| cardoe | So looking at the keystoneauth docs and the OIDC examples aren't as fleshed out. Wondering if anyone's got any other examples. I've seen OVH's and the whole discovery URL, secret id and secret key feels pretty awkward vs other OIDC usage like kube-login with Kubernetes for example. I've locally played with dex and used vexxhost's websso plugin which is definitely a smoother experience but wanted stock. | 00:17 |
|---|---|---|
| *** __ministry is now known as Guest3215 | 01:18 | |
| opendevreview | OpenStack Proposal Bot proposed openstack/keystone master: Imported Translations from Zanata https://review.opendev.org/c/openstack/keystone/+/924460 | 03:36 |
| gtema | cardoe, you are right and this is the same observation we have done. We overall recognized structural challenges when federating OpenStack and next PTG are going to discuss deeper a way forward to improve this | 04:56 |
| jrosser | cardoe: it’s not necessary to need the secret id/key in the client particularly for cli use. | 07:02 |
| jrosser | I would like to see what is already done in 3rd party keystoneauth plugins for websso brought into the stock client | 07:07 |
| opendevreview | Merged openstack/oslo.limit master: Update master for stable/2024.2 https://review.opendev.org/c/openstack/oslo.limit/+/928188 | 10:24 |
| opendevreview | Merged openstack/oslo.policy master: Update master for stable/2024.2 https://review.opendev.org/c/openstack/oslo.policy/+/928209 | 10:54 |
| opendevreview | OpenStack Release Bot proposed openstack/keystone master: Update master for stable/2024.2 https://review.opendev.org/c/openstack/keystone/+/929102 | 14:09 |
| cardoe | So with the project hierarchy bits... there's not a way to federate in a user and give that user permissions to all projects in a domain? | 23:00 |
| cardoe | I played around with creating a group and giving that group a role on the domain but it didn't seem to work. | 23:00 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!