Friday, 2017-11-24

« Thursday, 2017-11-23 Index Saturday, 2017-11-25 »
*** threestrands has joined #openstack-keystone00:05
*** threestrands has quit IRC00:05
*** threestrands has joined #openstack-keystone00:05
*** lbragstad has quit IRC00:28
openstackgerritwangxiyuan proposed openstack/keystone master: Update the help message for unique_last_password_count  https://review.openstack.org/52213600:53
*** daidv has joined #openstack-keystone01:02
*** daidv_ has joined #openstack-keystone01:03
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Limits API  https://review.openstack.org/45570901:05
*** zhouyaguo has joined #openstack-keystone01:12
*** zhurong has joined #openstack-keystone01:21
openstackgerritwangxiyuan proposed openstack/keystone master: Add schema check for OS-TRUST:trust authentication  https://review.openstack.org/52210701:22
openstackgerritwangxiyuan proposed openstack/keystone master: Expose a bug when authenticating for a trust-scoped token  https://review.openstack.org/52235601:34
openstackgerritwangxiyuan proposed openstack/keystone master: Add schema check for OS-TRUST:trust authentication  https://review.openstack.org/52210701:34
openstackgerritwangxiyuan proposed openstack/keystone master: Add schema check for OS-TRUST:trust authentication  https://review.openstack.org/52210701:35
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Limits API  https://review.openstack.org/45570902:23
*** annp has joined #openstack-keystone02:29
*** swain has quit IRC02:33
*** prashkre has joined #openstack-keystone02:35
openstackgerritwangxiyuan proposed openstack/keystone master: Deprecate member_role_id and member_role_name  https://review.openstack.org/52246102:42
openstackgerritwangxiyuan proposed openstack/keystone master: Deprecate member_role_id and member_role_name  https://review.openstack.org/52246102:59
*** prashkre has quit IRC03:40
*** zhurong has quit IRC03:43
*** links has joined #openstack-keystone04:03
openstackgerritwangxiyuan proposed openstack/keystone master: Expose a bug when create trust with roles  https://review.openstack.org/52270504:43
openstackgerritwangxiyuan proposed openstack/keystone master: Fix 500 error when create trust with invalid role key  https://review.openstack.org/52270604:43
openstackgerritwangxiyuan proposed openstack/keystone master: Deprecate member_role_id and member_role_name  https://review.openstack.org/52246104:46
*** prashkre has joined #openstack-keystone04:53
*** threestrands_ has joined #openstack-keystone05:02
*** threestrands has quit IRC05:04
*** zhouyaguo has quit IRC05:09
*** BenderRodriguez has quit IRC05:10
*** threestrands_ has quit IRC05:14
*** prashkre has quit IRC05:18
*** prashkre has joined #openstack-keystone05:19
*** dklyle has quit IRC05:19
*** david-lyle has joined #openstack-keystone05:20
*** prashkre_ has joined #openstack-keystone05:21
*** prashkre has quit IRC05:25
*** BenderRodriguez has joined #openstack-keystone05:34
*** BenderRodriguez has quit IRC05:34
*** BenderRodriguez has joined #openstack-keystone05:34
*** sticker has quit IRC05:56
*** sapd_ has quit IRC06:33
*** sapd_ has joined #openstack-keystone06:35
*** pcaruana has joined #openstack-keystone07:12
*** prashkre_ has quit IRC07:43
*** rcernin has quit IRC07:53
*** magicboiz has quit IRC07:59
*** magicboiz has joined #openstack-keystone08:02
*** magicboiz has quit IRC08:07
*** magicboiz has joined #openstack-keystone08:07
*** aojea has joined #openstack-keystone08:12
*** tesseract has joined #openstack-keystone08:13
*** aojea has quit IRC08:16
*** AlexeyAbashkin has joined #openstack-keystone08:21
*** magicboiz has quit IRC10:16
*** prashkre_ has joined #openstack-keystone10:19
*** magicboiz has joined #openstack-keystone10:23
*** magicboiz has quit IRC10:27
*** magicboiz has joined #openstack-keystone10:27
*** prashkre_ has quit IRC10:28
*** magicboiz has quit IRC10:47
*** daidv has quit IRC10:59
*** daidv_ has quit IRC10:59
*** annp has quit IRC11:08
*** annp has joined #openstack-keystone11:09
*** annp has quit IRC11:20
*** annp has joined #openstack-keystone11:20
*** annp has quit IRC11:30
*** magicboiz has joined #openstack-keystone11:30
*** magicboiz has quit IRC11:35
*** magicboiz has joined #openstack-keystone11:41
*** raildo has joined #openstack-keystone12:01
*** links has quit IRC12:06
*** links has joined #openstack-keystone12:20
*** BenderRodriguez has quit IRC12:29
*** dave-mccowan has joined #openstack-keystone12:51
*** links has quit IRC13:11
*** magicboiz has quit IRC13:15
*** alex_xu has quit IRC13:31
*** alex_xu has joined #openstack-keystone13:32
*** openstackgerrit has quit IRC13:32
*** Dinesh_Bhor has quit IRC13:57
*** dave-mccowan has quit IRC14:10
*** lbragstad has joined #openstack-keystone14:28
*** ChanServ sets mode: +o lbragstad14:28
lbragstado/14:33
cmurphy\o14:34
cmurphylbragstad: no thanksgiving holiday for you?14:35
lbragstadcmurphy: had it yesterday :)14:35
cmurphylbragstad: most people take a long weekend :P14:35
lbragstadyeah... that's true, i thought about it, but i'm waiting on some materials for the house14:36
lbragstadso i don't really have a project to work on if i don't work lol14:37
lbragstadcmurphy: did you do anything for thanksgiving?14:41
cmurphylbragstad: nah was just a normal day here14:42
lbragstadcmurphy: you have early christmas right around the corner though14:43
lbragstaddecember 4th?14:43
cmurphylbragstad: our christmas is the same as everyone else's :P14:44
lbragstadcmurphy: oh - i'm thinking of St. Nick's Day14:45
lbragstaddecember 6th, it's like a pre-christmas thing14:45
cmurphyaha14:45
cmurphyno public holiday :(14:46
lbragstadyeah - doesn't look like it14:46
lbragstadcmurphy: here is a pre-requisite patch to the one you +2'd15:01
lbragstadhttps://review.openstack.org/#/c/522356/15:01
lbragstadoh - wait, nevermind15:01
lbragstadthat was a different one15:01
lbragstadsame author15:01
cmurphyya i haven't looked at those trust patches yet15:02
lbragstadlooks like another revision of the unified limits spec is up to15:02
* lbragstad moves that to the top of the list15:02
lbragstadalong with app creds15:02
cmurphylbragstad: yep that needs another look15:02
lbragstadcool - i'll review both today15:03
lbragstadcmurphy: so for the application credential stuff15:06
lbragstadwithout the ability to list application credentials on a project15:07
lbragstadper the security concerns ofit15:07
lbragstadif we work on a team together, and we know that i'm going to be leaving and you're going to be assuming ownership of the application15:07
lbragstadthen there has to be some sort of out-of-band process for you to know that is happening so that you create a new credential and propogate it through configuration of the application15:08
lbragstad*before* my user is deleted15:08
cmurphyright15:09
cmurphyit'll have to be out-of-band15:09
cmurphywe'll have no way to do audits through keystone15:09
lbragstadok - right15:09
lbragstadand an application credential can be used to interact with multiple projects, right?15:09
cmurphyi don't think so15:10
cmurphyit would still be scoped to just one project15:10
lbragstadwhich is the project the token is scoped to that is used to create the application credential15:10
cmurphyyeah - well now i'm trying to work through whether that's necessary15:11
lbragstadassociating a project to an application credential?15:11
cmurphyyeah15:11
cmurphyi've been assuming this was like a scoped token but maybe it's more like a username/password15:11
*** AlexeyAbashkin has quit IRC15:12
lbragstadif we don't do that, then i think the application using the credential needs to figure out what project to operator on15:12
lbragstadand i'm not sure if ^ that is good or bad?15:12
lbragstadbecause i could see where that could be dangerous, because it's kinda like impersonation of all the user's roles15:13
lbragstad(if the user doesn't explicitly say, this application credential is dedicated to this project)15:13
cmurphyokay - right - when it's created, it has a fixed set of roles on a project, letting it exist as just another set of user credentials would take away that polp feature15:14
lbragstadyeah15:14
cmurphyso yes, an application credential can only be used on one project15:14
lbragstadbecause it would allow the application credential to do things in other projects that might not be necessary or allowed15:14
cmurphyright15:15
lbragstadso - which it's associated to the lifecycle of the user, it must be validated against the project and tied to the project in someway15:15
lbragstads/which/while15:15
cmurphyyes15:16
cmurphyit has a project_id attribute for that15:16
lbragstadif i look at it that way, it seems useful to have a project_id attribute for each application credential15:16
lbragstadawesome15:16
lbragstadand that would technically be considered a project-scoped operation, so pulling it from the token context makes sense15:17
lbragstadI can't really think of a reason why you'd want to have a user specify the project in the request15:18
cmurphylbragstad: this is what we have now http://paste.openstack.org/show/627331/ i agree i don't think specifying the project would be needed15:20
lbragstadcool - that makes sense15:21
lbragstadyeah - specifying the project seems redundant15:21
lbragstadit would be just another thing for users to have to include in the request and another bit of information for keystone to validate15:21
*** jaosorior has quit IRC15:44
*** swain has joined #openstack-keystone15:47
*** openstackgerrit has joined #openstack-keystone17:00
openstackgerritMerged openstack/keystone master: Update the help message for unique_last_password_count  https://review.openstack.org/52213617:00
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Propose follow-on comments for unified limits  https://review.openstack.org/52287617:04
lbragstadwxy_: ^ proposed a follow-on, feel free to steal anything from there if you want17:08
*** aojea has joined #openstack-keystone17:29
*** aojea has quit IRC17:34
*** pcaruana has quit IRC17:55
*** swain has quit IRC17:57
*** jose-phillips has joined #openstack-keystone18:03
*** jose-phillips has quit IRC18:07
*** AJaeger has joined #openstack-keystone18:20
AJaegerkeystone cores, we have a couple of changes up for your repos to fix releasenotes build so that they work with the new infra scripts. Please review https://review.openstack.org/520882 https://review.openstack.org/521021 https://review.openstack.org/520728 https://review.openstack.org/52089218:22
*** AlexeyAbashkin has joined #openstack-keystone18:22
cmurphythanks AJaeger18:24
*** AlexeyAbashkin has quit IRC18:27
*** jose-phillips has joined #openstack-keystone18:37
AJaegerthanks, cmurphy ! Have a great weekend!18:56
openstackgerritMerged openstack/keystone master: Remove apache-httpd related link  https://review.openstack.org/51681318:57
*** dave-mccowan has joined #openstack-keystone18:57
lbragstadthanks AJaeger, reviewing now18:58
AJaegerthanks, lbragstad18:59
lbragstadAJaeger: anytime - thanks for the ping18:59
openstackgerritMerged openstack/ldappool master: Updated from global requirements  https://review.openstack.org/52042519:05
*** dave-mccowan has quit IRC19:08
openstackgerritMerged openstack/keystone-specs master: Update project-tags spec  https://review.openstack.org/50833919:15
*** dave-mccowan has joined #openstack-keystone19:21
*** jistr has quit IRC19:30
*** jistr has joined #openstack-keystone19:31
openstackgerritMerged openstack/python-keystoneclient master: Remove setting of version/release from releasenotes  https://review.openstack.org/52072819:43
*** dave-mccowan has quit IRC19:47
openstackgerritMerged openstack/keystoneauth master: Updated from global requirements  https://review.openstack.org/52041820:02
openstackgerritMerged openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/52042120:17
openstackgerritMerged openstack/keystonemiddleware master: Imported Translations from Zanata  https://review.openstack.org/51452920:17
*** hoonetorg has joined #openstack-keystone20:19
openstackgerritMerged openstack/keystoneauth master: Remove setting of version/release from releasenotes  https://review.openstack.org/52088220:19
openstackgerritMerged openstack/keystone master: Updated from global requirements  https://review.openstack.org/51978120:23
openstackgerritMerged openstack/python-keystoneclient master: Updated from global requirements  https://review.openstack.org/51980320:29
openstackgerritMerged openstack/python-keystoneclient master: Remove functional tests for v2.0 API  https://review.openstack.org/51967820:29
*** AJaeger has left #openstack-keystone20:30
openstackgerritMerged openstack/keystone master: Remove setting of version/release from releasenotes  https://review.openstack.org/52089220:36
*** BenderRodriguez has joined #openstack-keystone20:42
*** dave-mccowan has joined #openstack-keystone20:45
*** d0ugal has quit IRC20:56
*** tesseract has quit IRC20:59
openstackgerritLance Bragstad proposed openstack/keystone master: Fix wrong links in keystone documentation  https://review.openstack.org/50117721:00
*** dave-mccowan has quit IRC21:00
*** d0ugal has joined #openstack-keystone21:01
lbragstadeasy +2 ^21:01
*** aojea has joined #openstack-keystone21:06
*** raildo has quit IRC21:19
openstackgerritMerged openstack/keystone master: Reorganize api-ref: v3 users  https://review.openstack.org/50699421:43
openstackgerritMerged openstack/keystone master: Reorganize api-ref: v3-ext federation auth  https://review.openstack.org/50113921:50
*** aojea has quit IRC22:28
*** magicboiz has joined #openstack-keystone23:03
openstackgerritLance Bragstad proposed openstack/keystone master: Validate disabled domains and projects online  https://review.openstack.org/25327323:12
openstackgerritLance Bragstad proposed openstack/keystone master: Validate disabled domains and projects online  https://review.openstack.org/25327323:17
lbragstad^ that should be resolved and passing tests locally23:19
lbragstadit also closes a bug23:19
cmurphyoof 42 patchsets23:33
openstackgerritMerged openstack/keystone master: Fix wrong links in keystone documentation  https://review.openstack.org/50117723:37
openstackgerritMerged openstack/keystonemiddleware master: Remove setting of version/release from releasenotes  https://review.openstack.org/52102123:40
*** magicboiz has quit IRC23:53
« Thursday, 2017-11-23 Index Saturday, 2017-11-25 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!