Re: [OpenStack-Infra] A problem with unique identifier on openstackid.org
In this ticket https://storyboard.openstack.org/#!/story/2000239 is mentioned only about OpenID. If I will be use OAuth2.0, how I can distinguish between users? I guess that User API http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html#user-api should provide an ID for each user. On Wed, Apr 15, 2015 at 9:17 PM, Sebastian Marcet smar...@gmail.com wrote: Hello! here is the ticket that we opened https://storyboard.openstack.org/#!/story/2000239 regards 2015-04-15 12:54 GMT-03:00 Jeremy Stanley fu...@yuggoth.org: On 2015-04-15 10:08:08 -0500 (-0500), Jimmy McArthur wrote: Hello! We are trying to open a ticket for this, but it looks like Launchpad for OpenStackID isn't configured yet. Can you let us know what we need to do to set that up? [...] Task tracking for all openstack-infra repos moved from Launchpad to Storyboard late last year once its development grew closer to general usability. Log in at https://storyboard.openstack.org/ and then add a story at https://storyboard.openstack.org/#!/project/728 for the openstack-infra/openstackid repo (looks like there are none active for that Git repo currently). -- Jeremy Stanley -- Ing. Sebastian Marcet SKYPE: sebastian.marcet ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
[OpenStack-Infra] Refstack workflow discussion. Using OpenstackID as auth provider for application with Web UI and CLI client
Here you can find slides with general user stories: - create user account - access to resource required user auth in Web UI - access to resource required user auth in CLI client https://docs.google.com/presentation/d/1v7exKKL1zSA102Xu8FkY1u9rMVUE6BjwUCoWGYYvbaI/edit#slide=id.g9870fa983_0_0 Any comments related to this topic will be very appreciated. Regards, Sergey Slipushenko, Software Developer, Kharkiv, Ukraine, Mirantis Inc. ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [OpenStack-Infra] A proposal to use phabricator for issue tracking
On 03/04/15 17:52, Monty Taylor wrote: Could do better: ACLs for Vulnerability management -- snip I'd love to learn how wikimedia is working with this. http://www.mediawiki.org/wiki/Phabricator/Security tl;dr They have added a security dropdown to task filing that triggers some policy actions. I betcha we could copy theirs. Hello, At Wikimedia we definitely had the requirement of having internal bugs, we have two kinds of them: * security vulnerability that will eventually be disclosed / made public * private / sensitive information we want to keep in (contracts, personal informations etc) We ended up writing our own extension which is in our Gerrit as phabricator/extensions/security.git the README: http://git.wikimedia.org/blob/phabricator%2Fextensions%2Fsecurity.git/master/README The wiki page you found is appropriate. The main author is Mukunda Modell or twentyafterfour on IRC. I am not sure how much available spare time he has though. -- Antoine hashar Musso ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [OpenStack-Infra] A problem with unique identifier on openstackid.org
Vladislav , oauth2 is not meant for authentication, is meant for authorization, if you use oauth2 for authentication, then you are introducing some security issues on your app http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html if you want to authenticate your users in a safe way, you should use openid endpoint first, then the oauth2 proctected api to get additional user info, that is not provided by openid netiher its extensions (SREG/AX) by default regards 2015-04-16 9:57 GMT-03:00 Vladislav Kuzmin vkuz...@mirantis.com: Sebastian, I've used only OAuth2.0 (not OpenID) for obtain an access_token and I've used this documentation http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/oauth2.html . When I got the access_token, I called OAuth 2.0 Rest API for get info about the user http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html . But OAuth 2.0 Rest API don't provide unique identifier for user. My main goal is to get a unique ID for a user that I can use in my application. How I can get ID for user with OAuth2.0? On Thu, Apr 16, 2015 at 1:13 PM, Sebastian Marcet smar...@gmail.com wrote: Vladislav in order to user oauth 2.0, i am assuming that you are doing first an openid request, on the openid response ( possitive assertion http://openid.net/specs/openid-authentication-2_0.html#positive_assertions ) you will get param openid.claimed_id, that one contains the openid url that after this patch is unique per user regards 2015-04-16 4:44 GMT-03:00 Vladislav Kuzmin vkuz...@mirantis.com: In this ticket https://storyboard.openstack.org/#!/story/2000239 is mentioned only about OpenID. If I will be use OAuth2.0, how I can distinguish between users? I guess that User API http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html#user-api should provide an ID for each user. On Wed, Apr 15, 2015 at 9:17 PM, Sebastian Marcet smar...@gmail.com wrote: Hello! here is the ticket that we opened https://storyboard.openstack.org/#!/story/2000239 regards 2015-04-15 12:54 GMT-03:00 Jeremy Stanley fu...@yuggoth.org: On 2015-04-15 10:08:08 -0500 (-0500), Jimmy McArthur wrote: Hello! We are trying to open a ticket for this, but it looks like Launchpad for OpenStackID isn't configured yet. Can you let us know what we need to do to set that up? [...] Task tracking for all openstack-infra repos moved from Launchpad to Storyboard late last year once its development grew closer to general usability. Log in at https://storyboard.openstack.org/ and then add a story at https://storyboard.openstack.org/#!/project/728 for the openstack-infra/openstackid repo (looks like there are none active for that Git repo currently). -- Jeremy Stanley -- Ing. Sebastian Marcet SKYPE: sebastian.marcet -- Ing. Sebastian Marcet SKYPE: sebastian.marcet -- Ing. Sebastian Marcet SKYPE: sebastian.marcet ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [OpenStack-Infra] A proposal to use phabricator for issue tracking
On 03/04/15 18:06, Jeremy Stanley wrote: On 2015-04-03 11:54:00 -0400 (-0400), Sean Dague wrote: [...] 2) is there an event stream of changes (either real time or rss) that can be consumed by said tools? Having the change stream would be really helpful. Which relates to a feature request we hear all the time: is there a way to have bug events spammed to our IRC channel? If LP had a proper event stream, we'd probably already be doing that. Hello, The fab python module wraps around the Phabricator Conduit system: https://pypi.python.org/pypi/fab A few volunteers from the Wikimedia community created a python bot that consumes event, store them in a redis queue, format and route messages to IRC channels. The repo is hosted on our Gerrit: https://gerrit.wikimedia.org/r/p/labs/tools/wikibugs2.git Web view: http://git.wikimedia.org/summary/?r=labs/tools/wikibugs2.git Our routing definition: http://git.wikimedia.org/blob/labs%2Ftools%2Fwikibugs2.git/master/channels.yaml There is some sparse documentation at: https://www.mediawiki.org/wiki/wikibugs You can find the three authors in #wikimedia-labs, their IRC nicks, location and potential timezones are: legoktm SF, PST valhallasw Europe, CET YuviPanda SF, PST I am sure they are willing to take patches and give you more informations. -- Antoine hashar Musso ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [OpenStack-Infra] A proposal to use phabricator for issue tracking
On 03/04/15 17:57, Monty Taylor wrote: On 04/03/2015 11:44 AM, Michael Krotscheck wrote: This proposal is all well and good, however (no offense intended) Monty's got a history of putting out neat proposals and leaving someone else to support it. Without identifying a dedicated person/resource that will maintain phabricator, any discussion is moot. This is actually an excellent point - and one of the reasons that running our own Launchpad is not being suggested. It has been communicated that the operational burden of running a launchpad is extensive and WOULD require dedicated resources. I propose that we not have any developers dedicated to developing phabricator. I propose that the infra-team as a whole would support and maintain it - similar to how we support and maintain gerrit, jenkins, etherpad, ELK, graphite, cgit, mailman, and soon zanata - which are all substantial pieces of software that we did not write ourselves. Since phabricator is actually designed and intended to be able to be run CD from master, the overall operational cost should not be particularly harder than any of the rest of the software we run. Hello, One of the reason Wikimedia migrated from Bugzilla to Phabricator is that it is a PHP application and we have a ton of PHP developers. With OpenStack being all python, maintaining a PHP application might add to your operations burden. As you said in your initial mail, building a bug tracker is not in OpenStack infra team core duties. May I add that hosting such app is probably not either? Phabricator was build for Facebook internal usage but has spawn in its own little company known as Phacility. They seem to provide hosting service which would save you from having to maintain it. Might end up being cheaper than adding workload to the current team / hire one more. Hosting infos: http://www.phabricator.org/hosting/ Staff page: http://phacility.com/about/ We have invited Evan Priestley at the Wikimedia office to present us Phabricator. Might be worth getting in touch with them and organize a quick tour and find out what they can offer. -- Antoine hashar Musso ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [OpenStack-Infra] A problem with unique identifier on openstackid.org
Vlad, The relevant information is documented here: http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/openid.html#openid-2-0-request-authentication-response You must first make the OpenID request in order to get the correct identifier. As Sebastian mentioned, oAuth should not be used for authentication. If there are additional questions on this, please let us know. -- Jimmy McArthur Sebastian Marcet wrote: Vladislav , oauth2 is not meant for authentication, is meant for authorization, if you use oauth2 for authentication, then you are introducing some security issues on your app http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html if you want to authenticate your users in a safe way, you should use openid endpoint first, then the oauth2 proctected api to get additional user info, that is not provided by openid netiher its extensions (SREG/AX) by default regards 2015-04-16 9:57 GMT-03:00 Vladislav Kuzmin vkuz...@mirantis.com mailto:vkuz...@mirantis.com: Sebastian, I've used only OAuth2.0 (not OpenID) for obtain an access_token and I've used this documentation http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/oauth2.html . When I got the access_token, I called OAuth 2.0 Rest API for get info about the user http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html . But OAuth 2.0 Rest API don't provide unique identifier for user. My main goal is to get a unique ID for a user that I can use in my application. How I can get ID for user with OAuth2.0? On Thu, Apr 16, 2015 at 1:13 PM, Sebastian Marcet smar...@gmail.com mailto:smar...@gmail.com wrote: Vladislav in order to user oauth 2.0, i am assuming that you are doing first an openid request, on the openid response ( possitive assertion http://openid.net/specs/openid-authentication-2_0.html#positive_assertions) you will get param openid.claimed_id, that one contains the openid url that after this patch is unique per user regards 2015-04-16 4:44 GMT-03:00 Vladislav Kuzmin vkuz...@mirantis.com mailto:vkuz...@mirantis.com: In this ticket https://storyboard.openstack.org/#!/story/2000239 https://storyboard.openstack.org/#%21/story/2000239 is mentioned only about OpenID. If I will be use OAuth2.0, how I can distinguish between users? I guess that User API http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html#user-api should provide an ID for each user. On Wed, Apr 15, 2015 at 9:17 PM, Sebastian Marcet smar...@gmail.com mailto:smar...@gmail.com wrote: Hello! here is the ticket that we opened https://storyboard.openstack.org/#!/story/2000239 https://storyboard.openstack.org/#%21/story/2000239 regards 2015-04-15 12:54 GMT-03:00 Jeremy Stanley fu...@yuggoth.org mailto:fu...@yuggoth.org: On 2015-04-15 10:08:08 -0500 (-0500), Jimmy McArthur wrote: Hello! We are trying to open a ticket for this, but it looks like Launchpad for OpenStackID isn't configured yet. Can you let us know what we need to do to set that up? [...] Task tracking for all openstack-infra repos moved from Launchpad to Storyboard late last year once its development grew closer to general usability. Log in at https://storyboard.openstack.org/ and then add a story at https://storyboard.openstack.org/#!/project/728 https://storyboard.openstack.org/#%21/project/728 for the openstack-infra/openstackid repo (looks like there are none active for that Git repo currently). -- Jeremy Stanley -- Ing. Sebastian Marcet SKYPE: sebastian.marcet -- Ing. Sebastian Marcet SKYPE: sebastian.marcet -- Ing. Sebastian Marcet SKYPE: sebastian.marcet ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [OpenStack-Infra] A problem with unique identifier on openstackid.org
On 2015-04-16 15:57:10 +0300 (+0300), Vladislav Kuzmin wrote: [...] I've used this documentation http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/oauth2.html [...] By the way, the documentation for it is now continuously published to http://ci.openstack.org/openstackid/ and updated whenever new patches merge in the openstackid git repository. -- Jeremy Stanley ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra