalog but not the broker at the moment :)
09:58 < rhallisey> # open discussion
09:58 < shurley> re: above here is a use case https://github.com/automationbroker/bundle-lib/issues/51#issuecomment-382002204
09:58 < rhallisey> maleck13, there's an item here you added about the sandbox role
09:58 <@mhrivnak> shurley thanks!
09:58 < maleck13> I added this item. I wanted to understand why the edit role is the default role for the service account
09:59 < maleck13> we have a few APBs that want to create a service account and apply a role to that service account
09:59 < maleck13> but this requires the admin role
09:59 < rhallisey> I believe security team suggested this.  There might be an issue/thread somewhere with the reasoning
10:00 < shurley> it basically comes down to start with the least amount of permissions, and move your way up
10:00 < maleck13> rhallisey: ok it would be good to understand the reasoning. I imagine as other use the ASB they will want to do similar things
10:00 < maleck13> shurley: rhallisey sure I can understand that
10:00 < shurley> I think a thought/idea that has been kicked around
10:00 < maleck13> what are thoughts on the following
10:01 < shurley> is the APB states the level of permissions that it needs
10:01 < maleck13> shurley: ^ lol I was just about to suggest that
10:01 < shurley> and the broker can then verify that it will/can grant that
10:01 < shurley> dymurray: do you know where on the backlog that is?
10:01 <@dymurray> looking
10:02 <@dymurray> https://trello.com/c/j0lTMWf5/485-allow-each-apb-to-express-the-clusterroles-and-sccs-required-to-run
10:02 <@dymurray> shurley, ^
10:02 < shurley> it is a APB spec change so I don't know how quickly we are moving on that. Just know that it has been talked about
10:02 < maleck13> shurley: dymurray thanks will take a read
10:02 <@dymurray> from spec side would be a minimal change... bigger issue is how this is handled in the broker
10:03 < shurley> add it to spec validation>
10:03 < maleck13> dymurray: for sure can see it being interesting
10:03 < maleck13> is this something I could put time into in the future, or should it sit with you guys
10:04 < rhallisey> maleck13, if you have the time, for it.
10:04 < dzager> I'd happily read a proposal
10:04 <@dymurray> maleck13, shurley is this something we should discuss with security folks?
10:04 < rhallisey> go for it*
10:05 < maleck13> dymurray: rhallisey cool. I imagine they could be pinged on any proposal
10:05 < shurley> um, we could loop them in. I don't see how it impacts the ASB's security model
10:05 < maleck13> dymurray: rhallisey as it effects some of our APBs and I have scope to work on broker issues, I will try take a look at this at some point in the near future
10:05 < shurley> as long as we assume if the broker does not have access to grant that high it ignores that APB
10:05 < shurley> *bundl;e
10:06 < rhallisey> maleck13, sound good. If you create an issue we can add it to that trello card
10:06 < maleck13> rhallisey: will do
10:06 <@dymurray> +1 cool
10:06 <@jmrodri> sorry folks I was late today. Forgot about this meeting.
10:06 < rhallisey> hey jmrodri
10:07  * jmrodri reading backlog
10:07 < shurley> BTW maleck13 dymurray rhallisey all I think this is related to this card https://trello.com/c/fiOSsq1Q
10:07 <@dymurray> +1
10:07 < maleck13> shurley: thanks will also read
10:07 < rhallisey> nice
10:08 <@jmrodri> shurley: is that making the calls directly? 
10:08 < shurley> jmrodri: are referring to making the SAR calls?
10:09 < shurley> because we currently make the SRR call already
10:09 <@jmrodri> shurley: to that trello card. n/m :)
10:09 <@jmrodri> ah right. Sorry I'm confused
10:09 <@jmrodri> proceed
10:09 < rhallisey> anything else from folks?
10:10 < rhallisey> one note from me: if you're doing multinode apb development, make sure you use pullpolicy: always or specs get out of date with images on the nodes
10:11 < rhallisey> that will keep you from going crazy
10:11 < rhallisey> ok thanks everyone
10:12 < rhallisey> --- end meeting ---