Tuesday, 2019-12-03

« Monday, 2019-12-02 Index Wednesday, 2019-12-04 »
*** ijw_ has quit IRC00:32
*** Adri2000 has joined #openstack-meeting-alt00:46
*** ijw has joined #openstack-meeting-alt00:47
*** tetsuro has joined #openstack-meeting-alt01:15
*** rfolco has quit IRC01:30
*** rfolco has joined #openstack-meeting-alt01:38
*** rfolco has quit IRC01:39
*** rfolco has joined #openstack-meeting-alt01:40
*** gyee has quit IRC01:48
*** rfolco has quit IRC02:07
*** yaawang has quit IRC02:36
*** yaawang has joined #openstack-meeting-alt02:36
*** macz has quit IRC02:37
*** ijw has quit IRC03:03
*** ijw has joined #openstack-meeting-alt03:05
*** apetrich has quit IRC03:09
*** ijw has quit IRC03:09
*** ijw has joined #openstack-meeting-alt03:30
*** ijw has quit IRC03:30
*** ijw has joined #openstack-meeting-alt03:30
*** macz has joined #openstack-meeting-alt03:46
*** macz has quit IRC03:51
*** tetsuro has quit IRC03:58
*** yaawang has quit IRC04:01
*** yaawang has joined #openstack-meeting-alt04:02
*** tetsuro has joined #openstack-meeting-alt04:04
*** tetsuro has quit IRC04:05
*** tetsuro has joined #openstack-meeting-alt04:16
*** baojg has quit IRC04:17
*** tetsuro has quit IRC04:19
*** tetsuro_ has joined #openstack-meeting-alt04:19
*** baojg has joined #openstack-meeting-alt04:19
*** tetsuro_ has quit IRC04:23
*** tetsuro has joined #openstack-meeting-alt04:23
*** igordc has quit IRC04:34
*** tetsuro has quit IRC04:36
*** tetsuro has joined #openstack-meeting-alt05:39
*** tetsuro has quit IRC05:44
*** ijw has quit IRC05:52
*** links has joined #openstack-meeting-alt05:52
*** tetsuro has joined #openstack-meeting-alt05:57
*** ijw has joined #openstack-meeting-alt06:01
*** ijw has quit IRC06:06
*** ircuser-1 has joined #openstack-meeting-alt06:19
*** jtomasek has joined #openstack-meeting-alt06:43
*** ccamacho has quit IRC06:43
*** yaawang has quit IRC06:47
*** yaawang has joined #openstack-meeting-alt06:48
*** brault has joined #openstack-meeting-alt07:05
*** tetsuro_ has joined #openstack-meeting-alt07:06
*** tetsuro has quit IRC07:08
*** apetrich has joined #openstack-meeting-alt07:10
*** masahito has joined #openstack-meeting-alt07:19
*** masahito has quit IRC07:25
*** masahito has joined #openstack-meeting-alt07:25
*** masahito_ has joined #openstack-meeting-alt07:28
*** masahito has quit IRC07:28
*** masahito_ has quit IRC07:44
*** slaweq has joined #openstack-meeting-alt07:45
*** yaawang has quit IRC07:46
*** masahito has joined #openstack-meeting-alt07:46
*** masahito has quit IRC07:48
*** yaawang has joined #openstack-meeting-alt07:48
*** masahito has joined #openstack-meeting-alt07:48
*** apetrich has quit IRC07:51
*** masahito has quit IRC07:53
*** apetrich has joined #openstack-meeting-alt07:53
*** masahito has joined #openstack-meeting-alt07:59
*** gibi has joined #openstack-meeting-alt08:03
*** skatsaounis_ has joined #openstack-meeting-alt08:04
*** masahito has quit IRC08:07
*** masahito has joined #openstack-meeting-alt08:07
*** masahito has quit IRC08:09
*** masahito has joined #openstack-meeting-alt08:09
*** macz has joined #openstack-meeting-alt08:12
*** tesseract has joined #openstack-meeting-alt08:16
*** macz has quit IRC08:16
*** tmazur has joined #openstack-meeting-alt08:19
*** ccamacho has joined #openstack-meeting-alt08:27
*** masahito has quit IRC08:40
*** masahito has joined #openstack-meeting-alt08:41
*** masahito has quit IRC08:44
*** masahito has joined #openstack-meeting-alt08:45
*** skatsaounis_ has quit IRC09:07
*** e0ne has joined #openstack-meeting-alt09:08
*** skatsaounis_ has joined #openstack-meeting-alt09:24
*** gshippey has joined #openstack-meeting-alt09:25
*** yaawang has quit IRC09:45
*** yaawang has joined #openstack-meeting-alt09:46
*** rcernin has quit IRC10:06
*** masahito has quit IRC10:32
*** lpetrut has joined #openstack-meeting-alt10:34
*** derekh has joined #openstack-meeting-alt10:35
*** skatsaounis_ has quit IRC11:01
*** skatsaounis_ has joined #openstack-meeting-alt11:02
*** vishalmanchanda has joined #openstack-meeting-alt11:34
*** lpetrut has quit IRC11:53
*** raildo has joined #openstack-meeting-alt11:56
*** rfolco has joined #openstack-meeting-alt12:12
*** rfolco has quit IRC12:23
*** rfolco has joined #openstack-meeting-alt12:24
*** macz has joined #openstack-meeting-alt12:33
*** macz has quit IRC12:38
*** skatsaounis_ has quit IRC13:35
*** lpetrut has joined #openstack-meeting-alt13:40
*** skatsaounis_ has joined #openstack-meeting-alt13:52
*** dave-mccowan has joined #openstack-meeting-alt14:02
*** liuyulong has joined #openstack-meeting-alt14:15
*** jhesketh has quit IRC14:27
*** jhesketh has joined #openstack-meeting-alt14:28
*** dave-mccowan has quit IRC14:42
*** smyers has quit IRC14:47
*** igordc has joined #openstack-meeting-alt14:57
*** igordc has quit IRC15:17
*** skatsaounis_ has quit IRC15:21
*** munimeha1 has joined #openstack-meeting-alt15:22
*** igordc has joined #openstack-meeting-alt15:25
*** igordc has quit IRC15:30
*** tesseract has quit IRC15:37
*** gagehugo has joined #openstack-meeting-alt15:40
*** jtomasek has quit IRC15:42
*** tesseract has joined #openstack-meeting-alt15:48
*** diablo_rojo has joined #openstack-meeting-alt15:48
*** diablo_rojo has quit IRC15:49
*** diablo_rojo has joined #openstack-meeting-alt15:49
cmurphy#startmeeting keystone16:00
openstackMeeting started Tue Dec  3 16:00:11 2019 UTC and is due to finish in 60 minutes.  The chair is cmurphy. Information about MeetBot at http://wiki.debian.org/MeetBot.16:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
*** openstack changes topic to " (Meeting topic: keystone)"16:00
openstackThe meeting name has been set to 'keystone'16:00
gagehugoo/16:00
cmurphy#link https://etherpad.openstack.org/p/keystone-weekly-meeting agenda16:00
lbragstado/16:00
knikollao/16:00
bnemeco/16:00
cmurphyI didn't have to make up the agenda today \o/16:02
cmurphy#topic review requests16:02
*** openstack changes topic to "review requests (Meeting topic: keystone)"16:02
cmurphythere are two already in the agenda16:02
cmurphy#link https://review.opendev.org/#/c/687990/ Stop adding entry in local_user while updating ephemerals16:02
cmurphy#link https://review.opendev.org/#/c/693838/16:03
cmurphyUpdate OIDC documentation to handle bearer access token flow16:03
cmurphy#undo16:03
openstackRemoving item from minutes: #link https://review.opendev.org/#/c/693838/16:03
cmurphy#link https://review.opendev.org/#/c/693838/16:03
cmurphy>.>16:03
cmurphy#undo16:03
openstackRemoving item from minutes: #link https://review.opendev.org/#/c/693838/16:03
cmurphy#link https://review.opendev.org/#/c/693838/16:03
cmurphyi give up16:03
* knikolla gives cmurphy a cup of coffee16:04
lbragstadi was just going to say - it's early16:04
cmurphythanks :)16:04
cmurphythis is already my second hour of meetings16:04
lbragstad0.o16:05
cmurphyi'll check out the oidc doc change soon16:05
cmurphyany comment on these changes? any other review requests?16:05
cmurphy#topic OpenID Connect Authentication Plugin16:09
*** openstack changes topic to "OpenID Connect Authentication Plugin (Meeting topic: keystone)"16:09
cmurphyI don't think aloga is here16:09
cmurphyI wonder if knikolla has context for this?16:09
knikollai had a conversation with them about a week ago16:09
knikollathey weren't able to satisfy their use case with the current way that oidc works with apache16:10
knikollahence needing a custom plugin16:10
knikollai'll hunt for an irc log16:11
knikolla#link http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2019-11-26.log.html#t2019-11-26T16:52:4916:12
vishakhao/16:12
cmurphyif the redirect behavior changed when flask was introduced that sounds like a regression that should be fixed, no argument there16:12
knikollaagree on that.16:13
cmurphyi can comment on the bug16:16
cmurphynot sure there's anything else to discuss on this?16:16
*** aloga has joined #openstack-meeting-alt16:16
alogahowdy16:16
cmurphyaloga: hi16:17
alogacmurphy: hello16:17
cmurphywe were just discussing your topic16:17
alogasorry, I did not realise the time16:17
cmurphyit sounded like a regression was introduced when we moved to flask, i have no objection to fixing the regression16:17
cmurphywould be good to have more information, like versions where it worked and didn't work and steps to reproduce16:18
alogacmurphy: the point is that IIRC, it was possible to raise HTTP errors in the past, and those were rendered properly to the users16:18
alogaso for instance a redirect would actually redirect the user16:18
alogacmurphy: hmm, I would need to check with my team, as I was not directly involved16:18
*** gyee has joined #openstack-meeting-alt16:19
*** dave-mccowan has joined #openstack-meeting-alt16:19
alogacmurphy: this is useful for instance for an OpenID Connect plugin for Keystone, as redirects are required16:19
cmurphyaloga: was there some concern that we wouldn't want the bugfix?16:19
alogacmurphy: in order to complete the flow, etc.16:19
alogacmurphy: sorry? I do not understand16:20
cmurphyaloga: i'm just wondering what we need to discuss about this, assuming that the bug is valid and reproducible then the answer seems straightforward16:21
knikollai asked them to add the topic on the agenda to get a better feel of if there was something else we could do to provide better oidc support16:21
alogacmurphy: I do not know, I was told to add this to the agenda16:21
knikollasince deployments with that experience are hard to come by16:21
alogacmurphy: but I think this was because OpenID connect was mentioned16:22
alogaI can try to make a rationale16:22
alogaI am working in an environment (European Open Science Cloud) where several OpenStack sites are federated16:23
alogaidentity is based on OpenID, with a myriad of different IdPs16:23
alogathe current (Apache + mod_oidc + Keystone) is difficult and cumbersome to manage because of several reasons16:24
alogaOpenStack CLI is an OIDC client itself (i.e. it requires a client id and secret)16:24
alogathe CLI uses Oauth2 rather than OIDC, therefore there might be different claims at the server, as the Oauth2 introspection and the OIDC userinfo endpoint return different information16:25
alogafor operators, the configuration is done on Apache, and not on Keystone16:26
alogaand, last but not least, the mod_oidc does not allow to use several Oauth2 idps per server (it allows several OIDC though)16:26
alogatherefore we levearated the federated auth code in Keystone to build a native plugin (we have a prototype)16:26
alogabut, in order to get it fully working, we need to redirect from Keystone16:27
knikollais there anything else that you need besides redirect functionality?16:27
aloga(i.e. 302)16:27
alogaknikolla: nope16:27
alogaknikolla: actually the changes are minimal16:28
knikollacool16:28
cmurphyaloga: does this tie into https://review.opendev.org/373983 ?16:29
alogacmurphy: yes, indeed16:29
alogacmurphy: that was the seed of all of this16:29
alogacmurphy: I guess that the spec is better explained16:29
cmurphyokay, so at a minimum we can fix the flask bug and get your external auth plugin working16:34
alogaI know that several of these things can be alleviated by implementing an IdP proxy, as some providers or national infrastructures do, but sometimes this is not an option16:34
alogacmurphy: that would be awesome16:34
cmurphywe should also revisit this spec and maybe merge it to the backlog16:35
cmurphytbh i don't know why it didn't get any feedback since 201816:35
alogacmurphy: tbh I could not follow it so closely as I would have liked to16:35
cmurphyaloga: would you want to continue driving it now?16:37
alogacmurphy: yes16:37
cmurphyokay, team please review https://review.opendev.org/373983 and provide feedback16:38
*** lpetrut has quit IRC16:38
cmurphythanks aloga16:39
cmurphyanything else on this?16:39
alogacmurphy, knikolla thanks16:39
cmurphy#topic next up for bug duty16:40
*** openstack changes topic to "next up for bug duty (Meeting topic: keystone)"16:40
cmurphy#link https://etherpad.openstack.org/p/keystone-l1-duty16:40
cmurphylooks like gagehugo is up for bug duty this week starting today, gagehugo still up for it?16:41
gagehugocmurphy: sure16:41
cmurphyfollowing the rotation i'll be up next unless anyone else wants to take it ;)16:41
knikollaI was going to offer too.16:41
knikollaBut I can go the week after that.16:42
cmurphyknikolla: by all means :)16:42
cmurphy#topic office hours16:43
*** openstack changes topic to "office hours (Meeting topic: keystone)"16:43
cmurphyI think this is about our policy testing sync up after this meeting?16:43
cmurphylbragstad: ?16:43
lbragstadI was curious if we're still planning on going through patrole stuff during office hours today?16:44
cmurphyI think so but I wasn't driving it, do we have everyone we need for that meeting?16:45
cmurphygagehugo was going to bring someone in from AT&T i think? and ade was interested too?16:46
lbragstadcmurphy yeah - ade is hanging out in our channel16:47
*** ccamacho has quit IRC16:48
lbragstaddo we know if the patrole folks are still coming?16:49
gagehugoI can message him, idk if he will be around in irc16:49
cmurphyassuming we do have the meeting, do we want to do it over irc or jitsi?16:51
lbragstadi'm good with either16:52
cmurphyme too16:53
cmurphyi guess we can decide after gagehugo gets in touch with the patrole person16:54
lbragstad++16:54
cmurphycan follow up in #openstack-keystone in a few minutes16:54
cmurphy#topic open discussion16:54
*** openstack changes topic to "open discussion (Meeting topic: keystone)"16:54
cmurphy#info spec proposal freeze is next week16:54
gagehugoI pinged him to see if he's free16:54
cmurphyproposals for the alembic migration (vishakha) and federated attrs (knikolla) and renewable group membership (knikolla) are expected next week16:55
knikollaright! roger!16:55
cmurphy#link https://releases.openstack.org/ussuri/schedule.html16:56
cmurphy:)16:56
cmurphy4 minutes left for any other discussion :)16:57
cmurphyokay will close it now, see you in #openstack-keystone16:58
cmurphy#endmeeting16:58
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"16:58
openstackMeeting ended Tue Dec  3 16:58:43 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:58
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-12-03-16.00.html16:58
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-12-03-16.00.txt16:58
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-12-03-16.00.log.html16:58
*** redrobot has joined #openstack-meeting-alt16:59
*** vkmc has left #openstack-meeting-alt17:02
*** tesseract has quit IRC17:03
*** diablo_rojo has quit IRC17:04
*** diablo_rojo has joined #openstack-meeting-alt17:15
*** skatsaounis_ has joined #openstack-meeting-alt17:34
*** e0ne has quit IRC17:35
*** links has quit IRC17:40
*** ijw has joined #openstack-meeting-alt17:41
*** jhesketh has quit IRC17:42
*** gagehugo has left #openstack-meeting-alt17:43
*** jhesketh has joined #openstack-meeting-alt17:44
*** tmazur has quit IRC17:47
*** diablo_rojo has quit IRC17:49
*** skatsaounis_ has quit IRC17:51
*** diablo_rojo has joined #openstack-meeting-alt17:56
*** ijw has quit IRC18:05
*** igordc has joined #openstack-meeting-alt18:15
*** vishalmanchanda has quit IRC18:21
*** vishalmanchanda has joined #openstack-meeting-alt18:21
*** jtomasek has joined #openstack-meeting-alt18:24
*** jtomasek has quit IRC18:24
*** jtomasek has joined #openstack-meeting-alt18:25
*** derekh has quit IRC18:29
*** diablo_rojo has quit IRC18:30
*** elico has joined #openstack-meeting-alt18:36
*** raildo has quit IRC18:37
*** raildo has joined #openstack-meeting-alt18:38
*** bobmel has joined #openstack-meeting-alt18:44
*** bobmel has quit IRC18:49
*** diablo_rojo has joined #openstack-meeting-alt18:49
*** ayoung has quit IRC18:52
*** gmann is now known as gmann_afk19:00
*** e0ne has joined #openstack-meeting-alt19:26
*** ijw has joined #openstack-meeting-alt19:41
*** ijw has quit IRC19:47
*** ijw has joined #openstack-meeting-alt20:22
*** diablo_rojo has quit IRC20:22
*** gmann_afk is now known as gmann20:25
*** ijw has quit IRC20:26
*** diablo_rojo has joined #openstack-meeting-alt20:27
*** diablo_rojo has quit IRC20:28
*** e0ne has quit IRC20:30
*** diablo_rojo has joined #openstack-meeting-alt20:33
*** vesper11 has quit IRC20:49
*** vesper11 has joined #openstack-meeting-alt20:51
*** ijw has joined #openstack-meeting-alt20:53
*** ijw has quit IRC20:58
*** rfolco has quit IRC21:08
*** rfolco has joined #openstack-meeting-alt21:09
*** e0ne has joined #openstack-meeting-alt21:09
*** e0ne has quit IRC21:11
*** e0ne has joined #openstack-meeting-alt21:15
*** raildo has quit IRC21:16
*** ijw has joined #openstack-meeting-alt21:16
*** e0ne has quit IRC21:18
*** ijw has quit IRC21:20
*** ijw has joined #openstack-meeting-alt21:22
*** smyers has joined #openstack-meeting-alt21:24
*** ijw has quit IRC21:26
*** rfolco has quit IRC21:26
*** ijw has joined #openstack-meeting-alt21:42
*** ijw has quit IRC21:45
*** ijw has joined #openstack-meeting-alt21:47
*** ijw has quit IRC21:53
*** ijw has joined #openstack-meeting-alt22:06
*** ijw has quit IRC22:09
*** ijw has joined #openstack-meeting-alt22:11
*** slaweq has quit IRC22:15
*** elico has quit IRC22:36
*** munimeha1 has quit IRC22:43
*** bobmel has joined #openstack-meeting-alt22:48
*** elico has joined #openstack-meeting-alt22:51
*** elico has quit IRC22:52
*** elico has joined #openstack-meeting-alt22:52
*** rcernin has joined #openstack-meeting-alt22:57
*** elico has quit IRC23:23
*** slaweq has joined #openstack-meeting-alt23:25
*** slaweq has quit IRC23:31
*** ijw has quit IRC23:44
« Monday, 2019-12-02 Index Wednesday, 2019-12-04 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!