| *** ramineni_ has joined #congress | 02:57 | |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/congress: Updated from global requirements https://review.openstack.org/321668 | 02:59 |
|---|---|---|
| openstackgerrit | OpenStack Proposal Bot proposed openstack/python-congressclient: Updated from global requirements https://review.openstack.org/321716 | 03:05 |
| openstackgerrit | Merged openstack/python-congressclient: Updated from global requirements https://review.openstack.org/321716 | 04:22 |
| *** ramineni has joined #congress | 04:33 | |
| openstackgerrit | Masahito Muroi proposed openstack/congress: Use right method to get admin credential https://review.openstack.org/322732 | 05:56 |
| *** bryan_att has quit IRC | 06:03 | |
| evrardjp | good morning everyone | 07:21 |
| masahito | good morning | 07:30 |
| *** ramineni_ has quit IRC | 07:38 | |
| *** ramineni_ has joined #congress | 07:48 | |
| openstackgerrit | Anusha Ramineni proposed openstack/congress: Use right method to get admin credential https://review.openstack.org/322732 | 08:38 |
| *** masahito has quit IRC | 11:27 | |
| *** ramineni_ has quit IRC | 11:38 | |
| *** absubram has joined #congress | 12:54 | |
| *** absubram_ has joined #congress | 12:55 | |
| *** absubram has quit IRC | 12:59 | |
| *** absubram_ is now known as absubram | 12:59 | |
| *** absubram has quit IRC | 13:33 | |
| *** jaugustine has joined #congress | 14:41 | |
| *** bryan_att has joined #congress | 15:05 | |
| *** rena9067 has joined #congress | 15:13 | |
| *** openstackgerrit has quit IRC | 15:33 | |
| *** openstackgerrit has joined #congress | 15:33 | |
| *** thumpba has joined #congress | 16:18 | |
| *** thumpba has quit IRC | 16:23 | |
| *** thumpba has joined #congress | 16:24 | |
| *** thinrichs has joined #congress | 16:38 | |
| *** bryan_att has quit IRC | 17:33 | |
| *** dims has joined #congress | 17:44 | |
| dims | thinrichs : ping about PuLP dependencies (mimic) | 17:45 |
| dims | thinrichs : http://logs.openstack.org/18/323318/5/check/gate-requirements-tox-py27-with-upper-constraints/da59be4/console.html#_2016-05-31_17_20_43_028 | 17:45 |
| *** thinrichs has quit IRC | 17:45 | |
| dims | lol. i drove him away :) | 17:45 |
| *** jaugustine has quit IRC | 17:56 | |
| *** jaugustine has joined #congress | 17:58 | |
| *** ekcs has joined #congress | 18:04 | |
| *** dims has left #congress | 18:33 | |
| *** jaugustine has quit IRC | 18:37 | |
| *** dconde has joined #congress | 19:24 | |
| *** dconde has quit IRC | 19:51 | |
| *** dconde has joined #congress | 20:25 | |
| *** bryan_att has joined #congress | 20:55 | |
| *** thumpba has quit IRC | 21:03 | |
| *** rena9067 has quit IRC | 22:36 | |
| *** dconde has quit IRC | 22:46 | |
| *** dconde has joined #congress | 22:59 | |
| *** thinrichs has joined #congress | 23:12 | |
| Daviey | Hi, i'm wondering if congress would be suitable to help enforce (and provide) instance name to match a policy. Is this so? If so, any pointers? Thanks | 23:27 |
| thinrichs | Daviey: Not sure I understood exactly | 23:30 |
| thinrichs | You're asking if Congress can stop people from creating Nova instances with names that fail to satisfy some condition? | 23:30 |
| Daviey | thinrichs: exactly | 23:32 |
| thinrichs | Congress can't enforce that directly today, unless you have an API gateway and set it up to ask Congress a question before letting the API call go through. | 23:33 |
| Daviey | thinrichs: hmm.. i suppose it is nova lacking that feature? | 23:34 |
| thinrichs | Said another way, if someone uses the Nova API call directly to create a server, there's no way Congress will even know about that API call, until it reads the list of servers currently. | 23:34 |
| thinrichs | Nova doesn't ask Congress for permission to do things like creating a server either. | 23:35 |
| Daviey | thinrichs: but congress could detetc it as a policy violation after creation? | 23:35 |
| thinrichs | Daviey: yes | 23:35 |
| thinrichs | Daviey: Congress would detect the violation | 23:35 |
| thinrichs | (assuming the conditions on the name can be codified in the policy language) | 23:35 |
| Daviey | right | 23:36 |
| openstackgerrit | Merged openstack/congress: Use right method to get admin credential https://review.openstack.org/322732 | 23:36 |
| thinrichs | Someone did create a mechanism that forces Nova to ask Congress questions before executing API calls. | 23:36 |
| thinrichs | Let me see if it's in master. One sec. | 23:36 |
| Daviey | thinrichs: basically, ${region}${tenant}${last 2 octets of IP} | 23:37 |
| Daviey | thinrichs: I thought i saw the permission thing mentioned at the summit | 23:37 |
| thinrichs | Here's the contribution to Nova that uses Congress to filter API calls… | 23:37 |
| thinrichs | https://github.com/openstack/congress/tree/master/contrib/nova | 23:38 |
| Daviey | Ah Nice! | 23:38 |
| thinrichs | Daviey: we should be able to encode that policy on the instance name. There should be enough string manipulation. | 23:38 |
| Daviey | thinrichs: This is great! Thanks for your help | 23:39 |
| thinrichs | Daviey: Getting policies written the first time can be challenging, and we're always happy to help. | 23:40 |
| thinrichs | Don't hesitate to reach out! | 23:40 |
| Daviey | thinrichs: Thanks, appreciate it. I probably won't tack it until next week.. but i'll no doubt have questions. Thanks! | 23:42 |
| *** bryan_att has quit IRC | 23:43 | |
| thinrichs | Anytime. Good hunting. | 23:43 |
| *** dconde has quit IRC | 23:56 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!