| *** zzzeek has quit IRC | 00:00 | |
| *** zzzeek has joined #openstack-glance | 00:04 | |
| *** zzzeek has quit IRC | 00:08 | |
| *** zzzeek has joined #openstack-glance | 00:11 | |
| *** ratailor has joined #openstack-glance | 03:52 | |
| *** zzzeek has quit IRC | 05:02 | |
| *** zzzeek has joined #openstack-glance | 05:04 | |
| *** udesale has joined #openstack-glance | 05:32 | |
| *** evrardjp has quit IRC | 05:33 | |
| *** evrardjp has joined #openstack-glance | 05:33 | |
| *** udesale_ has joined #openstack-glance | 05:34 | |
| *** udesale has quit IRC | 05:36 | |
| *** zzzeek has quit IRC | 05:39 | |
| *** zzzeek has joined #openstack-glance | 05:42 | |
| *** m75abrams has joined #openstack-glance | 06:35 | |
| *** ratailor has quit IRC | 06:43 | |
| *** zzzeek has quit IRC | 06:45 | |
| *** nikparasyr has joined #openstack-glance | 06:46 | |
| *** zzzeek has joined #openstack-glance | 06:47 | |
| *** belmoreira has joined #openstack-glance | 07:01 | |
| *** zzzeek has quit IRC | 07:06 | |
| *** zzzeek has joined #openstack-glance | 07:06 | |
| *** ralonsoh has joined #openstack-glance | 07:06 | |
| *** whoami-rajat__ has joined #openstack-glance | 07:21 | |
| *** zzzeek has quit IRC | 07:27 | |
| *** zzzeek has joined #openstack-glance | 07:28 | |
| *** zzzeek has quit IRC | 07:37 | |
| *** zzzeek has joined #openstack-glance | 07:40 | |
| *** udesale_ has quit IRC | 07:59 | |
| *** zzzeek has quit IRC | 08:13 | |
| *** ajitha has joined #openstack-glance | 08:15 | |
| *** zzzeek has joined #openstack-glance | 08:15 | |
| *** udesale_ has joined #openstack-glance | 08:19 | |
| *** udesale_ has quit IRC | 08:48 | |
| *** ratailor has joined #openstack-glance | 08:58 | |
| *** k_mouza has joined #openstack-glance | 09:25 | |
| *** k_mouza has quit IRC | 09:30 | |
| *** k_mouza has joined #openstack-glance | 09:34 | |
| *** udesale_ has joined #openstack-glance | 09:36 | |
| *** zzzeek has quit IRC | 09:37 | |
| *** zzzeek has joined #openstack-glance | 09:40 | |
| *** udesale_ has quit IRC | 10:00 | |
| *** baojg has joined #openstack-glance | 10:47 | |
| *** udesale_ has joined #openstack-glance | 10:49 | |
| *** k_mouza has quit IRC | 11:10 | |
| *** k_mouza has joined #openstack-glance | 11:22 | |
| *** udesale_ has quit IRC | 11:27 | |
| *** ratailor has quit IRC | 12:09 | |
| *** ratailor has joined #openstack-glance | 12:09 | |
| *** Luzi has joined #openstack-glance | 12:37 | |
| *** zzzeek has quit IRC | 12:44 | |
| *** zzzeek has joined #openstack-glance | 12:44 | |
| *** zzzeek has quit IRC | 12:49 | |
| *** zzzeek has joined #openstack-glance | 12:50 | |
| *** zzzeek has quit IRC | 12:59 | |
| *** zzzeek has joined #openstack-glance | 13:02 | |
| *** zzzeek has quit IRC | 13:06 | |
| *** zzzeek has joined #openstack-glance | 13:08 | |
| *** zzzeek has quit IRC | 13:12 | |
| *** zzzeek has joined #openstack-glance | 13:14 | |
| *** Luzi has quit IRC | 13:32 | |
| *** lbragstad has quit IRC | 13:39 | |
| *** lbragstad has joined #openstack-glance | 13:47 | |
| openstackgerrit | Abhishek Kekane proposed openstack/glance master: PoC Implement secure RBAC for image actions https://review.opendev.org/c/openstack/glance/+/764754 | 13:54 |
|---|---|---|
| *** rosmaita has joined #openstack-glance | 13:54 | |
| *** zzzeek has quit IRC | 13:56 | |
| *** zzzeek has joined #openstack-glance | 13:58 | |
| *** ratailor has quit IRC | 14:00 | |
| *** jv has joined #openstack-glance | 14:17 | |
| *** takamatsu has joined #openstack-glance | 15:14 | |
| lbragstad | abhishekk i'm not sure if you've seen the changes i've proposed, yet | 15:30 |
| lbragstad | abhishekk but let me know if you have any questions or need to walk through anything | 15:30 |
| abhishekk | lbragstad, I have commented on the base patch | 15:30 |
| abhishekk | I didn't understood role:all and system_scope:all | 15:32 |
| lbragstad | abhishekk yes - you're right | 15:32 |
| lbragstad | i'll fix that | 15:32 |
| abhishekk | ack, then I will rebase my patch on top of yours | 15:32 |
| abhishekk | for task and images | 15:32 |
| abhishekk | lbragstad, when will be next open hours or meeting with glance squad? | 15:36 |
| lbragstad | abhishekk the next office hours is tomorrow at 18 UTC | 15:38 |
| lbragstad | sorry - thursday i think | 15:38 |
| abhishekk | I will be around if it is on Thursday, will try if it is tomorrow | 15:39 |
| *** m75abrams has quit IRC | 16:02 | |
| *** nikparasyr has left #openstack-glance | 16:07 | |
| *** zzzeek has quit IRC | 16:11 | |
| *** zzzeek has joined #openstack-glance | 16:14 | |
| ade_lee | abhishekk, hey -- any idea who else we can ask to review https://review.opendev.org/c/openstack/glance/+/756158 and https://review.opendev.org/c/openstack/glance_store/+/756157 ? | 16:19 |
| -openstackstatus- NOTICE: The Gerrit service on review.opendev.org is being restarted quickly to troubleshoot high load and poor query caching performance, downtime should be less than 5 minutes | 16:20 | |
| abhishekk | ade_lee rosmaita or smcginnis | 16:48 |
| rosmaita | ade_lee: is that md5 stuff? | 16:48 |
| ade_lee | rosmaita, yup | 16:48 |
| rosmaita | ok, count on me to take a look | 16:49 |
| ade_lee | rosmaita, great thanks! | 16:49 |
| smcginnis | Will try to take a look shortly as well. | 16:57 |
| ade_lee | smcginnis, thanks! | 16:57 |
| rosmaita | ade_lee: is the idea that glance_store is just computing and recording a value, so the hash is not being "used in a security context"? But if an image consumer computed the hash themselves and then compared it to the recorded value, the image consumer would be using the hash in a security context? | 17:14 |
| rosmaita | what I'm asking about is the "False" here: https://review.opendev.org/c/openstack/glance_store/+/756157/3/glance_store/_drivers/cinder.py#832 | 17:15 |
| *** baojg has quit IRC | 17:21 | |
| *** k_mouza has quit IRC | 18:07 | |
| *** mloza has joined #openstack-glance | 18:14 | |
| mloza | hello, is there a way to only allow RAW images being uploaded via CLI? | 18:15 |
| *** belmoreira has quit IRC | 18:22 | |
| *** k_mouza has joined #openstack-glance | 18:26 | |
| *** k_mouza has quit IRC | 18:27 | |
| *** gyee has joined #openstack-glance | 18:28 | |
| *** k_mouza has joined #openstack-glance | 18:41 | |
| rosmaita | mloza: are you OK with the API only allowing RAW images to be uploaded? | 18:42 |
| openstackgerrit | Merged openstack/glance_store master: Replace md5 with oslo version https://review.opendev.org/c/openstack/glance_store/+/756157 | 18:43 |
| *** k_mouza has quit IRC | 18:45 | |
| *** k_mouza has joined #openstack-glance | 19:08 | |
| mloza | rosmaita: yes | 19:18 |
| mloza | I don't want tenants to upload qcow2 images | 19:18 |
| mloza | so I would like to restrict to RAW images only | 19:19 |
| rosmaita | mloza: there are config opts for disk_formats and container_formats in glance-api.conf | 19:20 |
| rosmaita | whatever you have there is used in the glance image schema | 19:20 |
| rosmaita | so users can only create images with those formats | 19:20 |
| rosmaita | but | 19:20 |
| rosmaita | glance doesn't validate what's actually uploaded | 19:21 |
| rosmaita | it only controls what users can say the formats are | 19:21 |
| *** hoonetorg has quit IRC | 19:25 | |
| *** hoonetorg has joined #openstack-glance | 19:26 | |
| *** k_mouza has quit IRC | 19:37 | |
| *** rosmaita has quit IRC | 19:45 | |
| *** rosmaita has joined #openstack-glance | 19:46 | |
| *** k_mouza has joined #openstack-glance | 20:11 | |
| *** ralonsoh has quit IRC | 20:36 | |
| *** k_mouza has quit IRC | 20:39 | |
| *** k_mouza has joined #openstack-glance | 20:46 | |
| *** k_mouza has quit IRC | 20:48 | |
| *** k_mouza has joined #openstack-glance | 20:48 | |
| *** k_mouza has quit IRC | 20:59 | |
| *** k_mouza has joined #openstack-glance | 21:00 | |
| *** vesper11 has quit IRC | 21:01 | |
| *** zzzeek has quit IRC | 21:08 | |
| *** whoami-rajat__ has quit IRC | 21:08 | |
| *** zzzeek has joined #openstack-glance | 21:12 | |
| *** k_mouza has quit IRC | 21:20 | |
| lbragstad | gmann ping | 21:30 |
| lbragstad | gmann i noticed you need oslo.policy 3.6.0 and i'm updating that dependency in another patch | 21:35 |
| lbragstad | would you be opposed to putting your patch on https://review.opendev.org/c/openstack/glance/+/764236/2 if i update it to include 3.6.0? | 21:35 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Bump requirements to perpare for secure RBAC https://review.opendev.org/c/openstack/glance/+/764236 | 21:49 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Add basic/common personas to base policies https://review.opendev.org/c/openstack/glance/+/764241 | 21:49 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for image tags https://review.opendev.org/c/openstack/glance/+/764242 | 21:49 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef namespaces https://review.opendev.org/c/openstack/glance/+/764247 | 21:49 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef objects https://review.opendev.org/c/openstack/glance/+/764248 | 21:49 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef resource types https://review.opendev.org/c/openstack/glance/+/764249 | 21:49 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef properties https://review.opendev.org/c/openstack/glance/+/764250 | 21:49 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef tags https://review.opendev.org/c/openstack/glance/+/764251 | 21:49 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef namespaces https://review.opendev.org/c/openstack/glance/+/764247 | 21:54 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef objects https://review.opendev.org/c/openstack/glance/+/764248 | 21:54 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef resource types https://review.opendev.org/c/openstack/glance/+/764249 | 21:54 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef properties https://review.opendev.org/c/openstack/glance/+/764250 | 21:54 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: Implement secure RBAC for metadef tags https://review.opendev.org/c/openstack/glance/+/764251 | 21:54 |
| *** jv has quit IRC | 22:03 | |
| *** ajitha has quit IRC | 22:08 | |
| -openstackstatus- NOTICE: The Gerrit service on review.opendev.org is being restarted quickly to make further query caching and Git garbage collection adjustments, downtime should be less than 5 minutes | 22:36 | |
| gmann | lbragstad: nice, that is fine. i can rebase on top of yours | 22:41 |
| gmann | lbragstad: also are we merging the rbac patches without tests as I saw you are starting the work in many projects? like designate merged those without testing. | 22:42 |
| *** k_mouza has joined #openstack-glance | 22:48 | |
| lbragstad | gmann that wasn't the plan - i started proposing these to get the discussion rolling | 23:02 |
| lbragstad | and i haven't implied that we won't include tests | 23:03 |
| *** rcernin has joined #openstack-glance | 23:03 | |
| lbragstad | my guess is that i'll have to go back through after and add tests | 23:04 |
| lbragstad | gmann biab | 23:04 |
| gmann | i see, +1 | 23:08 |
| *** tkajinam has quit IRC | 23:10 | |
| *** tkajinam has joined #openstack-glance | 23:11 | |
| *** k_mouza has quit IRC | 23:17 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!