Re: [openstack-dev] Criteria for giving a -1 in a review

2014-08-21 Thread Lance Bragstad
Comments inline below. Best Regards, Lance On Thu, Aug 21, 2014 at 11:40 AM, Adam Young ayo...@redhat.com wrote: On 08/21/2014 12:21 PM, Daniel P. Berrange wrote: On Thu, Aug 21, 2014 at 05:05:04PM +0100, Matthew Booth wrote: I would prefer that you didn't merge this. i.e. The project

Re: [openstack-dev] [keystone] Stepping down as PTL

2014-09-23 Thread Lance Bragstad
On Tue, Sep 23, 2014 at 3:51 AM, Thierry Carrez thie...@openstack.org wrote: Adam Young wrote: OpenStack owes you more than most people realize. +1 Dolph did a great job of keeping the fundamental piece that is Keystone safe from a release management perspective, by consistently hitting

Re: [openstack-dev] [Nova] [All] API standards working group

2014-09-24 Thread Lance Bragstad
You can add me to this list as well. Thanks! Lance On Wed, Sep 24, 2014 at 9:41 AM, Alex Xu x...@linux.vnet.ibm.com wrote: I'm interesting in the group too! On 2014年09月24日 18:01, Salvatore Orlando wrote: Please keep me in the loop. The importance of ensuring consistent style across

Re: [openstack-dev] [Openstack-dev] [Nova] use Keystone V3 token to volume attachment

2014-03-20 Thread Lance Bragstad
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Furthermore Russell talked to Dolph in IRC and Dolph created this blueprint for planning the path forward from keystone v2 to v3: https://blueprints.launchpad.net/keystone/+spec/document-v2-to-v3-transition -- Lance

Re: [openstack-dev] [nova] objects notifications

2014-07-29 Thread Lance Bragstad
Keystone has a notifications module that is based on this idea. When implementing notification in Keystone, we wanted it to be easy to deliver notifications on new resources and extensions [1], which is where the idea of the wrapper came from. With that framework in place, we wrap our CRUD methods

Re: [openstack-dev] Concerns about the ballooning size of keystone tokens

2014-05-21 Thread Lance Bragstad
John, Adam had a blog post on Compressed Tokens that might help shed a little light on them in general[1]. We also have a blueprint for tracking the work as it gets done[2]. [1] http://adam.younglogic.com/2014/02/compressed-tokens/ [2]

Re: [openstack-dev] [keystone][swift] Has anybody considered storing tokens in Swift?

2014-09-29 Thread Lance Bragstad
On Mon, Sep 29, 2014 at 11:25 AM, Jay Pipes jaypi...@gmail.com wrote: On 09/29/2014 12:15 PM, Julien Danjou wrote: On Mon, Sep 29 2014, Jay Pipes wrote: What if we wrote a token driver in Keystone that uses Swift for backend storage? Yay! I already wrote a PoC to that:

Re: [openstack-dev] [api] Forming the API Working Group

2014-10-14 Thread Lance Bragstad
I found a couple of free times available for a weekly meeting if people are interested: https://review.openstack.org/#/c/128332/2 Not sure if a meeting time has been hashed out already or not, and if it has I'll change the patch accordingly. If not, we can iterate on possible meeting times in

Re: [openstack-dev] [api] Forming the API Working Group

2014-10-14 Thread Lance Bragstad
On Tue, Oct 14, 2014 at 4:29 PM, Christopher Yeoh cbky...@gmail.com wrote: On Tue, 14 Oct 2014 10:29:34 -0500 Lance Bragstad lbrags...@gmail.com wrote: I found a couple of free times available for a weekly meeting if people are interested: https://review.openstack.org/#/c/128332/2

Re: [openstack-dev] [QA][All] Prelude to functional testing summit discussions

2014-10-30 Thread Lance Bragstad
On Thu, Oct 30, 2014 at 6:30 AM, Eoghan Glynn egl...@redhat.com wrote: Hi everyone, Before we start the larger discussion at summit next week about the future of testing in OpenStack - specifically about spinning up functional testing and how it relates to tempest - I would like

Re: [openstack-dev] [Openstack-security] [Barbican][OSSG] Mid Cycle Attendance / Crossover.

2014-11-11 Thread Lance Bragstad
On Tue, Nov 11, 2014 at 3:30 PM, Douglas Mendizabal douglas.mendiza...@rackspace.com wrote: I think it would also be interesting to hear for the Keystone folks that are interested in attending OSSG and/or Barbican. We did record some of our plans for the Keystone mid-cycle meetup during our

Re: [openstack-dev] [all] removing XML testing completely from Tempest

2014-11-24 Thread Lance Bragstad
We are in the process of removing XML support from Keystone [1] and have provided configuration options to Tempest for testing XML in older releases [2]. However, the identity client is still tightly coupled to XML test cases. We can either fix the 309 test cases that use the XML identity client

Re: [openstack-dev] [all] bugs with paste pipelines and multiple projects and upgrading

2014-12-03 Thread Lance Bragstad
On Wed, Dec 3, 2014 at 9:18 AM, Sean Dague s...@dague.net wrote: We've hit two interesting issues this week around multiple projects installing into the paste pipeline of a server. 1) the pkg_resources explosion in grenade. Basically ceilometer modified swift paste.ini to add it's own code

Re: [openstack-dev] Where should Schema files live?

2014-12-08 Thread Lance Bragstad
Keystone also has API documentation in the keystone-spec repo [1], which went in with [2] and [3]. [1] https://github.com/openstack/keystone-specs/tree/master/api [2] https://review.openstack.org/#/c/128712/ [3] https://review.openstack.org/#/c/130577/ On Mon, Dec 8, 2014 at 1:06 PM, Adam Young

Re: [openstack-dev] [Keystone] Nominating Brad Topol for Keystone-Spec core

2015-01-18 Thread Lance Bragstad
+1 On Jan 18, 2015 1:23 PM, Marek Denis marek.de...@cern.ch wrote: +1 On 18.01.2015 20:11, Morgan Fainberg wrote: Hello all, I would like to nominate Brad Topol for Keystone Spec core (core reviewer for Keystone specifications and API-Specification only:

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

2015-02-16 Thread Lance Bragstad
On Mon, Feb 16, 2015 at 1:21 PM, Samuel Merritt s...@swiftstack.com wrote: On 2/14/15 9:49 PM, Adam Young wrote: On 02/13/2015 04:19 PM, Morgan Fainberg wrote: On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com mailto:lbrags...@gmail.com) wrote: Hello all, I'm

Re: [openstack-dev] [Keystone] Proposing Marek Denis for the Keystone Core Team

2015-02-10 Thread Lance Bragstad
+1 On Tue, Feb 10, 2015 at 11:56 AM, David Stanek dsta...@dstanek.com wrote: +1 On Tue, Feb 10, 2015 at 12:51 PM, Morgan Fainberg morgan.fainb...@gmail.com wrote: Hi everyone! I wanted to propose Marek Denis (marekd on IRC) as a new member of the Keystone Core team. Marek has been

[openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

2015-02-13 Thread Lance Bragstad
Hello all, I'm proposing the Authenticated Encryption (AE) Token specification [1] as an SPFE. AE tokens increases scalability of Keystone by removing token persistence. This provider has been discussed prior to, and at the Paris summit [2]. There is an implementation that is currently up for

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

2015-02-15 Thread Lance Bragstad
for encrypting. On Sun, Feb 15, 2015 at 12:03 AM, Morgan Fainberg morgan.fainb...@gmail.com wrote: On February 14, 2015 at 9:53:14 PM, Adam Young (ayo...@redhat.com) wrote: On 02/13/2015 04:19 PM, Morgan Fainberg wrote: On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com) wrote

Re: [openstack-dev] [Keystone] Is anyone working on the following patch?

2015-01-07 Thread Lance Bragstad
https://review.openstack.org/#/c/113586/ is owned by dstanek but I understand he is out this week at a conference? It might be worth dropping in #openstack-keystone and seeing if dstanek would be alright with you picking it up, since you're building on it. On Wed, Jan 7, 2015 at 12:21 AM, Ajaya

Re: [openstack-dev] [keystone][barbican] Regarding exposing X-Group-xxxx in token validation

2015-06-04 Thread Lance Bragstad
morgan.fainb...@gmail.com wrote: For Fernet, the groups would only be populated on validate as Dolph outlined. They would not be added to the core payload. We do not want to expand the payload in this manner. --Morgan Sent via mobile On Jun 3, 2015, at 21:51, Lance Bragstad lbrags...@gmail.com

Re: [openstack-dev] [keystone][barbican] Regarding exposing X-Group-xxxx in token validation

2015-06-03 Thread Lance Bragstad
I feel if we allowed group ids to be an attribute of the Fernet's core payload, we continue to open up the possibility for tokens to be greater than the initial acceptable size limit for a Fernet token (which I believe was 255 bytes?). With this, I think we need to provide guidance on the number

Re: [openstack-dev] [Keystone] Midcycle

2015-06-10 Thread Lance Bragstad
Hi Adam, Do you have any more information on the Boston University dorm situation? On Tue, Jun 9, 2015 at 1:25 PM, Adam Young ayo...@redhat.com wrote: Keystone Liberty Midcycle Meetup Time and Location When: July 15-17 (Wed-Fri) Where: Boston University, Boston, MA, USA Keystone

Re: [openstack-dev] DB2 CI enablement on Keystone

2015-06-15 Thread Lance Bragstad
On Mon, Jun 15, 2015 at 5:00 AM, Feng Xi BJ Yan yanfen...@cn.ibm.com wrote: Hi, Keystone guys, Could we have a talk about DB2 CI enablement on this Monday, 8PM central US time? which is Tuesday 9AM beijeing time? Works for me, I'll make a note to be in the channel at 8 PM central. Thanks

[openstack-dev] [keystone] Liberty SPFE Request - IDP Specific WebSSO

2015-08-12 Thread Lance Bragstad
Hey all, I'd like to propose a spec proposal freeze exception for IDP Specific WebSSO [0]. This topic has been discussed, in length, on the mailing list [1], where this spec has been referenced as a possible solution [2]. This would allow for multiple Identity Providers to use the same

Re: [openstack-dev] [keystone] Liberty SPFE Request - IDP Specific WebSSO

2015-08-18 Thread Lance Bragstad
etc. --Morgan Sent via mobile On Aug 12, 2015, at 16:20, Lance Bragstad lbrags...@gmail.com wrote: Hey all, I'd like to propose a spec proposal freeze exception for IDP Specific WebSSO [0]. This topic has been discussed, in length, on the mailing list [1], where this spec has been

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-04 Thread Lance Bragstad
On Tue, Aug 4, 2015 at 9:28 AM, Boris Bobrov bbob...@mirantis.com wrote: On Tuesday 04 August 2015 08:06:21 Lance Bragstad wrote: On Tue, Aug 4, 2015 at 1:37 AM, Boris Bobrov bbob...@mirantis.com wrote: On Monday 03 August 2015 21:05:00 David Stanek wrote: On Sat, Aug 1, 2015 at 8:03

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-04 Thread Lance Bragstad
On Tue, Aug 4, 2015 at 1:37 AM, Boris Bobrov bbob...@mirantis.com wrote: On Monday 03 August 2015 21:05:00 David Stanek wrote: On Sat, Aug 1, 2015 at 8:03 PM, Boris Bobrov bbob...@mirantis.com wrote: On Sat, Aug 1, 2015 at 3:41 PM, Clint Byrum cl...@fewbar.com wrote: This too is

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-05 Thread Lance Bragstad
for Key distribution and rotation in multiple KeyStone deployment scenario, the database replication (sync. or async.) capability could be leveraged. Best Regards Chaoyi Huang ( Joe Huang ) *From:* Lance Bragstad [mailto:lbrags...@gmail.com] *Sent:* Tuesday, August 04, 2015 10:56 PM

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Lance Bragstad
protect the list of IdPs? regards David Thanks, Steve Martinelli OpenStack Keystone Core Inactive hide details for Lance Bragstad ---2015/08/04 01:49:29 PM---On Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish drfish@us.iLance Bragstad ---2015/08

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-03 Thread Lance Bragstad
On Mon, Aug 3, 2015 at 7:03 AM, David Stanek dsta...@dstanek.com wrote: On Mon, Aug 3, 2015 at 7:14 AM, Davanum Srinivas dava...@gmail.com wrote: agree. Native HA solution was already ruled out in several email threads by keystone cores already (if i remember right). This is a devops issue

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-04 Thread Lance Bragstad
On Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish drf...@us.ibm.com wrote: Hi David, This is a cool looking UI. I've made a minor comment on it in InVision. I'm curious if this is an implementable idea - does keystone support large numbers of 3rd party idps? is there an API to retreive the list

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-12 Thread Lance Bragstad
On Wed, Aug 12, 2015 at 12:06 PM, David Chadwick d.w.chadw...@kent.ac.uk wrote: On 11/08/2015 01:46, Jamie Lennox wrote: - Original Message - From: Jamie Lennox jamielen...@redhat.com To: OpenStack Development Mailing List (not for usage questions)

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread Lance Bragstad
for Lance Bragstad ---2015/08/04 01:49:29 PM---On Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish drfish@us.iLance Bragstad ---2015/08/04 01:49:29 PM---On Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish drf...@us.ibm.com wrote: Hi David, From: Lance Bragstad lbrags...@gmail.com

Re: [openstack-dev] [keystone] token revocation woes

2015-07-23 Thread Lance Bragstad
On Wed, Jul 22, 2015 at 10:06 PM, Adam Young ayo...@redhat.com wrote: On 07/22/2015 05:39 PM, Adam Young wrote: On 07/22/2015 03:41 PM, Morgan Fainberg wrote: This is an indicator that the bottleneck is not the db strictly speaking, but also related to the way we match. This means we need

Re: [openstack-dev] [keystone] Let's get together and fix all the bugs

2015-10-10 Thread Lance Bragstad
On Sat, Oct 10, 2015 at 8:07 AM, Boris Bobrov wrote: > On Saturday 10 October 2015 08:42:10 Shinobu Kinjo wrote: > > So what's the procedure? > > You go to #openstack-keystone on Friday, choose a bug, talk to someone of > the > core reviewers. After talking to them fix the

Re: [openstack-dev] [keystone] PTL non-candidacy

2015-09-10 Thread Lance Bragstad
Best of luck in your new adventures, and thanks for all your hard work! On Thu, Sep 10, 2015 at 5:28 PM, Dolph Mathews wrote: > Thank you for all your work, Morgan! Good luck with the opportunity to > write some code again :) > > On Thu, Sep 10, 2015 at 4:40 PM, Morgan

Re: [openstack-dev] [keystone] creating new users with invalid mail addresses possible

2015-09-11 Thread Lance Bragstad
On Fri, Sep 11, 2015 at 8:04 AM, David Stanek wrote: > On Fri, Sep 11, 2015 at 8:26 AM, Christian Berendt > wrote: > >> At the moment it is possible to create new users with invalid mail >> addresses. I pasted the output of my test at >>

Re: [openstack-dev] 答复: [keystone] Is "domain" a mapping to real-world cloud tenant?

2016-01-04 Thread Lance Bragstad
Interesting. The paper says that the implementation was based on the Havana release. Just out of curiosity, does anyone know if the code is public? On Mon, Dec 14, 2015 at 6:38 PM, darren wang wrote: > Hi Dolph, > > > > Here it is, >

Re: [openstack-dev] [Openstack-operators] [keystone] Removing functionality that was deprecated in Kilo and upcoming deprecated functionality in Mitaka

2015-12-01 Thread Lance Bragstad
On Tue, Dec 1, 2015 at 6:05 AM, Sean Dague wrote: > On 12/01/2015 01:57 AM, Steve Martinelli wrote: > > Trying to summarize here... > > > > - There isn't much interest in keeping eventlet around. > > - Folks are OK with running keystone in a WSGI server, but feel they are > >

Re: [openstack-dev] [keystone][all] Move from active distrusting model to trusting model

2015-11-24 Thread Lance Bragstad
I think one of the benefits of the current model was touched on earlier by dstanek. If someone is working on something for their organization, they typically bounce ideas of others they work with closely. This tends to be people within the same organization. The groups developing the feature might

Re: [openstack-dev] [keystone] Changing the project name uniqueness constraint

2016-06-03 Thread Lance Bragstad
On Fri, Jun 3, 2016 at 3:20 AM, Henry Nash wrote: > > On 3 Jun 2016, at 01:22, Adam Young wrote: > > On 06/02/2016 07:22 PM, Henry Nash wrote: > > Hi > > As you know, I have been working on specs that change the way we handle > the uniqueness of project

Re: [openstack-dev] [keystone] Changing the project name uniqueness constraint

2016-06-03 Thread Lance Bragstad
On Fri, Jun 3, 2016 at 11:20 AM, Henry Nash <henryna...@mac.com> wrote: > > On 3 Jun 2016, at 16:38, Lance Bragstad <lbrags...@gmail.com> wrote: > > > > On Fri, Jun 3, 2016 at 3:20 AM, Henry Nash <henryna...@mac.com> wrote: > >> >> On 3 Jun 2

[openstack-dev] [keystone][all] Incorporating performance feedback into the review process

2016-06-03 Thread Lance Bragstad
Hey all, I have been curious about impact of providing performance feedback as part of the review process. From what I understand, keystone used to have a performance job that would run against proposed patches (I've only heard about it so someone else will have to keep me honest about its

Re: [openstack-dev] [keystone][all] Incorporating performance feedback into the review process

2016-06-03 Thread Lance Bragstad
published publicly (nice to have) On Fri, Jun 3, 2016 at 3:16 PM, Brant Knudson <b...@acm.org> wrote: > > > On Fri, Jun 3, 2016 at 2:35 PM, Lance Bragstad <lbrags...@gmail.com> > wrote: > >> Hey all, >> >> I have been curious about impact of providing

Re: [openstack-dev] [keystone][all] Incorporating performance feedback into the review process

2016-06-10 Thread Lance Bragstad
2016 at 2:35 PM, Lance Bragstad <lbrags...@gmail.com> > wrote: > > > > > Hey all, > > > > > > I have been curious about impact of providing performance feedback as > part > > > of the review process. From what I understand, keystone used to have a >

Re: [openstack-dev] [keystone][all] Incorporating performance feedback into the review process

2016-06-10 Thread Lance Bragstad
review the >Rally test cases that we proposed to them > > > Best regards, > Boris Pavlovic > > On Mon, Jun 6, 2016 at 10:45 AM, Clint Byrum <cl...@fewbar.com> wrote: > >> Excerpts from Brant Knudson's message of 2016-06-03 15:16:20 -0500: >>

[openstack-dev] [keystone] Usage of trusts with v2.0 authentication

2016-02-09 Thread Lance Bragstad
When trusts were implemented, they were designed to work as an extension under the version 3 API. The implementation didn't prevent the use of a trust to authenticate against version 2.0, which was never officially documented in the v2.0 API docs. The keystone team is curious if there is anyone

Re: [openstack-dev] [keystone] changes to keystone-core!

2016-01-31 Thread Lance Bragstad
++ I'm happy to see this go through! Samuel and Dave have been helping me out a lot lately. Both make great additions to the team! On Thu, Jan 28, 2016 at 9:12 AM, Brad Topol wrote: > CONGRATULATIONS Dave and Samuel. Very well deserved!!! > > --Brad > > > Brad Topol, Ph.D. >

Re: [openstack-dev] [keystone] Let's get together and fix all the bugs

2016-01-21 Thread Lance Bragstad
And hope I can put some other folks in too. > > Em sáb, 10 de out de 2015 às 12:03, Lance Bragstad <lbrags...@gmail.com> > escreveu: > >> On Sat, Oct 10, 2015 at 8:07 AM, Boris Bobrov <bbob...@mirantis.com> >> wrote: >> >>> On Saturday 1

Re: [openstack-dev] Is keystone support combined authentication in release L?

2016-03-13 Thread Lance Bragstad
Keystone introduced TOTP authentication this release [0]. Like Adam said, in Newton we will build multi-factor authentication on top of TOTP and existing plugins. [0] http://specs.openstack.org/openstack/keystone-specs/specs/mitaka/totp-auth.html On Sun, Mar 13, 2016 at 4:05 PM, Adam Young

Re: [openstack-dev] [tc][ptl][keystone] Proposal to split authentication part out of Keystone to separated project

2016-04-07 Thread Lance Bragstad
In response to point 2.2, the progress with Fernet in the last year has exposed performance pain points in keystone. Finding sensible solutions for those issues is crucial in order for people to adopt Fernet. In Mitaka we had a lot of discussion that resulted in landing several performance related

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

2016-04-12 Thread Lance Bragstad
Keystone's credential API pre-dates barbican. We started talking about having the credential API back to barbican after it was a thing. I'm not sure if any work has been done to move the credential API in this direction. From a security perspective, I think it would make sense for keystone to back

Re: [openstack-dev] [keystone] Using multiple token formats in a one openstack cloud

2016-03-08 Thread Lance Bragstad
On Tue, Mar 8, 2016 at 10:58 AM, Adam Young wrote: > On 03/08/2016 11:06 AM, Matt Fischer wrote: > > This would be complicated to setup. How would the Openstack services > validate the token? Which keystone node would they use? A better question > is why would you want to do

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

2016-04-13 Thread Lance Bragstad
I think we need to ask who we are lowering the barrier of entry for. Are we going down this path because we want developers to have less things to do to stand up a development environment? Or do we want to make it easy for people to realistically test? If you're going to realistically vet magnum,

Re: [openstack-dev] [keystone] Token providers and Fernet as the default

2016-05-03 Thread Lance Bragstad
If we were to write a uuid/fernet hybrid provider, it would only be expected to support something like stable/liberty to stable/mitaka, right? This is something that we could contribute to stackforge, too. On Tue, May 3, 2016 at 9:21 AM, Adam Young wrote: > On 05/03/2016

Re: [openstack-dev] [Keystone] State of Fernet Token deployment

2016-04-18 Thread Lance Bragstad
It looks like it does [0]. [0] https://github.com/openstack-dev/devstack/blob/4e7804431ada7e2cc0db63bd4c52b17782d33b5b/lib/keystone#L494-L497 On Mon, Apr 18, 2016 at 10:20 AM, Matt Fischer wrote: > On Mon, Apr 18, 2016 at 8:29 AM, Brant Knudson wrote: > >>

Re: [openstack-dev] [keystone] Newton midycle planning

2016-04-14 Thread Lance Bragstad
++ Nice to see this planning happening early! R-14 would probably be a no-go for me. R-12 and R-11 fit my schedule. On Thu, Apr 14, 2016 at 9:11 AM, Henry Nash wrote: > Hi Morgan, > > Great to be planning this ahead of time!!! > > For me either of the July dates are fine -

Re: [openstack-dev] [keystone] New Core Reviewer (sent on behalf of Steve Martinelli)

2016-05-25 Thread Lance Bragstad
Congratulations Rodrigo! Thank you for all the continued and consistent reviews. On Tue, May 24, 2016 at 1:28 PM, Morgan Fainberg wrote: > I want to welcome Rodrigo Duarte (rodrigods) to the keystone core team. > Rodrigo has been a consistent contributor to keystone

Re: [openstack-dev] [requirements] race in keystone unit tests

2016-08-02 Thread Lance Bragstad
Hi Sean, Thanks for the information. This obviously looks Fernet-related and I would be happy to spend some cycles on it. We recently landed a bunch of refactors in keystone to improve Fernet test coverage. This could be related to those refactors. Just double checking - but you haven't opened a

Re: [openstack-dev] [requirements] race in keystone unit tests

2016-08-03 Thread Lance Bragstad
/freezegun On Tue, Aug 2, 2016 at 9:21 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > Hi Sean, > > Thanks for the information. This obviously looks Fernet-related and I > would be happy to spend some cycles on it. We recently landed a bunch of > refactors in keystone to improve

Re: [openstack-dev] [keystone] Can anyone share some experience for how to configure keystone work with https

2016-07-11 Thread Lance Bragstad
There are several upstream deployment projects that have SSL support baked in [0] [1], in case you want to pick through and see exactly how they deploy keystone with SSL. [0] https://github.com/openstack/openstack-ansible-os_keystone [1] https://github.com/openstack/puppet-keystone On Mon, Jul

[openstack-dev] [keystone] ocata backport potential tag

2017-02-08 Thread Lance Bragstad
Hi all, Now that Pike is open for development, I've create an official ocata-backport-potential bug tag. In the event you see a bug that affects Ocata, feel free to use the tag. Thanks! __ OpenStack Development Mailing List

Re: [openstack-dev] [keystone] removing Guang Yee (gyee) from keystone-core

2017-02-02 Thread Lance Bragstad
Guang, it's been a pleasure working with you and getting to know you as a person. Best of luck in your new endeavors! On Thu, Feb 2, 2017 at 8:16 AM, Rodrigo Duarte wrote: > Thanks for everything Guang! We are already missing you. > > On Thu, Feb 2, 2017 at 10:13 AM,

Re: [openstack-dev] [Oslo][all] Pike PTG idea & discussion

2017-02-06 Thread Lance Bragstad
Not sure how much time it would require at the PTG - but I'd really like to discuss the ability to add in-code descriptions of oslo.policy objects, and eventually whatever we need to advertise new defaults. I'm hoping this will help OpenStack as a whole move towards providing better policy

Re: [openstack-dev] [keystone] Field 'domain_id' doesn't have a default value

2017-01-26 Thread Lance Bragstad
Hi Eduardo, Master should populate the domain_id for a user before it gets to the sql layer [0] [1]. Do you have `[identity] default_domain_id` specified in your keystone.conf? Can you give some specifics on the upgrade scenario? Number of nodes? Specific request you're making to create users?

Re: [openstack-dev] Planning for the Pike PTG

2017-01-25 Thread Lance Bragstad
I think the keystone team is in the same spot. We have an etherpad [0] for jotting down ideas, but we haven't parsed it or grouped it in into topics yet. I think we were going to start working on that next week since we're still in the middle of wrapping up the last few bits for ocata-3. I was

[openstack-dev] [keystone] PTG schedule

2017-02-15 Thread Lance Bragstad
Hi all, I tried to get most of our things shuffled around into some-what of a schedule [0]. Everything that was on the list was eventually refactored into the agenda. I've broken the various topics out into their own etherpads and linked them back to the main schedule. We should have the freedom

Re: [openstack-dev] [keystone] PTG schedule

2017-02-20 Thread Lance Bragstad
Also - I just got word that keystone's project room for Wednesday through Friday will be Georgia 13 located on the first floor. I've updated the schedule with the location for all sessions we plan to have in that room. On Mon, Feb 20, 2017 at 8:50 AM, Lance Bragstad <lbrags...@gmail.com>

Re: [openstack-dev] [keystone] PTG schedule

2017-02-20 Thread Lance Bragstad
with another project). Don't hesitate to ping me if you have any questions about the schedule and safe travels to Atlanta! [0] https://etherpad.openstack.org/p/keystone-pike-ptg On Thu, Feb 16, 2017 at 1:40 PM, Lance Bragstad <lbrags...@gmail.com> wrote: > Based on early feedback I've brok

[openstack-dev] [keystone] User survey feedback

2017-02-20 Thread Lance Bragstad
As you may have noticed from other threads, we have some early feedback available from the User Survey. It hasn't closed yet - and I'm sure we'll get updated results once that happens, but the early feedback will be nice to have going into project discussions at the PTG. The question and

Re: [openstack-dev] [keystone]PKI token VS Fernet token

2017-02-17 Thread Lance Bragstad
On Fri, Feb 17, 2017 at 11:22 AM, Clint Byrum wrote: > Excerpts from 王玺源's message of 2017-02-17 14:08:30 +: > > Hi David: > > > > We have not find the perfect solution to solve the fernet performance > > issue, we will try the different crypt strength setting with fernet

Re: [openstack-dev] [keystone]PKI token VS Fernet token

2017-02-16 Thread Lance Bragstad
to let me know. [0] https://etherpad.openstack.org/p/keystone-pike-ptg > > On Wed, Feb 15, 2017 at 9:08 AM Lance Bragstad <lbrags...@gmail.com> > wrote: > >> In addition to what David said, have you played around with caching in >> keystone [0]? After the initial

Re: [openstack-dev] [keystone][api] Changing devstack to not set up keystone on :5000 and :35357

2017-02-25 Thread Lance Bragstad
Nice! Thanks for revisiting this, Brant. Was this a cross-project goal/discussion at the PTG? On Fri, Feb 24, 2017 at 9:24 AM, Brant Knudson wrote: > > At the PTG there was some discussion about changing services to not listen > on ports[0]. I'd been working on this for devstack

Re: [openstack-dev] [keystone]PKI token VS Fernet token

2017-02-25 Thread Lance Bragstad
On Sat, Feb 25, 2017 at 12:47 AM, Clint Byrum wrote: > Excerpts from joehuang's message of 2017-02-25 04:09:45 +: > > Hello, Matt, > > > > Thank you for your reply, just as what you mentioned, for the slow > changed data, aync. replication should work. My concerns is that

[openstack-dev] [keystone] Pike PTG scheduling

2017-02-13 Thread Lance Bragstad
Hey folks, We've had an etherpad [0] floating for the last few weeks collecting ideas for PTG sessions. I spent today finalizing several of the existing topics and porting others from various sources. While I think this is a pretty exhaustive list, I'm leaving it open for any last minute

[openstack-dev] [keystone] mascot

2017-02-13 Thread Lance Bragstad
Good news! We just got the final revision for our official keystone mascot [0]! I have a note on my todo list to put together a basic chart deck with them. I'll send out a link for folks to use when I get them done. [0] https://www.dropbox.com/sh/0owldvy0u5y4yk9/AAB5Q95wYj- oaiisneKbnEiDa?dl=0

Re: [openstack-dev] [All] IRC Mishaps

2017-02-09 Thread Lance Bragstad
The fact that I'm prone to off-by-one errors (particularly when typing spaces) has reconditioned me to no longer use "got it" in chat conversation. On Thu, Feb 9, 2017 at 3:37 PM, Matt Riedemann wrote: > On 2/9/2017 9:47 AM, Hayes, Graham wrote: > >> >> I have also had some

[openstack-dev] [keystone] 2017-02-21 weekly meeting cancelled

2017-02-14 Thread Lance Bragstad
Hi all, I wanted to remind everyone that we won't have our weekly meeting next week (2017-02-21), since most of us with either be at the PTG or in transit. Anything we need to talk about will be done in person. We will pick back up on the 26th. Thanks, Lance

Re: [openstack-dev] [keystone] PTG schedule

2017-02-16 Thread Lance Bragstad
the feedback coming. Thanks! [0] https://etherpad.openstack.org/p/pike-ptg-keystone-ocata-carry-over On Wed, Feb 15, 2017 at 10:24 PM, Lance Bragstad <lbrags...@gmail.com> wrote: > Hi all, > > I tried to get most of our things shuffled around into some-what of a > schedu

Re: [openstack-dev] Hierarchical quotas at the PTG?

2017-02-15 Thread Lance Bragstad
On Wed, Feb 15, 2017 at 1:11 PM, Matt Riedemann wrote: > On 2/15/2017 12:07 PM, Sajeesh Cimson Sasi wrote: > >> Hi Matt, Andrey, >> CERN-BARC team was working on nested quota >> implementation in Nova some 3 years back.But at that time, it was decided

[openstack-dev] [keystone] 2017-02-22 weekly policy meeting cancelled

2017-02-15 Thread Lance Bragstad
Since a bunch of us are going to be at the PTG next week, we can hold policy discussions face-to-face. Our next policy meeting will take place on March 1st. Safe travels! __ OpenStack Development Mailing List (not for usage

Re: [openstack-dev] [keystone]PKI token VS Fernet token

2017-02-15 Thread Lance Bragstad
In addition to what David said, have you played around with caching in keystone [0]? After the initial implementation of fernet landed, we attempted to make it the default token provider. We ended up reverting the default back to uuid because we hit several issues. Around the Liberty and Mitaka

Re: [openstack-dev] [keystone] 2017-1-11 policy meeting

2017-01-18 Thread Lance Bragstad
Looping this into the operator's list, too! On Wed, Jan 18, 2017 at 2:13 PM, Lance Bragstad <lbrags...@gmail.com> wrote: > Thanks to Morgan in today's policy meeting [0], we were able to shed some > light on the reasons for keystone having two policy files. The main reason > a sec

Re: [openstack-dev] [keystone] 2017-1-11 policy meeting

2017-01-19 Thread Lance Bragstad
s to maintain in tree and > everything would be in code.’ Without this file, how can we define > policies? Can user configure policies? > > Ruan > > > > *From:* Lance Bragstad [mailto:lbrags...@gmail.com] > *Sent:* mercredi 18 janvier 2017 23:16 > *To:* OpenStac

Re: [openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?

2017-01-17 Thread Lance Bragstad
I would consider that to be something that spans further than just barbican and keystone. The ability to restrict a token to a single service/operation/resource is a super interesting problem especially when you start to consider operational dependencies between the services. If the approach spans

Re: [openstack-dev] [devstack][keystone] DRaaS for Keystone

2017-01-17 Thread Lance Bragstad
Hi Wasiq! On Tue, Jan 17, 2017 at 1:34 PM, Wasiq Noor wrote: > Hello, > > I am Wasiq from Namal College Mianwali, Pakistan. Following the link: > https://wiki.openstack.org/wiki/DisasterRecovery, I have developed a > disaster recovery solution for Keystone for various

Re: [openstack-dev] [keystone] 2017-1-11 policy meeting

2017-01-18 Thread Lance Bragstad
[2] https://github.com/openstack/keystone/blob/7f2b7e58e74c79e5a09bd5c20e0de9c15d9eabd0/etc/policy.json On Wed, Jan 11, 2017 at 11:28 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > Hey folks, > > In case you missed the policy meeting today, we had a good discussion [0] > aro

[openstack-dev] [keystone] [ptl] PTL candidacy for Pike

2017-01-19 Thread Lance Bragstad
Greetings, I want to run for keystone PTL to facilitate an environment for others to grow and make meaningful changes so that we continue to build keystone into a more stable, scalable and performant project [0]. January marks my fifth anniversary working with OpenStack. In that time I've had

[openstack-dev] [keystone] Pike PTG Summary

2017-02-28 Thread Lance Bragstad
I took some time to consolidate my notes from the PTG [0]. Let me know if there are big things I've missed, or if you have summaries of your own. Thanks to everyone who attended and participated! [0] http://lbragstad.com/keystone-pike-ptg-summary/

Re: [openstack-dev] [keystone] Pike PTG Summary

2017-02-28 Thread Lance Bragstad
On Tue, Feb 28, 2017 at 7:04 PM, Clark Boylan <cboy...@sapwetik.org> wrote: > On Tue, Feb 28, 2017, at 04:53 PM, Lance Bragstad wrote: > > I took some time to consolidate my notes from the PTG [0]. Let me know if > > there are big things I've missed, or if you have

Re: [openstack-dev] [keystone] new core reviewer (rderose)

2016-09-01 Thread Lance Bragstad
+1! He has been doing some great work. Welcome to the team, Ron! On Thu, Sep 1, 2016 at 9:44 AM, Steve Martinelli wrote: > I want to welcome Ron De Rose (rderose) to the Keystone core team. In a > short time Ron has shown a very positive impact. Ron has contributed >

Re: [openstack-dev] [keystone][nova][neutron][all] Rolling upgrades: database triggers and oslo.versionedobjects

2016-08-30 Thread Lance Bragstad
Since the encrypted credential work is currently based on triggers, I spent most of today documenting a walk-though migration from Mitaka to Newton [0]. Regardless of the outcome discussed here - figured it would be worth sharing since it's relevant to the thread. Most of the gist contains stuff

Re: [openstack-dev] [keystone][tripleo][ansible][puppet][all] changing default token format

2016-11-07 Thread Lance Bragstad
t; a blog post on the OpenStack sore might be good. superuser? there are > folks reading this who can help > > Sent from HUAWEI AnyOffice > *From:*Lance Bragstad > *To:*OpenStack Development Mailing List (not for usage questions), > openstack-operat...@lists.openstack.org, &

[openstack-dev] [keystone] Weekly Policy Meeting

2016-11-10 Thread Lance Bragstad
Hi folks, After hearing the recaps from the summit, it sounds like policy was a hot topic (per usual). This is also reinforced by the fact every release we have specifications proposed to re-do policy in some way. It's no doubt policy in OpenStack needs work. Let's dedicate an hour a week to

Re: [openstack-dev] [Openstack-operators] [keystone][tripleo][ansible][puppet][all] changing default token format

2016-11-10 Thread Lance Bragstad
/operators. Generally they'll want to publish it there first then > you follow-up with your blog post a few days later. > > On Mon, Nov 7, 2016 at 8:17 AM, Lance Bragstad <lbrags...@gmail.com> > wrote: > >> That's a good idea. Is there a page detailing the process for &

Re: [openstack-dev] [keystone] Weekly Policy Meeting

2016-11-11 Thread Lance Bragstad
ards compatible. > > On Thu, Nov 10, 2016 at 3:30 PM, Lance Bragstad <lbrags...@gmail.com> > wrote: > >> Hi folks, >> >> After hearing the recaps from the summit, it sounds like policy was a hot >> topic (per usual). This is also reinforced by the fact every r

Re: [openstack-dev] [keystone] Pike PTL

2016-11-21 Thread Lance Bragstad
Steve, thanks for all the hard work and dedication over the last 3 cycles. I hope you have a nice break and I look forward to working with you on Pike! Enjoy you're evenings :) On Mon, Nov 21, 2016 at 1:38 PM, Steve Martinelli wrote: > one of these days i'll learn how

Re: [openstack-dev] [keystone] Stepping down from keystone core

2016-11-23 Thread Lance Bragstad
Thanks for all your hard work, Marek. It's been a pleasure working with you. Best of luck and hopefully our paths cross in the future! On Tue, Nov 22, 2016 at 7:57 PM, Steve Martinelli wrote: > Marek, thanks for everything you've done in Keystone. It was loads of fun >

[openstack-dev] [keystone] 2016-11-23 policy meeting summary

2016-11-23 Thread Lance Bragstad
We had a useful discussion today [0]. I attempted to summarize the meeting in the etherpad [1], crossed off things we accomplished, and documented our action items to complete by next week, which I'll echo below: *ACTION ITEM:* group to review https://review.openstack.org/#/c/391624/ and continue

  1   2   3   >