Wednesday, 2018-03-21

« Tuesday, 2018-03-20 Index Thursday, 2018-03-22 »
*** odyssey4me has quit IRC00:10
*** odyssey4me has joined #openstack-keystone00:10
*** germs has joined #openstack-keystone00:11
*** germs has quit IRC00:11
*** germs has joined #openstack-keystone00:11
*** itlinux has joined #openstack-keystone00:12
*** germs has quit IRC00:15
*** AlexeyAbashkin has joined #openstack-keystone00:18
*** AlexeyAbashkin has quit IRC00:22
*** r-daneel has quit IRC00:31
openstackgerritAdrian Turjak proposed openstack/keystone-specs master: Add spec for MFA auth receipts  https://review.openstack.org/55367000:37
*** felipemonteiro_ has joined #openstack-keystone00:52
*** felipemonteiro__ has joined #openstack-keystone00:54
*** felipemonteiro_ has quit IRC00:58
*** harlowja has quit IRC01:07
*** AlexeyAbashkin has joined #openstack-keystone01:18
*** AlexeyAbashkin has quit IRC01:22
openstackgerritwangxiyuan proposed openstack/keystone master: Limit description support  https://review.openstack.org/55313201:25
*** felipemonteiro_ has joined #openstack-keystone01:32
*** felipemonteiro__ has quit IRC01:32
*** wes_dillingham has quit IRC01:35
lbragstadwxy: thanks for the comments on https://review.openstack.org/#/c/554320/01:54
*** dangtrinhnt has joined #openstack-keystone01:54
wxylbragstad: thanks for your spec proposal. :)01:55
lbragstadyeah - no problem01:56
lbragstadyou're doing the hard work :)01:56
lbragstadi wanted to update that spec today, but i ran out of time01:57
wxylbragstad: it doesn't matter. I spent most time on yaml catalog, limit things and some glance stuff these few days. I have to pay attention on token refactor next.02:00
lbragstadyeah.. i have to pick that back up...02:01
lbragstadthe tests actually pass, but pep8 fails due to the complexity of some of the logic02:01
*** panbalag has quit IRC02:12
*** AlexeyAbashkin has joined #openstack-keystone02:18
*** AlexeyAbashkin has quit IRC02:23
*** dangtrinhnt has quit IRC02:35
*** zhurong has joined #openstack-keystone02:40
*** felipemonteiro_ has quit IRC02:55
*** dave-mccowan has quit IRC03:16
*** zhurong has quit IRC03:44
*** links has joined #openstack-keystone04:00
*** links has quit IRC04:00
*** harlowja has joined #openstack-keystone04:39
*** harlowja has quit IRC04:56
*** rybridges has quit IRC05:30
*** rybridges has joined #openstack-keystone05:43
*** rybridges has quit IRC05:51
*** rybridges has joined #openstack-keystone06:04
*** masuberu has quit IRC06:04
*** zhurong has joined #openstack-keystone06:04
*** rybridges has quit IRC06:09
*** germs has joined #openstack-keystone06:13
*** germs has quit IRC06:13
*** germs has joined #openstack-keystone06:13
*** germs has quit IRC06:18
*** rybridges has joined #openstack-keystone06:23
*** masber has joined #openstack-keystone06:31
*** gus has quit IRC06:34
*** gus has joined #openstack-keystone06:36
*** pcichy has joined #openstack-keystone06:44
*** wxy_ has quit IRC06:51
*** gongysh has joined #openstack-keystone06:55
*** aojea has joined #openstack-keystone06:57
*** jaosorior has quit IRC07:05
*** masber has quit IRC07:05
*** masber has joined #openstack-keystone07:06
*** aojea has quit IRC07:13
*** aojea has joined #openstack-keystone07:14
*** rcernin has quit IRC07:21
*** voelzmo has joined #openstack-keystone07:21
*** aojea has quit IRC07:28
*** martinus__ has joined #openstack-keystone07:37
*** jaosorior has joined #openstack-keystone07:44
*** AlexeyAbashkin has joined #openstack-keystone07:55
*** jmlowe has quit IRC07:57
*** aojea_ has joined #openstack-keystone08:20
*** aojea_ has quit IRC08:25
*** tesseract has joined #openstack-keystone08:31
*** brad[] has quit IRC08:34
*** masber has quit IRC08:40
*** Supun has joined #openstack-keystone08:46
*** tesseract has quit IRC08:51
*** tesseract has joined #openstack-keystone08:52
*** tesseract has quit IRC08:54
*** tesseract has joined #openstack-keystone08:57
*** zhurong has quit IRC09:04
*** zhurong has joined #openstack-keystone09:13
*** masber has joined #openstack-keystone09:20
openstackgerritJens Harbott (frickler) proposed openstack/keystoneauth master: Be more helpful when version discovery fails  https://review.openstack.org/55404409:21
*** gongysh has quit IRC09:30
*** Supun has quit IRC09:33
*** voelzmo has quit IRC09:54
*** voelzmo has joined #openstack-keystone09:55
*** voelzmo has quit IRC09:55
*** voelzmo has joined #openstack-keystone09:56
*** voelzmo has quit IRC10:00
openstackgerrityangweiwei proposed openstack/keystone master: Fix user email in federated shadow users  https://review.openstack.org/54972310:05
*** aojea_ has joined #openstack-keystone10:08
*** aojea_ has quit IRC10:14
*** sapd_ has quit IRC10:38
*** sapd has joined #openstack-keystone10:39
*** zhurong has quit IRC10:55
*** voelzmo has joined #openstack-keystone11:04
*** gyankum has joined #openstack-keystone11:10
*** wes_dillingham has joined #openstack-keystone11:14
*** pcichy has quit IRC11:27
*** voelzmo has quit IRC11:32
*** MeltedLux has quit IRC11:41
*** wes_dillingham has quit IRC11:55
*** aojea_ has joined #openstack-keystone11:57
*** aojea_ has quit IRC12:01
*** odyssey4me has quit IRC12:03
*** odyssey4me has joined #openstack-keystone12:03
*** jmlowe has joined #openstack-keystone12:08
*** wes_dillingham has joined #openstack-keystone12:09
*** raildo has joined #openstack-keystone12:12
*** raildo has quit IRC12:14
*** raildo has joined #openstack-keystone12:24
*** edmondsw has joined #openstack-keystone12:40
*** panbalag has joined #openstack-keystone12:50
*** felipemonteiro_ has joined #openstack-keystone13:01
*** felipemonteiro__ has joined #openstack-keystone13:02
*** germs has joined #openstack-keystone13:04
*** germs has quit IRC13:04
*** germs has joined #openstack-keystone13:04
*** felipemonteiro_ has quit IRC13:06
*** panbalag has left #openstack-keystone13:06
*** panbalag has joined #openstack-keystone13:31
*** mvk has quit IRC13:31
*** brad[] has joined #openstack-keystone13:38
*** jdennis has quit IRC13:39
*** jdennis has joined #openstack-keystone13:39
*** dklyle has joined #openstack-keystone13:44
*** david-lyle has quit IRC13:44
*** mvk has joined #openstack-keystone13:47
*** aojea_ has joined #openstack-keystone13:50
*** aojea_ has quit IRC13:53
*** aojea_ has joined #openstack-keystone13:54
*** idlemind has joined #openstack-keystone13:54
*** itlinux has quit IRC14:16
*** itlinux has joined #openstack-keystone14:17
*** aojea_ has quit IRC14:18
*** itlinux has quit IRC14:22
knikollao/14:23
*** r-daneel has joined #openstack-keystone14:25
lbragstado/14:26
lbragstadsome good discussion in -tc this morning14:26
SamYaple"zuul people" lol14:26
lbragstadjust skimmed the scroll back14:27
*** felipemonteiro__ has quit IRC14:47
*** aojea_ has joined #openstack-keystone14:47
*** dave-mccowan has joined #openstack-keystone14:47
*** felipemonteiro__ has joined #openstack-keystone14:47
*** germs has quit IRC14:51
*** gyankum has quit IRC14:51
*** aojea_ has quit IRC14:51
*** felipemonteiro_ has joined #openstack-keystone14:52
*** germs has joined #openstack-keystone14:52
*** felipemonteiro__ has quit IRC14:55
gagehugoo/14:58
*** felipemonteiro__ has joined #openstack-keystone15:07
*** Drankis has joined #openstack-keystone15:10
*** felipemonteiro_ has quit IRC15:11
lbragstadreminder that the policy meeting will be starting in ~8 minutes15:52
*** Drankis has quit IRC15:52
* cmurphy going to miss it15:56
lbragstadack15:58
lbragstadwe have a pretty light agenda...15:58
*** itlinux has joined #openstack-keystone16:07
*** itlinux has quit IRC16:15
lbragstaddims: ping16:16
dimspong @lbragstad16:16
lbragstadqq on the oslo.policy spec for additional attributes - https://review.openstack.org/#/c/552045/1/specs/rocky/consistent-policy-attributes.rst16:17
lbragstadmaybe i should have started this conversation in -oslo?16:17
dims++ lbragstad16:18
lbragstadok - moving there16:18
*** masber has quit IRC16:27
*** AlexeyAbashkin has quit IRC16:29
*** aojea_ has joined #openstack-keystone16:32
*** aojea_ has quit IRC16:36
*** gyee has joined #openstack-keystone16:38
*** itlinux has joined #openstack-keystone16:50
openstackgerritLance Bragstad proposed openstack/keystone master: Remove references to v2.0 from external developer doc  https://review.openstack.org/55469016:58
*** bradjones has quit IRC17:03
openstackgerritGage Hugo proposed openstack/keystone master: Fix tags and tags-any filter interaction  https://review.openstack.org/55310817:04
*** felipemonteiro__ has quit IRC17:11
*** felipemonteiro__ has joined #openstack-keystone17:11
*** jmlowe has quit IRC17:37
*** NobodyCam has quit IRC17:37
*** r-daneel has quit IRC17:37
*** r-daneel has joined #openstack-keystone17:37
*** gus has quit IRC17:38
*** gmann_ has quit IRC17:38
*** NobodyCam has joined #openstack-keystone17:39
*** andreaf has quit IRC17:39
*** gus has joined #openstack-keystone17:39
*** andreaf_ has joined #openstack-keystone17:39
*** gmann_ has joined #openstack-keystone17:40
*** felipemonteiro_ has joined #openstack-keystone17:40
*** andreaf_ is now known as andreaf17:41
*** felipemonteiro__ has quit IRC17:41
*** spilla has joined #openstack-keystone17:44
*** Drankis has joined #openstack-keystone17:47
*** panbalag has quit IRC17:49
openstackgerritayoung proposed openstack/keystone-specs master: Add whitelist-extension-for-app-creds  https://review.openstack.org/39633117:54
*** felipemonteiro__ has joined #openstack-keystone18:02
*** AlexeyAbashkin has joined #openstack-keystone18:03
*** felipemonteiro_ has quit IRC18:06
*** jmlowe has joined #openstack-keystone18:15
*** aojea_ has joined #openstack-keystone18:20
*** AlexeyAbashkin has quit IRC18:21
*** EmilienM is now known as mimi18:21
*** mimi is now known as EmilienM18:21
*** NM has joined #openstack-keystone18:23
*** harlowja has joined #openstack-keystone18:24
*** aojea_ has quit IRC18:25
*** jmlowe has quit IRC18:36
lbragstadkmalloc: not sure how busy you are today, but i'm wondering if we could step through https://review.openstack.org/#/c/545450/18:42
kmallocsure18:42
kmallocbluejeans/hangout?18:43
lbragstadeither or18:43
kmallochttps://bluejeans.com/560671947118:44
openstackgerritGage Hugo proposed openstack/keystone master: Make tags filter match subset rather than exact  https://review.openstack.org/55310818:44
lbragstadin case anyone else is interested in walking through a way forward with https://review.openstack.org/#/c/545450/18:45
*** jmlowe has joined #openstack-keystone18:46
*** raildo has quit IRC18:52
*** jmlowe has quit IRC18:57
* gagehugo is stuck in a meeting19:04
*** jmlowe has joined #openstack-keystone19:06
*** mvk has quit IRC19:09
*** felipemonteiro__ has quit IRC19:13
*** felipemonteiro__ has joined #openstack-keystone19:13
*** AlexeyAbashkin has joined #openstack-keystone19:17
*** oikiki has joined #openstack-keystone19:18
*** AlexeyAbashkin has quit IRC19:21
*** jaosorior has quit IRC19:23
SamYapleim hitting "Invalid domain name (MYDOMAIN) found in config file name" where MYDOMAIN is all caps19:28
SamYaplebut when i create the domain `openstack domain create MYDOMAIN` it and restart keystone it works19:29
SamYapleanyone seen that?19:29
*** panbalag has joined #openstack-keystone19:35
*** panbalag has left #openstack-keystone19:35
*** tesseract has quit IRC19:38
*** jaosorior has joined #openstack-keystone19:44
SamYapleah looking through the commit history itappears that is intentional behaviour to require a restart of keystone19:47
*** anyone is now known as eschwartz19:48
openstackgerritMerged openstack/python-keystoneclient master: Updated from global requirements  https://review.openstack.org/54956519:58
*** aojea has joined #openstack-keystone20:08
*** aojea has quit IRC20:14
*** Krenair has quit IRC20:14
*** Krenair has joined #openstack-keystone20:18
*** AlexeyAbashkin has joined #openstack-keystone20:18
*** wes_dillingham has quit IRC20:21
*** AlexeyAbashkin has quit IRC20:22
*** Krenair has quit IRC20:22
*** Krenair has joined #openstack-keystone20:30
*** jaosorior_ has joined #openstack-keystone20:33
*** jaosorior has quit IRC20:37
*** Krenair has quit IRC20:41
adriantlbragstad, kmalloc: Totally unrelated to receipts, I am curious though if key rotation of 15mins is something anyone would do? Doesn't that mean your tokens at last between 30-15mins? Or can you make fernet use X number of old keys for decryption, but only ever have 15mins worth of time when a key is used for generation?20:42
*** Krenair has joined #openstack-keystone20:42
kmallocdoubtful20:43
lbragstadadriant: it depends on the number of max_active_keys in the repository20:49
*** aojea has joined #openstack-keystone20:49
lbragstadyou can rotate every 15 minutes and have max_active_keys set to 40 - which means you tokens will be around for 10 hours before being invalidated because the key is missing20:50
lbragstadyour*20:50
*** Krenair has quit IRC20:54
adriantlbragstad: thanks, had a feeling that was the case but it's been too long since I looked at that properly20:55
*** jmlowe has quit IRC20:56
*** Krenair has joined #openstack-keystone21:02
*** Krenair has joined #openstack-keystone21:10
adriantlbragstad: what's the recommended key rotation period?21:13
*** raildo has joined #openstack-keystone21:15
*** AlexeyAbashkin has joined #openstack-keystone21:17
*** AlexeyAbashkin has quit IRC21:21
*** jmlowe has joined #openstack-keystone21:21
lbragstadadriant: that totally depends on your deployments security model21:25
adriantlbragstad: and I guess the volume of traffic you expect21:26
adriantwell, volume of token requests21:26
lbragstadadriant: https://www.youtube.com/watch?v=702SRZHdNW8&feature=youtu.be&t=12m5s21:30
lbragstadwe worked that into a presentation because we get that question quite a bit21:30
*** felipemonteiro_ has joined #openstack-keystone21:32
*** NM has quit IRC21:33
adriantlbragstad: huh, I have actually seen that video, I'm just having a slow brain day it seems.21:35
adriantthanks!21:35
lbragstadadriant: yep - anytime!21:35
*** felipemonteiro__ has quit IRC21:35
openstackgerritMerged openstack/keystone master: Mark the implied role API as stable  https://review.openstack.org/55061121:42
*** Krenair has quit IRC21:43
*** itlinux has quit IRC21:51
*** Krenair_ has joined #openstack-keystone21:53
*** spilla has quit IRC21:55
*** pcaruana has quit IRC21:55
openstackgerritAdrian Turjak proposed openstack/keystone-specs master: Add spec for MFA auth receipts  https://review.openstack.org/55367021:56
*** Krenair_ has quit IRC21:57
*** Krenair_ has joined #openstack-keystone22:00
*** martinus__ has quit IRC22:12
*** raildo has quit IRC22:15
openstackgerritGage Hugo proposed openstack/keystone master: Add functional testing gate  https://review.openstack.org/53101422:18
*** rcernin has joined #openstack-keystone22:25
*** threestrands has joined #openstack-keystone22:29
openstackgerritLance Bragstad proposed openstack/keystone master: WIP: rewrite keystone  https://review.openstack.org/54545022:29
*** felipemonteiro_ has quit IRC22:29
lbragstadkmalloc: reworked ^22:29
*** felipemonteiro_ has joined #openstack-keystone22:29
lbragstadfor some reason it's failing 4 python 3.5 tests...22:30
*** threestrands has quit IRC22:30
*** threestrands has joined #openstack-keystone22:30
*** threestrands has quit IRC22:30
*** threestrands has joined #openstack-keystone22:30
*** Krenair_ has quit IRC22:31
*** Krenair has joined #openstack-keystone22:34
*** d0ugal has quit IRC22:34
*** d0ugal has joined #openstack-keystone22:37
openstackgerritGage Hugo proposed openstack/keystone master: Add functional testing gate  https://review.openstack.org/53101422:43
*** aojea has quit IRC22:54
*** aojea has joined #openstack-keystone22:54
*** aojea has quit IRC22:55
*** aojea has joined #openstack-keystone22:55
*** aojea has quit IRC22:55
*** masber has joined #openstack-keystone23:04
*** raildo has joined #openstack-keystone23:06
*** edmondsw has quit IRC23:07
*** oikiki has quit IRC23:16
*** itlinux has joined #openstack-keystone23:20
*** oikiki has joined #openstack-keystone23:23
*** Krenair has quit IRC23:28
*** r-daneel has quit IRC23:30
*** Krenair has joined #openstack-keystone23:38
*** felipemonteiro_ has quit IRC23:41
*** Krenair has quit IRC23:43
*** gyee has quit IRC23:45
*** Krenair has joined #openstack-keystone23:52
*** wes_dillingham has joined #openstack-keystone23:53
kmalloclbragstad: check to make sure the issued_at is the same as the fernet timestamp?23:57
kmalloclbragstad: we might need that returned from mint?23:58
kmallocoh! you did that23:58
openstackgerritMerged openstack/keystone master: Add logging for xmlsec1 installation  https://review.openstack.org/55359223:58
kmallocnvm23:58
*** Krenair has quit IRC23:58
kmallocbraaaaaaaaain... i has none atm23:58
« Tuesday, 2018-03-20 Index Thursday, 2018-03-22 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!