Tuesday, 2020-09-08

« Monday, 2020-09-07 Index Wednesday, 2020-09-09 »
*** zzzeek has quit IRC00:06
*** zzzeek has joined #openstack-keystone00:08
*** zzzeek has quit IRC00:24
*** spatel has joined #openstack-keystone00:24
*** zzzeek has joined #openstack-keystone00:29
*** spatel has quit IRC00:29
*** zzzeek has quit IRC00:34
*** zzzeek has joined #openstack-keystone00:35
*** hemna has quit IRC01:01
*** hemna has joined #openstack-keystone01:02
*** openstackgerrit has joined #openstack-keystone01:08
openstackgerritGhanshyam Mann proposed openstack/oslo.policy master: [goal] Migrate testing to ubuntu focal  https://review.opendev.org/74431701:08
*** gary_perkins_ has quit IRC01:47
*** hoonetorg has quit IRC01:47
*** hoonetorg has joined #openstack-keystone01:48
*** gary_perkins has joined #openstack-keystone01:48
*** spatel has joined #openstack-keystone02:21
*** zzzeek has quit IRC02:47
*** zzzeek has joined #openstack-keystone02:51
*** rcernin has quit IRC02:59
*** rcernin has joined #openstack-keystone03:13
*** zzzeek has quit IRC03:19
*** zzzeek has joined #openstack-keystone03:21
*** vishalmanchanda has joined #openstack-keystone03:52
openstackgerritZihao Wang proposed openstack/python-keystoneclient master: trivial: Drop os-testr  https://review.opendev.org/75027003:52
*** zzzeek has quit IRC04:03
*** zzzeek has joined #openstack-keystone04:05
*** whoami-rajat__ has joined #openstack-keystone04:15
*** evrardjp has quit IRC04:33
*** evrardjp has joined #openstack-keystone04:33
*** spatel has quit IRC04:37
*** manuvakery has joined #openstack-keystone05:39
*** xek has joined #openstack-keystone05:40
*** xek has quit IRC06:02
*** zzzeek has quit IRC06:02
*** zzzeek has joined #openstack-keystone06:03
*** jaosorior has quit IRC06:14
*** zzzeek has quit IRC06:22
*** zzzeek has joined #openstack-keystone06:24
*** shyamb has joined #openstack-keystone07:13
*** bengates has joined #openstack-keystone07:14
*** shyam89 has joined #openstack-keystone07:41
*** shyamb has quit IRC07:43
*** rcernin has quit IRC08:00
*** shyamb has joined #openstack-keystone08:11
*** shyam89 has quit IRC08:14
*** zzzeek has quit IRC08:16
*** zzzeek has joined #openstack-keystone08:17
*** zzzeek has quit IRC08:47
*** zzzeek has joined #openstack-keystone08:50
*** shyamb has quit IRC10:13
*** yuxin_ has quit IRC10:21
*** shyamb has joined #openstack-keystone10:22
*** yuxin_ has joined #openstack-keystone10:27
*** shyam89 has joined #openstack-keystone10:33
*** shyamb has quit IRC10:35
*** yuxin_ has quit IRC10:44
*** shyam89 has quit IRC10:47
*** jaosorior has joined #openstack-keystone10:48
*** zzzeek has quit IRC10:48
*** shyamb has joined #openstack-keystone10:50
*** zzzeek has joined #openstack-keystone10:50
*** yuxin_ has joined #openstack-keystone10:57
*** dave-mccowan has joined #openstack-keystone10:59
*** dave-mccowan has quit IRC11:12
*** dave-mccowan has joined #openstack-keystone11:13
*** xek has joined #openstack-keystone11:36
*** shyamb has quit IRC11:43
*** shyamb has joined #openstack-keystone11:45
openstackgerritHervé Beraud proposed openstack/oslo.limit master: Adding pre-commit  https://review.opendev.org/74213411:48
*** raildo has joined #openstack-keystone12:06
*** shyamb has quit IRC12:11
*** redrobot has joined #openstack-keystone12:17
openstackgerritOpenStack Release Bot proposed openstack/pycadf master: Add Python3 wallaby unit tests  https://review.opendev.org/75034112:28
mnaserknikolla: have you been able to get something like openstack's cli to be usable with oidc _without_ storing any credentials?12:50
mnaseri.e. offline tokens type of thing12:50
*** xek has quit IRC12:50
mnaserthis is mostly for auth against gsuite12:51
*** Luzi has joined #openstack-keystone12:55
*** lbragstad has joined #openstack-keystone13:01
knikollamnaser: it should be doable, but I haven’t tried.13:06
mnaserknikolla: i just found https://github.com/IFCA/keystoneauth-oidc/blob/master/keystoneauth_oidc/plugin.py#L257-L28213:07
mnaserknikolla: i really wish i didn't have to run apache just to be able to do this though :( oh well13:07
*** beekneemech is now known as bnemec13:34
*** Luzi has quit IRC13:47
*** xek has joined #openstack-keystone13:56
*** jaosorior has quit IRC14:16
*** tkajinam has quit IRC14:43
jrossermnaser: we did that without an Apache14:54
mnaserjrosser: something like a oidc proxy?14:54
jrosserthis is for openstack cli with oidc?14:55
mnaserjrosser: correct14:55
jrosserjust a mo, on my phone :/14:56
*** xek has quit IRC15:05
jrossermnaser: I think actually we did exactly what is in your link ^^15:05
*** mailingsam has joined #openstack-keystone15:17
mailingsamHi All, GM, do you know why keystone project id is not exposed by keystone project create post api? it automatically assigns a unique id, can we allow the API to allow project id  and if not provided, create a unique ID?15:25
*** jmlowe has quit IRC15:30
*** jmlowe has joined #openstack-keystone15:32
knikollamailingsam: that is something that has been proposed a few years ago, read the spec here and its comments for more historical context. https://review.opendev.org/#/c/323499/15:45
mnaserjrosser: but what about horizon ?15:48
mnaserthat still needs it eh15:49
mailingsamThanks knikolla checking16:07
jrossermnaser: as far as I know yes16:14
mnaserjrosser: im wondering if running an oidc proxy might help as a sidecar16:14
jrosserwe had super weird stuff with HA16:15
mnaserjrosser: ah right, session needs to be handled across all of them16:16
jrosserneeded the apache module to talk to memcached16:16
mnaserjrosser: i wonder if something like this can work like https://github.com/oauth2-proxy/oauth2-proxy16:18
*** bengates has quit IRC16:20
jrosserisn’t keystone more involved than just putting a proxy in front, like the federated user mappings and such are inside keystone itself16:21
*** vishalmanchanda has quit IRC16:21
mnaserjrosser: right but the ISS needs to still make it's way there i guess16:21
mnaserjrosser: it seems like openid auth is relying on 'mappings' anyways16:30
*** vishakha has joined #openstack-keystone16:31
*** ddorahee has joined #openstack-keystone16:31
mnaserso really as long as we pass remote user and issuer it'll be fine16:31
knikollareminder, meeting in ~9 minutes in #openstack-meeting-alt16:51
*** bnemec has quit IRC16:52
*** bnemec has joined #openstack-keystone17:02
*** gyee has joined #openstack-keystone17:33
*** ddorahee has quit IRC17:38
*** mailingsam has quit IRC18:15
*** viks____ has quit IRC18:58
*** manuvakery has quit IRC18:59
*** xek has joined #openstack-keystone19:52
*** whoami-rajat__ has quit IRC20:14
*** yuxin_ has quit IRC20:14
*** zzzeek has quit IRC20:16
*** zzzeek has joined #openstack-keystone20:17
*** yuxin_ has joined #openstack-keystone20:25
*** vishakha has quit IRC21:00
*** xek has quit IRC21:41
*** raildo has quit IRC21:43
gmannknikolla: can you review this ? need for Focal migration goal - https://review.opendev.org/#/c/743116/21:43
knikollagmann: done22:51
gmannknikolla thanks22:52
*** tkajinam has joined #openstack-keystone22:57
*** tkajinam has quit IRC22:57
*** tkajinam has joined #openstack-keystone22:58
*** rcernin has joined #openstack-keystone23:02
*** zzzeek has quit IRC23:33
*** zzzeek has joined #openstack-keystone23:35
*** kmalloc has joined #openstack-keystone23:37
« Monday, 2020-09-07 Index Wednesday, 2020-09-09 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!