Extend Keystone to cope with OIDC and Identity Federations

Related fix proposed to branch: master
Review: https://review.openstack.org/444299

Hi Fulvio

Thanks for the bug report and the associated review for the keystone charm; they are in the queue for review and will be looked at in the next few days.

Hallo James! I have been very silent for a long while, my apologies:
however, last week I was back on this task and I think I have completed at
least the configuration part. Now I am playing with keystone_hooks to add
calls to activate the relevant pieces of code. I hope I will be ready for
another commit in a few days.
Thanks for following this up!

    Fulvio

2017-05-15 13:29 GMT+02:00 James Page <email address hidden>:

> ** Changed in: charm-keystone
> Milestone: 17.05 => 17.08
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1671506
>
> Title:
> Extend Keystone to cope with OIDC and Identity Federations
>
> Status in OpenStack keystone charm:
> In Progress
>
> Bug description:
> At GARR, the Italian NREN, we are setting up OpenStack clusters (
> https://cloud.garr.it/) and we need to enable support for federated
> identities (OIDC, eduGain).
> We have produced Ansible roles to fix the default Keystone charm, and we
> are learning how to merge such changes in Git... Eventually we'd be glad if
> our changes could make it in the official development stream.
> For the time being, this "bug report" is meant as a way to link our
> request to a Git branch.
> Thanks for your attention!
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/charm-keystone/+bug/1671506/+subscriptions
>

Hallo James, I just made a commit of my work. This time I commited from my
working directory, which is the same I used to push an apparently
functional charm to our jujucharms area, and also tried to write a
meaningful commit message.

Thanks for your attention and patience and bear with me for my poor
programming skills.
Ciao ciao

    Fulvio

2017-05-15 15:02 GMT+02:00 Fulvio Galeazzi <email address hidden>:

> Hallo James! I have been very silent for a long while, my apologies:
> however, last week I was back on this task and I think I have completed at
> least the configuration part. Now I am playing with keystone_hooks to add
> calls to activate the relevant pieces of code. I hope I will be ready for
> another commit in a few days.
> Thanks for following this up!
>
> Fulvio
>
>
> 2017-05-15 13:29 GMT+02:00 James Page <email address hidden>:
>
>> ** Changed in: charm-keystone
>> Milestone: 17.05 => 17.08
>>
>> --
>> You received this bug notification because you are subscribed to the bug
>> report.
>> https://bugs.launchpad.net/bugs/1671506
>>
>> Title:
>> Extend Keystone to cope with OIDC and Identity Federations
>>
>> Status in OpenStack keystone charm:
>> In Progress
>>
>> Bug description:
>> At GARR, the Italian NREN, we are setting up OpenStack clusters (
>> https://cloud.garr.it/) and we need to enable support for federated
>> identities (OIDC, eduGain).
>> We have produced Ansible roles to fix the default Keystone charm, and
>> we are learning how to merge such changes in Git... Eventually we'd be glad
>> if our changes could make it in the official development stream.
>> For the time being, this "bug report" is meant as a way to link our
>> request to a Git branch.
>> Thanks for your attention!
>>
>> To manage notifications about this bug go to:
>> https://bugs.launchpad.net/charm-keystone/+bug/1671506/+subscriptions
>>
>
>

Hallo James, sorry to bug you but I am a bit afraid I may have done
something not properly, as after my last commit nothing happened, as far as
the automated machinery for testing is involved. Last time I was notified
within 24 hours that my package had been compiled, whereas this time...
silence.
Did I do something wrong, or may be as the modificiations are scheduled for
17.08, the relevant testing has been automatically postponed?
Thanks for your help

    Fulvio

2017-05-19 15:51 GMT+02:00 Fulvio Galeazzi <email address hidden>:

> Hallo James, I just made a commit of my work. This time I commited from my
> working directory, which is the same I used to push an apparently
> functional charm to our jujucharms area, and also tried to write a
> meaningful commit message.
>
> Thanks for your attention and patience and bear with me for my poor
> programming skills.
> Ciao ciao
>
> Fulvio
>
>
> 2017-05-15 15:02 GMT+02:00 Fulvio Galeazzi <email address hidden>:
>
>> Hallo James! I have been very silent for a long while, my apologies:
>> however, last week I was back on this task and I think I have completed at
>> least the configuration part. Now I am playing with keystone_hooks to add
>> calls to activate the relevant pieces of code. I hope I will be ready for
>> another commit in a few days.
>> Thanks for following this up!
>>
>> Fulvio
>>
>>
>> 2017-05-15 13:29 GMT+02:00 James Page <email address hidden>:
>>
>>> ** Changed in: charm-keystone
>>> Milestone: 17.05 => 17.08
>>>
>>> --
>>> You received this bug notification because you are subscribed to the bug
>>> report.
>>> https://bugs.launchpad.net/bugs/1671506
>>>
>>> Title:
>>> Extend Keystone to cope with OIDC and Identity Federations
>>>
>>> Status in OpenStack keystone charm:
>>> In Progress
>>>
>>> Bug description:
>>> At GARR, the Italian NREN, we are setting up OpenStack clusters (
>>> https://cloud.garr.it/) and we need to enable support for federated
>>> identities (OIDC, eduGain).
>>> We have produced Ansible roles to fix the default Keystone charm, and
>>> we are learning how to merge such changes in Git... Eventually we'd be glad
>>> if our changes could make it in the official development stream.
>>> For the time being, this "bug report" is meant as a way to link our
>>> request to a Git branch.
>>> Thanks for your attention!
>>>
>>> To manage notifications about this bug go to:
>>> https://bugs.launchpad.net/charm-keystone/+bug/1671506/+subscriptions
>>>
>>
>>
>

Hi Fulvio

Can you push your changes to the branch used for:

  https://review.openstack.org/#/c/444299/

and then use 'git commit --amend' and 'git review' to push a new version of the review please.

Its easier for use to have a review conversation and history of comments via gerrit.

Hallo James,
    sorry for being so ignorant with Git... I'd like to commit my changes
for review.

Here is the current status:

maastest@xenial-juju:~/Users/fulvio/localcharms/charm-keystone$ git status
On branch bug/1671506
nothing to commit, working directory clean

maastest@xenial-juju:~/Users/fulvio/localcharms/charm-keystone$ git superlog
* 1b908ee82b8cc3ada6d4f2a29fffc6f4d6cc2261 (HEAD -> bug/1671506) Merge
remote-tracking branch 'origin/master' into bug/1671506
|\
| | * 3d84a3563ab80169cf97f552e94651f873d3abb2 (master) Merge
remote-tracking branch 'origin/master'
| | |\
| |/ /
|/| /
| |/
| * 681047f39777c5700bccab360bc1615c74150c94 (origin/master, origin/HEAD,
gerrit/master) Use 'uuid' token provide configuration
| * 6f99e78cdeebfe93ea8343848a8e17f44736e79b Updated icon
| * d36af554846fcd37368b3c7e09bdc19649b7ac46 Updates for pike b1
| * d62a2e75c3efb52d5e6a6d176c0c12a2cb263358 Network space aware address
for cluster relation
| * 8b066b7eabf24f4aeacf74492bcac6575c0292ab Merge "Enable Zesty-Ocata
Amulet Tests"
......

Problem is that "git review" noticed I made several commits and asks:

maastest@xenial-juju:~/Users/fulvio/localcharms/charm-keystone$ git review
You are about to submit multiple commits. This is expected if you are
submitting a commit that is dependent on one or more in-review
commits. Otherwise you should consider squashing your changes into one
commit before submitting.

The outstanding commits are:

1b908ee (HEAD -> bug/1671506) Merge remote-tracking branch 'origin/master'
into bug/1671506
a67fd8c Related-Bug: 1671506
5b7797c Updated icon
e135c85 Updates for pike b1
......

Can you please suggest how should I move on from here? I am not familiar
with rebasing...
  Thanks!

    Fulvio

Hi Fulvio

I'm happy to help with any blockers around git/gerrit. (Not able to help with the charm code though)

Feel free to ping me directly.

Thanks a lot Bryan, appreciate that!
    I was doing other things these days, but hopefully I may try to get
back to work on this some time coming week.
  We'll keep in touch, thanks again!

    Fulvio

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

2017-11-08 16:02 GMT+01:00 Bryan Quigley <email address hidden>:

> Hi Fulvio
>
> I'm happy to help with any blockers around git/gerrit. (Not able to help
> with the charm code though)
>
> Feel free to ping me directly.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1671506
>
> Title:
> Extend Keystone to cope with OIDC and Identity Federations
>
> Status in OpenStack keystone charm:
> In Progress
>
> Bug description:
> At GARR, the Italian NREN, we are setting up OpenStack clusters (
> https://cloud.garr.it/) and we need to enable support for federated
> identities (OIDC, eduGain).
> We have produced Ansible roles to fix the default Keystone charm, and we
> are learning how to merge such changes in Git... Eventually we'd be glad if
> our changes could make it in the official development stream.
> For the time being, this "bug report" is meant as a way to link our
> request to a Git branch.
> Thanks for your attention!
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/charm-keystone/+bug/1671506/+subscriptions
>

I did some work for 18.05 to support federated identity in Keystone and OpenStack dashboard charms.

https://review.openstack.org/#/q/topic:fe-federated-identity+(status:open+OR+status:merged)

The merged code can be used, for example, with this charm (tested with TestShib and ADFS):

https://jujucharms.com/u/dmitriis/keystone-saml-mellon
https://github.com/dshcherb/charm-keystone-saml-mellon

A keystone-oidc charm could be written in a similar way because the merged code is generic enough for that.

I would consider this to be "fixed released" and instead focus on upstreaming keystone-saml-mellon and writing a subordinate for OIDC.

As a side note, there is a spec to support SAML natively:

https://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/native-saml.html