Wednesday, 2019-08-07

« Tuesday, 2019-08-06 Index Thursday, 2019-08-08 »
*** joshualyle has quit IRC00:00
*** joshualyle has joined #openstack-keystone00:01
*** joshualyle has quit IRC00:06
*** joshualyle has joined #openstack-keystone00:18
*** joshualyle has quit IRC00:20
*** joshualyle has joined #openstack-keystone00:20
*** ivve has quit IRC00:21
*** markvoelker has joined #openstack-keystone00:23
openstackgerritMerged openstack/keystone master: Allows to use application credentials through group membership  https://review.opendev.org/65516600:32
*** jamesmcarthur_ has quit IRC00:47
*** jamesmcarthur has joined #openstack-keystone01:01
*** jamesmcarthur has quit IRC01:04
*** pcaruana has quit IRC01:26
*** gyee has quit IRC01:33
*** markvoelker has quit IRC01:39
adriantkmalloc: ok... I think a see a way to do both methods=[] upfront for a new multimethod auth constructor, and way to augment exisitng auth objects with additional methods01:39
adriantwill start hacking some code and testing against my devstack01:39
adriantbut I think we have some viable patterns01:40
*** markvoelker has joined #openstack-keystone01:40
*** jamesmcarthur has joined #openstack-keystone01:56
*** jamesmcarthur has quit IRC01:58
*** jamesmcarthur has joined #openstack-keystone01:59
*** jamesmcarthur has quit IRC02:22
*** jamesmcarthur has joined #openstack-keystone02:22
*** jamesmcarthur has quit IRC02:25
*** jamesmcarthur has joined #openstack-keystone02:26
*** jamesmcarthur has quit IRC02:56
*** jamesmcarthur has joined #openstack-keystone03:12
*** markvoelker has quit IRC03:14
*** whoami-rajat has joined #openstack-keystone03:19
*** markvoelker has joined #openstack-keystone03:38
*** markvoelker has quit IRC03:43
*** pcaruana has joined #openstack-keystone03:44
*** jamesmcarthur has quit IRC04:00
*** joshualyle has quit IRC04:18
*** jaosorior has quit IRC04:22
*** markvoelker has joined #openstack-keystone04:24
*** jamesmcarthur has joined #openstack-keystone04:30
*** markvoelker has quit IRC04:38
adrianthmmm, making keystoneauth raise a specific error for auth receipts isn't particularly pretty because I have to hack all the nice duplication reducing code for handling HTTP responses to specifically check for a 401, and if that 401 has a receipt header set.04:40
adriantand the exceptions/http.py module is where that is, but that module doesn't feel like the right place for the auth receipt error.... because we have exceptions/auth.py04:41
* adriant is just going to hack this in for now and make pretty later04:41
adriantI may need to move where the 'from_response' function is defined to make this less ugly in future and better split up04:43
*** jamesmcarthur has quit IRC04:55
*** shyamb has joined #openstack-keystone04:55
*** jamesmcarthur has joined #openstack-keystone05:01
*** jamesmcarthur has quit IRC05:35
*** shyamb has quit IRC05:44
*** shyamb has joined #openstack-keystone05:53
*** jamesmcarthur has joined #openstack-keystone06:03
*** shyamb has quit IRC06:05
*** shyam89 has joined #openstack-keystone06:05
*** markvoelker has joined #openstack-keystone06:18
*** markvoelker has quit IRC06:22
*** jaosorior has joined #openstack-keystone06:28
*** jamesmcarthur has quit IRC06:37
*** dancn has joined #openstack-keystone06:52
*** rcernin has quit IRC07:03
*** shyam89 has quit IRC07:14
*** tesseract has joined #openstack-keystone07:26
*** shyam89 has joined #openstack-keystone07:33
*** ivve has joined #openstack-keystone07:34
*** xek has joined #openstack-keystone07:34
*** jamesmcarthur has joined #openstack-keystone07:35
*** jistr is now known as jistr|afk07:42
*** spsurya has joined #openstack-keystone07:50
openstackgerritAdrian Turjak proposed openstack/keystoneauth master: add support for auth_receipts and multi-method auth  https://review.opendev.org/67504907:52
adriantmordred, kmalloc, cmurphy: ^ rough hack that seems to work07:53
*** shyam89 has quit IRC07:54
openstackgerritAdrian Turjak proposed openstack/keystoneauth master: add support for auth_receipts and multi-method auth  https://review.opendev.org/67504907:59
adriantand used this to test against a devstack setup that has a keystone with totp enabled, and a user that has password and totp setup (with a totp credential):08:00
adrianthttp://paste.openstack.org/show/755602/08:00
adriantkmalloc: I give you both patterns :P08:00
adriantwe can supply all methods up front, or add them as a chain08:01
adriantseeing how simple this code actually turned out, I may have time to work on the SDK and horizon this cycle...08:02
adriantand mordred: if you can help me with the SDK or even do it yourself and get me to review, we can probably churn this out fast08:02
adriantkmalloc, mordred: I will add unit tests tomorrow, and start digging through the loader logic, but any feedback right now would be good to ensure I am going in the right direction08:05
adriantalso, where/how I should better handle the catching of the receipt error.08:05
*** jamesmcarthur has quit IRC08:08
*** mauro|call has quit IRC08:13
*** mauro|call has joined #openstack-keystone08:14
*** shyam89 has joined #openstack-keystone08:22
*** shyamb has joined #openstack-keystone08:32
*** shyam89 has quit IRC08:34
*** jamesmcarthur has joined #openstack-keystone08:42
*** markvoelker has joined #openstack-keystone08:50
*** markvoelker has quit IRC08:55
*** mauro|call has quit IRC08:58
*** mauro|call has joined #openstack-keystone09:00
*** tkajinam has quit IRC09:02
*** shyamb has quit IRC09:10
*** mauro|call is now known as takamatsu09:14
*** shyamb has joined #openstack-keystone09:24
*** joshualyle has joined #openstack-keystone09:39
*** joshualyle has quit IRC09:41
*** dancn has quit IRC09:49
*** joshualyle has joined #openstack-keystone09:49
*** jistr|afk is now known as jistr09:54
*** dancn has joined #openstack-keystone09:55
*** shyamb has quit IRC09:57
*** jamesmcarthur has quit IRC09:57
*** mvkr has joined #openstack-keystone10:36
*** shyamb has joined #openstack-keystone10:50
adriantI realise I actually have no idea how to test this, and the Keystoneauth tests are... weird.11:17
*** kplant has joined #openstack-keystone11:19
*** raildo has joined #openstack-keystone11:38
*** jamesmcarthur has joined #openstack-keystone11:38
*** shyamb has quit IRC11:40
*** shyamb has joined #openstack-keystone11:41
*** markvoelker has joined #openstack-keystone11:49
*** shyam89 has joined #openstack-keystone11:56
*** shyamb has quit IRC12:01
*** markvoelker has quit IRC12:11
*** wxy-xiyuan has quit IRC12:15
*** jamesmcarthur has quit IRC12:16
*** markvoelker has joined #openstack-keystone12:16
*** jistr is now known as jistr|call12:37
*** shyam89 has quit IRC12:39
*** jamesmcarthur has joined #openstack-keystone12:49
*** shyamb has joined #openstack-keystone12:55
*** jamesmcarthur has quit IRC13:13
*** jamesmcarthur has joined #openstack-keystone13:14
*** shyamb has quit IRC13:23
mordredadriant: they take some getting used to13:42
*** jamesmcarthur has quit IRC13:44
*** jaosorior has quit IRC13:44
*** jamesmcarthur has joined #openstack-keystone13:46
*** jamesmcarthur has quit IRC13:51
*** jamesmcarthur has joined #openstack-keystone13:53
*** tesseract has quit IRC13:56
*** tesseract has joined #openstack-keystone13:57
*** whoami-rajat has quit IRC13:57
*** tesseract has quit IRC14:00
*** tesseract has joined #openstack-keystone14:01
*** mvkr has quit IRC14:12
*** joshualyle has joined #openstack-keystone14:15
*** joshualyle has quit IRC14:19
*** jdwidari has joined #openstack-keystone14:28
*** joshualyle has joined #openstack-keystone14:30
*** joshualyle has quit IRC14:34
*** jistr|call is now known as jistr14:36
*** altlogbot_0 has quit IRC14:46
*** altlogbot_1 has joined #openstack-keystone14:47
*** jamesmcarthur has quit IRC14:51
* cmurphy hasn't gotten used to them yet14:54
*** jaosorior has joined #openstack-keystone15:14
*** jamesmcarthur has joined #openstack-keystone15:18
*** jamesmcarthur has quit IRC15:52
*** whoami-rajat has joined #openstack-keystone15:55
*** tesseract has quit IRC15:58
*** tesseract has joined #openstack-keystone16:02
*** gyee has joined #openstack-keystone16:05
kmallocadriant: what mordred said16:09
*** Ben78 has joined #openstack-keystone16:11
ildikovcmurphy: hi16:14
ildikovcmurphy: wanted to point you to the edge hacking days we're trying to organize: https://etherpad.openstack.org/p/osf-edge-hacking-days16:15
ildikovcmurphy: if you're available on either days we could follow up on some Keystone items like testing or bug fixing16:15
ildikovor if anyone else from the Keystone team is available this Friday or next to pop by on Zoom to talk about edge and Keystone please join :)16:16
ildikovplz sign up on the etherpad with time slots of availability so we can keep things in sync16:16
mordredkmalloc, cmurphy, adriant: that said - I'm about to do some refactoring of the base fixtures in openstacksdk to use the published catalog/discovery fixtures from ksa - to then make a published/exportable fixture in sdk that people can use in downstream projects16:17
*** jamesmcarthur has joined #openstack-keystone16:22
*** ivve has quit IRC16:23
cmurphyildikov: i can try to be around (west coast time) but i'm worried there's kind of a lack of a framework for the keystone work, some of those items are already done, some are imo irrelevant to edge and some are too hard for a new contributor to jump into or already committed to by someone on the team16:27
cmurphyknikolla: re ^ is https://review.opendev.org/580041 something someone else could take over?16:28
cmurphymordred: does that mean the ksa tests are going to be pretty?16:28
ildikovcmurphy: is there anything to do on the testing side?16:28
*** markvoelker has quit IRC16:28
ildikovcmurphy: like negative tests, etc16:28
cmurphyildikov: the patch i linked for knikolla is the last work i know about for testing16:29
cmurphyknikolla: ildikov maybe it would be good to have a chat about where we'd like to go with testing and what new contributors can do to help further that16:30
cmurphycc kmalloc ^16:30
*** dancn has quit IRC16:31
ildikovcmurphy: knikolla: kmalloc: +1, would love to hear from you what would make sense16:32
kmallocAlmost done at the doctor will be home soon. Can catch up then (early ultrasound today for Brie)16:36
*** markvoelker has joined #openstack-keystone16:38
*** tesseract has quit IRC16:39
*** markvoelker has quit IRC16:42
mordredcmurphy: no!16:43
*** markvoelker has joined #openstack-keystone16:44
*** jamesmcarthur has quit IRC17:12
*** altlogbot_1 has quit IRC17:17
*** altlogbot_0 has joined #openstack-keystone17:23
*** jamesmcarthur has joined #openstack-keystone17:28
*** altlogbot_0 has quit IRC17:31
*** jamesmcarthur has quit IRC17:32
*** jamesmcarthur has joined #openstack-keystone17:34
*** altlogbot_3 has joined #openstack-keystone17:35
*** jamesmcarthur has quit IRC17:39
*** jamesmcarthur has joined #openstack-keystone17:49
*** jamesmcarthur has quit IRC18:00
*** jamesmcarthur has joined #openstack-keystone18:01
*** spsurya has quit IRC18:22
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Add remove_service to token fixtures  https://review.opendev.org/67517418:34
mordredkmalloc: ^^ that seem like an ok addition to you?18:34
kmallocWill check in a moment18:37
kmallocBut probably is just fine18:37
kmallocmordred: ^^18:37
mordredkmalloc: coolio18:38
mordredI even added testing :)18:38
*** mvkr has joined #openstack-keystone18:47
kmallocmordred: +218:54
mordredkmalloc: woot18:54
kmalloccmurphy: ping re the ieee meeting now (the join.me)19:00
mordredkmalloc: you're an ieee meeting19:01
kmallocmordred: yes, yes i am19:02
*** jamesmcarthur has quit IRC19:03
*** jamesmcarthur has joined #openstack-keystone19:16
*** dave-mccowan has joined #openstack-keystone19:33
*** jamesmcarthur has quit IRC19:35
*** jamesmcarthur has joined #openstack-keystone19:36
*** vesper11 has quit IRC19:37
cmurphykmalloc: https://www.nist.gov/sites/default/files/documents/2019/07/09/nist_cfra_20190709_draft_v1.0.pdf19:38
kmalloccmurphy: got it, thanks!19:39
kmalloc:)19:39
kmallocand now, i need to go get... maybe more coffee my day started at 7am with a rush out the door to the doctor19:40
kmallocso... a little food/coffee light for the day so far19:40
*** kplant has quit IRC19:43
*** markvoelker has quit IRC20:01
*** markvoelker has joined #openstack-keystone20:03
kmallocmordred: ++20:08
*** ivve has joined #openstack-keystone20:15
*** whoami-rajat has quit IRC20:17
knikollakmalloc: cmurphy: how'd the ieee thing go?21:15
kmallocas expected, confirmed the general direction, marked down good other technologies and proposals to consider, and finally figure out what general direction to take for spectroscope (if it is to be a thing)21:18
kmallocit was good21:18
knikollacool21:20
cmurphythey were interested in the token translation and identity linking ideas from spectroscope, it sounds like there might be some existing overlapping ideas or implementations out there that are worth exploring21:21
cmurphyworth reading https://www.nist.gov/sites/default/files/documents/2019/07/09/nist_cfra_20190709_draft_v1.0.pdf to get a broad overview of how they want to define federation21:22
*** xek has quit IRC21:22
cmurphyone thing mentioned in that is the idea of a federation broker or discovery service, i don't think we've talked about that wrt spectroscope, their thinking was that it was something that might be covered by keystone's service catalog21:23
*** markvoelker has quit IRC21:23
* kmalloc nods.21:23
*** raildo has quit IRC21:23
*** vesper11 has joined #openstack-keystone21:25
knikollahmmm, that is something i'm also gravitating towards using keystone's service catalog for21:25
cmurphyright now i more imagine spectroscope itself filling that role, that or using consul or the like at the same logical level as spectroscope, with keystone remaining just an identity provider behind the discovery and proxy idp services21:28
*** jamesmcarthur has quit IRC21:29
kmalloci like consul for that, but for other reasons21:29
kmallocbecause then i have consul to also lean on21:29
*** jamesmcarthur has joined #openstack-keystone21:29
kmallocbut honestly, spectroscope could also house the discovery of non-openstack endpoints (IdP/SP)21:29
knikollamostly because i know keystone and since we're resource strapped, that's one less service to keep up, but MOC is mostly the extreme case.21:30
kmallocand keystone is still catalog authoritative for openstack21:30
*** jamesmcarthur has quit IRC21:34
*** markvoelker has joined #openstack-keystone21:38
*** jamesmcarthur has joined #openstack-keystone21:40
openstackgerritMorgan Fainberg proposed openstack/keystoneauth master: Add remove_service to token fixtures  https://review.opendev.org/67517421:43
*** mchlumsky has quit IRC21:44
cmurphyknikolla: did you see my conversation with ildikov from earlier? wondering what next steps are with https://review.opendev.org/580041 and whether someone could take it over, and additionally whether there are other federation testing related tasks we could give to a newbie21:46
*** markvoelker has quit IRC21:50
knikollacmurphy: honestly, it has just fallen from my plate multiple times and i haven't prioritized it.21:51
mordredkmalloc: thanks for the update21:51
knikollamaybe i'll do it tonight to feel like i accomplished something21:51
mordredknikolla: you got app-creds enabled in moc!21:52
kmallocmordred: yup. Def want to get that landed.21:52
knikollathat was larsks :)21:52
mordredoh. well then21:52
mordredcmurphy: if you're bored, 675174 is easy :)21:52
cmurphyi'm never bored21:53
mordredcmurphy: fair21:53
cmurphyknikolla: you could also come to the hacking days and help someone else through it21:56
cmurphyknikolla: but the larger conversation is what comes next?21:57
knikollapeople using it?21:59
knikollawhere by it i mean federation and being able to drive its direction21:59
cmurphywell i meant more like on the ci front22:02
cmurphyremoving the dependence on samltest.id for instance22:02
knikollaah22:02
knikollayeah22:02
cmurphytesting with an x509 idp22:02
cmurphythose kinds of things22:03
*** rcernin has joined #openstack-keystone22:15
*** markvoelker has joined #openstack-keystone22:19
*** Ben78 has quit IRC22:31
*** markvoelker has quit IRC22:38
*** jamesmcarthur has quit IRC22:41
*** jamesmcarthur has joined #openstack-keystone22:42
*** ivve has quit IRC22:45
*** jamesmcarthur has quit IRC22:47
*** jamesmcarthur has joined #openstack-keystone22:50
*** markvoelker has joined #openstack-keystone22:53
*** jamesmcarthur has quit IRC22:57
*** markvoelker has quit IRC23:08
openstackgerritColleen Murphy proposed openstack/keystone master: [WIP] Add immutable resource option for roles  https://review.opendev.org/66673923:23
openstackgerritColleen Murphy proposed openstack/keystone master: Add --immutable-roles flag to bootstrap command  https://review.opendev.org/67522823:23
*** prometheanfire has joined #openstack-keystone23:25
prometheanfireso.... new oauthlib looks like it'll need some action23:25
prometheanfirehttps://logs.opendev.org/37/673737/6/check/cross-keystone-py27/a992851/testr_results.html.gz23:25
prometheanfirehttps://review.opendev.org/67373723:26
cmurphyfun23:26
*** hoonetorg has quit IRC23:26
prometheanfireyep23:27
*** jamesmcarthur has joined #openstack-keystone23:28
prometheanfireI'm gonna remove it from the review, but thought you23:29
prometheanfireI'm gonna remove it from the review, but thought you'd like to know23:29
prometheanfireyou want me to make a review for just that for you to test against?23:31
cmurphyprometheanfire: sure, could you file a bug as well? that will make it more likely that someone-not-me will pick it up23:33
*** jamesmcarthur has quit IRC23:33
prometheanfireyep23:34
prometheanfireok, depend on https://review.opendev.org/675229 for testing23:35
prometheanfirehttps://bugs.launchpad.net/keystone/+bug/183939323:38
openstackLaunchpad bug 1839393 in OpenStack Identity (keystone) "oauthlib===3.1.0 fails tests (requirements update)" [Undecided,New]23:38
*** markvoelker has joined #openstack-keystone23:38
cmurphyty23:39
*** hoonetorg has joined #openstack-keystone23:40
prometheanfireyarp23:42
*** markvoelker has quit IRC23:43
*** jamesmcarthur has joined #openstack-keystone23:43
*** jamesmcarthur has quit IRC23:46
« Tuesday, 2019-08-06 Index Thursday, 2019-08-08 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!