| openstackgerrit | Ghanshyam Mann proposed openstack/keystone master: [goal] Migrate testing to ubuntu focal https://review.opendev.org/743117 | 02:25 |
|---|---|---|
| *** dave-mccowan has quit IRC | 02:44 | |
| *** evrardjp has quit IRC | 04:33 | |
| *** evrardjp has joined #openstack-keystone | 04:33 | |
| *** abdysn has joined #openstack-keystone | 05:26 | |
| *** rakhmerov has joined #openstack-keystone | 06:12 | |
| *** xek has joined #openstack-keystone | 06:26 | |
| *** vishalmanchanda has joined #openstack-keystone | 06:49 | |
| *** bengates has joined #openstack-keystone | 07:16 | |
| openstackgerrit | Vishakha Agarwal proposed openstack/keystone master: Fix user creation with GRANT in MySQL 8.0(Ubuntu Focal) https://review.opendev.org/746451 | 08:13 |
| *** shyamb has joined #openstack-keystone | 09:30 | |
| *** shyamb has quit IRC | 09:41 | |
| *** shyamb has joined #openstack-keystone | 09:45 | |
| *** shyamb has quit IRC | 09:53 | |
| *** shyamb has joined #openstack-keystone | 09:53 | |
| *** tkajinam has quit IRC | 09:55 | |
| *** Luzi has joined #openstack-keystone | 09:59 | |
| *** tkajinam has joined #openstack-keystone | 11:27 | |
| *** dave-mccowan has joined #openstack-keystone | 11:39 | |
| *** raildo has joined #openstack-keystone | 11:49 | |
| *** lbragstad has quit IRC | 12:32 | |
| *** dave-mccowan has quit IRC | 12:32 | |
| *** shyamb has quit IRC | 12:39 | |
| *** dave-mccowan has joined #openstack-keystone | 12:39 | |
| *** lbragstad has joined #openstack-keystone | 12:43 | |
| *** Luzi has quit IRC | 13:26 | |
| *** tkajinam has quit IRC | 14:06 | |
| *** abdysn has quit IRC | 14:14 | |
| *** gyee has joined #openstack-keystone | 14:58 | |
| *** bengates has quit IRC | 15:35 | |
| *** bengates has joined #openstack-keystone | 15:36 | |
| *** bengates has quit IRC | 15:41 | |
| *** vishalmanchanda has quit IRC | 17:37 | |
| *** hoonetorg has joined #openstack-keystone | 18:29 | |
| *** nsmeds has joined #openstack-keystone | 19:48 | |
| nsmeds | Hey Keystone peeps, was hoping to get some advice. We recently deployed OpenStack Train for internal teams. We're trying to decide what's the easiest/"best" way to organize ourselves: a) give each team a project and set quotas per project, or b) give each team a domain and set quotas per domain. | 19:52 |
| nsmeds | Users are requesting domains so they have more freedom in terms of organization, which makes sense. But providing them a "domain-level admin" user does not appear simple. | 19:53 |
| nsmeds | i.e. the provided `admin` user is too permissive and allows users to create new domains/etc. And provided member or _member_ user does not allow them to create new projects/etc. | 19:54 |
| nsmeds | Is there any recommendations for solving this? We discovered policy.json, which we can use to create additional roles/policies for those roles - but it's a bit overwhelming at first glance. Does anyone have examples/recommendations for setting up a domain-level admin role? | 19:55 |
| nsmeds | We're currently fiddling with policy.json and will see where we get - but figured I'd check in here as well. Thanks! | 19:56 |
| *** xek has quit IRC | 21:00 | |
| *** raildo has quit IRC | 21:22 | |
| *** rcernin has joined #openstack-keystone | 22:33 | |
| *** tkajinam has joined #openstack-keystone | 23:07 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!