Monday, 2017-01-09

« Sunday, 2017-01-08 Index Tuesday, 2017-01-10 »
*** VW has joined #craton00:28
*** VW has quit IRC00:33
*** palendae has quit IRC01:12
*** wirehead_ has quit IRC01:12
*** b3rn-n00dl3s has quit IRC01:12
*** wirehead_1 has joined #craton01:12
*** palendae has joined #craton01:13
*** palendae is now known as Guest6470101:13
*** Guest64701 is now known as palendae01:14
*** b3rn-n00dl3s has joined #craton01:17
*** ChanServ sets mode: +o b3rn-n00dl3s01:17
*** izaakk has quit IRC01:23
*** lcastell has quit IRC01:23
*** lcastell has joined #craton01:24
*** izaakk has joined #craton01:28
*** valw has joined #craton01:51
*** Mudpuppy_ has joined #craton02:03
*** VW has joined #craton02:31
*** VW has quit IRC02:35
*** turvey has quit IRC02:42
*** b3rn-n00dl3s has quit IRC02:42
*** Tamayo has quit IRC02:42
*** turvey has joined #craton02:42
*** Tamayo has joined #craton02:45
*** b3rn-n00dl3s has joined #craton02:45
*** ChanServ sets mode: +o b3rn-n00dl3s02:45
*** david-lyle has quit IRC02:55
*** VW has joined #craton02:58
*** valw has quit IRC03:02
*** valw has joined #craton03:03
*** Mudpuppy_ has quit IRC03:25
*** valw has quit IRC03:27
*** valw has joined #craton03:36
*** valw has quit IRC03:55
*** valw has joined #craton04:07
*** VW has quit IRC04:10
*** VW has joined #craton04:14
*** valw has quit IRC04:27
*** VW has quit IRC04:39
*** ediardo has quit IRC06:32
*** ediardo has joined #craton06:33
*** VW has joined #craton06:40
*** VW has quit IRC06:44
*** tojuvone has quit IRC08:14
*** VW has joined #craton10:03
*** VW has quit IRC10:07
*** VW has joined #craton12:18
*** VW has quit IRC12:23
*** valw has joined #craton12:31
*** valw has quit IRC12:36
*** VW has joined #craton14:03
*** VW has quit IRC14:07
*** VW has joined #craton14:07
*** valw has joined #craton14:32
*** valw has quit IRC14:36
jimbakergit-harry, palendae, sigmavirus, sulo, others interested - craton weekly meeting resumes in 10 min on #openstack-meeting-4. let's kickoff some great work in 2017!14:50
*** VW has quit IRC14:53
*** Mudpuppy_ has joined #craton15:01
*** valw has joined #craton15:34
*** Syed__ has joined #craton15:39
*** VW has joined #craton15:42
*** VW has quit IRC15:43
*** VW has joined #craton15:43
*** valw has quit IRC15:45
*** valw has joined #craton15:45
*** valw has quit IRC15:50
*** valw has joined #craton15:52
*** valw_ has joined #craton15:55
*** valw has quit IRC15:57
jimbakerpalendae, maybe retrieving variables uses a default namespace unless other namespaces are *imported* by the query? that could work well. again it's just a question of who does the filtering16:42
*** valw_ has quit IRC16:51
*** valw has joined #craton16:54
*** valw has quit IRC17:10
*** rainya has joined #craton17:14
*** VW has quit IRC17:15
*** VW has joined #craton17:17
*** rainya has quit IRC17:18
*** rainya has joined #craton17:20
*** VW has quit IRC17:22
*** VW has joined #craton17:22
jimbakerSyed__, are you still working on https://review.openstack.org/#/c/396750/ ?17:29
Syed__I haven't been looking into that lately but i need to. will look into it today17:30
jimbakerSyed__, also updated https://gist.github.com/jimbaker/faa6288a8fcd9ba736f950435a901537 with the change i mentioned in today's meeting17:31
jimbakerit's very trivial in terms of usage, just took some time to figure out how to use the api properly17:31
*** jovon has joined #craton17:32
jimbakerbasically need to have what amounts to asserting that the role assignment exists for both target resource AND the credential of the principal. then standard chaining by the enforce method so the desired role can be proven to be in effect (or not)17:33
jimbakeragain more in my writeup later this week17:33
jimbakerbut the net of it is that implementing the policy.json stuff is going to be easy, at least with respect to scoped role assignments17:34
jimbakersigmavirus, it's interesting to see that of the various openstack projects i track at the source level (to better understand decision making), namely barbican, cinder, keystone, magnum, nova, only cinder uses osprofiler. of course you would know about its possible problems!17:39
sigmavirusjimbaker: glance has support for it17:40
sigmavirusI think Nova does too17:40
sigmavirusAs in, an operator can enable it17:40
jimbakersigmavirus, ahh, sorry, you have been working in glance, right?17:41
sigmavirusCorrect17:41
sigmavirusbarbican and magnum, though, are fairly immature projects17:41
sigmavirus(by Foundation measures)17:41
jimbakerwill have to contrast and compare17:41
sigmavirusSo I'm not sure looking at them is the best judge of usage17:41
jimbakeri'm interested in immature projects, because sometimes they don't have cruft17:42
jimbakerjust part of my overall code archeology work...17:42
Syed__Yeap seems like policy.json work should be pretty straight forward17:43
Syed__jimbaker: is this script working ?17:43
jimbakerSyed__, yes17:44
jimbakerbut only on python 3.517:44
Syed__so this is how i am doing it17:44
jimbakerfwiw17:44
Syed__yeah python 3.5 is what i am using17:45
Syed__https://www.irccloud.com/pastebin/MjfyuUtB/17:45
jimbakerok, i wonder how you can get a different result. gist?17:45
jimbakerSyed__, so i'm interested in the second script here17:45
jimbakerin the gist i attached17:46
Syed__yeah i am using the same gist as you have put up and its giving me oslo_policy.policy.PolicyNotAuthorized: {} is disallowed by policy rule example:lowercase_admin with {}17:46
*** valw has joined #craton17:47
jimbakeras for the old script17:47
jimbakerthat's the expected behavior17:47
Syed__https://gist.github.com/ahsan518/8b4996bd224943cf1a2c752761d56faf17:48
jimbakeri was exploring what it took to get the oslo_policy.policy.PolicyNotAuthorized exception in the second usage, without admin credentials17:48
jimbakeranyway, try it out some more. but looks like you're getting what i'm seeing, which is important :)17:49
Syed__hmm17:49
jimbakerso again old script is t-policy.py17:49
jimbakernew script is t-policy-using-role-assignment.py17:49
jimbakerorder got jumbled with the addition. whatever17:50
Syed__i see.17:50
Syed__okay yeah new script works fine.. Let me look in the older one17:50
Syed__just wanted to confirm17:50
jimbakeryeah, you are seeing the right behavior17:50
Syed__thanks17:50
jimbakerfirst enforce succeeds; second fails in the old script. as expected17:51
jimbakerwe still need to figure out policy registration, for kinds like fleet:17:51
jimbakerSyed__, maybe you can take a look at that part of the API17:51
jimbakerbasically make it work to use the authorize method instead17:51
Syed__Sure i will17:52
jimbakerSyed__, simply try replacing enforce with authorize17:52
jimbakeri'm sure this is documented in the oslo.policy tests17:52
jimbakerjust not very well documented in the actual docs17:53
Syed__yeap i looked into authorize but wasn't able to find much about it17:54
jimbakeri know it has something to do with the various registration methods, but i just haven't had time to really figure out why. but surely this is straightforward ;)17:54
jimbakeroslo.policy implements some subset of prolog. i'm just not sure what part :)17:55
*** VW has quit IRC18:10
sigmavirusjimbaker: found a bunch of typos in the spec while updating it with your copy-editing18:12
jimbakercool, please make more awesome18:12
jimbakeralso it looks it's available for review, i will take a look18:13
*** valw has quit IRC18:18
*** VW has joined #craton18:19
*** valw has joined #craton18:21
*** harlowja_ has joined #craton18:31
*** harlowja has quit IRC18:31
*** VW has quit IRC18:42
*** VW has joined #craton18:43
*** valw has quit IRC18:54
*** valw has joined #craton18:56
*** valw has quit IRC19:07
*** valw has joined #craton19:12
*** rainya has quit IRC19:27
*** valw has quit IRC19:27
*** jovon has quit IRC19:50
*** valw has joined #craton20:01
*** jovon has joined #craton20:26
*** valw has quit IRC20:26
*** valw has joined #craton20:26
*** valw has quit IRC20:36
*** valw has joined #craton20:57
*** valw has quit IRC21:48
*** Mudpuppy_ has quit IRC21:52
*** jovon has quit IRC23:00
*** harlowja_ has quit IRC23:40
*** Mudpuppy_ has joined #craton23:40
*** harlowja has joined #craton23:41
« Sunday, 2017-01-08 Index Tuesday, 2017-01-10 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!