*** pdr has joined #openstack-mistral | 00:03 | |
*** pdr is now known as Guest7752 | 00:03 | |
*** harlowja has joined #openstack-mistral | 00:26 | |
*** harlowja has quit IRC | 00:27 | |
*** yangyapeng has joined #openstack-mistral | 03:43 | |
*** yangyapeng has quit IRC | 03:46 | |
*** yangyapeng has joined #openstack-mistral | 03:46 | |
*** hardikjasani has joined #openstack-mistral | 04:01 | |
*** yangyapeng has quit IRC | 04:08 | |
*** yangyapeng has joined #openstack-mistral | 04:23 | |
*** yangyapeng has quit IRC | 04:32 | |
*** yangyapeng has joined #openstack-mistral | 04:53 | |
*** yangyapeng has quit IRC | 05:11 | |
*** yangyapeng has joined #openstack-mistral | 05:12 | |
*** yangyapeng has quit IRC | 05:17 | |
*** quiquell|off is now known as quiquell|rover | 05:40 | |
*** quiquell|rover is now known as quiquell | 05:42 | |
rakhmerov | therve: yes, I saw it in CI but wanted to clarify anyway | 05:48 |
---|---|---|
*** quiquell is now known as quiquell|bbl | 06:21 | |
*** yangyapeng has joined #openstack-mistral | 06:28 | |
openstackgerrit | Guy proposed openstack/mistral master: Add CloudFlow info to Mistral documentation https://review.openstack.org/579887 | 06:30 |
*** shardy has joined #openstack-mistral | 06:40 | |
*** quiquell|bbl is now known as quiquell | 06:58 | |
*** yangyapeng has quit IRC | 07:16 | |
openstackgerrit | Yuval Adar proposed openstack/mistral master: detect https and act accordingly https://review.openstack.org/579777 | 07:56 |
*** gkadam__ has joined #openstack-mistral | 07:59 | |
*** josecastroleon has quit IRC | 08:57 | |
*** josecastroleon has joined #openstack-mistral | 08:58 | |
pgaxatte | hello | 09:21 |
pgaxatte | I'm getting | 09:21 |
pgaxatte | back on https://review.openstack.org/#/c/579477/ | 09:21 |
pgaxatte | rakhmerov: you commented on bypassing policy for admin | 09:22 |
pgaxatte | but I was wondering if this is a good idea and if other projects do these kind of override of policies | 09:23 |
pgaxatte | rakhmerov: also there is a lot a complexity if I want to check whether or not the workflow was public before the update because a definition can contain multiple workflows so what if one of them is public but the others are private? | 09:37 |
pgaxatte | not sure I'm very clear :) | 09:37 |
rakhmerov | pgaxatte: hi, as far as admin, may be you're right | 09:44 |
rakhmerov | this rule for admins can be disabled in policy.json itself, right? | 09:45 |
pgaxatte | to me there should not be exception on the behavior defined in the policy | 09:45 |
rakhmerov | on the complexity of that check, it should be easy, just load an object and see its scope | 09:46 |
pgaxatte | I could want to disable public workflows entirely | 09:46 |
rakhmerov | pgaxatte: yes, I mean that if needed, we can always enable this for admin just by adding a line in policy.json | 09:46 |
pgaxatte | rakhmerov: yes exactly | 09:47 |
pgaxatte | from what I understand, I need to extract the differents specs from the input, load the workflows from each spec and check their scope | 09:49 |
pgaxatte | but then the "real" function will do that all over again | 09:49 |
pgaxatte | that seems wasteful | 09:49 |
pgaxatte | the real *update function | 09:51 |
rakhmerov | no-no | 09:53 |
rakhmerov | you can just load an object from DB and check its "scope" field | 09:54 |
rakhmerov | it's a plain string in a database field | 09:54 |
openstackgerrit | Merged openstack/mistral master: Add CloudFlow info to Mistral documentation https://review.openstack.org/579887 | 09:54 |
pgaxatte | yes but in the update function on the controller, i don't know yet which workflows the user wants to update | 09:55 |
pgaxatte | unless he gives me the identifier | 09:55 |
pgaxatte | which is just one simple case | 09:55 |
pgaxatte | so I only have the specs to work with at this point | 09:55 |
pgaxatte | need to go, brb | 09:56 |
apetrich | rakhmerov, do you know if there's an instance that we don't have a auth_url, don't have an user, password or token but have keystone auth? | 10:10 |
*** hardikjasani has quit IRC | 10:10 | |
apetrich | not only an instance but an use case | 10:11 |
rakhmerov | pgaxatte: ooh, yes, I see | 10:12 |
rakhmerov | that's not good, yes.. | 10:13 |
rakhmerov | because the request carries just the YAML body | 10:13 |
rakhmerov | apetrich: how can it be? :) | 10:14 |
rakhmerov | I assume it can be only in case of using a trust | 10:14 |
apetrich | rakhmerov, let me explain better. There's an downstream bug that is pretty much if you don't pass the credentials the output is bad | 10:14 |
apetrich | I'm investigating if it is worth upstream | 10:15 |
apetrich | and what I'm seeing is that this conditions https://github.com/openstack/python-mistralclient/blob/master/mistralclient/shell.py#L574..L606 feel a bit weird but I'm trying to understand them | 10:16 |
apetrich | if I don't give credentials I don't get any of these: auth_url, username, password, token but I get the auth_type=keystone because that is the default | 10:18 |
apetrich | what I planned to do was if it is keystone you either need a (username and password) or a token but I'm not sure if that is true for keystone | 10:19 |
apetrich | if it can work like all trust | 10:19 |
pgaxatte | rakhmerov: yes so maybe we can start with something very simple because the use case you described seems to require some heavy refactoring | 10:27 |
rakhmerov | pgaxatte: ok | 10:32 |
rakhmerov | agree | 10:32 |
rakhmerov | apetrich: hm.. | 10:46 |
rakhmerov | sophisticated | 10:46 |
*** hardikjasani has joined #openstack-mistral | 10:46 | |
*** quiquell is now known as quiquell|mtg | 10:50 | |
apetrich | rakhmerov, I'm asking some keystone people that I know but that seems a bit odd on a mostly tripleo openstack env. That's why I wanted to see your input | 11:09 |
rakhmerov | apetrich: ok, I have to take a break. Will read again later and reply | 11:12 |
apetrich | no worries :) | 11:15 |
*** yangyapeng has joined #openstack-mistral | 11:19 | |
*** yangyapeng has quit IRC | 11:23 | |
*** yangyapeng has joined #openstack-mistral | 11:23 | |
*** quiquell|mtg is now known as quiquell | 11:35 | |
*** josecastroleon has quit IRC | 11:57 | |
*** josecastroleon has joined #openstack-mistral | 12:02 | |
*** quiquell is now known as quiquell|lunch | 12:03 | |
*** josecastroleon has quit IRC | 12:07 | |
*** josecastroleon has joined #openstack-mistral | 12:50 | |
*** quiquell|lunch is now known as quiquell | 12:54 | |
openstackgerrit | Pierre Gaxatte proposed openstack/mistral master: Add a policy to control the right to publish resources https://review.openstack.org/579477 | 13:24 |
*** hardikjasani has quit IRC | 13:30 | |
*** quiquell is now known as quiquell|off | 13:49 | |
*** josecastroleon has quit IRC | 13:59 | |
*** pgaxatte has left #openstack-mistral | 14:29 | |
*** pgaxatte has joined #openstack-mistral | 14:33 | |
*** pgaxatte has left #openstack-mistral | 14:59 | |
*** pgaxatte has joined #openstack-mistral | 15:30 | |
*** shardy has quit IRC | 15:58 | |
*** gkadam__ has quit IRC | 16:16 | |
*** bobh has joined #openstack-mistral | 16:39 | |
openstackgerrit | Merged openstack/mistral master: Refresh a number of retry a task when task was rerun https://review.openstack.org/569643 | 17:03 |
openstackgerrit | Merged openstack/mistral master: fix tox python3 overrides https://review.openstack.org/572967 | 17:03 |
*** josecastroleon has joined #openstack-mistral | 17:08 | |
*** bobh has quit IRC | 17:14 | |
*** josecastroleon has quit IRC | 18:52 | |
*** josecastroleon has joined #openstack-mistral | 19:44 | |
*** thrash is now known as thrash|g0ne | 20:00 | |
*** josecastroleon has quit IRC | 20:23 | |
*** threestrands has joined #openstack-mistral | 22:05 | |
*** threestrands has quit IRC | 22:05 | |
*** threestrands has joined #openstack-mistral | 22:05 | |
*** threestrands has quit IRC | 22:06 | |
*** pgaxatte has quit IRC | 23:09 | |
*** nguyenhai93 has joined #openstack-mistral | 23:33 | |
*** nguyenhai_ has quit IRC | 23:36 | |
*** nguyenhai93 has quit IRC | 23:42 | |
*** yangyapeng has quit IRC | 23:49 | |
*** yangyapeng has joined #openstack-mistral | 23:50 | |
*** yangyapeng has quit IRC | 23:54 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!