| jakeyip | mnasiadka: hm concerning | 10:30 |
|---|---|---|
| jakeyip | we need to decide what will make the cut for B. | 10:32 |
| opendevreview | Jake Yip proposed openstack/magnum master: Remove cluster_user https://review.opendev.org/c/openstack/magnum/+/891971 | 11:46 |
| jakeyip | hi ricolin I was testing your rbac patch after you updated the scope for trusts. I found the following ^ can you take a look and let me know if this is correct? | 11:48 |
| mnasiadka | jakeyip: I think we need to focus on the RBAC patches and some other things and come back to CAPI beginning of C - but really beginning ;-) | 12:18 |
| jakeyip | mnasiadka: I'm less worried about CAPI than RBAC. CAPI we can disable by default and it will not affect anything. | 13:01 |
| mnasiadka | jakeyip: I'm still worried that a single mgmt cluster will not fit most environments, after all mgmt cluster has credentials for all workload clusters it manages - so it's a potential security risk - imagine those multi tenant public OpenStack clouds | 13:03 |
| mnasiadka | jakeyip: so while beta version with support for a single cluster probably is fine, we'd need to improve that support in C and write that anything can change in the capi driver and we take no responsibility ;) | 13:25 |
| jakeyip | mnasiadka: I agree, reno will say this driver is beta, not for production, and will change without notice in future versions of Magnum | 23:32 |
| jakeyip | mnasiadka: I am thinking of your security concerns, let me see if I can address it | 23:33 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!