Tuesday, 2018-12-11

« Monday, 2018-12-10 Index Wednesday, 2018-12-12 »
*** erus has quit IRC00:42
*** erus has joined #openstack-keystone00:52
openstackgerritMerged openstack/keystone master: Move "Public ID Generators" to relevant docs  https://review.openstack.org/62407601:40
*** vishwanathj has quit IRC01:51
*** mhen has quit IRC02:30
*** mhen has joined #openstack-keystone02:33
openstackgerritwangxiyuan proposed openstack/oslo.policy master: Add policy-upgrade tool  https://review.openstack.org/61390602:34
*** jistr has quit IRC02:42
openstackgerritwangxiyuan proposed openstack/keystone master: Release note for domain level limit  https://review.openstack.org/62401902:47
*** jistr has joined #openstack-keystone02:50
*** Dinesh_Bhor has joined #openstack-keystone02:57
*** Dinesh_Bhor has quit IRC03:13
*** Dinesh_Bhor has joined #openstack-keystone03:20
openstackgerritMerged openstack/keystone master: Consolidate Keystone docs: federated-identity.rst  https://review.openstack.org/54710203:28
openstackgerritMerged openstack/keystone master: Move SSL recommendation to installation guide  https://review.openstack.org/62410003:28
openstackgerritMerged openstack/keystone master: Move supported clients section to user guide  https://review.openstack.org/62411503:28
*** bzhao__ has joined #openstack-keystone03:28
*** ayoung has quit IRC03:44
*** gyee has quit IRC03:53
*** markvoelker has joined #openstack-keystone03:57
*** markvoelker has quit IRC04:02
*** Dinesh_Bhor has quit IRC04:56
*** Dinesh_Bhor has joined #openstack-keystone04:57
openstackgerritMerged openstack/keystone master: Use request_body_json function  https://review.openstack.org/61249204:58
*** Dinesh_Bhor has quit IRC05:17
*** Dinesh_Bhor has joined #openstack-keystone05:19
*** jmccrory has quit IRC06:34
*** jmccrory has joined #openstack-keystone06:40
*** rcernin has quit IRC06:43
*** trident has quit IRC07:42
*** trident has joined #openstack-keystone07:44
*** imacdonn has quit IRC08:22
*** imacdonn has joined #openstack-keystone08:23
openstackgerritColleen Murphy proposed openstack/keystone master: Consolidate Keystone docs: admin/identity-external-authentication.rst  https://review.openstack.org/54708708:39
openstackgerritColleen Murphy proposed openstack/keystone master: Consolidate tokenless X.509 docs  https://review.openstack.org/62407208:39
*** amoralej|off is now known as amoralej08:48
openstackgerritColleen Murphy proposed openstack/keystone master: Consolidate Keystone docs: admin/identity-external-authentication.rst  https://review.openstack.org/54708709:01
openstackgerritColleen Murphy proposed openstack/keystone master: Consolidate tokenless X.509 docs  https://review.openstack.org/62407209:01
openstackgerritLance Bragstad proposed openstack/keystone master: Update registered limit policies for system admin  https://review.openstack.org/62101609:15
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with registered limits  https://review.openstack.org/62101709:15
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with registered limits  https://review.openstack.org/62101809:15
openstackgerritLance Bragstad proposed openstack/keystone master: Remove registered limit policies from policy.v3cloudsample.json  https://review.openstack.org/62101909:15
openstackgerritLance Bragstad proposed openstack/keystone master: Add limit protection tests  https://review.openstack.org/62102009:15
openstackgerritLance Bragstad proposed openstack/keystone master: Add limit tests for system member role  https://review.openstack.org/62102109:15
openstackgerritLance Bragstad proposed openstack/keystone master: Update limit policies for system admin  https://review.openstack.org/62102209:15
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with limits  https://review.openstack.org/62102309:15
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with limits  https://review.openstack.org/62102409:15
openstackgerritLance Bragstad proposed openstack/keystone master: Remove limit policies from policy.v3cloudsample.json  https://review.openstack.org/62102509:15
openstackgerritColleen Murphy proposed openstack/keystone master: Consolidate tokenless X.509 docs  https://review.openstack.org/62407209:16
openstackgerritColleen Murphy proposed openstack/keystone master: Rename admin guide pages  https://review.openstack.org/62432709:27
openstackgerritColleen Murphy proposed openstack/keystone master: Move list limit docs to admin guide  https://review.openstack.org/62433709:54
*** shrasool has joined #openstack-keystone09:56
*** Dinesh_Bhor has quit IRC10:10
*** shrasool has quit IRC10:26
*** Dinesh_Bhor has joined #openstack-keystone10:34
*** shrasool has joined #openstack-keystone10:37
openstackgerritColleen Murphy proposed openstack/keystone master: Rename admin guide pages  https://review.openstack.org/62432710:44
*** erus has quit IRC10:52
*** erus has joined #openstack-keystone10:52
openstackgerritColleen Murphy proposed openstack/keystone master: Move list limit docs to admin guide  https://review.openstack.org/62433710:57
openstackgerritColleen Murphy proposed openstack/keystone master: Move identity sources doc to admin guide  https://review.openstack.org/62435110:57
*** erus has quit IRC10:59
*** tobias-urdin is now known as tobias-urdin|lun11:00
*** tobias-urdin|lun is now known as tobias-urdin_afk11:01
* lbragstad back in about an hour11:05
*** erus has joined #openstack-keystone11:09
*** shrasool has quit IRC11:21
*** shrasool has joined #openstack-keystone11:22
*** shrasool has quit IRC11:26
*** tobias-urdin_afk is now known as tobias-urdin11:27
*** Dinesh_Bhor has quit IRC11:37
openstackgerritMerged openstack/keystone master: Implement system reader role in domains API  https://review.openstack.org/62333411:39
*** amoralej is now known as amoralej|lunch12:06
openstackgerritMerged openstack/keystone master: Consolidate Keystone docs: admin/identity-external-authentication.rst  https://review.openstack.org/54708712:45
openstackgerritMerged openstack/keystone master: Consolidate tokenless X.509 docs  https://review.openstack.org/62407212:45
openstackgerritMerged openstack/keystone master: Rename admin guide pages  https://review.openstack.org/62432712:45
openstackgerritMerged openstack/keystone master: Move list limit docs to admin guide  https://review.openstack.org/62433712:45
*** raildo has joined #openstack-keystone12:52
*** dave-mccowan has joined #openstack-keystone12:54
*** dave-mccowan has quit IRC13:01
*** amoralej|lunch is now known as amoralej13:16
openstackgerritColleen Murphy proposed openstack/keystone master: Fix links to external-authentication  https://review.openstack.org/62439113:23
openstackgerritColleen Murphy proposed openstack/keystone master: Add introduction section to federation docs  https://review.openstack.org/61538413:44
*** aojea_ has joined #openstack-keystone13:45
*** imus has joined #openstack-keystone14:03
*** mvkr has quit IRC14:07
*** dave-mccowan has joined #openstack-keystone14:07
*** dave-mccowan has quit IRC14:14
*** aojea_ has quit IRC14:14
*** shrasool has joined #openstack-keystone14:18
openstackgerritColleen Murphy proposed openstack/keystone master: Fix links to external-authentication  https://review.openstack.org/62439114:34
openstackgerritColleen Murphy proposed openstack/keystone master: Add introduction section to federation docs  https://review.openstack.org/61538414:39
*** mvkr has joined #openstack-keystone14:44
*** markvoelker has joined #openstack-keystone15:00
*** itlinux has quit IRC15:06
openstackgerritColleen Murphy proposed openstack/keystone master: Remove Certificates for PKI guide  https://review.openstack.org/62441915:08
*** wxy| has joined #openstack-keystone15:14
openstackgerritMerged openstack/keystone master: Implement system member role domain test coverage  https://review.openstack.org/60584915:35
*** aojea_ has joined #openstack-keystone15:36
kmalloco/15:37
cmurphy\o15:39
cmurphykmalloc: stable review for you https://review.openstack.org/61419715:40
kmalloclookingh15:40
kmalloccmurphy: +315:41
cmurphyty15:41
lbragstadfriendly reminder that we have the keystone team meeting in about 10 minutes15:48
knikollao/15:50
*** markvoelker has quit IRC15:55
*** markvoelker has joined #openstack-keystone15:56
*** markvoelker has quit IRC16:01
*** itlinux has joined #openstack-keystone16:22
*** wxy| has quit IRC16:49
*** itlinux_ has joined #openstack-keystone16:59
*** aojea_ has quit IRC17:02
*** aojea_ has joined #openstack-keystone17:03
*** itlinux has quit IRC17:03
*** aojea_ has quit IRC17:07
*** gyee has joined #openstack-keystone17:22
lbragstadin case anyone is interesting in light reading https://review.openstack.org/#/c/619053/5/specs/2019.03/approved/distcloud-2002842-synchronizedKeystone.rst17:44
lbragstad^ that's the formal specification for what the stx folks have for the db replication stuff they're going to do with keystone17:44
kmallocyeah....17:45
kmalloci'm not a huge fan of db sync like that17:48
kmalloci also see some major concerns with the distribution of the fernet keys17:49
kmallocand a lot of other stuff that seems to be glossed over/handwaved17:49
* kmalloc still thinks autoprovision is the most correct way to handle this.17:49
kmalloci'm interested to see how the DB sync bits end up rolling out17:50
kmallocand if it will scale.17:50
*** gyee has quit IRC17:56
lbragstadi'm curious to see the progress they have on it17:57
lbragstadbut - it looks like the spec just merged17:58
*** mchlumsky has quit IRC17:59
kmallocyeah18:02
kmallocby the time i looked it was approved/merged18:03
*** mchlumsky has joined #openstack-keystone18:03
*** mvkr has quit IRC18:04
*** erus has quit IRC18:39
*** erus has joined #openstack-keystone18:40
*** shrasool_ has joined #openstack-keystone18:43
*** shrasool has quit IRC18:45
*** shrasool_ is now known as shrasool18:45
*** amoralej is now known as amoralej|off18:48
*** aojea has joined #openstack-keystone18:56
*** mchlumsky has quit IRC19:00
*** mchlumsky has joined #openstack-keystone19:01
openstackgerritMerged openstack/keystone-specs master: Repropose JWT specification for Stein  https://review.openstack.org/54190319:07
openstackgerritMerged openstack/keystone-specs master: Add a note about crypto-agility with JWT  https://review.openstack.org/62254319:10
openstackgerritMerged openstack/keystone master: Fix links to external-authentication  https://review.openstack.org/62439119:23
openstackgerritMerged openstack/keystone master: Add introduction section to federation docs  https://review.openstack.org/61538419:24
*** lbragstad has quit IRC19:30
*** lbragstad has joined #openstack-keystone19:31
*** ChanServ sets mode: +o lbragstad19:31
*** shrasool has quit IRC20:34
*** shrasool has joined #openstack-keystone20:35
lbragstadnow that we have the fix from jdennis in oslo.policy - https://github.com/openstack/keystone/blob/master/keystone/common/rbac_enforcer/enforcer.py#L382-L404 is redundant i think?21:07
*** shrasool has quit IRC21:14
jdennislbragstad: +121:16
lbragstadthanks for confirming21:17
*** mvkr has joined #openstack-keystone21:18
*** aojea has quit IRC21:19
*** shrasool has joined #openstack-keystone21:26
*** shrasool has quit IRC21:32
*** markvoelker has joined #openstack-keystone21:45
*** erus has quit IRC21:48
*** markvoelker has quit IRC21:49
*** itlinux_ has quit IRC21:57
*** rcernin has joined #openstack-keystone21:59
*** markvoelker has joined #openstack-keystone22:24
*** itlinux has joined #openstack-keystone22:26
*** raildo has quit IRC22:39
*** itlinux has quit IRC22:45
*** shrasool has joined #openstack-keystone22:55
kmalloclbragstad: yeah, it is mostly redundant23:08
kmalloclbragstad: though... the "authorizing X" shoudl stay23:08
kmalloclbragstad: https://github.com/openstack/keystone/blob/master/keystone/common/rbac_enforcer/enforcer.py#L38823:08
kmalloclbragstad: that is not directly represented in the oslo.policy bits23:09
kmalloclbragstad:  so https://github.com/openstack/keystone/blob/master/keystone/common/rbac_enforcer/enforcer.py#L391-L404 is redundant23:09
*** erus has joined #openstack-keystone23:35
*** xek_ has joined #openstack-keystone23:43
*** xek has quit IRC23:46
*** dklyle has joined #openstack-keystone23:51
« Monday, 2018-12-10 Index Wednesday, 2018-12-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!