Monday, 2016-11-28

« Sunday, 2016-11-27 Index Tuesday, 2016-11-29 »
*** VW has joined #craton00:31
*** VW has quit IRC00:35
*** VW has joined #craton00:37
*** VW has quit IRC00:45
*** VW has joined #craton01:11
*** VW has quit IRC01:36
*** VW has joined #craton01:39
*** valw has joined #craton02:38
*** valw has quit IRC02:43
*** VW has quit IRC06:06
*** valw has joined #craton06:40
*** valw has quit IRC06:44
*** VW has joined #craton07:07
*** Mudpuppy has quit IRC07:10
*** VW has quit IRC07:11
*** VW has joined #craton08:08
*** VW has quit IRC08:13
suloo/08:45
*** Mudpuppy has joined #craton09:41
*** Mudpuppy has quit IRC09:47
*** VW has joined #craton10:11
*** VW has quit IRC10:15
*** valw has joined #craton10:41
*** valw has quit IRC10:46
*** VW has joined #craton10:48
*** VW has quit IRC10:53
*** VW has joined #craton12:04
*** VW has quit IRC13:15
*** VW has joined #craton13:24
*** VW has quit IRC13:25
sigmavirusI can't quite figure out why http://logs.openstack.org/38/401438/1/check/gate-python-cratonclient-docs-ubuntu-xenial/45223c6/console.html.gz#_2016-11-23_21_36_47_610157 is having a "POST_FAILURE"13:29
* sulo just wasted hours today trying to figure out this workflow thing ...14:04
sigmavirussulo: what workflow thing?14:19
sigmavirus(also that gate just needed another recheck to fix the post_failure)14:19
*** VW has joined #craton14:24
*** openstackstatus has quit IRC14:28
*** openstackstatus has joined #craton14:28
*** VW has quit IRC14:29
*** valw has joined #craton14:42
*** valw has quit IRC14:42
*** VW has joined #craton14:43
*** valw has joined #craton14:43
jimbakersigmavirus, so i guess this is why my approval of https://review.openstack.org/#/c/401974/ is still stuck...14:46
jimbakersigmavirus, sulo - any thoughts on using openstack client as the way to work with our client? http://docs.openstack.org/developer/python-openstackclient/plugins.html14:49
jimbakeri don't think this came up in our discussions earlier, but it seems highly relevant now14:49
sigmavirusjimbaker: openstackclient has always been explicitly not operator focused iirc14:51
sigmaviruscraton is operator focused14:51
sigmavirusergo no14:51
sigmavirusjimbaker: I think you approved that change while zuul was dead14:52
jimbakersigmavirus, so recheck? what14:52
jimbakeris the magic incantation to move it along?14:52
jimbakergit-harry, palendae, sulo, sigmavirus - irc meeting in 5 min14:55
jimbakeron #openstack-meeting-414:55
jimbakerand anyone else interested!14:55
sulojimbaker: sigmavirus: i think that pr depends on another thats not merged yet14:55
jimbakersulo, so https://review.openstack.org/#/c/402016/ ?14:56
jimbakeri don't see dependencies on the review. but it's not like i know all of the intricacies of gerrit either14:57
suloyeah i agree its not very good at showing that14:58
sigmavirusjimbaker: sulo using gertty shows it pretty well14:59
jimbakerlet's try it out. https://review.openstack.org/#/c/402016/ is an obvious fix14:59
sigmavirusjimbaker: I believe Harry's out this week15:00
sigmavirusalso I started the meeting in -4 for us15:00
jimbakersigmavirus, that's what he mentioned on #rbcops15:00
jimbakeryeah, saw that15:00
sigmavirusjimbaker: you can continue chairing it :)15:00
jimbakerreally, you don't want to do this?15:01
sulosigmavirus: yeah thats what i use .. i am talking about the gerrit UI i think thats what jimbaker was looking at15:01
sigmavirusjimbaker: nah, just wanted to make sure we didn't lose track of the meeting15:01
* jimbaker is a very unsophisticated user of certain tooling ;)15:01
sigmavirusjimbaker: I'm happy to run meetings if you want15:01
sigmavirusthey'll just be short15:02
*** syed__ has joined #craton15:21
*** Mudpuppy has joined #craton15:23
*** valw has quit IRC15:44
*** valw has joined #craton15:44
*** valw has quit IRC15:49
*** valw has joined #craton15:59
jimbakersulo, re functional tests - i'm going to revisit16:00
sulosigmavirus: also you wanted to discuss something on rbac ?16:00
jimbakeri couldn't +1 it because it didn't work for me. so something screwed up, almost certainly on my end16:00
sulojimbaker: didnt work ?16:00
jimbakeryes, doesn't work. despite all the docker cleanup i did16:01
sulooh !?!16:01
*** david-lyle has quit IRC16:01
*** keekz has quit IRC16:01
sulowhat you getting for errors ?16:01
suloalso i added https://review.openstack.org/#/c/397872/7/tox.ini16:01
*** keekz has joined #craton16:02
suloso its separate from unit testing now16:02
jimbakersulo, last time i tried - and this was wed, maybe subsequent updates?16:02
jimbakerit just stalled indefinitely16:02
*** david-lyle has joined #craton16:02
sigmavirussulo: I want something to discuss about RBAC16:02
jimbakerso as i said, i will revisit16:02
sigmavirusI have questions and stuff to poke at, but it's still too ephemeral16:02
jimbaker(friday i focused on rbac)16:02
sigmavirusSo, I am refraining from getting into a rabbit hole with it right now16:03
jimbakersigmavirus, it is a rabbit hole16:03
sigmavirusright, I'm saving it for another day16:03
jimbakerthere's a reason why we haven't touched it for real until now16:03
sulosigmavirus: ok16:04
sulojimbaker: can you try again ?16:04
jimbakersulo, for sure16:05
suloi want to say its local to your setting but would love to find out why it would just stall16:05
jimbakersulo, yeah, i want to figure this out. after all, i'm a big proponent of this approach for craton :)16:06
jimbakersulo, re rbac - re https://gist.github.com/jimbaker/6a4fd7e07a16a318a45d7d1d96819040 (the rbac modeling code)16:07
*** VW_ has joined #craton16:07
jimbakeri think this is the simplest approach that is flexible enough16:07
*** VW_ has quit IRC16:08
jimbakerthere is still more work to do here. one specific thing that we discussed was a role that was based on a key prefix; or maybe a regex to be more general16:09
sigmavirusjimbaker: so what representation of a resource are we using for the rbac?16:10
sigmavirusThe route itself or something else?16:10
jimbakerbut that seems like something we could just add on to oslo.policy16:10
sigmavirusyou mean like "fleet:" as the prefix for a rule?16:10
jimbakersigmavirus, the actual resource, as mediated by a given rest api16:10
jimbakerfleet: is just the kind16:10
sigmavirusjimbaker: so, for example, `/v1/hosts`?16:11
*** VW has quit IRC16:11
sigmavirusor `GET /v1/hosts`?16:11
jimbakerso we can hook into oslo.policy. but tbh, i haven't done any such dev work yet. it seemed close enough to what oslo.policy actually does :)16:11
jimbakersigmavirus, so my assumption is that the rest api supporting /v1/hosts will be able to ask of the given resource - a host in this case - are you authorized by the roles associated with you for this user?16:13
jimbakersigmavirus, in the forward chaining that oslo.policy, we would somehow apply the results from https://gist.github.com/jimbaker/6a4fd7e07a16a318a45d7d1d96819040#file-gistfile1-txt-L6816:14
jimbakeror more precisely the usage in https://gist.github.com/jimbaker/6a4fd7e07a16a318a45d7d1d96819040#file-gistfile1-txt-L8116:15
jimbakerAPIs are not at all settled :)16:15
jimbakerbut the union-all implied by that seems to make sense to me16:15
*** VW has joined #craton16:16
jimbakersorry, better gist location - https://gist.github.com/jimbaker/6a4fd7e07a16a318a45d7d1d96819040#file-t-roles-py-L8116:20
jimbakeri should do a WIP change on gerrit. would work much better for actual discussion!16:21
sigmavirusjimbaker: so resource is even more fine grained, as in a particular host16:25
sigmavirusright?16:25
sigmavirusor device, or network device, etc.16:25
jimbakersigmavirus, yes16:27
jimbakeri assume no one would actually do that assignment16:28
jimbakerbut it could be done in principle16:28
sigmavirusOk, so then what do you expect resource to be then? You haven't really given me a firm answer for that16:28
*** VW has quit IRC16:29
jimbakersigmavirus, anything that mixins in RoleAssignmentMixin16:29
jimbakeryou would still need to actually use this in the corresponding rest api... this mixin only gives you scoped role assignments16:30
sigmavirusoh we're looking at doing this at the model layer16:30
jimbakersigmavirus, the model layer provides support16:31
sigmavirusRight, but you'd mix this in with Region, User, Project, Host, Device, etc.?16:31
sigmavirusor just Device (since Host subclasses Device)16:31
jimbakerDevice works, given subclass relationships16:31
jimbakerlikewise if we follow this model, mixin to Principal gives the ability to assign scoped roles to users and workflow16:32
jimbakerwhich could be interesting since it's principal, resource, role - but a resource could be a role16:32
*** VW has joined #craton16:33
*** VW has quit IRC16:33
jimbakerroom for debate!16:33
*** VW has joined #craton16:33
sigmavirusyeah, I need a firm description of what needs solving versus what we're solving fo16:34
sigmavirusAlso, https://review.openstack.org/401438 is now passing. The POST_FAILURES from last week were zuul issues16:36
jimbakergood to know16:45
jimbakerand yeah, this experiment on scoped triples for rbac is hopefully going to help firm this up16:46
jimbakerin terms of firming up, we will do in the context of user stories16:47
jimbakeran admin needs to configure a region; or a developer is defining a new workflow; or an operator needs to run a workflow on a cell16:48
jimbakerthat sort of thing16:48
*** VW has quit IRC16:53
*** jovon has joined #craton16:58
*** VW has joined #craton17:01
*** VW has quit IRC17:06
*** VW has joined #craton17:13
*** valw has quit IRC17:16
*** valw has joined #craton17:25
*** valw has quit IRC17:29
suloam i the only one having vidyo problems ?17:32
*** valw has joined #craton17:38
jovonI had issues recently because i am running OS sierra. Do you use a Mac?17:47
*** valw has quit IRC17:58
*** VW_ has joined #craton18:00
*** VW_ has quit IRC18:02
*** VW_ has joined #craton18:02
*** VW has quit IRC18:02
*** VW_ has quit IRC18:02
*** VW has joined #craton18:02
*** valw has joined #craton18:03
*** valw has quit IRC18:37
*** valw has joined #craton18:47
*** valw has quit IRC18:52
jimbakersulo, any thoughts on https://github.com/NerdWalletOSS/versionalchemy ? blog post here, https://www.nerdwallet.com/blog/engineering/versionalchemy-tracking-row-changes/19:00
jimbakeri like the approach of serializing the row into json. lighter weight than tracking more explicitly (that's the bitemporal approach i mentioned)19:02
jimbakerif we did do the heavier weight approach, ideally we would have db support. something like http://clarkdave.net/2015/02/historical-records-with-postgresql-and-temporal-tables-and-sql-2011/19:04
*** valw has joined #craton19:05
*** valw has quit IRC19:16
*** valw has joined #craton19:19
*** Mudpuppy has quit IRC19:29
*** VW has quit IRC19:34
*** VW has joined #craton19:34
*** VW has quit IRC19:36
*** valw has quit IRC19:38
*** valw has joined #craton19:40
*** Mudpuppy has joined #craton19:43
sigmavirusjovon: running sierra for a while19:49
*** VW has joined #craton19:53
*** VW has quit IRC19:55
*** VW has joined #craton20:00
syed__jimbaker: let me know when you get some time, need to discuss few things about rbac20:03
syed__I would appreciate if everyone raises bugs and then fix them, makes tracking a lot easier :)20:04
*** VW has quit IRC20:05
*** VW has joined #craton20:10
syed__jimbaker: I like the VersionAlchemy , its pretty cool20:30
*** VW has quit IRC20:37
*** VW has joined #craton20:37
jimbakersyed__, yeah, that's something we need to do a better job of20:46
*** valw has quit IRC20:56
*** valw has joined #craton21:01
*** valw has quit IRC21:33
*** VW has quit IRC21:44
*** valw has joined #craton21:47
*** VW has joined #craton21:49
*** valw has quit IRC21:51
*** valw has joined #craton21:52
*** valw has quit IRC21:54
*** valw has joined #craton21:56
*** VW has quit IRC21:57
*** VW has joined #craton21:59
*** Mudpuppy has quit IRC22:07
*** valw has quit IRC22:07
jimbakersyed__, re rbac, can we discuss further in about 30 min?22:27
jimbakeri will walk you through my thoughts on scoped roles22:28
jimbakerit will be interesting to compare with say https://technet.microsoft.com/en-us/library/dd335146%28v=exchg.150%29.aspx22:28
jimbakerin active directory22:28
jimbakerbrb22:29
*** VW has quit IRC22:41
*** VW has joined #craton22:44
*** VW has quit IRC22:51
*** valw has joined #craton23:05
jimbakersulo, so tox -e functional works fine on ubuntu 16.04; but stalls for me on os x23:09
jimbakergiven that os x is not a true target, and given that the functional test now can be run as a separate test env, it's fine for now. we can look at os x in the future23:10
*** valw has quit IRC23:13
*** jovon has quit IRC23:18
jimbakersyed__, we can also discuss rbac tomorrow. maybe briefly in tomorrow's vidyo meeting23:25
jimbakeri still need to convince sigmavirus after all :)23:25
*** VW has joined #craton23:38
*** VW has quit IRC23:43
syed__jimbaker: sounds good23:52
syed__Tomorrow it is then23:52
syed__:)23:52
jimbakercool23:53
jimbakersyed, do read up on those two active directory links i sent you23:53
jimbakerthis should give you context in terms of the modeling thoughts i have23:53
jimbakerthe other thing is to look at http://docs.openstack.org/developer/oslo.policy/api/oslo_policy.html#oslo_policy.policy.register and corresponding logic, such as the Check class23:54
jimbakersyed__, ideally you can write this code23:54
jimbakeri think the scoped role assignment is pretty much implemented at this point in the gist i shared earlier (https://gist.github.com/jimbaker/6a4fd7e07a16a318a45d7d1d96819040)23:55
jimbakerin terms of what active directory calls regular scoped role assignments23:55
jimbakerexclusive scope would seem to be a straightforward extension where instead of doing a union-all of all the scopes in the hierarchy, it's a more complex combination23:57
jimbakermuch like describing a penguin as a bird; or a platypus as a mammal :)23:58
jimbakerjust need to provide an exclusion mechanism23:58
jimbakerwhen using generalizations23:59
jimbakeranyway, i'm finally making headway on writing the blueprint for this functionality23:59
jimbakerand hope to do the same on virtualized variables, which we need right now23:59
« Sunday, 2016-11-27 Index Tuesday, 2016-11-29 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!