| opendevreview | Yonggen Sun proposed openstack/keystonemiddleware master: External OAuth2.0 Authorization Server Support https://review.opendev.org/c/openstack/keystonemiddleware/+/868734 | 00:43 |
|---|---|---|
| opendevreview | Hiromu Asahina proposed openstack/keystonemiddleware master: OAuth 2.0 Mutual-TLS Support https://review.opendev.org/c/openstack/keystonemiddleware/+/860615 | 02:13 |
| opendevreview | Hiromu Asahina proposed openstack/keystone master: OAuth 2.0 Mutual-TLS Support https://review.opendev.org/c/openstack/keystone/+/860613 | 02:13 |
| opendevreview | OpenStack Proposal Bot proposed openstack/keystone master: Imported Translations from Zanata https://review.opendev.org/c/openstack/keystone/+/857805 | 03:34 |
| opendevreview | Yonggen Sun proposed openstack/keystonemiddleware master: External OAuth2.0 Authorization Server Support https://review.opendev.org/c/openstack/keystonemiddleware/+/868734 | 06:49 |
| opendevreview | Yonggen Sun proposed openstack/keystonemiddleware master: External OAuth2.0 Authorization Server Support https://review.opendev.org/c/openstack/keystonemiddleware/+/868734 | 07:53 |
| opendevreview | mitya-eremeev-2 proposed openstack/oslo.policy master: Fix deprecated rule logic if the rule was deleted in policy directory. https://review.opendev.org/c/openstack/oslo.policy/+/844611 | 08:08 |
| d34dh0r53 | knikolla[m]: we've reviewed the mTLS patches (https://review.opendev.org/q/topic:bp/support-oauth2-mtls+is:open) but want to make sure that you're good merging them so you get to add the +W if you're okay. | 15:25 |
| knikolla[m] | d34dh0r53, dmendiza you can go ahead and +W | 15:29 |
| d34dh0r53 | knikolla[m]: ack, thanks | 15:29 |
| opendevreview | Merged openstack/keystoneauth master: OAuth 2.0 Mutual-TLS Support https://review.opendev.org/c/openstack/keystoneauth/+/860614 | 16:43 |
| darkhorse | Hi team - is there a way to get a refresh token before access token expires? I have a long running task and access token expires before the job completes. | 16:48 |
| knikolla[m] | darkhorse: can you describe a bit more the long running task? | 16:53 |
| darkhorse | knikolla[m]: I save instance creation request and the access token, and retry on a periodic schedule basis. Reason I do this is because instance creation fails due to resource constraints and I want the instance to get created when there are enough resources. problem is when the resource is available, the access token may get expired. | 16:56 |
| knikolla[m] | darkhorse: it's not possible to get an access token that's valid beyond the access token that you currently have (without reauthenticating). there are some situations in which you can perform operations with an expired token, but that is a short window of time and designed for service to service communications. | 16:59 |
| darkhorse | knikolla[m]: can service tokens have long expiration time? like 3 days for example. | 17:01 |
| knikolla[m] | darkhorse: the window is configurable https://opendev.org/openstack/keystone/src/commit/363b941f2c4c4e1ffe76fa9104eb4ad760a1ddc0/keystone/conf/token.py#L112 | 17:04 |
| knikolla[m] | if you present a service token + the users expired token, the operation will work within that window. | 17:05 |
| darkhorse | knikolla[m]: can service tokens be used for any services? I read about it in cinder documentation but not sure if I can configure all services(nova, cinder, neutron etc) to accept service tokens. | 17:08 |
| opendevreview | Merged openstack/keystoneauth master: New auth plugin v3oidcdeviceauthz https://review.opendev.org/c/openstack/keystoneauth/+/869876 | 17:10 |
| knikolla[m] | darkhorse: that is something that is handled by keystonemiddleware, not the service. so as long as you configure the correct service roles in keystonemiddleware the operation will work on any service using it. | 17:13 |
| opendevreview | Merged openstack/keystone master: OAuth 2.0 Mutual-TLS Support https://review.opendev.org/c/openstack/keystone/+/860613 | 17:15 |
| darkhorse | knikolla[m]: thank you! that is very helpful to know. | 17:15 |
| knikolla[m] | yay, mtls merged! | 17:27 |
| knikolla[m] | \o/ | 17:27 |
| d34dh0r53 | yay! | 17:41 |
| opendevreview | Sergiy Markin proposed openstack/keystone master: LDAP connection error handling https://review.opendev.org/c/openstack/keystone/+/860118 | 21:54 |
| opendevreview | Merged openstack/keystonemiddleware master: OAuth 2.0 Mutual-TLS Support https://review.opendev.org/c/openstack/keystonemiddleware/+/860615 | 22:38 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!