Wednesday, 2021-03-17

« Tuesday, 2021-03-16 Index Thursday, 2021-03-18 »
*** tosky has quit IRC00:10
*** hamalq has quit IRC00:26
*** timburke_ has joined #openstack-keystone00:32
*** timburke has quit IRC00:34
*** timburke_ has quit IRC00:42
*** kd has joined #openstack-keystone00:50
*** k-s-dean has quit IRC00:53
*** timburke has joined #openstack-keystone01:03
johnsomlbragstad_ Hi, so looking at: https://docs.openstack.org/keystone/latest/configuration/policy.html the policy identity:list_endpoints seems to limit it to "role:reader and system_scope:all". This means end users can no longer lookup the service endpoints?  This seems to break bunch of openstackclient commands that first lookup the endpont.01:21
johnsomFor example, in devstack the demo account can no longer see the endpoints:01:21
johnsomhttps://www.irccloud.com/pastebin/B6Z2JzYz/01:22
*** kd has quit IRC01:22
lbragstad_johnsom i think that was also true in stable/queens, prior to the system-scope/secure rbac overhaul https://opendev.org/openstack/keystone/src/branch/stable/queens/keystone/common/policies/endpoint.py#L2701:23
*** lbragstad_ is now known as lbragstad01:23
johnsomHmm01:23
lbragstadmost end users typically get that information from GET /v3/auth/tokens01:24
lbragstador POST /v3/auth/tokens - since the tokens themselves contain service catalogs01:24
johnsomhttps://www.irccloud.com/pastebin/pj8EzIUN/01:24
johnsomAdmittedly I have not tried the designate OSC client using the demo account before, so I don't know how long this has been broken.01:25
johnsomThat is a good point, it is in the token response. I wonder why they are querying the list....01:26
lbragstadseems like that particular portion of the osc designate client was written to assume it was called as someone who could also call the endpoint API directly01:27
johnsomI will look into the OSC code tomorrow01:27
lbragstad(so - assumed to be called as an administrator?)01:27
johnsomNo idea01:27
lbragstadstrange - yeah, let me know if you need some help or what you find01:27
eanderssonWas just replying in qa01:51
eanderssonThis is the same for us in rocky afaik01:51
eanderssonWe always had to use openstack catalog list for "normal" users01:51
eanderssonI always assumed that endpoint list was just "unfiltered" list for "admins", while catalog list was a "filtered" view for normal users.01:58
*** redrobot2 has joined #openstack-keystone01:59
*** redrobot has quit IRC02:03
*** redrobot2 is now known as redrobot02:03
*** rcernin has quit IRC03:22
*** rcernin has joined #openstack-keystone03:33
*** rcernin has quit IRC03:41
*** rcernin has joined #openstack-keystone03:42
*** vishalmanchanda has joined #openstack-keystone04:26
*** manuvakery1 has joined #openstack-keystone04:38
*** timburke has quit IRC05:28
*** Luzi has joined #openstack-keystone05:44
*** jaosorior has joined #openstack-keystone07:20
*** rcernin has quit IRC08:11
*** xek has joined #openstack-keystone08:32
*** bengates has joined #openstack-keystone08:32
*** bengates has quit IRC08:50
*** bengates has joined #openstack-keystone08:51
*** tosky has joined #openstack-keystone09:03
*** rcernin has joined #openstack-keystone09:17
*** rcernin_ has joined #openstack-keystone09:48
*** rcernin has quit IRC09:55
*** gshippey has joined #openstack-keystone10:09
*** kd has joined #openstack-keystone10:31
*** kd has quit IRC10:52
*** rcernin_ has quit IRC11:32
*** takamatsu has quit IRC11:57
*** raildo has joined #openstack-keystone12:58
*** k-s-dean has joined #openstack-keystone13:39
*** raildo_ has joined #openstack-keystone14:08
*** k-s-dean has quit IRC14:10
*** k-s-dean has joined #openstack-keystone14:10
*** raildo has quit IRC14:11
*** vishalmanchanda has quit IRC14:25
*** whoami-rajat_ has joined #openstack-keystone14:30
*** vishalmanchanda has joined #openstack-keystone14:35
*** Luzi has quit IRC16:03
*** hamalq has joined #openstack-keystone16:31
*** timburke has joined #openstack-keystone17:15
*** gyee has joined #openstack-keystone17:29
*** bengates has quit IRC17:55
*** bengates has joined #openstack-keystone17:57
*** bengates has quit IRC18:01
*** whoami-rajat_ is now known as whoami-rajat18:18
*** raildo__ has joined #openstack-keystone18:37
*** k-s-dean has quit IRC18:40
*** gyee has quit IRC18:46
*** raildo_ has quit IRC18:46
*** k-s-dean has joined #openstack-keystone18:50
*** gyee has joined #openstack-keystone18:53
*** k-s-dean has quit IRC18:56
*** raildo_ has joined #openstack-keystone19:10
*** raildo__ has quit IRC19:12
*** raildo__ has joined #openstack-keystone19:13
*** raildo_ has quit IRC19:16
*** rcernin_ has joined #openstack-keystone19:26
*** rcernin_ has quit IRC19:32
*** vishalmanchanda has quit IRC19:35
*** k-s-dean has joined #openstack-keystone19:41
*** gmann is now known as gmann_afk19:41
*** manuvakery1 has quit IRC19:56
*** rcernin_ has joined #openstack-keystone19:57
*** rcernin_ has quit IRC20:02
*** rcernin_ has joined #openstack-keystone20:32
*** rcernin_ has quit IRC20:37
*** whoami-rajat has quit IRC20:40
*** rcernin_ has joined #openstack-keystone20:50
*** rcernin_ has quit IRC21:04
*** rcernin_ has joined #openstack-keystone21:09
*** rcernin_ has quit IRC21:15
*** rcernin_ has joined #openstack-keystone21:41
*** raildo__ has quit IRC22:03
*** gshippey has quit IRC22:15
*** gmann_afk is now known as gmann22:39
*** k-s-dean has quit IRC22:50
*** timburke_ has joined #openstack-keystone23:04
*** timburke has quit IRC23:06
*** k-s-dean has joined #openstack-keystone23:21
*** timburke_ has quit IRC23:31
*** timburke_ has joined #openstack-keystone23:31
*** hamalq has quit IRC23:57
*** hamalq has joined #openstack-keystone23:57
« Tuesday, 2021-03-16 Index Thursday, 2021-03-18 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!