Monday, 2019-01-21

« Sunday, 2019-01-20 Index Tuesday, 2019-01-22 »
*** markvoelker has joined #openstack-keystone00:16
*** markvoelker has quit IRC00:49
*** ileixe has joined #openstack-keystone00:56
*** markvoelker has joined #openstack-keystone01:46
*** Dinesh_Bhor has joined #openstack-keystone02:06
*** Dinesh_Bhor has quit IRC02:06
*** markvoelker has quit IRC02:19
*** Dinesh_Bhor has joined #openstack-keystone02:22
*** markvoelker has joined #openstack-keystone03:16
*** Dinesh_Bhor has quit IRC03:39
*** shyamb has joined #openstack-keystone03:39
*** Dinesh_Bhor has joined #openstack-keystone03:43
*** markvoelker has quit IRC03:48
*** vishakha has joined #openstack-keystone04:18
*** shyamb has quit IRC04:28
*** ileixe has quit IRC04:32
vishakhalbragstad, cmurphy : As shadow users are created in SP, shouldn't  it be deleted when token gets expired?04:38
*** Dinesh_Bhor has quit IRC04:46
*** Dinesh_Bhor has joined #openstack-keystone04:53
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system reader for role_assignments  https://review.openstack.org/60921004:58
*** ileixe has joined #openstack-keystone05:02
*** spsurya has joined #openstack-keystone05:41
*** Dinesh_Bhor has quit IRC06:16
*** markvoelker has joined #openstack-keystone06:16
*** Dinesh_Bhor has joined #openstack-keystone06:17
*** aojea has joined #openstack-keystone06:17
*** aojea has quit IRC06:22
*** zioproto has quit IRC06:42
*** cosss_ has quit IRC06:42
*** cwright has quit IRC06:42
*** johnsom has quit IRC06:42
*** cwright has joined #openstack-keystone06:42
*** cosss_ has joined #openstack-keystone06:42
*** zioproto has joined #openstack-keystone06:42
*** johnsom has joined #openstack-keystone06:42
*** shyamb has joined #openstack-keystone06:45
*** markvoelker has quit IRC06:48
*** shyam89 has joined #openstack-keystone06:51
*** shyamb has quit IRC06:55
*** rcernin has quit IRC07:00
*** shyam89 has quit IRC07:08
*** shyam89 has joined #openstack-keystone07:10
*** shyam89 has quit IRC07:14
*** shyam89 has joined #openstack-keystone07:15
*** shyam89 has quit IRC07:21
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system reader for role_assignments  https://review.openstack.org/60921007:26
*** markvoelker has joined #openstack-keystone07:46
*** tkajinam has quit IRC08:16
*** markvoelker has quit IRC08:19
*** yan0s has joined #openstack-keystone08:23
cmurphyvishakha: arguably yes, but then we wouldn't be able to create concrete role assignments with them08:29
cmurphyand I don't think we have any mechanism to trigger notifications on token expiration08:29
*** xek_ has joined #openstack-keystone08:42
*** markvoelker has joined #openstack-keystone09:16
*** Dinesh_Bhor has quit IRC09:21
*** Dinesh_Bhor has joined #openstack-keystone09:24
vishakhacmurphy: So we to manually delete users of federated_table?09:36
*** shyam89 has joined #openstack-keystone09:38
cmurphyvishakha: if you want to clean out the database then yes you would have to do it manually, but in practice i don't think keeping them around should cause an issue since those users still need to go through their IdP to get a new token09:41
vishakhacmurphy: Yes True. I was thinking just in case of  millions of users getting tokens, which can affect the performance.09:45
*** yan0s has quit IRC09:48
*** markvoelker has quit IRC09:49
*** jaosorior has joined #openstack-keystone09:53
*** yan0s has joined #openstack-keystone10:01
*** shyam89 has quit IRC10:17
*** openstackgerrit has quit IRC10:21
*** shyam89 has joined #openstack-keystone10:23
vishakhacmurphy: while issuing a token federated user has to give sp's project name in CLI. How does the user have the information about the projects of SP? I wasn't able to find this piece of information anywhere?10:26
*** Dinesh_Bhor has quit IRC10:39
cmurphyvishakha: they can use an unscoped token and query /v3/auth/projects on the SP10:40
*** markvoelker has joined #openstack-keystone10:46
*** shyam89 has quit IRC11:10
vishakhacmurphy: Thanks11:15
*** markvoelker has quit IRC11:19
*** aojea_ has joined #openstack-keystone11:32
*** shyam89 has joined #openstack-keystone11:48
*** yan0s has quit IRC11:54
*** yan0s has joined #openstack-keystone12:07
*** markvoelker has joined #openstack-keystone12:16
*** aojea_ has quit IRC12:26
*** jistr is now known as jistr|afk12:38
*** markvoelker has quit IRC12:49
*** shyam89 has quit IRC13:06
*** shyam89 has joined #openstack-keystone13:07
*** jistr|afk is now known as jistr13:10
*** yan0s has quit IRC13:46
*** yan0s has joined #openstack-keystone13:48
*** openstackgerrit has joined #openstack-keystone13:49
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system reader for role_assignments  https://review.openstack.org/60921013:49
*** yan0s has quit IRC13:50
*** yan0s has joined #openstack-keystone13:51
*** ileixe has quit IRC13:56
*** erus has joined #openstack-keystone14:08
*** lbragstad has joined #openstack-keystone14:11
*** ChanServ sets mode: +o lbragstad14:11
lbragstado/14:14
cmurphy\o14:15
lbragstadjust a heads up - i doubt i'm going to be around this afternoon14:16
*** erus_ has joined #openstack-keystone14:17
lbragstadtaking a sick day this afternoon - but i'll check in when i can14:19
*** shyam89 has quit IRC14:19
cmurphyfeel better lbragstad14:20
lbragstadwell - i'm fine. henry is staying home from daycare today though14:20
cmurphyoh poor thing :(14:21
lbragstadday care really is the worst at spreading things around :)14:21
lbragstadwe want to get him to recover a bit more before we send him back14:22
lbragstadso if there is anything folks need from me today - just let me know and i'll prioritize it this morning14:22
*** xek_ has quit IRC14:25
*** xek_ has joined #openstack-keystone14:26
*** mvkr has quit IRC14:33
openstackgerritVishakha Agarwal proposed openstack/keystone master: [WIP] implement domain reader for role_assignments  https://review.openstack.org/63210114:35
*** kmalloc has joined #openstack-keystone14:43
*** kmalloc has left #openstack-keystone14:45
*** kmalloc has joined #openstack-keystone14:45
*** mchlumsky has joined #openstack-keystone14:46
kmallocO/14:50
cmurphyohai kmalloc14:50
kmallocMornin14:50
kmallocSo .. vacation is over. :(. But it was a good long one.14:50
lbragstadkmalloc welcome back14:53
kmallocThanks. Still not quite setup with networking at new place.14:54
lbragstadnot to blast you with information as soon as you walk in, but i found some interesting thinks out about jwt last week14:54
lbragstadthings*14:54
*** dave-mccowan has joined #openstack-keystone14:55
lbragstadi didn't realize you moved?14:55
kmallocCool look forward to hear about the jwt stuff14:56
lbragstadmost of it is here - https://review.openstack.org/#/c/631887/14:56
kmallocYeah moved last week.14:56
lbragstadnice14:56
kmallocFound a nice house with a yard, in a great neighborhood, rent was less than the stupid townhome14:57
kmalloc;)14:57
lbragstadsweet - i bet your dogs were happy with that decision14:57
kmallocAnd we got rid of 2 storage units (as well, saving $280+/mo) on top.of it14:57
kmallocYeah puppers love the yard.14:57
kmallocThe house has quirks... It is over 110 years old.14:58
lbragstadi bet it has character14:58
kmallocLet me look at the JWT thing.14:58
kmallocI am a little hit/miss for the first part of the day. Getting the network up and running, requires network port/patch bay crimping.14:59
kmallocHard wiring 12 Ethernet ports in the office so I can run computers in the basement closet and do HDMI over Ethernet is a cool setup (office is quiet)15:00
kmalloc(and need to run wifi still)15:00
lbragstadi remember in denver i was having a hard time understand the whole multi-signature thing15:02
lbragstadunderstanding*15:02
lbragstadwhich would allow for a slightly different rotation process for the asymmetric keys15:02
lbragstadturns out - that process is detailed in section 7 of the JWT specification15:03
lbragstadbut - i'm not sure it'll be something we can do without underlying support from the library that implements jwt15:05
kmallocYes it is.15:05
kmallocThe lib needs to support it15:05
kmallocFirst r sure.15:05
kmallocFor*15:05
lbragstadok - i couldn't find a statement about PyJWT supporting it or not15:05
kmallocAs long as we outline we intend to support it, we can work on implementing or improving a lib15:06
kmallocOr being agile about changing libs.15:06
lbragstadso i dug through the code, and afaict i don't see support for it yet15:06
kmallocAnd I am ok with that.15:06
lbragstadhttps://github.com/jpadilla/pyjwt/issues/39015:06
kmallocSo we should footnote it isn't in the lib yet. But we will aim to add it or work around the lib as we can15:07
*** dave-mccowan has quit IRC15:12
*** szaher has quit IRC15:13
openstackgerritMoisés Guimarães proposed openstack/oslo.policy master: Add ability for policy-checker to read configuration  https://review.openstack.org/61665915:15
*** szaher has joined #openstack-keystone15:17
lbragstadalso - how much do we care about the various curves used for elliptic curves?15:22
lbragstadcurrently, pyca/cryptography only supports NIST curves15:23
lbragstadcontext: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#elliptic-curves15:27
openstackgerritMoisés Guimarães proposed openstack/oslo.policy master: Add ability for policy-checker to read configuration  https://review.openstack.org/61665915:31
openstackgerritMoisés Guimarães proposed openstack/oslo.policy master: Add ability for policy-checker to read configuration  https://review.openstack.org/61665915:34
gagehugoo/15:34
openstackgerritMoisés Guimarães proposed openstack/oslo.policy master: Add ability for policy-checker to read configuration  https://review.openstack.org/61665915:35
lbragstadhey gagehugo15:41
gagehugohey lbragstad o/15:43
erus_welcome kmalloc o/15:43
*** erus has quit IRC15:45
*** whoami-rajat has quit IRC15:55
kmalloclbragstad: I need to look at the EC stuff, but I think as long as we can say we are agile about EC if needed, we should be fine.15:56
*** erus has joined #openstack-keystone15:56
kmalloclbragstad: I largely think we should replicate the password hashing style setup, where we can rotate the needed bits as we have support / need to.15:57
kmallocI'll check to see if there is a better curve later today for us to start on.15:57
lbragstadwell - there are curves that are more "trusted"15:57
kmallocRight.15:57
lbragstadbut they aren't formally supported by pyca/cryptography15:57
kmallocAnd we can simply say we use X anday make a shift to a more trusted on as pyca supports it.15:58
lbragstadsure15:58
kmallocToday* not anday.15:58
lbragstadok - i thinks that about our only option, short if implementing curves ourselves15:59
kmallocYes. And I don't want to do that.15:59
lbragstadwhich i'm sure i'm vastly under-qualified to do15:59
kmallocWe could but let's not.15:59
kmallocUnless we really really need it.15:59
kmallocBtw, 34 days of no code... Not even for funsies.16:00
kmallocIt makes things a lot better.16:00
lbragstadi bet16:04
lbragstadbtw - i have a pile of reviews for the system scope bugs16:04
lbragstadin case you're looking for things to review :)16:04
*** hemnaaway is now known as hemna16:17
*** erus has quit IRC16:19
*** erus has joined #openstack-keystone16:37
*** yan0s has quit IRC16:39
*** whoami-rajat has joined #openstack-keystone16:41
kmallocOn my list to catch up on as soon as my computer is online.16:50
kmallocOnly mobile for the moment.16:50
kmallocNo network at the house yet.16:51
lbragstadsounds good17:06
*** errr has quit IRC17:19
erus_hello :)17:41
*** openstackgerrit has quit IRC18:07
*** markvoelker has joined #openstack-keystone18:16
*** vishakha has quit IRC18:23
*** openstackgerrit has joined #openstack-keystone18:24
openstackgerritLance Bragstad proposed openstack/keystone master: Add configuration options for JWS provider  https://review.openstack.org/62867618:24
openstackgerritLance Bragstad proposed openstack/keystone master: Add keystone-manage jws_setup functionality  https://review.openstack.org/61531518:24
openstackgerritLance Bragstad proposed openstack/keystone master: Add test fixture for the JWS key repository  https://review.openstack.org/61454718:24
openstackgerritLance Bragstad proposed openstack/keystone master: Add PyJWT as a requirement  https://review.openstack.org/61454818:24
openstackgerritLance Bragstad proposed openstack/keystone master: Implement JWS token provider  https://review.openstack.org/61454918:24
lbragstadok - ^ should be ready for another set of reviews18:25
openstackgerritLance Bragstad proposed openstack/keystone master: Implement JWS token provider  https://review.openstack.org/61454918:27
*** lbragstad is now known as lbragstad_afk18:27
*** lbragstad_afk is now known as lbragstad_50318:27
*** markvoelker has quit IRC18:50
*** mvkr has joined #openstack-keystone18:56
-openstackstatus- NOTICE: The error causing post failures on jobs has been corrected. It is safe to recheck these jobs.19:17
openstackgerritIslam Musleh proposed openstack/keystone master: Converting the API tests to use flask's test_client  https://review.openstack.org/63030119:22
*** erus has quit IRC19:34
*** aojea has joined #openstack-keystone19:38
*** aojea has quit IRC19:38
*** erus has joined #openstack-keystone19:39
*** aojea has joined #openstack-keystone19:39
*** markvoelker has joined #openstack-keystone19:46
*** xek_ has quit IRC20:09
*** aojea has quit IRC20:10
*** whoami-rajat has quit IRC20:15
*** markvoelker has quit IRC20:20
erus_hi, is anyone available? I'm trying to run devstack but after finished running stack.sh it does not allow me to access through the dashboard20:24
*** ianw is now known as ianw_pto20:26
openstackgerritLance Bragstad proposed openstack/keystone master: Allow project users to retrieve domains  https://review.openstack.org/60587120:50
openstackgerritLance Bragstad proposed openstack/keystone master: Remove domain policies from policy.v3cloudsample.json  https://review.openstack.org/60587620:50
*** aojea has joined #openstack-keystone21:02
*** markvoelker has joined #openstack-keystone21:17
*** honza has quit IRC21:19
*** markvoelker has quit IRC21:49
*** rcernin has joined #openstack-keystone21:54
openstackgerritAdrian Turjak proposed openstack/keystone master: bump Keystone version for Stein  https://review.openstack.org/63136922:01
*** erus_ has quit IRC22:03
*** erus has quit IRC22:04
*** erus has joined #openstack-keystone22:06
openstackgerritAdrian Turjak proposed openstack/keystone master: Add documentation for Auth Receipts and MFA  https://review.openstack.org/58053522:07
*** markvoelker has joined #openstack-keystone22:08
*** spsurya has quit IRC22:09
*** erus has quit IRC22:31
*** aojea has quit IRC22:36
*** erus has joined #openstack-keystone22:38
*** imacdonn_ has quit IRC22:48
*** imacdonn_ has joined #openstack-keystone22:48
*** tkajinam has joined #openstack-keystone23:03
*** erus has quit IRC23:35
*** erus_ has joined #openstack-keystone23:47
« Sunday, 2019-01-20 Index Tuesday, 2019-01-22 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!