Monday, 2021-02-08

« Sunday, 2021-02-07 Index Tuesday, 2021-02-09 »
*** zzzeek has quit IRC01:39
*** zzzeek has joined #openstack-glance01:41
*** baojg has joined #openstack-glance01:56
*** sorrison has joined #openstack-glance02:36
*** rcernin has quit IRC02:52
*** rcernin has joined #openstack-glance02:54
*** zzzeek has quit IRC04:34
*** zzzeek has joined #openstack-glance04:37
*** ratailor has joined #openstack-glance04:59
*** zzzeek has quit IRC05:33
*** zzzeek has joined #openstack-glance05:36
*** zzzeek has quit IRC05:57
*** zzzeek has joined #openstack-glance05:59
*** udesale has joined #openstack-glance06:00
*** whoami-rajat__ has joined #openstack-glance06:13
*** m75abrams has joined #openstack-glance06:29
*** k_mouza has joined #openstack-glance06:40
*** k_mouza has quit IRC06:45
*** ralonsoh has joined #openstack-glance07:38
*** rcernin has quit IRC08:12
*** baojg has quit IRC08:20
*** rcernin has joined #openstack-glance08:43
*** rcernin has quit IRC08:49
*** rcernin has joined #openstack-glance08:58
*** rcernin has quit IRC09:47
*** k_mouza has joined #openstack-glance09:59
*** udesale_ has joined #openstack-glance10:29
*** udesale has quit IRC10:32
*** ratailor has quit IRC10:41
*** ratailor has joined #openstack-glance10:41
*** m75abrams has quit IRC10:57
*** m75abrams has joined #openstack-glance10:58
*** k_mouza has quit IRC11:00
*** k_mouza has joined #openstack-glance11:06
whoami-rajat__dansmith: hey, restarting c-vol didn't work, left comments here https://review.opendev.org/c/openstack/glance/+/77425511:40
*** m75abrams has quit IRC11:52
*** Luzi has joined #openstack-glance11:55
*** m75abrams has joined #openstack-glance12:07
*** CeeMac has quit IRC13:27
*** whoami-rajat__ has quit IRC13:27
*** jungleboyj has quit IRC13:27
*** gmann has quit IRC13:27
*** knikolla has quit IRC13:27
*** coreycb has quit IRC13:27
*** nicolasbock has quit IRC13:27
*** mnaser has quit IRC13:27
*** PrinzElvis has quit IRC13:27
*** CeeMac has joined #openstack-glance13:28
*** coreycb has joined #openstack-glance13:28
*** mnaser has joined #openstack-glance13:29
*** jungleboyj has joined #openstack-glance13:29
*** nicolasbock has joined #openstack-glance13:30
*** whoami-rajat__ has joined #openstack-glance13:31
*** gmann has joined #openstack-glance13:31
*** knikolla has joined #openstack-glance13:32
*** rcernin has joined #openstack-glance13:38
*** PrinzElvis has joined #openstack-glance13:51
*** Luzi has quit IRC13:52
*** rcernin has quit IRC13:53
*** ratailor has quit IRC13:57
dansmithwhoami-rajat__: ack15:10
dansmithwhoami-rajat__: we should try to get some help from rosmaita on that at some point15:10
whoami-rajat__dansmith: yeah, i will discuss with the cinder team15:13
*** k_mouza has quit IRC15:25
*** k_mouza has joined #openstack-glance15:26
*** k_mouza_ has joined #openstack-glance16:01
*** k_mouza has quit IRC16:05
*** k_mouza_ has quit IRC16:08
*** k_mouza has joined #openstack-glance16:08
openstackgerritDan Smith proposed openstack/glance master: Make web-download revert all stores on fail  https://review.opendev.org/c/openstack/glance/+/77431416:46
openstackgerritDan Smith proposed openstack/glance master: DNM: Test web-download tempest negative test  https://review.opendev.org/c/openstack/glance/+/77431516:46
*** k_mouza has quit IRC16:52
*** k_mouza has joined #openstack-glance16:53
*** udesale_ has quit IRC17:15
lbragstadjokke ping17:27
*** ralonsoh has quit IRC17:38
*** k_mouza_ has joined #openstack-glance17:42
*** k_mouza_ has quit IRC17:42
*** k_mouza has quit IRC17:44
*** gyee has joined #openstack-glance17:50
*** gyee has quit IRC17:52
*** gyee has joined #openstack-glance17:52
jokkelbragstad: pong18:35
lbragstadjokke i think i found a workaround - but i was wondering if there was a consistent pattern in how glance approach resource dependency management across glance APIs18:41
lbragstad(e.g., if i need to pull the image members for a particular image in the policy enforcement code of ImageRepoProxy)18:42
jokkelbragstad: The domain layers are bit nasty about that18:48
lbragstadfrom what i can tell, it looks like most of it's pushed into the database18:48
lbragstad(for example, tack this project id on to the image query for members)18:48
jokkeWe've been quite happily going around the domain model directly to the source in recent cycles 'though. I think everyone would be pretty happy witout all those layers if we just had resources to refactor them out ;)18:48
jokkeYeah so original design was that all the db data interations would go through those layers of proxy classes18:50
lbragstadyeah - i'm not suggesting we need to rebuild everything, i'm just curious if there is a canonical way glance handles object dependencies at higher layers - since that's where i want to build targets for policy enforcement18:50
jokkeYou're mainly pulling data, right? Like you're not loking to write anything during those checks?18:52
lbragstadright - i'm using the data to build target information that we can use only for policy enforcement18:53
lbragstadfrom what i can tell, the target data is isolated to glance.api.policy module18:56
lbragstadand it's build on every request18:56
jokkeYeah, just read through your mail too. I assume this is the same thing you described in there with bit more detail19:03
lbragstadyeah19:05
*** k_mouza has joined #openstack-glance19:44
*** hoonetorg has quit IRC19:45
*** rcernin has joined #openstack-glance19:47
*** k_mouza has quit IRC19:48
*** rcernin has quit IRC19:51
*** whoami-rajat__ has quit IRC19:53
*** xarlos has joined #openstack-glance20:46
lbragstadjokke users should be able to view shared images that are accepted, right?20:47
jokkelbragstad: IIRC as soon as the image is shared user has access to it, it just doesn't show up on their default listings before they accept it20:51
jokkeThat's there to avoid anyone spamming unwanted images20:52
lbragstadok - that makes sense20:52
lbragstadi'm trying to hunt down how this works https://opendev.org/openstack/glance/src/branch/master/glance/tests/unit/v2/test_images_resource.py#L250-L26520:52
jokkenow I need to go afk for about an hour, hour and half ... I'll try to answer anything else once I get back20:52
lbragstadok - no worries20:52
jokkeIt's getting late enough that the store closes in an hour, I need some dinner ;)20:53
*** k_mouza has joined #openstack-glance20:59
*** k_mouza has quit IRC21:04
*** rcernin has joined #openstack-glance22:24
*** rcernin has quit IRC22:30
*** rcernin has joined #openstack-glance22:30
openstackgerritLance Bragstad proposed openstack/glance master: WIP: add logic to properly enforce secure RBAC when handling images  https://review.opendev.org/c/openstack/glance/+/76521022:57
openstackgerritLance Bragstad proposed openstack/glance-tempest-plugin master: Implement API protection testing for images  https://review.opendev.org/c/openstack/glance-tempest-plugin/+/77356822:58
lbragstadjokke ok - i think i finally tripped over the database code that was adding query filters based on the context22:58
lbragstad^22:58
lbragstadthe tempest plugin patch has a lot of changes that test the series abhishekk started working on22:59
lbragstadbut - locally they pass all glance tests in tree and they pass the glance-tempest-plugin tests22:59
lbragstadnot saying it's ready to merge, there are still a lot gaps in the testing22:59
lbragstadbut - we should be able to look at the approach and see if we want to adjust it23:00
lbragstadi'm trying to be minimal with my changes, so keeping some of the policy stuff in the database to avoid churn...23:00
lbragstadbut - ideally, it would be nice to have more of an API for constructing sql queries and filters that we can invoke from the policy layer (or wherever)23:01
*** CeeMac has quit IRC23:03
*** CeeMac has joined #openstack-glance23:04
« Sunday, 2021-02-07 Index Tuesday, 2021-02-09 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!