Monday, 2018-10-22

« Sunday, 2018-10-21 Index Tuesday, 2018-10-23 »
*** dave-mccowan has quit IRC00:14
*** felipemonteiro has joined #openstack-keystone01:23
*** imacdonn has quit IRC01:23
*** imacdonn has joined #openstack-keystone01:23
*** dave-mccowan has joined #openstack-keystone01:26
*** ayoung has joined #openstack-keystone01:48
openstackgerritayoung proposed openstack/oslo.policy master: namespaced flag on checker CLI  https://review.openstack.org/61040201:50
*** annp has joined #openstack-keystone01:58
openstackgerritVishakha Agarwal proposed openstack/keystone master: Updating doc of unified limit  https://review.openstack.org/61222602:07
*** felipemonteiro has quit IRC02:17
*** felipemonteiro has joined #openstack-keystone02:31
*** felipemonteiro has quit IRC02:31
openstackgerritVishakha Agarwal proposed openstack/keystone master: Adding 'date' for trust_flush  https://review.openstack.org/60789702:42
*** dave-mccowan has quit IRC03:11
*** felipemonteiro has joined #openstack-keystone03:32
openstackgerritMerged openstack/keystone master: Convert Normalizing filter to flask native Middleware  https://review.openstack.org/60981503:33
openstackgerritMerged openstack/keystone master: Move AuthContextMiddleware  https://review.openstack.org/60983603:33
*** hoonetorg has quit IRC04:48
*** hoonetorg has joined #openstack-keystone05:01
*** hoonetorg has quit IRC05:12
*** hoonetorg has joined #openstack-keystone05:33
*** felipemonteiro has quit IRC05:37
*** pooja_jadhav has joined #openstack-keystone06:02
*** pcaruana has joined #openstack-keystone06:21
*** josecastroleon has joined #openstack-keystone06:33
*** rdopiera has joined #openstack-keystone06:41
*** bzhao__ has joined #openstack-keystone06:42
*** pcaruana has quit IRC06:58
*** rcernin has quit IRC06:59
*** rcernin has joined #openstack-keystone07:05
*** rcernin has quit IRC07:07
*** pcaruana has joined #openstack-keystone07:13
*** xek has joined #openstack-keystone07:31
*** pooja_jadhav has quit IRC07:32
*** pooja_jadhav has joined #openstack-keystone07:35
*** aojea has joined #openstack-keystone08:05
openstackgerritNeha Alhat proposed openstack/python-keystoneclient master: Add return-request-id-to-caller function(v3/contrib)  https://review.openstack.org/26800308:47
*** aojea has quit IRC09:18
tobias-urdinbeen browsing through a lot of the security docs around keystone, is there any recommended way to restrict access to service accounts?09:34
*** mvkr has quit IRC09:35
*** zzzeek_ has quit IRC09:37
*** zzzeek has joined #openstack-keystone09:40
*** bnemec has joined #openstack-keystone09:45
*** hoonetorg has quit IRC09:51
*** xek has quit IRC09:51
*** bnemec has quit IRC09:53
*** aojea has joined #openstack-keystone09:55
*** mvkr has joined #openstack-keystone09:59
*** hoonetorg has joined #openstack-keystone10:08
*** FlorianFa has joined #openstack-keystone10:08
*** xek has joined #openstack-keystone10:14
*** dave-mccowan has joined #openstack-keystone10:23
*** aojea has quit IRC10:29
openstackgerritNeha Alhat proposed openstack/python-keystoneclient master: Add return-request-id-to-caller function(v3/contrib)  https://review.openstack.org/26800310:35
*** dr_feelgood has joined #openstack-keystone10:40
*** Dinesh_Bhor has joined #openstack-keystone10:40
*** annp has quit IRC10:49
*** Dinesh_Bhor has quit IRC11:03
*** Dinesh_Bhor has joined #openstack-keystone11:05
*** aojea_ has joined #openstack-keystone11:17
*** Dinesh_Bhor has quit IRC11:21
*** markvoelker has joined #openstack-keystone11:22
*** pcaruana has quit IRC11:26
*** markvoelker has quit IRC11:26
*** dr_feelgood has quit IRC11:44
*** pcaruana has joined #openstack-keystone11:48
*** aojea_ has quit IRC11:53
*** pcaruana has quit IRC12:12
*** pcaruana has joined #openstack-keystone12:12
*** raildo has joined #openstack-keystone12:14
*** xek has quit IRC12:24
*** xek has joined #openstack-keystone12:25
*** aojea has joined #openstack-keystone12:45
*** mvkr has quit IRC12:48
*** jroll has quit IRC12:53
*** jroll has joined #openstack-keystone12:54
*** dr_feelgood has joined #openstack-keystone12:57
*** mvkr has joined #openstack-keystone13:03
*** aojea has quit IRC13:16
*** mvkr has quit IRC13:23
*** mvkr has joined #openstack-keystone13:23
*** munimeha1 has joined #openstack-keystone13:35
*** elbragstad is now known as lbragstad13:39
lbragstadtobias-urdin so that only service accounts can access specific APIs?13:40
tobias-urdinmore to protect service accounts from outside authentication or bruteforce for example, i can only think about doing it in the lb with packet inspection13:46
lbragstadso you want to protect a service account (e.g., a nova service user) from being compromised by brute force?13:47
*** felipemonteiro has joined #openstack-keystone13:48
tobias-urdinyes, and admin user etc13:48
lbragstadok - the PCI-DSS requirements and configuration help you with that? Or do you mean you only want people from specific IPs to be able to authenticate13:49
*** aojea has joined #openstack-keystone13:50
*** xek has quit IRC13:58
tobias-urdinthe lockout is great, and i'll probably add that but still we'd need to ignore lockout for service users thus it would still be the same issue again14:00
tobias-urdinotherwise the lockout on service accounts would be an issue itself14:00
tobias-urdinlocking service users to specific IP networks would allow to region authentication works but that bruteforce is not possible14:01
*** josecastroleon has quit IRC14:07
*** SteelyDan is now known as dansmith14:11
lbragstadah - i see what you mean14:16
lbragstadafaik keystone doesn't support ip filtering14:16
lbragstadnatively14:16
*** aojea has quit IRC14:22
tobias-urdinyeah, it's kind of an big deal with security, bruteforce protection does some and having 32+ character passwords should probably suffice14:23
tobias-urdinbut some policies doesn't allow any form of such access14:24
tobias-urdin(company policies that is)14:24
lbragstadtobias-urdin you could also implement a strict password rotation time. https://docs.openstack.org/keystone/latest/admin/identity-security-compliance.html#configuring-password-expiration14:24
*** orange_julius has quit IRC14:25
lbragstadsure - that makes sense14:25
tobias-urdinthanks for all the material :)14:26
tobias-urdinand specifically admin access, which service accounts pretty much are, since that could compromise the cloud and not a project14:26
*** orange_julius has joined #openstack-keystone14:26
lbragstadright14:26
cmurphyexpiring passwords for service users would cause the same problem as the lockout, it breaks the service user which breaks the cloud14:29
cmurphyyou'd need to have your automation scheduled to do the password change, which you might as well do without setting an expiry14:29
cmurphybut that of course causes downtime too14:29
tobias-urdinyeah, it's also a huge administrative burden to do monthly instead of yearly for example14:29
cmurphyand it's also never been proven that requiring password rotations is actually a security benefit14:30
cmurphyhttps://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes14:31
lbragstadhuh - interesting14:33
*** orange_julius has quit IRC14:54
*** orange_julius has joined #openstack-keystone14:56
*** felipemonteiro has quit IRC15:02
*** david-lyle has joined #openstack-keystone15:07
*** pcaruana has quit IRC15:12
*** aojea has joined #openstack-keystone15:15
*** dr_feelgood has quit IRC15:16
kmalloco/15:26
kmalloci'll be hit-miss today15:26
kmallocbecause dealing with car + doctor things for brie15:27
*** jmlowe has quit IRC15:27
kmalloceveryone is ok, brie dislocated her shoulder, but otherwise is not in bad shape considering she was rear-ended on i5 south on saturday15:27
lbragstad:( hope everything goes well15:30
lbragstadhttps://www.alvaka.net/new-password-guidelines-us-federal-government-via-nist/ pretty much gets rid of two pci-dss features we implemented15:31
*** xek has joined #openstack-keystone15:33
kmallocyay15:33
kmallocwe can just deprecate them15:33
kmalloclbragstad: i can implement a haveibeenpwned external checker for keystone15:34
lbragstadi was just doing some more digging based on something cmurphy linked15:34
lbragstadi was looking for an article about how frequency stability affects passwords, but i can't seem to find it15:35
kmallocyeah.15:38
kmallocthere has been a lot of positive movement on password stuff lately15:38
kmalloci'll backlog a have-i-been-pwned aka "external password checker" mechanism for keystone15:38
kmallocit's super straightforward and *awesome*15:39
kmallocoptional of course. it also never transmits the "in-the-clear" password on the network.15:39
kmalloc(or even the complete hash)15:39
kmalloccmurphy: ftr, my employer does not force password changes in fixed timeframes.15:41
kmalloccmurphy: it is a pleasure that i can change the password as needed to conform to best practices (and/or isolate usage)15:42
cmurphyi don't think we can deprecate that stuff, even if it's stupid it's still required for pci compliance15:42
kmalloci expect pci-dss to make adjustments to their requirements in the next XXX timeframe15:42
kmalloci meant deprecate when that happens.15:43
cmurphyah yeah that's fine15:43
lbragstadcmurphy ++15:43
kmallocpci folks tend to follow NIST recommendations (with a lag period)15:43
* lbragstad is super annoyed that he can't find the article he was looking for15:43
lbragstadYES!15:46
lbragstadhttps://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/15:46
*** itlinux has joined #openstack-keystone15:46
cmurphylol so basically https://xkcd.com/936/15:48
*** aojea has quit IRC15:48
lbragstaddid you see https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html ?15:49
lbragstad:)15:49
*** bnemec has joined #openstack-keystone15:51
lbragstadi guess one possible criticism of the diceware approach is that exclusive usage gives attackers the dictionary15:51
lbragstadbut schneier's article addresses that too, i suppose15:53
kmalloclbragstad: https://haveibeenpwned.com/API/v215:56
*** bnemec has quit IRC15:59
*** gyee has joined #openstack-keystone16:00
*** xek has quit IRC16:02
*** david-lyle has quit IRC16:07
*** aojea has joined #openstack-keystone16:41
lbragstadkmalloc whenever you're around - i have some questions regarding build_target and the comments you had16:48
*** jmlowe has joined #openstack-keystone16:54
*** mvkr has quit IRC16:57
*** neexio has joined #openstack-keystone16:59
*** dklyle has joined #openstack-keystone17:02
*** felipemonteiro has joined #openstack-keystone17:11
*** raildo has quit IRC17:14
kmallocsure17:15
kmallochere17:15
*** felipemonteiro has quit IRC17:15
kmalloclbragstad: ask away17:15
*** aojea has quit IRC17:15
lbragstadactually - i might have figured it out... just about to run tests17:15
lbragstadi'll push what i have and you can correct me17:15
kmalloclbragstad: functools.partial17:15
kmalloc;)17:15
kmallocit's how you pass arguments17:15
kmallocwe do it elsewhere17:15
lbragstadyeah ... but i might just be able to use flask.requests.view_args17:16
lbragstadi didn't realize what that was doing until i looked at it a bit longer17:16
kmalloc:)17:16
kmallocit's awesome how much extra you have available when you lean on flask17:17
kmallocand not have to extract crud from the request object that is passed through the whole chain17:17
kmallocyeah push the code up when you're ready and i'll look at it, i'm sure it'll be good.17:19
*** bnemec has joined #openstack-keystone17:19
lbragstadhmm17:27
lbragstadtaking the build_target approach makes these tests more complicated17:27
*** pcaruana has joined #openstack-keystone17:27
lbragstadhttps://review.openstack.org/#/c/594547/21/keystone/tests/unit/protection/v3/test_credentials.py@19817:28
lbragstadhttp://paste.openstack.org/show/732606/ makes 404 bubble up to unauthorized users17:28
lbragstadinstead of a 40317:29
*** jmlowe has quit IRC17:31
*** jmlowe has joined #openstack-keystone17:32
*** ebukha has joined #openstack-keystone17:33
*** irclogbot_3 has joined #openstack-keystone17:34
openstackgerritMerged openstack/keystone-specs master: Explicit Domain Ids  https://review.openstack.org/61120117:34
*** raildo has joined #openstack-keystone17:37
lbragstadcc kmalloc ^17:39
*** jmlowe has quit IRC17:43
*** raildo has quit IRC17:43
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials  https://review.openstack.org/59454717:46
kmalloclbragstad: right.17:53
*** mvkr has joined #openstack-keystone17:54
kmallocthe idea is to not run try/excepts and differing enforcements17:55
kmalloclbragstad: also, anything in the view_args should automatically be in the target dict17:55
kmallociirc17:56
kmalloclbragstad: so...17:56
kmallocwhy are we doing17:56
kmalloctry:17:56
kmalloc            credential = PROVIDERS.credential_api.get_credential(credential_id)17:56
kmalloc            target = {'credential': credential}17:56
kmalloc        except exception.NotFound:17:56
kmalloc            ENFORCER.enforce_call(action='identity:update_credential')17:56
kmalloc            raise17:56
*** irclogbot_3 has quit IRC17:56
kmallocwhy not call enforcer.enforce_call first17:56
*** pcaruana has quit IRC17:57
kmallocthen just let the 404 raise up? do you need the credential in the target_dict?17:57
kmallocand do you want a 404 explicitly ?17:57
kmallocbecause a 404 on get_credential is likely to force a 403 in policy on the enforce in the except block17:58
kmallocunless you're not checking the target, which case, why are we jumping through hoops to generate a 404 after enforcement is called17:58
kmallocis it more correct to raise a 404 vs a 403.18:00
kmallocthis seems like jumping through a lot of hoops18:00
*** raildo has joined #openstack-keystone18:01
kmalloclbragstad: my guess is that the update_credential is going to fail with a 403 (or fall through to the old policy?) if called without target_attr18:03
kmallocso, my question becomes, why not just call enforce_call, then do the cred_check and then do a second enforce call with target_attr18:03
kmallocno try/except reraise needed18:03
*** jmlowe has joined #openstack-keystone18:04
kmallocit is 100% ok to do a "ownership" enforcement call, or multiple enforcement calls18:04
*** irclogbot_3 has joined #openstack-keystone18:06
*** aojea has joined #openstack-keystone18:07
*** raildo has quit IRC18:11
*** ebukha has quit IRC18:16
*** ebukha_ has joined #openstack-keystone18:17
lbragstadkmalloc the behavior that i want is to make it so people unauthorized to call DELETE /v3/credentials/{non-existant-cred-id} get a 403 and people who are authorized get a 40418:25
ebukha_Hello everyone. I just joined this keystone channel for the Outreachy internship. I am looking forward to a great experience with you all. cc cmurphy kmalloc18:26
kmallocebukha_: welcome! :)18:26
lbragstadhello ebukha_18:26
ebukha_Thank you kmalloc. I,m excited to be here :)18:27
kmalloclbragstad: so, simply, i would run it as a dual check: "are you fundamentally allowed to do a delete" then do an ownership check, between those we raise the 40418:27
kmallocebukha_: we're excited to have you here!18:27
kmalloclbragstad: i'll be hit/miss a chunk of this week while I deal with car repairs and getting Brie settled with the new doctors. She can't drive until she gets out of the sling.18:28
lbragstadkmalloc sounds good18:28
kmalloclbragstad: things turn out ot be more complex than expected...18:28
kmallocas always18:28
kmallocbut in short, i will still get all the stuff done, just might be at really off hours even for me (Pacific post work)18:29
kmallocs/post work/business hours18:29
lbragstadok18:29
kmallocunrelated, we sure did have a lot of stuff flush through the gate this last week :)18:30
kmalloccleaned up a bunch of stuff18:30
kmalloci expect to do another pass on keystone and do a lot of abandon if it's ancient18:30
kmallocso we have a good idea of where we sit18:30
kmalloci'll also parse bugs and close out ones that are addressed by flask18:30
kmalloclbragstad: backports of the cache fix https://review.openstack.org/#/q/I14748bf2399e5da4ee360f451a8050f25dd90803 for app-creds18:31
ebukha_kmalloc: Thanks for the warm welcome. Any tips for me to get started?18:31
kmallocebukha_: which outreachy project are you going to be working on? I can probably better direct you and help once I know :)18:33
lbragstadkmalloc https://review.openstack.org/#/c/594547/22/keystone/api/credentials.py@161 handles the case where we're doing the "ownership" check18:33
kmallocebukha_: also, i apologize in advance, had some personal life stuff come up this last weekend and i'll be spottily available over the next week while dealing with it all.18:33
lbragstadwhen a credential doesn't exist18:33
kmalloclbragstad: right.18:33
kmallochmmm18:34
*** neexio has quit IRC18:34
kmalloclbragstad: can we call that blindly outside of the try/except?18:34
lbragstadso - it raise a 403 if someone isn't able to execute it, if they are it passes and a 404 is raised18:34
kmallocso call that first18:34
kmallocalways18:34
kmallocthen do the "target build"18:35
kmallocwhich will raise a 40418:35
kmallocand then do the enforce_call for ownership18:35
kmallocthere is no rule saying you can only call enforce_call once in a request18:35
ebukha_kmalloc: I'll be working on improving OpenStack keystone API Unit Tests18:35
kmalloclbragstad18:35
lbragstadright18:36
kmalloclbragstad: part of the design of the RBACEnforcer was to ensure it was called at least once, but move us away from the "we can only call it once"18:36
ebukha_kmalloc: No problem. I totally understand.18:36
*** aojea has quit IRC18:39
kmallocebukha_: ahh! Well then, I can defintely point you in a general direction to start. We have recently moved to flask from a custom WSGI framework. We now have a test framewwork that lets us use a context manager instead of needing to have a bunch of custom implementations of .put .get .post .patch (HTTP methods)18:40
kmallocebukha_: so we're now using the flask.test_client() mechanism http://flask.pocoo.org/docs/1.0/testing/#the-testing-skeleton18:40
kmallocebukha_: you can see some of the work we've done to make it available on the base test case, so you can do `with self.test_client() as c:`18:41
kmallocebukha_: https://github.com/openstack/keystone/blob/master/keystone/tests/unit/core.py#L567 and https://github.com/openstack/keystone/blob/master/keystone/tests/unit/core.py#L51918:42
kmallocebukha_: an example of what our old test cases look like is https://github.com/openstack/keystone/blob/5814da527ba4224aed9f14ad09c0eb684c22ef46/keystone/tests/unit/test_v3_credential.py#L141-L16418:43
cmurphyhi ebukha_ !18:43
kmallocebukha_: and the newer style ends up being something like https://github.com/openstack/keystone/blob/86f968163ea90dfac515b5e59f20edf8c5554cee/keystone/tests/unit/test_v3_application_credential.py#L294-L31718:43
kmallocebukha_: don't hesitate to ask any/all questions, we're here to help :)18:43
kmallocebukha_: also don't hesitate to say i'm dumping too much to process in irc ^_^18:44
kmallocsometimes i am known to do that :P18:44
kmallocannnd here is cmurphy too! :)18:44
cmurphyo/18:44
*** ebukha has joined #openstack-keystone18:44
cmurphyebukha_: what timezone are you in?18:46
*** rdopiera has quit IRC18:47
ebukha_kmalloc: thanks for the heads up :) now i got a lot of reading to do, i think18:53
ebukha_cmurphy: hello. glad to join you here :)18:53
ebukha_cmurphy: i am in UTC+118:54
cmurphyebukha_: oh perfect me too18:54
cmurphywell +2 for the next few weeks18:54
ebukha_cmurphy: yeah, but still awesome anyways :)18:55
ebukha_cmurphy: i was told you and kmalloc will be my mentor18:56
cmurphyebukha_: yep, feel free to ping either of us but i'm guessing my timezone is more compatible ;)18:59
cmurphyif you want a slightly easier task for your first contribution i can dig through some of the low-hanging-fruit bugs19:00
ebukha_cmurphy: thanks alot. i'll appreciate that19:01
kmalloccmurphy: ++19:12
*** irclogbot_3 has quit IRC19:14
*** irclogbot_3 has joined #openstack-keystone19:15
*** aojea has joined #openstack-keystone19:17
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials  https://review.openstack.org/59454719:21
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials  https://review.openstack.org/59454719:36
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials  https://review.openstack.org/59454719:37
ildikovlbragstad: knikolla: kmalloc: cmurphy: Keystone federation code from James that we've discussed on the Edge WG call last Tuesday: https://github.com/yahoo/openstack-collab/tree/master/keystone-federation-ocata19:38
ildikovI'll put up the link to the wiki about Keystone edge architectures as well19:38
lbragstadildikov awesome!19:43
kmallocildikov: i wont be there tomorrow, have a lot of stuff going on19:43
ildikovkmalloc: I hear ya!19:43
kmallocildikov: dealing with getting car repaired and some medical things handled19:43
kmallocildikov: but lbragstad knows what i'm looking for in federation handling and my views19:44
kmallocwe should have good coverage19:44
ildikovkmalloc: ugh, one is worse than the other :/ I hope everything will turn out to be ok soon!!19:44
*** felipemonteiro has joined #openstack-keystone19:44
ildikovkmalloc: noted!19:44
kmallocildikov: it's all fine, worst thing is brie dislocated her shoulder and needs to be careful / cant walk dogs / etc until she goes through some PT19:46
*** jmlowe has quit IRC19:46
kmallocso really, it's ok, but man is it just a little frustrating and time consuming19:46
ildikovkmalloc: OMG, that sounds bad, I'm sorry :(19:47
*** felipemonteiro has quit IRC19:47
kmallocildikov: like i said, it's all fine now - everyone walked away from the collision19:47
ildikovkmalloc: I hope PT goes well and recovery will be quick19:47
kmallocildikov: so do I!19:47
ildikovkmalloc: fair enough, walking away sounds good overall19:48
kmallocexactly!19:49
kmalloc:)19:49
*** jmlowe has joined #openstack-keystone19:50
*** jmlowe has quit IRC19:51
*** ebukha_ has quit IRC19:55
lbragstadebukha if you don't mind me asking, what timezone are you located? I'm UTC -520:00
*** orange_julius has quit IRC20:01
cmurphyebukha_ | cmurphy: i am in UTC+120:02
cmurphylbragstad: ^20:02
lbragstadoh - i completely missed that20:03
lbragstadthanks!20:03
openstackgerritLance Bragstad proposed openstack/keystone master: Use request_body_json function in credential API  https://review.openstack.org/61249220:06
openstackgerritLance Bragstad proposed openstack/keystone master: Use request_body_json function in credential API  https://review.openstack.org/61249220:09
openstackgerritLance Bragstad proposed openstack/keystone master: Remove obsolete credential policies  https://review.openstack.org/59718720:10
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553920:10
*** orange_julius has joined #openstack-keystone20:11
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553920:11
*** jmlowe has joined #openstack-keystone20:12
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials  https://review.openstack.org/59454720:13
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553920:13
openstackgerritLance Bragstad proposed openstack/keystone master: Remove obsolete credential policies  https://review.openstack.org/59718720:13
*** irclogbot_3 has quit IRC20:27
*** ebukha has quit IRC20:28
*** felipemonteiro has joined #openstack-keystone20:28
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_types for user API  https://review.openstack.org/61117920:37
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials  https://review.openstack.org/59454720:39
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553920:39
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_types for user API  https://review.openstack.org/61117920:39
openstackgerritLance Bragstad proposed openstack/keystone master: Remove obsolete credential policies  https://review.openstack.org/59718720:39
*** dmellado has quit IRC21:32
*** spsurya has quit IRC21:38
*** aojea has quit IRC21:41
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Clean up explicit domain IDs specification  https://review.openstack.org/61252421:47
*** bnemec has quit IRC22:18
*** felipemonteiro has quit IRC22:44
*** rcernin has joined #openstack-keystone22:46
openstackgerritMerged openstack/keystone-specs master: Clean up explicit domain IDs specification  https://review.openstack.org/61252422:50
*** gyee has quit IRC23:00
*** rcernin_ has joined #openstack-keystone23:28
*** rcernin has quit IRC23:30
*** dklyle has quit IRC23:32
*** david-lyle has joined #openstack-keystone23:32
*** david-lyle has quit IRC23:35
*** dklyle has joined #openstack-keystone23:35
« Sunday, 2018-10-21 Index Tuesday, 2018-10-23 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!