Saturday, 2018-11-17

« Friday, 2018-11-16 Index Sunday, 2018-11-18 »
*** aojea has joined #openstack-keystone00:22
openstackgerritMerged openstack/keystone master: Drop the compatibility password column  https://review.openstack.org/61351300:36
*** raildo has quit IRC00:49
openstackgerritayoung proposed openstack/keystone-specs master: WIP Scale Out  https://review.openstack.org/61860900:49
*** aojea has quit IRC00:54
openstackgerritMerged openstack/keystoneauth master: Add py36 tox environment  https://review.openstack.org/61584500:58
*** gyee has quit IRC01:39
*** aojea has joined #openstack-keystone01:43
*** erus has joined #openstack-keystone02:06
*** aojea has quit IRC02:15
openstackgerritzhouxinyong proposed openstack/keystoneauth master: Replacing the HTTP protocal with HTTPS in using-sessions.rst.  https://review.openstack.org/61781102:52
*** aojea has joined #openstack-keystone03:09
*** erus has quit IRC03:33
*** aojea has quit IRC03:42
*** aojea has joined #openstack-keystone04:34
*** aojea has quit IRC05:06
*** aojea has joined #openstack-keystone05:58
*** aojea has quit IRC06:32
*** aojea has joined #openstack-keystone07:26
*** aojea has quit IRC07:54
*** aojea has joined #openstack-keystone08:22
*** aojea has quit IRC08:56
*** aojea has joined #openstack-keystone09:52
*** aojea has quit IRC10:15
adriantkmalloc: potentially not a great idea, but jotting it down just in case. For the JWT public key sharing, can't we still provide it via a keystone API, but have keystonemiddleware cache it? if it encounters something it can't decrypt, or some timer has been hit, go back and ask for new keys. Restart of service also reloads cached keys, so you can fo10:23
adriantrce an update if needed.10:23
adriantMakes distribution/rotation a little easier while still limiting the extra API calls KSM has to do.10:24
adriantFirst ever request after a key refresh may take a little longer, but that model doesn't have too many downsides, and if there is a worry about bogus values causing extra calls back to keystone to check keys we can potentially rate limit that based on a deployer configured setting (e.g. smallest amount of time between rotations).10:28
*** jistr has quit IRC10:30
*** jistr has joined #openstack-keystone10:31
*** aojea has joined #openstack-keystone10:40
adriantright now KSM doesn't need any constant attention from deployers, so ideally if we can maintain that model (configure it once, and mostly forget) then that's a benefit. Becuase if a shift to JWT means now also having to manage keys in KSM... people will probably stick with fernet unless JWT gives them a lot of advantages. Having KSM auto-handle reg10:41
adriantardless of token type means easier adoption as well.10:41
*** aojea has quit IRC12:21
*** erus has joined #openstack-keystone12:36
*** aojea has joined #openstack-keystone12:50
*** aojea has quit IRC13:01
*** aojea has joined #openstack-keystone13:42
*** aojea has quit IRC14:14
*** aojea has joined #openstack-keystone15:01
*** aojea has quit IRC15:28
*** erus has quit IRC15:46
*** aojea has joined #openstack-keystone16:13
*** aojea has quit IRC16:26
*** aojea has joined #openstack-keystone16:27
*** hoonetorg has quit IRC16:30
*** aojea has quit IRC16:31
*** hoonetorg has joined #openstack-keystone16:42
*** sapd1 has joined #openstack-keystone17:02
*** imacdonn has quit IRC17:16
*** imacdonn has joined #openstack-keystone17:16
*** aojea has joined #openstack-keystone18:04
*** sapd1 has quit IRC18:54
*** aojea has quit IRC19:19
*** aojea_ has joined #openstack-keystone19:19
*** aojea_ has quit IRC20:01
*** aojea has joined #openstack-keystone20:01
*** aojea has quit IRC20:06
*** trident has quit IRC20:19
*** trident has joined #openstack-keystone20:20
*** aojea has joined #openstack-keystone20:42
*** aojea has quit IRC20:48
*** aojea has joined #openstack-keystone20:57
*** shrasool has joined #openstack-keystone21:04
*** shrasool has quit IRC21:11
*** shrasool has joined #openstack-keystone21:52
*** aojea has quit IRC22:23
*** aojea has joined #openstack-keystone23:06
*** aojea has quit IRC23:16
*** aojea has joined #openstack-keystone23:16
*** shrasool has quit IRC23:28
*** aojea has quit IRC23:48
« Friday, 2018-11-16 Index Sunday, 2018-11-18 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!