| *** ykarel_ is now known as ykarel | 07:35 | |
| dmsimard[m] | I have a use case with keystone-to-keystone federation where it would be nice to use the project id in the mapping but I figure there's a reason why it doesn't exist. | 21:06 |
|---|---|---|
| dmsimard[m] | I know it's possible to force the creation of a project with a specific uuid for example with keystone-manage: https://opendev.org/openstack/keystone/commit/a8366c4827b1455a9daa89d2f49f9cd1b7673685 | 21:08 |
| dmsimard[m] | It was simple enough to figure out how to expose the project id in the saml attributes so we could use it in the mapping but alas I cannot specify a "destination" project id in the mapping, just a name | 21:09 |
| dmsimard[m] | Just curious on your comments or suggestions before digging this further. The use case is one of metrics and billing, if the project UUID is the same between the two keystones it makes things instantly much easier. | 21:10 |
| gtema | dmsimard: as we talked during the ptg the saml support is going to die midterm, so we need to find a new solution anyway. Feel free to describe the usecase and potentially your ideas on https://github.com/openstack-experimental/keystone/issues/307 | 21:14 |
| gtema | With V4 API and keystoneng we can add support for adding project_id in the create request (that would appear through V3) | 21:15 |
| dmsimard[m] | yes, I remember speaking to you about it briefly and I am definitely looking forward to it but I don't know what kind of timeline we would be looking at for v4 federation vs the thing I am being asked to deliver 😅 | 21:17 |
| gtema | Adding only project_id on create with V4 can be done by "tomorrow" if that helps | 21:19 |
| dmsimard[m] | I would have to give keystone-ng a spin, I have truthfully not have had the time yet. Is k2k federation already in ? | 21:20 |
| gtema | No, since we haven't had even an idea on how to achieve that, but we can improve project creation to have them consistent if that helps | 21:21 |
| gtema | I am "desperately" waiting somebody to describe how they use k2k to define the functionality | 21:21 |
| dmsimard[m] | ok, I am happy to oblige, give me a few days and I should be able to find the time to write something down in that issue, thanks :) | 21:22 |
| gtema | Awesome. Appreciate that. I didn't want to simply repeat what k2k is because it is eventually not what people need (just like current federation is not what is useful) | 21:24 |
| dmsimard[m] | well, I can't claim to speak in the name of everyone using k2k but I can talk about our use case :p | 21:25 |
| gtema | Correct, this is exactly what I need - gather necessary requirements | 21:26 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!