Network would be shown to a member but IP allocation would be denied?
Hi,
I am currently testing kolla-ansible using the latest release. During the creation of an external/provider network ("public"), I have observed that a non-admin project ("test") can view the network and allocate IP addresses for routers, for example. I would like to restrict this behavior so that the external network is listable (openstack network list), but IP allocation is denied.
I have experimented with RBAC rules, creating a new role ("view-only") and assigning it to a user ("user") in the "test" project. I modified the policy.yaml files in both Neutron and Horizon as outlined in the documentation ( https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration... ).
Below are the snippets from my neutron/policy.yaml and horizon/neutron_policy.yaml files created following the sample https://docs.openstack.org/neutron/2023.2/configuration/policy-sample.html
policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
neutron_policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
After deploying Neutron and Horizon, I adjusted the default RBAC policy so that the "External Network" action only affects the "admin" project, not "*". While the admin can still see the public network, the test project user with the "view_only" role cannot see the "public" network. Enabling the RBAC policy for the "test" project allows the network to be visible, but it also enables the member of the project ("user") to reserve IP addresses for network components.
I'm seeking guidance on where to find more information about policies to achieve the desired functionality. Should I redeploy all the services, or is depolying Neutron and Horizon sufficient? Am I on the right track with my policy tests, or is there a simpler way to achieve this functionality?
Thank you very much for your assistance!
Hi,
Dnia sobota, 9 marca 2024 10:05:03 CET Mika Saari pisze:
Hi,
I am currently testing kolla-ansible using the latest release. During the creation of an external/provider network ("public"), I have observed that a non-admin project ("test") can view the network and allocate IP addresses for routers, for example. I would like to restrict this behavior so that the external network is listable (openstack network list), but IP allocation is denied.
I have experimented with RBAC rules, creating a new role ("view-only") and assigning it to a user ("user") in the "test" project. I modified the policy.yaml files in both Neutron and Horizon as outlined in the documentation ( https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration... ).
Below are the snippets from my neutron/policy.yaml and horizon/neutron_policy.yaml files created following the sample https://docs.openstack.org/neutron/2023.2/configuration/policy-sample.html
policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
neutron_policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
After deploying Neutron and Horizon, I adjusted the default RBAC policy so that the "External Network" action only affects the "admin" project, not "*". While the admin can still see the public network, the test project user with the "view_only" role cannot see the "public" network. Enabling the RBAC policy for the "test" project allows the network to be visible, but it also enables the member of the project ("user") to reserve IP addresses for network components.
I'm seeking guidance on where to find more information about policies to achieve the desired functionality. Should I redeploy all the services, or is depolying Neutron and Horizon sufficient? Am I on the right track with my policy tests, or is there a simpler way to achieve this functionality?
Thank you very much for your assistance!
I'm not 100% sure what You want to achieve but first of all there is "reader" role and policies for reader role implemented in neutron already. This role allows only to see things like networks but not create anything there. Would it be enough for You? If not, can You maybe share Your whole policy.yaml file from Neutron? I will try to apply it on my dev env and try to check it then.
Also, please not that if You will assign second role for same user, it doesn't mean that previous one will not work at all. Both roles will be assigned to that user so if he has e.g. "member" role still, he will be able to do everything what "member" can do.
Hi,
I have been trying to understand what I really want myself here. Basically currently I do have two goals.
1) Floating IP port forwarding can be created by project member 2) Only admin can create ports to network/subnet "public" which is external network. But the network still must be available for reading for different projects than "admin" project.
My current policy,yaml create_floatingip_port_forwarding: (role:member) get_floatingip_port_forwarding: (role:member) update_floatingip_port_forwarding: (role:member) delete_floatingip_port_forwarding: (role:member)
With this change I can fullfill the first goal. Now member can add port forwarding
The second goal I haven't still been able to fullfill. Admin created the public network and subnet. When I login with different account to test project, the member can create a port to public (external) network. If I try next rule: (rule:admin_only) or (role:member and rule:network_owner)
The port creation is now disabled but I can not add ports to networks which has been created by my test account to my test project. So basically I just would like to restrict create_port to the public network, but still the project member (test user) could create ports to networks which member has created him/herself.
Thanks a lot!
On Tue, 12 Mar 2024 at 10:58, Sławek Kapłoński skaplons@redhat.com wrote:
Hi,
Dnia sobota, 9 marca 2024 10:05:03 CET Mika Saari pisze:
Hi,
I am currently testing kolla-ansible using the latest release. During
the
creation of an external/provider network ("public"), I have observed
that a
non-admin project ("test") can view the network and allocate IP addresses for routers, for example. I would like to restrict this behavior so that the external network is listable (openstack network list), but IP allocation is denied.
I have experimented with RBAC rules, creating a new role ("view-only") and assigning it to a user ("user") in the "test" project. I modified the policy.yaml files in both Neutron and Horizon as outlined in the documentation (
https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration...
).
Below are the snippets from my neutron/policy.yaml and horizon/neutron_policy.yaml files created following the sample
https://docs.openstack.org/neutron/2023.2/configuration/policy-sample.html
policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
neutron_policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
After deploying Neutron and Horizon, I adjusted the default RBAC policy
so
that the "External Network" action only affects the "admin" project, not "*". While the admin can still see the public network, the test project user with the "view_only" role cannot see the "public" network. Enabling the RBAC policy for the "test" project allows the network to be visible, but it also enables the member of the project ("user") to reserve IP addresses for network components.
I'm seeking guidance on where to find more information about policies
to
achieve the desired functionality. Should I redeploy all the services, or is depolying Neutron and Horizon sufficient? Am I on the right track with my policy tests, or is there a simpler way to achieve this functionality?
Thank you very much for your assistance!
I'm not 100% sure what You want to achieve but first of all there is "reader" role and policies for reader role implemented in neutron already. This role allows only to see things like networks but not create anything there. Would it be enough for You? If not, can You maybe share Your whole policy.yaml file from Neutron? I will try to apply it on my dev env and try to check it then.
Also, please not that if You will assign second role for same user, it doesn't mean that previous one will not work at all. Both roles will be assigned to that user so if he has e.g. "member" role still, he will be able to do everything what "member" can do.
-- Slawek Kaplonski Principal Software Engineer Red Hat
Hi again,
Thinking here if it is possible somehow to compare in the policy that when creating a new port, the user's default_project_id is the same as the project_id of the network where the port is going to be created? This way the port could be created only to the network which is created by the project member.
Thanks a lot!
On Wed, 20 Mar 2024 at 21:32, Mika Saari mika.saari@simua.com wrote:
Hi,
I have been trying to understand what I really want myself here. Basically currently I do have two goals.
- Floating IP port forwarding can be created by project member
- Only admin can create ports to network/subnet "public" which is
external network. But the network still must be available for reading for different projects than "admin" project.
My current policy,yaml create_floatingip_port_forwarding: (role:member) get_floatingip_port_forwarding: (role:member) update_floatingip_port_forwarding: (role:member) delete_floatingip_port_forwarding: (role:member)
With this change I can fullfill the first goal. Now member can add port forwarding
The second goal I haven't still been able to fullfill. Admin created the public network and subnet. When I login with different account to test project, the member can create a port to public (external) network. If I try next rule: (rule:admin_only) or (role:member and rule:network_owner)
The port creation is now disabled but I can not add ports to networks which has been created by my test account to my test project. So basically I just would like to restrict create_port to the public network, but still the project member (test user) could create ports to networks which member has created him/herself.
Thanks a lot!
On Tue, 12 Mar 2024 at 10:58, Sławek Kapłoński skaplons@redhat.com wrote:
Hi,
Dnia sobota, 9 marca 2024 10:05:03 CET Mika Saari pisze:
Hi,
I am currently testing kolla-ansible using the latest release. During
the
creation of an external/provider network ("public"), I have observed
that a
non-admin project ("test") can view the network and allocate IP
addresses
for routers, for example. I would like to restrict this behavior so that the external network is listable (openstack network list), but IP allocation is denied.
I have experimented with RBAC rules, creating a new role ("view-only") and assigning it to a user ("user") in the "test" project. I modified
the
policy.yaml files in both Neutron and Horizon as outlined in the documentation (
https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration...
).
Below are the snippets from my neutron/policy.yaml and horizon/neutron_policy.yaml files created following the sample
https://docs.openstack.org/neutron/2023.2/configuration/policy-sample.html
policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
neutron_policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
After deploying Neutron and Horizon, I adjusted the default RBAC policy
so
that the "External Network" action only affects the "admin" project, not "*". While the admin can still see the public network, the test project user with the "view_only" role cannot see the "public" network. Enabling the RBAC policy for the "test" project allows the network to be visible, but it also enables the member of the project ("user") to reserve IP addresses for network components.
I'm seeking guidance on where to find more information about policies
to
achieve the desired functionality. Should I redeploy all the services,
or
is depolying Neutron and Horizon sufficient? Am I on the right track
with
my policy tests, or is there a simpler way to achieve this
functionality?
Thank you very much for your assistance!
I'm not 100% sure what You want to achieve but first of all there is "reader" role and policies for reader role implemented in neutron already. This role allows only to see things like networks but not create anything there. Would it be enough for You? If not, can You maybe share Your whole policy.yaml file from Neutron? I will try to apply it on my dev env and try to check it then.
Also, please not that if You will assign second role for same user, it doesn't mean that previous one will not work at all. Both roles will be assigned to that user so if he has e.g. "member" role still, he will be able to do everything what "member" can do.
-- Slawek Kaplonski Principal Software Engineer Red Hat
Hi,
Dnia środa, 20 marca 2024 20:32:07 CET Mika Saari pisze:
Hi,
I have been trying to understand what I really want myself here. Basically currently I do have two goals.
- Floating IP port forwarding can be created by project member
- Only admin can create ports to network/subnet "public" which is
external network. But the network still must be available for reading for different projects than "admin" project.
My current policy,yaml create_floatingip_port_forwarding: (role:member) get_floatingip_port_forwarding: (role:member) update_floatingip_port_forwarding: (role:member) delete_floatingip_port_forwarding: (role:member)
With this change I can fullfill the first goal. Now member can add port forwarding
The second goal I haven't still been able to fullfill. Admin created the public network and subnet. When I login with different account to test project, the member can create a port to public (external) network. If I try next rule: (rule:admin_only) or (role:member and rule:network_owner)
The port creation is now disabled but I can not add ports to networks which has been created by my test account to my test project. So basically I just would like to restrict create_port to the public network, but still the project member (test user) could create ports to networks which member has created him/herself.
Please check rule NET_OWNER_MEMBER which is defined in https://github.com/openstack/neutron/blob/master/neutron/conf/policies/base.... IIUC this should be used by you in the 'create_port' policy.
Thanks a lot!
On Tue, 12 Mar 2024 at 10:58, Sławek Kapłoński skaplons@redhat.com wrote:
Hi,
Dnia sobota, 9 marca 2024 10:05:03 CET Mika Saari pisze:
Hi,
I am currently testing kolla-ansible using the latest release. During
the
creation of an external/provider network ("public"), I have observed
that a
non-admin project ("test") can view the network and allocate IP addresses for routers, for example. I would like to restrict this behavior so that the external network is listable (openstack network list), but IP allocation is denied.
I have experimented with RBAC rules, creating a new role ("view-only") and assigning it to a user ("user") in the "test" project. I modified the policy.yaml files in both Neutron and Horizon as outlined in the documentation (
https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration...
).
Below are the snippets from my neutron/policy.yaml and horizon/neutron_policy.yaml files created following the sample
https://docs.openstack.org/neutron/2023.2/configuration/policy-sample.html
policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
neutron_policy.yaml get_network: "(rule:admin_only) or (role:view_only)" get_subnet: "(rule:admin_only) or (role:view_only)" get_port: "(rule:admin_only) or (role:view_only)" get_router: "(rule:admin_only) or (role:view_only)"
After deploying Neutron and Horizon, I adjusted the default RBAC policy
so
that the "External Network" action only affects the "admin" project, not "*". While the admin can still see the public network, the test project user with the "view_only" role cannot see the "public" network. Enabling the RBAC policy for the "test" project allows the network to be visible, but it also enables the member of the project ("user") to reserve IP addresses for network components.
I'm seeking guidance on where to find more information about policies
to
achieve the desired functionality. Should I redeploy all the services, or is depolying Neutron and Horizon sufficient? Am I on the right track with my policy tests, or is there a simpler way to achieve this functionality?
Thank you very much for your assistance!
I'm not 100% sure what You want to achieve but first of all there is "reader" role and policies for reader role implemented in neutron already. This role allows only to see things like networks but not create anything there. Would it be enough for You? If not, can You maybe share Your whole policy.yaml file from Neutron? I will try to apply it on my dev env and try to check it then.
Also, please not that if You will assign second role for same user, it doesn't mean that previous one will not work at all. Both roles will be assigned to that user so if he has e.g. "member" role still, he will be able to do everything what "member" can do.
-- Slawek Kaplonski Principal Software Engineer Red Hat
Hi,
Tested the NET_OWNER_MEMBER with the syntax below in my neutron/policy.conf. "Create Port" disappears for public network but unfortunately also for networks which my test account has created.
create_port: "(role: admin) or (rule:network_owner)"
With rule below I managed to restrict the public network port creation (The create port button is still shown in Horizon, but port create is not allowed) and allow the port creation to networks the user has created, but still the "Launch instance" can reserve IP from the public network. I assume Launch instance is not using create_port from neutron but something else? I do not know how to restrict Nova not to create new instance like in neutron.
create_port: "rule:admin_or_owner or rule:project_id:%(network:project_id)s"
Thanks for help.
On Mon, 25 Mar 2024 at 10:47, Sławek Kapłoński skaplons@redhat.com wrote:
Hi,
Dnia środa, 20 marca 2024 20:32:07 CET Mika Saari pisze:
Hi,
I have been trying to understand what I really want myself here.
Basically currently I do have two goals.
- Floating IP port forwarding can be created by project member
- Only admin can create ports to network/subnet "public" which is
external network. But the network still must be available for reading for
different projects than "admin" project.
My current policy,yaml
create_floatingip_port_forwarding: (role:member)
get_floatingip_port_forwarding: (role:member)
update_floatingip_port_forwarding: (role:member)
delete_floatingip_port_forwarding: (role:member)
With this change I can fullfill the first goal. Now member can add port
forwarding
The second goal I haven't still been able to fullfill. Admin created
the
public network and subnet. When I login with different account to test
project, the member can create a port to public (external) network.
If I try next rule:
(rule:admin_only) or (role:member and rule:network_owner)
The port creation is now disabled but I can not add ports to networks
which has been created by my test account to my test project. So
basically
I just would like to restrict create_port to the public network, but
still
the project member (test user) could create ports to networks which
member
has created him/herself.
Please check rule NET_OWNER_MEMBER which is defined in https://github.com/openstack/neutron/blob/master/neutron/conf/policies/base....
IIUC this should be used by you in the 'create_port' policy.
Thanks a lot!
On Tue, 12 Mar 2024 at 10:58, Sławek Kapłoński skaplons@redhat.com
wrote:
Hi,
Dnia sobota, 9 marca 2024 10:05:03 CET Mika Saari pisze:
Hi,
I am currently testing kolla-ansible using the latest release.
During
the
creation of an external/provider network ("public"), I have observed
that a
non-admin project ("test") can view the network and allocate IP
addresses
for routers, for example. I would like to restrict this behavior so
that
the external network is listable (openstack network list), but IP
allocation is denied.
I have experimented with RBAC rules, creating a new role
("view-only")
and assigning it to a user ("user") in the "test" project. I
modified the
policy.yaml files in both Neutron and Horizon as outlined in the
documentation (
https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration...
).
Below are the snippets from my neutron/policy.yaml and
horizon/neutron_policy.yaml files created following the sample
https://docs.openstack.org/neutron/2023.2/configuration/policy-sample.html
policy.yaml
get_network: "(rule:admin_only) or (role:view_only)"
get_subnet: "(rule:admin_only) or (role:view_only)"
get_port: "(rule:admin_only) or (role:view_only)"
get_router: "(rule:admin_only) or (role:view_only)"
neutron_policy.yaml
get_network: "(rule:admin_only) or (role:view_only)"
get_subnet: "(rule:admin_only) or (role:view_only)"
get_port: "(rule:admin_only) or (role:view_only)"
get_router: "(rule:admin_only) or (role:view_only)"
After deploying Neutron and Horizon, I adjusted the default RBAC
policy
so
that the "External Network" action only affects the "admin" project,
not
"*". While the admin can still see the public network, the test
project
user with the "view_only" role cannot see the "public" network.
Enabling
the RBAC policy for the "test" project allows the network to be
visible,
but it also enables the member of the project ("user") to reserve IP
addresses for network components.
I'm seeking guidance on where to find more information about
policies
to
achieve the desired functionality. Should I redeploy all the
services, or
is depolying Neutron and Horizon sufficient? Am I on the right track
with
my policy tests, or is there a simpler way to achieve this
functionality?
Thank you very much for your assistance!
I'm not 100% sure what You want to achieve but first of all there is
"reader" role and policies for reader role implemented in neutron
already.
This role allows only to see things like networks but not create
anything
there. Would it be enough for You? If not, can You maybe share Your
whole
policy.yaml file from Neutron? I will try to apply it on my dev env
and try
to check it then.
Also, please not that if You will assign second role for same user, it
doesn't mean that previous one will not work at all. Both roles will be
assigned to that user so if he has e.g. "member" role still, he will be
able to do everything what "member" can do.
--
Slawek Kaplonski
Principal Software Engineer
Red Hat
--
Slawek Kaplonski
Principal Software Engineer
Red Hat
Hi,
Dnia wtorek, 26 marca 2024 19:54:49 CET Mika Saari pisze:
Hi,
Tested the NET_OWNER_MEMBER with the syntax below in my neutron/policy.conf. "Create Port" disappears for public network but unfortunately also for networks which my test account has created.
create_port: "(role: admin) or (rule:network_owner)"
With rule below I managed to restrict the public network port creation (The create port button is still shown in Horizon, but port create is not allowed) and allow the port creation to networks the user has created, but still the "Launch instance" can reserve IP from the public network. I assume Launch instance is not using create_port from neutron but something else? I do not know how to restrict Nova not to create new instance like in neutron.
Nova is using own user which has "advsc" role AFAICT. You should check all 'create_port' related rules and configure them as You want probably.
create_port: "rule:admin_or_owner or rule:project_id:%(network:project_id)s"
Thanks for help.
On Mon, 25 Mar 2024 at 10:47, Sławek Kapłoński skaplons@redhat.com wrote:
Hi,
Dnia środa, 20 marca 2024 20:32:07 CET Mika Saari pisze:
Hi,
I have been trying to understand what I really want myself here.
Basically currently I do have two goals.
- Floating IP port forwarding can be created by project member
- Only admin can create ports to network/subnet "public" which is
external network. But the network still must be available for reading for
different projects than "admin" project.
My current policy,yaml
create_floatingip_port_forwarding: (role:member)
get_floatingip_port_forwarding: (role:member)
update_floatingip_port_forwarding: (role:member)
delete_floatingip_port_forwarding: (role:member)
With this change I can fullfill the first goal. Now member can add port
forwarding
The second goal I haven't still been able to fullfill. Admin created
the
public network and subnet. When I login with different account to test
project, the member can create a port to public (external) network.
If I try next rule:
(rule:admin_only) or (role:member and rule:network_owner)
The port creation is now disabled but I can not add ports to networks
which has been created by my test account to my test project. So
basically
I just would like to restrict create_port to the public network, but
still
the project member (test user) could create ports to networks which
member
has created him/herself.
Please check rule NET_OWNER_MEMBER which is defined in https://github.com/openstack/neutron/blob/master/neutron/conf/policies/base....
IIUC this should be used by you in the 'create_port' policy.
Thanks a lot!
On Tue, 12 Mar 2024 at 10:58, Sławek Kapłoński skaplons@redhat.com
wrote:
Hi,
Dnia sobota, 9 marca 2024 10:05:03 CET Mika Saari pisze:
Hi,
I am currently testing kolla-ansible using the latest release.
During
the
creation of an external/provider network ("public"), I have observed
that a
non-admin project ("test") can view the network and allocate IP
addresses
for routers, for example. I would like to restrict this behavior so
that
the external network is listable (openstack network list), but IP
allocation is denied.
I have experimented with RBAC rules, creating a new role
("view-only")
and assigning it to a user ("user") in the "test" project. I
modified the
policy.yaml files in both Neutron and Horizon as outlined in the
documentation (
https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration...
).
Below are the snippets from my neutron/policy.yaml and
horizon/neutron_policy.yaml files created following the sample
https://docs.openstack.org/neutron/2023.2/configuration/policy-sample.html
policy.yaml
get_network: "(rule:admin_only) or (role:view_only)"
get_subnet: "(rule:admin_only) or (role:view_only)"
get_port: "(rule:admin_only) or (role:view_only)"
get_router: "(rule:admin_only) or (role:view_only)"
neutron_policy.yaml
get_network: "(rule:admin_only) or (role:view_only)"
get_subnet: "(rule:admin_only) or (role:view_only)"
get_port: "(rule:admin_only) or (role:view_only)"
get_router: "(rule:admin_only) or (role:view_only)"
After deploying Neutron and Horizon, I adjusted the default RBAC
policy
so
that the "External Network" action only affects the "admin" project,
not
"*". While the admin can still see the public network, the test
project
user with the "view_only" role cannot see the "public" network.
Enabling
the RBAC policy for the "test" project allows the network to be
visible,
but it also enables the member of the project ("user") to reserve IP
addresses for network components.
I'm seeking guidance on where to find more information about
policies
to
achieve the desired functionality. Should I redeploy all the
services, or
is depolying Neutron and Horizon sufficient? Am I on the right track
with
my policy tests, or is there a simpler way to achieve this
functionality?
Thank you very much for your assistance!
I'm not 100% sure what You want to achieve but first of all there is
"reader" role and policies for reader role implemented in neutron
already.
This role allows only to see things like networks but not create
anything
there. Would it be enough for You? If not, can You maybe share Your
whole
policy.yaml file from Neutron? I will try to apply it on my dev env
and try
to check it then.
Also, please not that if You will assign second role for same user, it
doesn't mean that previous one will not work at all. Both roles will be
assigned to that user so if he has e.g. "member" role still, he will be
able to do everything what "member" can do.
--
Slawek Kaplonski
Principal Software Engineer
Red Hat
--
Slawek Kaplonski
Principal Software Engineer
Red Hat
participants (2)
-
Mika Saari
-
Sławek Kapłoński