| *** masahito has joined #congress | 00:02 | |
| *** thinrichs has quit IRC | 00:02 | |
| *** thinrichs has joined #congress | 00:03 | |
| ekcs | masahito: I didn’t totally understand the question. | 01:02 |
|---|---|---|
| masahito | ok | 01:03 |
| ekcs | masahito: you mean can a non-global admin write rules? | 01:03 |
| ekcs | masahito: or are there different levels of rules for global vs non-global admins? | 01:03 |
| masahito | ekcs: I means the rule written by a user could affect all tenant. | 01:03 |
| masahito | for example: | 01:04 |
| masahito | when user1 in tenant1 writes a rule like rule1(x):- nova:servers(id=x), rule1 gets all servers in the Nova | 01:05 |
| masahito | meaning rule1 also shows servers in tenant2, tenant3 and so on. | 01:06 |
| ekcs | masahito: right. afaik there is only one global context for all rules. | 01:06 |
| ekcs | so supporting tenants writing their on separate policies would require a lot of thought and design and changes. | 01:06 |
| ekcs | on how things interact and all. | 01:06 |
| ekcs | one possible solution is that each tenant/project has their own restricted view (helper table) into each base table. | 01:08 |
| ekcs | lots of practical and technical complexities to think through for sure. | 01:08 |
| masahito | right. | 01:09 |
| masahito | the possible solution makes sense. | 01:09 |
| ekcs | there is some prior work to draw on in the database literature though. | 01:10 |
| masahito | and I thought we just write project's dashboard without any validation. so I just commented. | 01:10 |
| ekcs | but anyway I guess the answer is that right now congress doesn’t have any particular support for multi-tenant policies. | 01:10 |
| masahito | thanks to be clarified. | 01:12 |
| ekcs | = ) | 01:15 |
| ekcs | lot of good further discussion to be had on this topic! | 01:15 |
| *** thinrichs has quit IRC | 02:03 | |
| *** masahito has quit IRC | 02:36 | |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/congress: Updated from global requirements https://review.openstack.org/411052 | 03:46 |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/python-congressclient: Updated from global requirements https://review.openstack.org/411073 | 03:54 |
| *** ramineni_ has quit IRC | 04:09 | |
| *** masahito has joined #congress | 04:11 | |
| *** ramineni_ has joined #congress | 04:21 | |
| *** thinrichs has joined #congress | 04:28 | |
| *** thinrichs has quit IRC | 04:48 | |
| *** thinrichs has joined #congress | 04:54 | |
| *** ramineni_ has quit IRC | 04:55 | |
| *** thinrichs has quit IRC | 05:26 | |
| *** masahito has quit IRC | 08:01 | |
| *** masahito has joined #congress | 09:04 | |
| *** masahito has quit IRC | 09:24 | |
| *** openstackgerrit has quit IRC | 10:18 | |
| *** evrardjp has quit IRC | 12:08 | |
| *** evrardjp has joined #congress | 12:13 | |
| *** masahito has joined #congress | 14:47 | |
| *** masahito has quit IRC | 15:36 | |
| *** thinrichs has joined #congress | 15:42 | |
| *** thinrichs has quit IRC | 16:13 | |
| *** thinrichs has joined #congress | 16:33 | |
| *** thinrichs has quit IRC | 20:06 | |
| *** thinrichs has joined #congress | 20:06 | |
| *** thinrichs has quit IRC | 20:45 | |
| *** thinrichs has joined #congress | 20:51 | |
| *** ekcs has quit IRC | 21:04 | |
| *** thinrichs has quit IRC | 21:15 | |
| *** thinrichs1 has joined #congress | 21:15 | |
| *** thinrichs1 has quit IRC | 21:22 | |
| *** thinrichs has joined #congress | 21:54 | |
| *** thinrichs has quit IRC | 22:06 | |
| *** ekcs has joined #congress | 23:13 | |
| *** thinrichs has joined #congress | 23:28 | |
| *** thinrichs has quit IRC | 23:29 | |
| *** thinrichs has joined #congress | 23:29 | |
| *** thinrichs has quit IRC | 23:58 | |
| *** thinrichs has joined #congress | 23:59 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!