Tuesday, 2019-05-21

« Monday, 2019-05-20 Index Wednesday, 2019-05-22 »
*** jamesmcarthur has joined #openstack-keystone00:04
*** jamesmcarthur has quit IRC00:35
*** markvoelker has joined #openstack-keystone00:41
*** markvoelker has quit IRC00:45
*** jamesmcarthur has joined #openstack-keystone01:05
*** jamesmcarthur_ has joined #openstack-keystone01:10
*** jamesmcarthur has quit IRC01:11
openstackgerritMerged openstack/keystonemiddleware master: Blacklist bandit 1.6.0 & cap sphinx for 2.7  https://review.opendev.org/65961001:40
*** whoami-rajat has joined #openstack-keystone02:00
*** joshualyle has joined #openstack-keystone02:39
*** dave-mccowan has quit IRC02:55
*** tkajinam has quit IRC03:03
*** tkajinam has joined #openstack-keystone03:04
*** tkajinam has quit IRC03:20
*** jamesmcarthur_ has quit IRC03:23
*** tkajinam has joined #openstack-keystone03:28
*** jamesmcarthur has joined #openstack-keystone03:54
*** jamesmcarthur has quit IRC03:59
*** vishakha has joined #openstack-keystone04:08
*** itlinux has quit IRC04:46
openstackgerritVishakha Agarwal proposed openstack/keystone master: Remove [token]/ infer_roles  https://review.opendev.org/65950004:55
openstackgerritVishakha Agarwal proposed openstack/keystone master: Remove [token]/ infer_roles  https://review.opendev.org/65950004:59
*** jamesmcarthur has joined #openstack-keystone05:01
*** pcaruana has joined #openstack-keystone05:02
*** jamesmcarthur has quit IRC05:07
*** vishalmanchanda has joined #openstack-keystone05:10
openstackgerritVishakha Agarwal proposed openstack/keystone master: Pep8 environment to run on delta code only  https://review.opendev.org/65922505:11
*** pcaruana has quit IRC05:11
openstackgerritVishakha Agarwal proposed openstack/keystone master: Remove [signing] config  https://review.opendev.org/65943405:26
openstackgerritVishakha Agarwal proposed openstack/keystone master: Remove [token]/ infer_roles  https://review.opendev.org/65950005:30
openstackgerritVishakha Agarwal proposed openstack/keystone master: Remove [signing] config  https://review.opendev.org/65943405:32
*** jistr is now known as jistr|mtg06:20
*** jamesmcarthur has joined #openstack-keystone06:35
*** markvoelker has joined #openstack-keystone06:36
openstackgerritVishakha Agarwal proposed openstack/keystone master: Remove [signing] config  https://review.opendev.org/65943406:37
*** jamesmcarthur has quit IRC06:39
*** starborn has joined #openstack-keystone06:47
*** trident has quit IRC07:03
*** trident has joined #openstack-keystone07:05
*** tesseract has joined #openstack-keystone07:06
*** markvoelker has quit IRC07:09
*** rcernin has quit IRC07:19
*** pcaruana has joined #openstack-keystone07:21
*** jamesmcarthur has joined #openstack-keystone07:25
*** jamesmcarthur has quit IRC07:30
*** pcaruana has quit IRC07:39
*** markvoelker has joined #openstack-keystone08:06
*** tkajinam has quit IRC08:12
*** xek has joined #openstack-keystone08:36
*** xek has quit IRC08:38
*** markvoelker has quit IRC08:39
*** jistr|mtg is now known as jistr08:46
*** xek has joined #openstack-keystone08:48
*** awalende has joined #openstack-keystone09:05
*** openstackstatus has quit IRC09:13
*** openstackstatus has joined #openstack-keystone09:14
*** ChanServ sets mode: +v openstackstatus09:14
*** yan0s has joined #openstack-keystone09:15
*** jamesmcarthur has joined #openstack-keystone09:26
*** jamesmcarthur has quit IRC09:31
*** markvoelker has joined #openstack-keystone09:35
*** markvoelker has quit IRC10:09
*** ileixe has quit IRC10:46
*** awalende has quit IRC10:58
*** awalende has joined #openstack-keystone10:59
*** markvoelker has joined #openstack-keystone11:06
*** ccstone has quit IRC11:22
*** schaney_ has quit IRC11:22
*** schaney_ has joined #openstack-keystone11:23
*** jamesmcarthur has joined #openstack-keystone11:27
*** dave-mccowan has joined #openstack-keystone11:28
*** jamesmcarthur has quit IRC11:33
*** markvoelker has quit IRC11:39
*** joshualyle has quit IRC11:40
*** jamesmcarthur has joined #openstack-keystone11:43
*** awalende has quit IRC11:44
*** awalende has joined #openstack-keystone11:45
*** thirose has quit IRC11:48
*** awalende has quit IRC11:52
*** awalende has joined #openstack-keystone11:54
*** raildo has joined #openstack-keystone11:54
*** jamesmcarthur has quit IRC11:55
*** jamesmcarthur has joined #openstack-keystone12:00
*** markvoelker has joined #openstack-keystone12:08
*** jamesmcarthur has quit IRC12:16
*** jamesmcarthur has joined #openstack-keystone12:16
*** jamesmcarthur has quit IRC12:32
*** jamesmcarthur has joined #openstack-keystone12:42
erolgHi everyone, I want to ask something. I saw that there is a default roles like reader, member and admin. They were implemented in Rocky release according to this spec: https://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html12:42
erolgBut when I try reader or observer role. There is no diffrence with member role. I can create and delete resources via horizon12:43
erolgThen I checked nova and neutron policy files I couldnt find any permission mapped to the reader or observer role . (I generated policy samples via oslopolicy)12:46
erolgOther projects weren't implement these roles yet. Am I right?12:49
*** jamesmcarthur has quit IRC13:39
*** itlinux has joined #openstack-keystone13:42
*** vishakha has quit IRC13:44
*** bbobrov has quit IRC13:47
*** jamesmcarthur has joined #openstack-keystone13:48
*** erolg has quit IRC13:53
*** schaney__ has joined #openstack-keystone13:56
*** jamesmcarthur_ has joined #openstack-keystone13:59
*** gary_perkins_ has joined #openstack-keystone14:00
*** lifeless_ has joined #openstack-keystone14:01
*** Anticime1 has joined #openstack-keystone14:01
*** schaney_ has quit IRC14:06
*** lifeless has quit IRC14:06
knikollacmurphy: for the new expiring users, do you think the TTL should be on the domain or the idp? if we push it to the domain, that could potentially work for non-federated users as well. (ex ldap)14:06
*** jamesmcarthur has quit IRC14:06
*** markvoelker has quit IRC14:06
*** johnthetubaguy has quit IRC14:06
*** gary_perkins has quit IRC14:06
*** Anticimex has quit IRC14:06
*** edmondsw_ has quit IRC14:06
*** problem_v has quit IRC14:06
*** dtruong has quit IRC14:06
*** awalende has quit IRC14:07
*** problem_v has joined #openstack-keystone14:07
knikollawhere by ttl, i mean the default setting for users of that domain/idp.14:07
*** dtruong has joined #openstack-keystone14:08
*** awalende has joined #openstack-keystone14:11
*** itlinux has quit IRC14:13
*** awalende has quit IRC14:15
*** erolg has joined #openstack-keystone14:45
cmurphyerolg: that's correct, the roles exist in keystone but we haven't coordinated updating the policies across all the services yet14:51
cmurphyknikolla: hmm, do we want it to work for non-federated users?14:51
cmurphyknikolla: is there ever a case where a user in an idp could map to more than one domain?14:51
knikollacmurphy: AFAIK, all users from an idp map to the same domain, but there could be multiple idps sharing a domain.14:52
cmurphyknikolla: i think we'd still want it on the idp then14:54
knikollacmurphy: alright, cool.14:54
erolgcmurphy, Do you know which services already update their policy for reader role?14:54
cmurphyerolg: only keystone14:56
erolgcmurphy, thanks a lot :)14:56
*** yan0s has quit IRC15:13
*** awalende has joined #openstack-keystone15:15
*** awalende has quit IRC15:19
*** starborn has quit IRC15:20
*** vishakha has joined #openstack-keystone15:53
cmurphykeystone team meeting in 4 minutes in #openstack-meeting-alt15:56
vishakhao/16:01
vishakhacmurphy: I wanted to confirm this fast8 is to be merged with every keystone module?16:01
*** errr has left #openstack-keystone16:04
*** erolg has quit IRC16:08
*** gyee has joined #openstack-keystone16:15
*** whoami-rajat has quit IRC16:49
*** itlinux has joined #openstack-keystone16:58
cmurphyknikolla: could you review https://review.opendev.org/659876 ?17:10
*** whoami-rajat has joined #openstack-keystone17:15
*** itlinux has quit IRC17:22
openstackgerritGage Hugo proposed openstack/keystonemiddleware master: Remove PKI/PKIZ support  https://review.opendev.org/61367517:38
*** jamesmcarthur_ has quit IRC17:42
*** itlinux has joined #openstack-keystone17:44
gyeeoh a moment of silence for PKI/PKIZ, could've been *useful* for multi-site17:51
*** jamesmcarthur has joined #openstack-keystone17:58
*** jamesmcarthur has quit IRC18:02
*** jamesmcarthur has joined #openstack-keystone18:12
*** jmlowe has quit IRC18:18
*** xek_ has joined #openstack-keystone18:21
*** jamesmcarthur_ has joined #openstack-keystone18:22
*** xek has quit IRC18:24
*** jamesmcarthur has quit IRC18:24
*** xek__ has joined #openstack-keystone18:30
*** xek_ has quit IRC18:33
*** itlinux has quit IRC18:40
*** xek has joined #openstack-keystone18:49
*** xek__ has quit IRC18:50
*** gyee has quit IRC19:07
*** vishakha has quit IRC19:11
cmurphyforgot to mention in the meeting - i'll be traveling tomorrow and then in the wrong timezone until monday19:18
*** gyee has joined #openstack-keystone19:19
gagehugook19:26
*** whoami-rajat has quit IRC19:29
openstackgerritMerged openstack/keystone master: [docs] remove deprecated ubuntu package from installation  https://review.opendev.org/65686019:32
*** jamesmcarthur_ has quit IRC19:44
* bnemec wonders what the UTC offset of "wrong" is ;-)19:52
schaney__Hey guys! a few of my team members attended the Denver Stein Keystone PTG and the mentioned that the stance on this topic https://review.opendev.org/#/c/323499/ (admins can specify projectID) has changed. Hoping one of the project maintainers can confirm.19:57
schaney__there may be some more recent documentation/discussion but I was not able to find it19:58
*** jamesmcarthur has joined #openstack-keystone20:02
schaney__looks like this topic was discussed in the recent 4/16 meeting as well http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-04-16-16.00.log.html20:33
*** xek has quit IRC20:49
*** dave-mccowan has quit IRC20:50
*** dave-mccowan has joined #openstack-keystone20:56
bnemeccmurphy: I saw you mentioned Lance is out for a bit. I assume that means he won't be looking at the review I added him to this morning. :-)20:58
bnemecAny idea whenabouts he's going to be back?20:58
cmurphyschaney__: we're starting to discuss the possibility of it, ayoung wrote up a summary here https://adam.younglogic.com/2019/05/sync-keystones-api/#settable-identifiers20:58
cmurphybnemec: i do not know20:59
schaney__cmurphy: thanks!  I will stay tuned.21:01
*** jamesmcarthur has quit IRC21:11
*** dave-mccowan has quit IRC21:40
*** raildo has quit IRC21:45
*** itlinux has joined #openstack-keystone21:49
*** itlinux has quit IRC21:54
*** rcernin has joined #openstack-keystone22:05
*** tesseract has quit IRC22:07
ayoungschaney__, So I think we can do it, but we would need to add an additional policy cut point to differntiate normal project cretion from synchronization22:24
*** itlinux has joined #openstack-keystone22:26
*** ayoung has quit IRC22:31
*** rcernin has quit IRC22:40
*** rcernin has joined #openstack-keystone22:41
*** itlinux has quit IRC22:43
*** tkajinam has joined #openstack-keystone22:59
*** joshualyle has joined #openstack-keystone23:14
schaney__ayoung: great! is the policy cut point like a different API route?23:17
*** itlinux has joined #openstack-keystone23:45
*** itlinux_ has joined #openstack-keystone23:47
*** itlinux has quit IRC23:49
*** itlinux_ has quit IRC23:57
« Monday, 2019-05-20 Index Wednesday, 2019-05-22 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!