Wednesday, 2019-08-14

« Tuesday, 2019-08-13 Index Thursday, 2019-08-15 »
mordredyeah ... we're going to have some fun aren't we?00:06
*** rcernin has joined #openstack-keystone00:08
*** whoami-rajat has joined #openstack-keystone00:09
*** markvoelker has joined #openstack-keystone00:10
*** markvoelker has quit IRC00:16
*** dancn has quit IRC00:20
*** markvoelker has joined #openstack-keystone00:21
*** trident has quit IRC00:38
*** gyee has quit IRC00:48
*** rcernin has quit IRC00:58
openstackgerritAdrian Turjak proposed openstack/keystone-specs master: Reparent Projects  https://review.opendev.org/61814401:02
openstackgerritAdrian Turjak proposed openstack/keystone-specs master: Reparent Projects  https://review.opendev.org/61814401:03
*** spsurya has joined #openstack-keystone01:05
*** rcernin has joined #openstack-keystone01:14
openstackgerritAdrian Turjak proposed openstack/keystone master: Add support for previous TOTP windows  https://review.opendev.org/64765501:17
*** markvoelker has quit IRC01:23
*** markvoelker has joined #openstack-keystone01:23
*** markvoelker has quit IRC01:28
*** markvoelker has joined #openstack-keystone01:56
*** markvoelker has quit IRC02:00
*** whoami-rajat has quit IRC02:28
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system reader and member for endpoint_groups  https://review.opendev.org/67527203:12
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system_admin for endpoint_groups  https://review.opendev.org/67553603:13
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add tests for domain users interacting with endpoint_groups  https://review.opendev.org/67610803:13
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add tests for project users interacting with endpoint_groups  https://review.opendev.org/67611503:14
*** whoami-rajat has joined #openstack-keystone03:20
*** markvoelker has joined #openstack-keystone04:01
*** markvoelker has quit IRC04:05
*** markvoelker has joined #openstack-keystone04:52
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system reader and member for policies  https://review.opendev.org/67616204:54
*** markvoelker has quit IRC04:57
*** rcernin has quit IRC06:16
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system admin for policies  https://review.opendev.org/67635506:18
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system reader and member for policies  https://review.opendev.org/67616206:23
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system admin for policies  https://review.opendev.org/67635506:24
*** rcernin has joined #openstack-keystone06:31
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system reader and member for endpoint_groups  https://review.opendev.org/67527206:42
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system_admin for endpoint_groups  https://review.opendev.org/67553606:42
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement system_admin for endpoint_groups  https://review.opendev.org/67553606:53
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add tests for domain users interacting with endpoint_groups  https://review.opendev.org/67610806:54
*** ivve has joined #openstack-keystone06:59
*** trident has joined #openstack-keystone07:01
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add tests for domain users interacting with endpoint_groups  https://review.opendev.org/67610807:01
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add tests for project users interacting with endpoint_groups  https://review.opendev.org/67611507:02
*** xek has joined #openstack-keystone07:03
*** tesseract has joined #openstack-keystone07:10
*** shyamb has joined #openstack-keystone07:16
*** dancn has joined #openstack-keystone07:16
*** shyamb has quit IRC07:41
*** dancn has quit IRC07:50
*** shyamb has joined #openstack-keystone07:53
*** rcernin has quit IRC07:56
*** dancn has joined #openstack-keystone08:03
*** markvoelker has joined #openstack-keystone08:07
*** tkajinam has quit IRC08:11
*** markvoelker has quit IRC08:15
*** rcernin has joined #openstack-keystone08:23
*** rcernin has quit IRC08:29
*** rcernin has joined #openstack-keystone08:38
*** markvoelker has joined #openstack-keystone08:41
*** markvoelker has quit IRC08:45
*** shyamb has quit IRC08:52
*** rcernin has quit IRC09:04
*** markvoelker has joined #openstack-keystone09:10
*** markvoelker has quit IRC09:15
*** dancn has quit IRC09:15
*** dancn has joined #openstack-keystone09:20
*** shyamb has joined #openstack-keystone09:52
*** markvoelker has joined #openstack-keystone10:11
*** markvoelker has quit IRC10:15
*** bnemec has quit IRC10:34
*** shyamb has quit IRC10:35
*** bnemec has joined #openstack-keystone10:37
*** shyamb has joined #openstack-keystone10:42
*** bnemec has quit IRC10:45
*** bnemec has joined #openstack-keystone10:49
*** bnemec has quit IRC11:04
*** bnemec has joined #openstack-keystone11:09
*** bnemec has quit IRC11:13
*** markvoelker has joined #openstack-keystone11:21
*** markvoelker has quit IRC11:26
*** bnemec has joined #openstack-keystone11:26
*** markvoelker has joined #openstack-keystone11:31
*** bnemec has quit IRC11:31
*** raildo has joined #openstack-keystone11:35
*** markvoelker has quit IRC11:36
*** jaosorior has joined #openstack-keystone11:38
*** bnemec has joined #openstack-keystone11:38
*** bnemec has quit IRC11:45
*** shyamb has quit IRC11:45
*** bnemec has joined #openstack-keystone11:48
*** bnemec has quit IRC11:55
*** bnemec has joined #openstack-keystone11:59
*** shyamb has joined #openstack-keystone12:02
*** markvoelker has joined #openstack-keystone12:02
*** bnemec has quit IRC12:04
*** bnemec has joined #openstack-keystone12:10
*** bnemec has quit IRC12:29
*** bnemec has joined #openstack-keystone12:33
*** rcernin has joined #openstack-keystone12:34
*** shyamb has quit IRC12:36
*** rcernin has quit IRC12:40
*** bnemec has quit IRC12:41
*** bnemec has joined #openstack-keystone12:44
*** bnemec has quit IRC12:49
*** bnemec has joined #openstack-keystone12:54
*** jaosorior has quit IRC12:56
*** bnemec has quit IRC13:07
*** bnemec has joined #openstack-keystone13:10
*** bnemec has quit IRC13:16
*** beekneemech has joined #openstack-keystone13:16
*** beekneemech has quit IRC13:33
*** bnemec has joined #openstack-keystone13:39
*** bnemec has quit IRC13:47
*** bnemec has joined #openstack-keystone13:51
*** jaosorior has joined #openstack-keystone13:51
*** bnemec has quit IRC13:55
*** bnemec has joined #openstack-keystone13:58
*** jaosorior has quit IRC14:16
*** dave-mccowan has joined #openstack-keystone15:19
*** dancn has quit IRC15:22
*** dave-mccowan has quit IRC15:26
*** ivve has quit IRC15:42
*** tesseract has quit IRC15:56
*** dklyle has quit IRC16:36
*** dklyle has joined #openstack-keystone16:37
*** fungi has quit IRC16:42
*** fungi has joined #openstack-keystone16:43
*** markvoelker has quit IRC16:44
*** markvoelker has joined #openstack-keystone16:51
*** spsurya has quit IRC17:14
*** ivve has joined #openstack-keystone17:52
*** gyee has joined #openstack-keystone18:06
openstackgerritColleen Murphy proposed openstack/keystone master: Move get_trust enforcement to default policies  https://review.opendev.org/67628318:14
openstackgerritColleen Murphy proposed openstack/keystone master: Move list_roles_for_trust enforcement to policies  https://review.opendev.org/67628418:14
openstackgerritColleen Murphy proposed openstack/keystone master: Move get_role_for_trust enforcement to policies  https://review.opendev.org/67628718:14
cmurphywhile fixing those tests ^ i found our get trusts API exposes trust-nonexistence without enforcement :(18:15
openstackgerritColleen Murphy proposed openstack/keystone master: Add federated support for get user  https://review.opendev.org/44873018:21
openstackgerritColleen Murphy proposed openstack/keystone master: Add federated support for creating a user  https://review.opendev.org/44875518:21
openstackgerritColleen Murphy proposed openstack/keystone master: Add federated support for updating a user  https://review.opendev.org/44876518:21
*** gagehugo has quit IRC19:09
mordredcmurphy: that doesn't seem like a feature19:30
cmurphymordred: no it is not good19:33
openstackgerritColleen Murphy proposed openstack/keystone master: Add federated support for get user  https://review.opendev.org/44873020:08
openstackgerritColleen Murphy proposed openstack/keystone master: Add federated support for creating a user  https://review.opendev.org/44875520:08
openstackgerritColleen Murphy proposed openstack/keystone master: Add federated support for updating a user  https://review.opendev.org/44876520:08
*** gagehugo has joined #openstack-keystone20:46
*** raildo has quit IRC21:13
*** markvoelker has quit IRC21:26
*** prometheanfire has joined #openstack-keystone22:02
prometheanfirehi, what's with the keystonemiddleware release? https://github.com/openstack/keystonemiddleware/compare/4.21.0...4.21.122:02
prometheanfireno diff22:02
prometheanfirebecause I'm looking wrong22:03
prometheanfire:D22:03
cmurphyprometheanfire: all good?22:05
cmurphythere's no 4.21.122:05
prometheanfireya, exactly :D22:06
prometheanfirehave to make a fool of myself before figuring something out, it's a constant struggle22:07
cmurphythe public internet is the best rubber duck22:07
prometheanfireso it seems22:14
*** markvoelker has joined #openstack-keystone22:23
*** ivve has quit IRC22:33
openstackgerritColleen Murphy proposed openstack/keystone master: Add protection tests for trusts API  https://review.opendev.org/67572022:43
openstackgerritColleen Murphy proposed openstack/keystone master: Move list_trusts enforcement to default policies  https://review.opendev.org/67580722:43
openstackgerritColleen Murphy proposed openstack/keystone master: Move delete_trust enforcement to default policies  https://review.opendev.org/67627722:43
openstackgerritColleen Murphy proposed openstack/keystone master: Move get_trust enforcement to default policies  https://review.opendev.org/67628322:43
openstackgerritColleen Murphy proposed openstack/keystone master: Move list_roles_for_trust enforcement to policies  https://review.opendev.org/67628422:43
openstackgerritColleen Murphy proposed openstack/keystone master: Move get_role_for_trust enforcement to policies  https://review.opendev.org/67628722:43
openstackgerritColleen Murphy proposed openstack/keystone master: Don't reveal trust existence to unauthorized users  https://review.opendev.org/67652822:43
cmurphythis trusts api man22:43
*** markvoelker has quit IRC22:48
*** tkajinam has joined #openstack-keystone22:50
*** tyreymer has joined #openstack-keystone23:05
*** xek has quit IRC23:14
*** markvoelker has joined #openstack-keystone23:25
*** markvoelker has quit IRC23:30
kmallocyeah23:32
kmalloc=/23:32
kmallocit's...23:32
kmallocwell... "historical"23:32
kmalloccmurphy: where is the unenforced trust non-existence?23:33
cmurphykmalloc: https://review.opendev.org/#/c/676528/1/keystone/api/trusts.py@15023:36
cmurphy'identity:get_trust' is empty and doesn't do anything23:36
kmalloccmurphy: ah that is an issue23:36
cmurphyenforcement is done in _trustor_trustee_only23:36
kmallocbut it's not "unenforced" in the sense of enforcement being called23:36
kmalloci was worried i screwed up the enforced/unenforced API.23:37
kmalloci can enhance the check to not allow for "" policies23:37
cmurphykmalloc: no it's a pre-flask issue23:37
kmallocright23:37
kmallocbecause get_trust is empty, we call on ""23:37
kmallocwe might want to make the enforcer not allow ""23:37
kmallocbut the enforcer is called, which was my 1st concern.23:38
cmurphyhmm in theory there could be a legitimate reason for an operator to set "" as a rule23:38
kmallocmaybe23:38
cmurphybut it's not appropriate for the trust defaults23:39
cmurphywhich is that that whole stack is about ^23:39
kmallocbvut we can also detect default vs override23:39
kmalloci'm inclined to say defaults should never be ""23:39
cmurphyi think i agree23:39
kmallocand that is a programming error, vs. override which is an operator concern (and maybe worth a warning/info line on load)23:40
kmallocfuture thinking of course23:40
*** tyreymer has quit IRC23:41
« Tuesday, 2019-08-13 Index Thursday, 2019-08-15 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!