Tuesday, 2016-05-31

*** ramineni_ has joined #congress02:57
openstackgerritOpenStack Proposal Bot proposed openstack/congress: Updated from global requirements  https://review.openstack.org/32166802:59
openstackgerritOpenStack Proposal Bot proposed openstack/python-congressclient: Updated from global requirements  https://review.openstack.org/32171603:05
openstackgerritMerged openstack/python-congressclient: Updated from global requirements  https://review.openstack.org/32171604:22
*** ramineni has joined #congress04:33
openstackgerritMasahito Muroi proposed openstack/congress: Use right method to get admin credential  https://review.openstack.org/32273205:56
*** bryan_att has quit IRC06:03
evrardjpgood morning everyone07:21
masahitogood morning07:30
*** ramineni_ has quit IRC07:38
*** ramineni_ has joined #congress07:48
openstackgerritAnusha Ramineni proposed openstack/congress: Use right method to get admin credential  https://review.openstack.org/32273208:38
*** masahito has quit IRC11:27
*** ramineni_ has quit IRC11:38
*** absubram has joined #congress12:54
*** absubram_ has joined #congress12:55
*** absubram has quit IRC12:59
*** absubram_ is now known as absubram12:59
*** absubram has quit IRC13:33
*** jaugustine has joined #congress14:41
*** bryan_att has joined #congress15:05
*** rena9067 has joined #congress15:13
*** openstackgerrit has quit IRC15:33
*** openstackgerrit has joined #congress15:33
*** thumpba has joined #congress16:18
*** thumpba has quit IRC16:23
*** thumpba has joined #congress16:24
*** thinrichs has joined #congress16:38
*** bryan_att has quit IRC17:33
*** dims has joined #congress17:44
dimsthinrichs : ping about PuLP dependencies (mimic)17:45
dimsthinrichs : http://logs.openstack.org/18/323318/5/check/gate-requirements-tox-py27-with-upper-constraints/da59be4/console.html#_2016-05-31_17_20_43_02817:45
*** thinrichs has quit IRC17:45
dimslol. i drove him away :)17:45
*** jaugustine has quit IRC17:56
*** jaugustine has joined #congress17:58
*** ekcs has joined #congress18:04
*** dims has left #congress18:33
*** jaugustine has quit IRC18:37
*** dconde has joined #congress19:24
*** dconde has quit IRC19:51
*** dconde has joined #congress20:25
*** bryan_att has joined #congress20:55
*** thumpba has quit IRC21:03
*** rena9067 has quit IRC22:36
*** dconde has quit IRC22:46
*** dconde has joined #congress22:59
*** thinrichs has joined #congress23:12
DavieyHi, i'm wondering if congress would be suitable to help enforce (and provide) instance name to match a policy.  Is this so? If so, any pointers?  Thanks23:27
thinrichsDaviey: Not sure I understood exactly23:30
thinrichsYou're asking if Congress can stop people from creating Nova instances with names that fail to satisfy some condition?23:30
Davieythinrichs: exactly23:32
thinrichsCongress can't enforce that directly today, unless you have an API gateway and set it up to ask Congress a question before letting the API call go through.23:33
Davieythinrichs: hmm.. i suppose it is nova lacking that feature?23:34
thinrichsSaid another way, if someone uses the Nova API call directly to create a server, there's no way Congress will even know about that API call, until it reads the list of servers currently.23:34
thinrichsNova doesn't ask Congress for permission to do things like creating a server either.23:35
Davieythinrichs: but congress could detetc it as a policy violation after creation?23:35
thinrichsDaviey: yes23:35
thinrichsDaviey: Congress would detect the violation23:35
thinrichs(assuming the conditions on the name can be codified in the policy language)23:35
openstackgerritMerged openstack/congress: Use right method to get admin credential  https://review.openstack.org/32273223:36
thinrichsSomeone did create a mechanism that forces Nova to ask Congress questions before executing API calls.23:36
thinrichsLet me see if it's in master.  One sec.23:36
Davieythinrichs: basically, ${region}${tenant}${last 2 octets of IP}23:37
Davieythinrichs: I thought i saw the permission thing mentioned at the summit23:37
thinrichsHere's the contribution to Nova that uses Congress to filter API calls…23:37
DavieyAh Nice!23:38
thinrichsDaviey: we should be able to encode that policy on the instance name.  There should be enough string manipulation.23:38
Davieythinrichs: This is great!  Thanks for your help23:39
thinrichsDaviey: Getting policies written the first time can be challenging, and we're always happy to help.23:40
thinrichsDon't hesitate to reach out!23:40
Davieythinrichs: Thanks, appreciate it.  I probably won't tack it until next week.. but i'll no doubt have questions.  Thanks!23:42
*** bryan_att has quit IRC23:43
thinrichsAnytime.  Good hunting.23:43
*** dconde has quit IRC23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!