| *** vishalmanchanda has quit IRC | 00:18 | |
| *** jamesmcarthur has joined #openstack-keystone | 00:43 | |
| *** jamesmcarthur has quit IRC | 01:10 | |
| *** jamesmcarthur has joined #openstack-keystone | 01:12 | |
| *** spatel has joined #openstack-keystone | 01:27 | |
| *** jamesmcarthur has quit IRC | 01:36 | |
| *** jamesmcarthur has joined #openstack-keystone | 01:48 | |
| *** jamesmcarthur has quit IRC | 01:48 | |
| *** jamesmcarthur has joined #openstack-keystone | 01:49 | |
| *** lbragstad has quit IRC | 01:52 | |
| *** jamesmcarthur has quit IRC | 01:53 | |
| *** jamesmcarthur has joined #openstack-keystone | 02:10 | |
| *** jamesmcarthur has quit IRC | 02:20 | |
| *** spatel has quit IRC | 02:31 | |
| *** jamesmcarthur has joined #openstack-keystone | 02:33 | |
| *** spatel has joined #openstack-keystone | 02:34 | |
| *** spatel has quit IRC | 02:48 | |
| *** jamesmcarthur has quit IRC | 03:37 | |
| *** renich has quit IRC | 03:38 | |
| *** jamesmcarthur has joined #openstack-keystone | 03:40 | |
| *** evrardjp has quit IRC | 04:36 | |
| *** evrardjp has joined #openstack-keystone | 04:36 | |
| openstackgerrit | Merged openstack/keystone master: Ensure OAuth1 authorized roles are respected https://review.opendev.org/725885 | 04:37 |
|---|---|---|
| *** sapd1 has joined #openstack-keystone | 04:51 | |
| *** vishalmanchanda has joined #openstack-keystone | 05:45 | |
| *** jamesmcarthur has quit IRC | 05:53 | |
| *** abdysn has joined #openstack-keystone | 05:56 | |
| *** jamesmcarthur has joined #openstack-keystone | 05:59 | |
| *** jamesmcarthur has quit IRC | 06:03 | |
| *** gyee has quit IRC | 06:07 | |
| *** jamesmcarthur has joined #openstack-keystone | 06:10 | |
| *** jamesmcarthur has quit IRC | 06:27 | |
| *** bengates has joined #openstack-keystone | 07:19 | |
| *** dancn has joined #openstack-keystone | 07:23 | |
| *** TheJulia has quit IRC | 07:56 | |
| *** mnasiadka has quit IRC | 07:56 | |
| *** Anticimex has quit IRC | 07:56 | |
| *** TheJulia has joined #openstack-keystone | 08:01 | |
| *** mnasiadka has joined #openstack-keystone | 08:01 | |
| *** Anticimex has joined #openstack-keystone | 08:01 | |
| *** xek has joined #openstack-keystone | 08:05 | |
| *** vishakha has joined #openstack-keystone | 08:06 | |
| *** lumir_ is now known as shaolin | 09:21 | |
| *** shaolin is now known as lumir | 09:21 | |
| *** irclogbot_1 has quit IRC | 09:41 | |
| *** irclogbot_3 has joined #openstack-keystone | 09:42 | |
| *** hugokuo has quit IRC | 09:42 | |
| *** hugokuo has joined #openstack-keystone | 09:45 | |
| zigo | Could we get the security patches +2+w ASAP please ? https://review.opendev.org/#/q/project:openstack/keystone | 10:29 |
| *** ayoung has quit IRC | 10:49 | |
| *** abdysn has quit IRC | 12:16 | |
| *** raildo has joined #openstack-keystone | 12:25 | |
| *** spatel has joined #openstack-keystone | 12:58 | |
| *** lbragstad has joined #openstack-keystone | 13:12 | |
| *** manuvakery has joined #openstack-keystone | 13:15 | |
| *** jhesketh has quit IRC | 13:43 | |
| *** jhesketh has joined #openstack-keystone | 13:47 | |
| knikolla | lbragstad: could you please review the stable backports of the sec fixes? ^ | 13:52 |
| lbragstad | knikolla looks like they were squashed into a single commit | 13:54 |
| lbragstad | for backport reasons | 13:54 |
| knikolla | yup | 13:54 |
| lbragstad | cool | 13:54 |
| knikolla | the number of reviews and merge conflicts would be over 9000 otherwise | 13:55 |
| lbragstad | makes sense | 13:55 |
| lbragstad | https://review.opendev.org/#/c/725887/1 wasn't included though? | 13:55 |
| *** ayoung has joined #openstack-keystone | 13:56 | |
| knikolla | i guess that's because the others are ec2 bugs, and this is auth1, so it made sense to squash those together while keeping this separate | 13:57 |
| knikolla | oauth1* | 13:57 |
| *** dancn has quit IRC | 13:58 | |
| lbragstad | ok | 14:01 |
| *** dancn has joined #openstack-keystone | 14:03 | |
| *** renich has joined #openstack-keystone | 14:33 | |
| cmurphy | yeah the oauth1 fix didn't collide with the ec2 fixes so i kept it separate | 14:34 |
| *** tkajinam has quit IRC | 14:43 | |
| *** dancn has quit IRC | 14:52 | |
| *** vishalmanchanda has quit IRC | 14:54 | |
| lbragstad | cmurphy ++ | 14:54 |
| openstackgerrit | Maurice Escher proposed openstack/keystone master: fix link in release note of bug/1794527 https://review.opendev.org/726170 | 14:55 |
| *** dancn has joined #openstack-keystone | 14:58 | |
| *** renich has quit IRC | 15:17 | |
| *** dancn has quit IRC | 15:24 | |
| *** gyee has joined #openstack-keystone | 15:32 | |
| *** jamesmcarthur has joined #openstack-keystone | 15:32 | |
| gagehugo | we generally don't modify release notes from previous releases right? | 15:37 |
| cmurphy | you can you just need to do it directly in the stable branch https://docs.openstack.org/reno/latest/user/usage.html#updating-stable-branch-release-notes | 15:41 |
| *** dancn has joined #openstack-keystone | 15:42 | |
| *** spatel has quit IRC | 15:49 | |
| *** spatel has joined #openstack-keystone | 15:50 | |
| *** renich has joined #openstack-keystone | 16:07 | |
| gagehugo | hmm ok | 16:34 |
| *** evrardjp has quit IRC | 16:36 | |
| *** evrardjp has joined #openstack-keystone | 16:36 | |
| *** bengates has quit IRC | 16:45 | |
| *** dancn has quit IRC | 16:54 | |
| *** gmann is now known as gmann_afk | 17:25 | |
| *** dancn has joined #openstack-keystone | 17:43 | |
| *** jamesmcarthur has quit IRC | 17:53 | |
| *** jamesmcarthur has joined #openstack-keystone | 17:59 | |
| *** jamesmcarthur has quit IRC | 18:03 | |
| TheJulia | Hi, crazy off the wall question. Has there ever been any thoughts or discussion of adding basic auth support to keystoneauth1 since things like openstackclient are so tightly bound to it? | 18:12 |
| *** ayoung has quit IRC | 18:13 | |
| *** ayoung has joined #openstack-keystone | 18:16 | |
| cmurphy | TheJulia: not to keystoneauth, because keystoneauth is only for authing with keystone and keystone doesn't support basic auth. but adding it to keystone has come up before https://review.opendev.org/125457 | 18:20 |
| TheJulia | okay | 18:21 |
| TheJulia | so tl;dr... keystone is an absolute hard requirement for any auth with any openstack tooling... which explains why noauth has remained dominant | 18:23 |
| cmurphy | TheJulia: no, i would not say that at all | 18:24 |
| cmurphy | keystoneauth is for working with keystone | 18:24 |
| cmurphy | you don't have to use keystoneauth | 18:25 |
| TheJulia | I'm still digging into the code path | 18:26 |
| TheJulia | but if everything is using keystoneauth1 for session tooling | 18:26 |
| TheJulia | for the actual http client.. | 18:26 |
| TheJulia | Anyway, there are at least 2-3 more layers to the onion to peel back | 18:26 |
| cmurphy | i don't think it's occurred to most projects to support non-keystone auth | 18:27 |
| cmurphy | mordred: maybe you want to jump in ^ would we want keystoneauth to support basic auth similar to how it does noauth? | 18:28 |
| mordred | I didn't do it | 18:31 |
| TheJulia | lol | 18:31 |
| * mordred reads | 18:31 | |
| * TheJulia checks off todo item "blame everything on mordred" | 18:32 | |
| mordred | yeah. definitely blame it on me | 18:32 |
| mordred | it's an interesting question ... if we didn't have keystoneauth support it, we'd need to support it in sdk - it would be _way_ easier to support it in ksa like noauth is ... because sdk and osc basically do just act as ksa-session/adapter factories | 18:33 |
| mordred | that said - I could also understand if we didn't want to add that to ksa and if we didn't I think we could figure out how to add it to sdk | 18:33 |
| mordred | TheJulia: tl;dr - I think supporting your auth needs is in scope from an sdk pov - I'm on the fence as to whether ksa should be the place to do it - I could be talked in to being for it or against it by someone with a stronger opinion | 18:34 |
| cmurphy | i feel like most of what you get from keystoneauth is all the bits you need to authenticate with keystone, if you're not using that then you might as well just use a regular requests session and keep it simple | 18:35 |
| mordred | cmurphy: oh - well, also we get the ksa adapter which does a funny mounting thing that nothing else does | 18:36 |
| mordred | but - yeah | 18:36 |
| cmurphy | ah yeah | 18:36 |
| mordred | cmurphy, TheJulia: we _could_ just make a ksa auth plugin in openstacksdk | 18:36 |
| TheJulia | nah, nothing to blame on you | 18:36 |
| mordred | so that it's still a ksa auth for our use but the code is managed in sdk | 18:37 |
| mordred | and we could model it on the noauth plugin - maybe even subclass it | 18:37 |
| *** spatel has quit IRC | 18:39 | |
| TheJulia | Okay, that kind of makes sense | 18:39 |
| *** jamesmcarthur has joined #openstack-keystone | 18:39 | |
| *** ayoung has quit IRC | 18:39 | |
| TheJulia | and I guess, worst comes to worst until braincells to hack on ^ are beamed in with a transporter (or maybe a very big cup of coffee... or ten), humans can always use curl | 18:40 |
| TheJulia | just not super friendly | 18:40 |
| *** ayoung has joined #openstack-keystone | 18:40 | |
| cmurphy | i'm not entirely opposed to adding it to ksa either, especially since noauth is kind of a precedent, i just worry a little about scope creep and putting all of the auth kitchen sink into ksa | 18:43 |
| TheJulia | That does make sense. I guess part of the question may be how much interest there could be in such. Specifically because I have this feeling the mechanics may need to be different :\ | 18:48 |
| *** gmann_afk is now known as gmann | 19:06 | |
| mordred | TheJulia, cmurphy: we could trial-run it in sdk (where there's a little less worry about scope-creep) and if it works out and we're happy we can move it over | 19:10 |
| TheJulia | looks like it could be a plugin and would actually be very simple from what I can tell | 19:23 |
| TheJulia | just... where because I don't think keystoneauth1 has any concept of external "plugins" | 19:24 |
| TheJulia | wait | 19:25 |
| TheJulia | it does | 19:25 |
| *** jamesmcarthur_ has joined #openstack-keystone | 19:58 | |
| *** jamesmcarthur_ has quit IRC | 19:59 | |
| *** jamesmcarthur_ has joined #openstack-keystone | 19:59 | |
| *** jamesmcarthur has quit IRC | 20:00 | |
| *** dancn has quit IRC | 20:51 | |
| *** manuvakery has quit IRC | 21:02 | |
| *** vishakha has quit IRC | 21:14 | |
| *** hemna has quit IRC | 21:26 | |
| *** hemna has joined #openstack-keystone | 21:39 | |
| *** raildo has quit IRC | 21:45 | |
| *** renich has quit IRC | 21:55 | |
| *** xek has quit IRC | 22:04 | |
| *** jamesmcarthur_ has quit IRC | 22:13 | |
| *** jamesmcarthur has joined #openstack-keystone | 22:13 | |
| *** renich has joined #openstack-keystone | 22:15 | |
| *** jamesmcarthur has quit IRC | 22:19 | |
| *** jamesmcarthur has joined #openstack-keystone | 22:33 | |
| *** hoonetorg has quit IRC | 22:34 | |
| *** jamesmcarthur has quit IRC | 22:37 | |
| *** jamesmcarthur has joined #openstack-keystone | 22:38 | |
| *** jamesmcarthur has quit IRC | 22:42 | |
| *** hoonetorg has joined #openstack-keystone | 22:46 | |
| *** tkajinam has joined #openstack-keystone | 22:49 | |
| *** jamesmcarthur has joined #openstack-keystone | 23:01 | |
| *** renich has quit IRC | 23:02 | |
| *** renich has joined #openstack-keystone | 23:02 | |
| *** jamesmcarthur has quit IRC | 23:04 | |
| *** jamesmcarthur has joined #openstack-keystone | 23:05 | |
| *** jamesmcarthur has quit IRC | 23:11 | |
| *** jamesmcarthur has joined #openstack-keystone | 23:11 | |
| *** spotz has quit IRC | 23:16 | |
| *** jamesmcarthur has quit IRC | 23:38 | |
| *** jamesmcarthur has joined #openstack-keystone | 23:38 | |
| *** gyee has quit IRC | 23:54 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!