Tuesday, 2018-09-04

« Monday, 2018-09-03 Index Wednesday, 2018-09-05 »
*** Nel1x has joined #openstack-keystone00:57
*** rcernin has quit IRC01:24
*** rcernin has joined #openstack-keystone01:24
*** bzhao__ has joined #openstack-keystone01:26
*** dave-mccowan has quit IRC02:13
*** Nel1x has quit IRC03:14
*** ykarel has joined #openstack-keystone03:24
deepak_mourya_cmurphy:  Hi, just a reminder that I have updated the patchset, you can review the same https://review.openstack.org/#/c/484348/03:25
openstackgerritMerged openstack/keystone master: Incorrect use of translation _()  https://review.openstack.org/59668303:28
openstackgerritMerged openstack/keystone master: Update RDO install guide for v3  https://review.openstack.org/59931803:28
*** jrist has joined #openstack-keystone03:31
*** r-daneel has joined #openstack-keystone03:34
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Add domain level limit support  https://review.openstack.org/59949103:35
*** ykarel has quit IRC03:37
*** ykarel has joined #openstack-keystone03:51
*** ykarel has quit IRC04:08
*** ykarel has joined #openstack-keystone04:37
*** shyamb has joined #openstack-keystone04:59
ykarelwxy-xiyuan, hi04:59
ykarelwxy-xiyuan, any chance u were able to reproduce keystonemiddleware + oslo.config issue: https://bugs.launchpad.net/glance/+bug/178935105:00
openstackLaunchpad bug 1789351 in oslo.config "Glance deployment with python3 + "keystone" paste_deploy flavor Fails" [Undecided,New]05:00
ykareldhellmann, has a possible fix there ^^, can u check,05:01
*** shyamb has quit IRC05:08
*** shyamb has joined #openstack-keystone05:08
*** shyamb has quit IRC05:23
*** shyamb has joined #openstack-keystone05:42
*** vishakha has quit IRC05:48
*** pas-ha has quit IRC05:48
*** pas-ha has joined #openstack-keystone05:48
*** mugsie has quit IRC05:49
*** zigo has quit IRC05:49
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Add domain level limit support  https://review.openstack.org/59949106:23
*** hoonetorg has joined #openstack-keystone06:24
*** shyamb has quit IRC06:25
*** shyamb has joined #openstack-keystone06:25
*** shyam89 has joined #openstack-keystone06:30
*** rcernin has quit IRC06:33
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement Trust Flush via keystone-manage.  https://review.openstack.org/58937806:33
*** shyamb has quit IRC06:34
*** vishakha has joined #openstack-keystone06:35
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Add domain level limit support  https://review.openstack.org/59949106:37
wxy-xiyuanykarel: I can't reproduce even re-install devstack with your patch. It's weird.06:40
wxy-xiyuanykarel: does dhellmann's fix works for you?06:40
ykarelwxy-xiyuan, yes abhishek tried that and it worked, let me try to reproduce again06:41
wxy-xiyuanykarel: cool. I'm not the blocker for the fix. Feel free to do it. I just can't reproduce and don't know how and why the problem happened  :)06:43
ykarelwxy-xiyuan, let me try again to see why it's not reproducable to u06:44
wxy-xiyuanykarel: I guess it's my problem since CI already told that it's a bug indeed.06:45
ykarelwxy-xiyuan, hmm probably06:51
*** ykarel is now known as ykarel|lunch07:40
*** shyam89 has quit IRC07:55
*** Emine has joined #openstack-keystone08:05
*** shyam89 has joined #openstack-keystone08:37
*** d0ugal has quit IRC08:43
*** ykarel|lunch is now known as ykarel08:45
*** josecastroleon has joined #openstack-keystone09:02
*** d0ugal has joined #openstack-keystone09:03
ykarelwxy-xiyuan, hi, i have the reproducer, would u like to see09:24
wxy-xiyuanykarel: sure09:24
ykarelwxy-xiyuan, see pm09:25
*** shyam89 has quit IRC09:29
*** sayalilunkad has joined #openstack-keystone09:32
*** shyam89 has joined #openstack-keystone09:47
*** jaosorior has joined #openstack-keystone09:47
*** shyam89 has quit IRC09:55
openstackgerritMerged openstack/python-keystoneclient master: add lib-forward-testing-python3 test job  https://review.openstack.org/59767410:16
*** dave-mccowan has joined #openstack-keystone10:41
*** mugsie has joined #openstack-keystone10:46
*** takamatsu has joined #openstack-keystone11:00
*** shyam89 has joined #openstack-keystone11:04
*** andreaf has joined #openstack-keystone11:05
*** shyam89 has quit IRC11:41
*** dims has joined #openstack-keystone11:56
*** shyam89 has joined #openstack-keystone12:04
*** josecastroleon has quit IRC12:13
*** raildo has joined #openstack-keystone12:16
*** ykarel is now known as ykarel|away12:34
*** jrist has quit IRC12:39
*** jrist has joined #openstack-keystone12:40
*** ykarel|away has quit IRC12:42
*** shyam89 has quit IRC12:58
*** lbragstad has joined #openstack-keystone13:19
*** ChanServ sets mode: +o lbragstad13:19
openstackgerritMerged openstack/keystone master: Update the minimimum required version of oslo.log  https://review.openstack.org/59944613:48
kmalloclbragstad: probably will miss meeting today, doctor appt. again.14:04
lbragstadkmalloc thanks for the heads up14:05
kmallocHave groups respun, I was right the first time, we should be leaking data somewhat here, I'll provide an in depth note in the commit msg.14:05
lbragstadnice - that'd be good14:06
lbragstadi'll review it today14:06
*** r-daneel has quit IRC14:07
*** jdennis has joined #openstack-keystone14:07
* cmurphy will also miss the meeting14:07
lbragstadack14:08
*** itlinux has quit IRC14:15
kmallocPS not posted14:19
kmallocFigure that will be later today.14:19
*** mchlumsky has joined #openstack-keystone14:38
kmalloclbragstad: ^14:38
*** r-daneel has joined #openstack-keystone14:39
lbragstadkmalloc sounds good14:42
lbragstadi have a few other things i can wrap up before then14:43
gagehugoo/14:45
*** dklyle has joined #openstack-keystone14:58
knikollao/15:00
knikollafyi: i have a medical appt and will be missing the meeting15:01
*** itlinux has joined #openstack-keystone15:09
*** dklyle has quit IRC15:13
*** dklyle has joined #openstack-keystone15:14
*** lamt has joined #openstack-keystone15:18
*** wxy| has joined #openstack-keystone15:19
*** openstackgerrit has quit IRC15:20
*** Emine has quit IRC15:31
hrybackio/15:55
hrybackiI have to drop 30 mins early myself today15:55
*** jlvilla-viva is now known as jlvillal15:58
*** prometheanfire has left #openstack-keystone16:00
*** wxy| has quit IRC16:22
*** gyee has joined #openstack-keystone16:24
*** ayoung has joined #openstack-keystone16:24
kmalloco/16:53
*** hwoarang_ has joined #openstack-keystone16:57
*** hwoarang__ has joined #openstack-keystone16:58
*** hwoarang has quit IRC17:01
*** hwoarang_ has quit IRC17:02
*** ykarel has joined #openstack-keystone17:03
*** hwoarang has joined #openstack-keystone17:03
*** hwoarang__ has quit IRC17:08
lbragstad#startmeeting keystone-office-hours17:10
openstackMeeting started Tue Sep  4 17:10:32 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.17:10
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.17:10
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"17:10
*** ChanServ changes topic to "Rocky release schedule: https://releases.openstack.org/rocky/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap !!NOTE!! This Channel is Logged ( https://tinyurl.com/OpenStackKeystone )"17:10
openstackThe meeting name has been set to 'keystone_office_hours'17:10
kmalloclbragstad: ok17:39
kmalloclbragstad: so, the reason we need to leak details on if a group exists or not, is communication to the user17:39
kmalloclbragstad: i think i'm going to add an explicit .get check before enforcement.17:40
kmallocwonder if i can craft the target in a better way17:40
*** r-daneel has quit IRC18:06
*** r-daneel has joined #openstack-keystone18:07
*** ykarel is now known as ykarel|away18:13
lbragstadkmalloc but don't we want to keep that from the user?18:19
lbragstadthey're unauthorized18:19
kmallocso here is the case18:19
kmalloci am trying to do "domain role X on group Y"18:19
kmallocif the group doesn't exist, what is the expecation18:20
kmalloca 403? "forbidden" or a "404, group not found"18:20
kmalloc[specifically the case of group not existing]18:20
lbragstadis the user authorized?18:20
kmallocuser it authenticated and is allowed to assign the role18:20
lbragstadthen it should be a 40418:20
lbragstadIMO18:20
kmallocthen group patch [mostly] as is, will be fine18:21
kmallocneeds a quick pass then and a note.18:21
kmallochowever, just fyi, this does allow a bad actor to determine group existence.18:21
kmallocas long as they can create a domain role and assign it18:22
kmalloc*shrug* not a huge leak18:22
kmallocbut it is.18:22
lbragstadif a user calls GET -H "X-Auth-Token: garbage-token" /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} then i don't think we should leak that the domain doesn't exist18:22
lbragstadif $domain_id doesn't exist, then we should expose that information i don't think18:22
lbragstadand return a 40318:23
kmallochm.18:23
kmallocyeah see how this is nuanced and weird.18:23
lbragstadif the user is authenticated AND $domain_id doesn't exist, then we should return a 40418:23
lbragstadright?18:23
kmallochm.18:23
kmallocyeh.18:23
*** itlinux has quit IRC18:58
*** r-daneel_ has joined #openstack-keystone20:38
*** r-daneel has quit IRC20:38
*** r-daneel_ is now known as r-daneel20:38
*** itlinux has joined #openstack-keystone20:41
*** raildo has quit IRC20:51
*** imacdonn has quit IRC21:02
*** imacdonn has joined #openstack-keystone21:02
*** itlinux is now known as itlinux-away21:30
*** itlinux-away is now known as itlinux21:30
*** itlinux is now known as itlinux-away21:30
*** itlinux-away is now known as itlinux21:34
*** itlinux is now known as itlinux-away21:35
*** itlinux-away is now known as itlinux21:35
*** itlinux is now known as itlinux-away21:35
*** itlinux-away is now known as itlinux22:01
*** itlinux has quit IRC22:02
*** r-daneel has quit IRC22:08
lbragstad#endmeeting22:10
*** openstack changes topic to "Rocky release schedule: https://releases.openstack.org/rocky/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap !!NOTE!! This Channel is Logged ( https://tinyurl.com/OpenStackKeystone )"22:10
openstackMeeting ended Tue Sep  4 22:10:37 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)22:10
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-09-04-17.10.html22:10
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-09-04-17.10.txt22:10
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-09-04-17.10.log.html22:10
*** mchlumsky has quit IRC22:22
*** spartakos has joined #openstack-keystone22:48
*** rcernin has joined #openstack-keystone22:55
*** itlinux has joined #openstack-keystone23:04
*** itlinux is now known as itlinux-away23:34
*** itlinux-away is now known as itlinux23:50
« Monday, 2018-09-03 Index Wednesday, 2018-09-05 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!