Wednesday, 2018-07-04

*** pdr has joined #openstack-mistral00:03
*** pdr is now known as Guest775200:03
*** harlowja has joined #openstack-mistral00:26
*** harlowja has quit IRC00:27
*** yangyapeng has joined #openstack-mistral03:43
*** yangyapeng has quit IRC03:46
*** yangyapeng has joined #openstack-mistral03:46
*** hardikjasani has joined #openstack-mistral04:01
*** yangyapeng has quit IRC04:08
*** yangyapeng has joined #openstack-mistral04:23
*** yangyapeng has quit IRC04:32
*** yangyapeng has joined #openstack-mistral04:53
*** yangyapeng has quit IRC05:11
*** yangyapeng has joined #openstack-mistral05:12
*** yangyapeng has quit IRC05:17
*** quiquell|off is now known as quiquell|rover05:40
*** quiquell|rover is now known as quiquell05:42
rakhmerovtherve: yes, I saw it in CI but wanted to clarify anyway05:48
*** quiquell is now known as quiquell|bbl06:21
*** yangyapeng has joined #openstack-mistral06:28
openstackgerritGuy proposed openstack/mistral master: Add CloudFlow info to Mistral documentation  https://review.openstack.org/57988706:30
*** shardy has joined #openstack-mistral06:40
*** quiquell|bbl is now known as quiquell06:58
*** yangyapeng has quit IRC07:16
openstackgerritYuval Adar proposed openstack/mistral master: detect https and act accordingly  https://review.openstack.org/57977707:56
*** gkadam__ has joined #openstack-mistral07:59
*** josecastroleon has quit IRC08:57
*** josecastroleon has joined #openstack-mistral08:58
pgaxattehello09:21
pgaxatteI'm getting09:21
pgaxatteback on https://review.openstack.org/#/c/579477/09:21
pgaxatterakhmerov: you commented on bypassing policy for admin09:22
pgaxattebut I was wondering if this is a good idea and if other projects do these kind of override of policies09:23
pgaxatterakhmerov: also there is a lot a complexity if I want to check whether or not the workflow was public before the update because a definition can contain multiple workflows so what if one of them is public but the others are private?09:37
pgaxattenot sure I'm very clear :)09:37
rakhmerovpgaxatte: hi, as far as admin, may be you're right09:44
rakhmerovthis rule for admins can be disabled in policy.json itself, right?09:45
pgaxatteto me there should not be exception on the behavior defined in the policy09:45
rakhmerovon the complexity of that check, it should be easy, just load an object and see its scope09:46
pgaxatteI could want to disable public workflows entirely09:46
rakhmerovpgaxatte: yes, I mean that if needed, we can always enable this for admin just by adding a line in policy.json09:46
pgaxatterakhmerov: yes exactly09:47
pgaxattefrom what I understand, I need to extract the differents specs from the input, load the workflows from each spec and check their scope09:49
pgaxattebut then the "real" function will do that all over again09:49
pgaxattethat seems wasteful09:49
pgaxattethe real *update function09:51
rakhmerovno-no09:53
rakhmerovyou can just load an object from DB and check its "scope" field09:54
rakhmerovit's a plain string in a database field09:54
openstackgerritMerged openstack/mistral master: Add CloudFlow info to Mistral documentation  https://review.openstack.org/57988709:54
pgaxatteyes but in the update function on the controller, i don't know yet which workflows the user wants to update09:55
pgaxatteunless he gives me the identifier09:55
pgaxattewhich is just one simple case09:55
pgaxatteso I only have the specs to work with at this point09:55
pgaxatteneed to go, brb09:56
apetrichrakhmerov, do you know if there's an instance that we don't have a auth_url, don't have an user, password or token but have keystone auth?10:10
*** hardikjasani has quit IRC10:10
apetrichnot only an instance but an use case10:11
rakhmerovpgaxatte: ooh, yes, I see10:12
rakhmerovthat's not good, yes..10:13
rakhmerovbecause the request carries just the YAML body10:13
rakhmerovapetrich: how can it be? :)10:14
rakhmerovI assume it can be only in case of using a trust10:14
apetrichrakhmerov, let me explain better. There's an downstream bug that is pretty much if you don't pass the credentials the output is bad10:14
apetrichI'm investigating if it is worth upstream10:15
apetrichand what I'm seeing is that this conditions https://github.com/openstack/python-mistralclient/blob/master/mistralclient/shell.py#L574..L606 feel a bit weird but I'm trying to understand them10:16
apetrichif I don't give credentials I don't get any of these: auth_url, username, password, token but I get the auth_type=keystone because that is the default10:18
apetrichwhat I planned to do was if it is keystone you either need a (username and password) or a token but I'm not sure if that is true for keystone10:19
apetrichif it can work like all trust10:19
pgaxatterakhmerov: yes so maybe we can start with something very simple because the use case you described seems to require some heavy refactoring10:27
rakhmerovpgaxatte: ok10:32
rakhmerovagree10:32
rakhmerovapetrich: hm..10:46
rakhmerovsophisticated10:46
*** hardikjasani has joined #openstack-mistral10:46
*** quiquell is now known as quiquell|mtg10:50
apetrichrakhmerov, I'm asking some keystone people that I know but that seems a bit odd on a mostly tripleo openstack env. That's why I wanted to see your input11:09
rakhmerovapetrich: ok, I have to take a break. Will read again later and reply11:12
apetrichno worries :)11:15
*** yangyapeng has joined #openstack-mistral11:19
*** yangyapeng has quit IRC11:23
*** yangyapeng has joined #openstack-mistral11:23
*** quiquell|mtg is now known as quiquell11:35
*** josecastroleon has quit IRC11:57
*** josecastroleon has joined #openstack-mistral12:02
*** quiquell is now known as quiquell|lunch12:03
*** josecastroleon has quit IRC12:07
*** josecastroleon has joined #openstack-mistral12:50
*** quiquell|lunch is now known as quiquell12:54
openstackgerritPierre Gaxatte proposed openstack/mistral master: Add a policy to control the right to publish resources  https://review.openstack.org/57947713:24
*** hardikjasani has quit IRC13:30
*** quiquell is now known as quiquell|off13:49
*** josecastroleon has quit IRC13:59
*** pgaxatte has left #openstack-mistral14:29
*** pgaxatte has joined #openstack-mistral14:33
*** pgaxatte has left #openstack-mistral14:59
*** pgaxatte has joined #openstack-mistral15:30
*** shardy has quit IRC15:58
*** gkadam__ has quit IRC16:16
*** bobh has joined #openstack-mistral16:39
openstackgerritMerged openstack/mistral master: Refresh a number of retry a task when task was rerun  https://review.openstack.org/56964317:03
openstackgerritMerged openstack/mistral master: fix tox python3 overrides  https://review.openstack.org/57296717:03
*** josecastroleon has joined #openstack-mistral17:08
*** bobh has quit IRC17:14
*** josecastroleon has quit IRC18:52
*** josecastroleon has joined #openstack-mistral19:44
*** thrash is now known as thrash|g0ne20:00
*** josecastroleon has quit IRC20:23
*** threestrands has joined #openstack-mistral22:05
*** threestrands has quit IRC22:05
*** threestrands has joined #openstack-mistral22:05
*** threestrands has quit IRC22:06
*** pgaxatte has quit IRC23:09
*** nguyenhai93 has joined #openstack-mistral23:33
*** nguyenhai_ has quit IRC23:36
*** nguyenhai93 has quit IRC23:42
*** yangyapeng has quit IRC23:49
*** yangyapeng has joined #openstack-mistral23:50
*** yangyapeng has quit IRC23:54

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!