Wednesday, 2021-07-14

« Tuesday, 2021-07-13 Index Thursday, 2021-07-15 »
opendevreviewhanchunlei proposed openstack/python-glanceclient master: fix unit test  https://review.opendev.org/c/openstack/python-glanceclient/+/80074202:35
*** mabrams1 is now known as mabrams04:25
*** abhishekk is now known as akekane|home04:44
*** akekane|home is now known as abhishekk04:44
opendevreviewMerged openstack/glance-specs master: Fix symlinks for Xena templates  https://review.opendev.org/c/openstack/glance-specs/+/80068704:57
*** bhagyashris_ is now known as bhagyashris|ruck06:25
opendevreviewMerged openstack/glance-specs master: Policy layer refactoring  https://review.opendev.org/c/openstack/glance-specs/+/79675313:47
abhishekkdansmith, around?13:48
dansmithyeah13:48
abhishekkI think we need to sync again to plan the work ^^^13:48
dansmithah, glad to see that13:49
dansmithI've been busy with other things and was waiting to make sure we were actually going to do this thing before investing more effort13:50
abhishekkYes, this is required for RBAC so there is no going back13:51
dansmithI mean, I agree, but .. :)13:52
abhishekkJust we need to ensure to have more coverage :D13:52
abhishekkSo let me know, then we can plan and divide the workload accordingly13:54
dansmithlike, you want to have another voice call about it?13:54
abhishekkpossibly yes,13:55
dansmithcan we merge the bottom four patches in the series?13:56
dansmithor maybe the three other than the gateway patch, if that's up for discussion13:57
abhishekkAck, will have a look again to those patches13:57
dansmiththat will help reduce the size a bit13:58
dansmithI guess the other thing I need to do is figure out why the rbac tests are failing to make sure we're not committing to anything that won't work there.. I think they *were* working before I kinda de-rbac'd it based on previous discussion13:59
abhishekkyep, is it possible for you to move gateway related patch up in the chain, may be after 403 > 404 error ?13:59
dansmithhang on14:00
dansmithI can move it to under the update patch but no further14:01
dansmithyeah, after the 403->404 patch right14:01
abhishekksounds good14:02
opendevreviewDan Smith proposed openstack/glance master: Make property protection tests use member role  https://review.opendev.org/c/openstack/glance/+/78991414:03
opendevreviewDan Smith proposed openstack/glance master: Move lazy store update to locations layer  https://review.opendev.org/c/openstack/glance/+/79772214:03
opendevreviewDan Smith proposed openstack/glance master: Remove dead 403->404 code  https://review.opendev.org/c/openstack/glance/+/79969914:03
opendevreviewDan Smith proposed openstack/glance master: Refactor gateway get_repo auth layer  https://review.opendev.org/c/openstack/glance/+/78991314:03
abhishekksuperdan :D14:04
dansmithokay, so, IIRC you were asking about when we disable the auth layer, like by config or something14:05
dansmithI have to load the context back in my head, but I think what I was hoping is that we won't make that optional,14:06
dansmithbut rather make sure the policy (normal and rbac) equivalent so that any code that is converted does not run with the auth layer under it, ever14:06
abhishekkack, so that flag will be remove in the last once all checks are migrated towards API layer14:07
dansmithright, that was my thinking14:09
abhishekkack14:10
dansmithso I'll try to look at the rbac fails on the update patch today to see if I can make it work both ways14:13
abhishekkcool14:13
dansmithlooks like delete, et al are also failing the rbac test, so maybe you can do the same in parallel on one of those?14:13
abhishekkdelete, deactivate ?14:14
dansmithyeah14:15
abhishekkI will have a look as well14:16
abhishekkdansmith, you are talking about this job glance-tox-functional-py38-rbac-defaults, right ?14:23
dansmithabhishekk: right, that asserts the desired behavior when rbac rules are applied, and I assume they're failing because with the new stuff we're not honoring things exactly like those expect14:28
abhishekkack14:28
abhishekkdansmith, do you think our changes has nothing to do with RBAC failures as it is failed on https://review.opendev.org/c/openstack/glance/+/789914 this patch as well ?14:37
dansmithoh, hmm14:41
dansmithyeah I dunno, that probably is related.. I totally hadn't noticed that14:42
dansmithalthough...14:42
abhishekkI think this is something related to test changes I have made to read it from code than file 14:42
dansmithmany more tests are failing there than just PP so..14:42
dansmithahhhh, yeah, maybe so14:42
abhishekkwill try to figure it out14:43
dansmiththat actually might be most of the fails in the update patch.. so.. yeah :)14:48
abhishekkyes14:49
abhishekkso for example, this test is failing, test_owning_tenant_id_can_retrieve_image_information14:58
abhishekkwhich is passing own set of rules in test and not using defaults from the code14:58
* abhishekk going for dinner15:30
abhishekkdansmith, probably, found the failure17:48
dansmithsupershekk!17:51
abhishekktook reference from your patches only :P17:58
abhishekkhttps://review.opendev.org/c/openstack/glance/+/796067/10/glance/tests/functional/serial/test_scrubber.py17:58
abhishekkwe need to pass reader role wherever required17:59
abhishekkso if you look closely below this level lots of tests are failing but after this patch there are comparatively less failures17:59
dansmithack, cool18:00
abhishekkI will push wip patch, but you need to remove reader related changes from this patch18:01
abhishekkor else on top of all, I can push a patch to fix reamining failures18:01
dansmithyou just mean rebase my patches on your fix, right?18:02
abhishekknah18:02
abhishekkIf i push a separate patch to make our functional tests compatible with RBAC then your above patch will go in merge conflict if you rebase it with my patch18:03
dansmithwell, I meant "rebase and fix conflicts" :)18:04
abhishekkaaah :D18:04
dansmithbut I think we should fix the current situation first, so I would base your fix on master18:04
abhishekkack, let me push some revision so that you will get idea18:05
dansmithokay18:05
*** timburke_ is now known as timburke18:12
abhishekkmay be it will take some more time for me to put up a patch, will do it tomorrow morning my time as its almost midnight now18:27
dansmithack18:38
opendevreviewAbhishek Kekane proposed openstack/glance master: Make our functional tests compatible with RBAC  https://review.opendev.org/c/openstack/glance/+/80082219:07
abhishekkdansmith, ^^19:08
dansmithI thought you were going to sleep?19:08
abhishekkwill sleep peacefully now :D19:09
dansmithhah okay19:09
dansmithg'nite19:09
abhishekkthank you, good day19:10
abhishekkwe can abandon this patch and push another patch on top of all the chain to fix 3 failing tests to avoid conflicts19:16
abhishekkpassing in the gate/zuul now19:21
dansmithah right, but I already clean up images at the end of each test because I have to for quota19:31
dansmithor do I need to also clean up via addCleanup in case of fail?19:32
opendevreviewDan Smith proposed openstack/glance master: Make property protection tests use member role  https://review.opendev.org/c/openstack/glance/+/78991419:33
opendevreviewDan Smith proposed openstack/glance master: Move lazy store update to locations layer  https://review.opendev.org/c/openstack/glance/+/79772219:33
opendevreviewDan Smith proposed openstack/glance master: Remove dead 403->404 code  https://review.opendev.org/c/openstack/glance/+/79969919:33
opendevreviewDan Smith proposed openstack/glance master: Refactor gateway get_repo auth layer  https://review.opendev.org/c/openstack/glance/+/78991319:33
opendevreviewDan Smith proposed openstack/glance master: POC: Make image update check policy at API layer  https://review.opendev.org/c/openstack/glance/+/78991519:33
opendevreviewDan Smith proposed openstack/glance master: POC: Add a member field to Image when appropriate  https://review.opendev.org/c/openstack/glance/+/79606619:33
opendevreviewDan Smith proposed openstack/glance master: POC: Check get_image(s) in the API  https://review.opendev.org/c/openstack/glance/+/79606719:33
opendevreviewDan Smith proposed openstack/glance master: POC: Check delete_image policy in the API  https://review.opendev.org/c/openstack/glance/+/79807319:33
opendevreviewDan Smith proposed openstack/glance master: POC: Check deactivate, reactivate policy in the API  https://review.opendev.org/c/openstack/glance/+/79826619:33
opendevreviewDan Smith proposed openstack/glance master: POC Refactor gateway auth layer for metadef APIs  https://review.opendev.org/c/openstack/glance/+/79963219:33
opendevreviewDan Smith proposed openstack/glance master: POC: Move metadef namepsace policy checks in the API  https://review.opendev.org/c/openstack/glance/+/79963319:33
opendevreviewDan Smith proposed openstack/glance master: POC: Move metadef object policy checks in the API  https://review.opendev.org/c/openstack/glance/+/79963419:33
opendevreviewDan Smith proposed openstack/glance master: POC: Move metadef property policy checks in the API  https://review.opendev.org/c/openstack/glance/+/79963519:33
opendevreviewDan Smith proposed openstack/glance master: POC: Move metadef tag policy checks in the API  https://review.opendev.org/c/openstack/glance/+/79963619:33
opendevreviewDan Smith proposed openstack/glance master: POC: Move metadef resource type association policy checks in the API  https://review.opendev.org/c/openstack/glance/+/79963719:33
« Tuesday, 2021-07-13 Index Thursday, 2021-07-15 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!