Thursday, 2014-12-04

*** xxj has joined #openstack-keystone		00:00
jamielennox	morganfainberg: it'd be interesting to see if that worked	00:00
morganfainberg	more planning needed to make it work though.	00:00
jamielennox	morganfainberg: an entry step might be like a hangouts meeting every month or so to discuss specs in addition to IRC	00:00
morganfainberg	++	00:01
morganfainberg	perhaps.	00:01
morganfainberg	we can discuss	00:01
jamielennox	hmm - not sure how much benefit there is over irc	00:01
*** jimhoagland has joined #openstack-keystone		00:01
gyee_	stevemar, still around?	00:03
jamielennox	ayoung: i don't see that we need https://review.openstack.org/#/c/137231 in client	00:04
jamielennox	there	00:04
jamielennox	's no reason for consumers of the client to be building tokens	00:04
jamielennox	other than testing and for that we have ksc.fixture	00:04
jamielennox	ah, client one: https://review.openstack.org/#/c/135774/	00:05
stevemar	gyee, sorta, about to go eat	00:06
*** _cjones_ has quit IRC		00:06
jamielennox	dhellmann: you here? re oslo.context	00:06
stevemar	gyee_, ^	00:07
gyee_	stevemar, trying to understand k2k	00:08
* stevemar runs		00:08
gyee_	so this ecp stuff	00:08
gyee_	how come its not part of the API?	00:08
stevemar	what do you mean?	00:08
gyee_	shouldn't we be having something like this? POST /auth/OS-FEDERATION/ecp	00:09
gyee_	I mean clients have to wrap saml2 with ecp	00:09
gyee_	and then post the stuff to SP	00:09
stevemar	gyee_, yes, you are correct...	00:10
stevemar	gyee_, we didn't really know that would be an issue	00:10
gyee_	I mean we should be able to allow clients to ask for ecp instead of saml2	00:10
*** chrisshattuck has quit IRC		00:10
gyee_	I am just looking at it from UX standpoint	00:10
*** quack_quack_ has joined #openstack-keystone		00:11
stevemar	yeah	00:11
stevemar	gyee_, if you look here: http://blog.rodrigods.com/playing-with-keystone-to-keystone-federation/	00:11
stevemar	gyee_, rodrigods, had to do that (search for transform_assertion_into_ecp)	00:11
gyee_	stevemar, I am using his script to test the stuff in my setup	00:12
*** _cjones_ has joined #openstack-keystone		00:12
quack_quack_	hi, i'm trying to figure out how s3_token works, and I'm having trouble understanding a portion of code that is passed on to keystone's s3tokens api	00:12
quack_quack_	specifically starting with this line https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/s3_token.py#L217	00:12
gyee_	stevemar, I am trying to figure out how we can enhance UX by making ecp wrap transparent	00:12
quack_quack_	'access', 'token', 'signature' aren't really documented as far as I can tell	00:12
stevemar	gyee_, yeah, that's definitely a possible spot for improvement	00:13
quack_quack_	this is the best that I can find: https://wiki.openstack.org/wiki/Keystone-BP-S3Token	00:13
stevemar	we can have a new endpoint that wraps it	00:13
gyee_	stevemar, right, that would be awsomer	00:13
jamielennox	quack_quack_: you're almost better to ask the swift guys - i don't think anyone here has much experience with s3	00:14
quack_quack_	thanks jamielennox	00:14
jamielennox	quack_quack_: however looking at it, token is the keystone token from X-Auth-Token	00:14
quack_quack_	ok	00:14
jamielennox	and access and signature are generally the way that AWS does auth right?	00:14
stevemar	quack_quack_, plus we don't like ducks	00:14
quack_quack_	:)	00:14
gyee_	quack_quack, what's the problem?	00:15
*** bknudson has joined #openstack-keystone		00:15
*** ChanServ sets mode: +v bknudson		00:15
quack_quack_	ok this is making more sense jamielennox	00:15
rodrigods	gyee_, stevemar ++ the SP stuff for K2K will help a lot as well	00:15
quack_quack_	so access is the access key	00:15
quack_quack_	i'm wondering how signature is calculated	00:15
gyee_	access is access key ID	00:15
gyee_	signature is calculated based on ec2	00:15
quack_quack_	gyee, I'm basically trying to figure out how to get from access key id and access secret	00:15
quack_quack_	to something that authenticates against keystone	00:15
gyee_	quack_quack, from credential API	00:16
gyee_	you'll need to create the credential using v3 credential API	00:16
quack_quack_	sorry gyee_ but what do you mean?	00:16
notmyname	jamielennox: quack_quack_?	00:16
quack_quack_	i'm somewhat new to this	00:16
gyee_	you'lll need to create an ec2 credential	00:16
gyee_	it has two components, access key ID and secret	00:17
* quack_quack_ nods		00:17
jamielennox	notmyname: first time someone has asked about the s3 middleware for as long as i can remember	00:17
gyee_	secret is used to generate the hmac signature	00:17
notmyname	jamielennox: we get questions over in -swift from time to time :-)	00:17
gyee_	access key id is used to identify the key used to generate the signature	00:17
gyee_	notmyname, while you are here, can I ask you a swift question?	00:17
jamielennox	notmyname: i know that it's only keystone v2, i thought it was essentially dead	00:18
* notmyname has zero idea how swift3 middleware and keystone work together		00:18
notmyname	gyee_: of course! (and I'm always here)	00:18
quack_quack_	lol notmyname	00:18
gyee_	notmyname, once an account is marked as deleted and before the reaper take it, can it be reversed?	00:18
notmyname	jamielennox: swift3 is in stackforge these days. still maintained. I've got a few customers who use it	00:18
jamielennox	quack_quack_: that's true - there is an external middleware called swift3 i'd be inclined to use over the one in keystonemiddleware	00:18
notmyname	gyee_: ya. there's a delay in the reaper	00:18
*** afaranha_ has quit IRC		00:18
notmyname	gyee_: /me goes to look for the config/docs	00:19
gyee_	nomyname, what's the magic command/API to undelete it?	00:19
quack_quack_	jamielennox: so swift3 does the api translation from S3 API to Swift	00:19
quack_quack_	and then hands off the credential authentication to s3_token in the WSGI pipeline	00:19
notmyname	gyee_: https://github.com/openstack/swift/blob/master/etc/account-server.conf-sample#L146	00:19
gyee_	quack_quack, you'll need the s3 emulator middleware as well	00:19
gyee_	which no longer part of Swift :)	00:19
quack_quack_	yes, swift3 is in stackforge	00:20
jamielennox	quack_quack_: oh, right - i'll shut up then	00:20
quack_quack_	:)	00:20
notmyname	gyee_: looking	00:20
gyee_	notmyname, once the reaper started, there's no turning back right?	00:20
notmyname	gyee_: important questions first. is this something you're currently dealing with? ie is there a fire that needs to be put out before we figure out long-term ops processes?	00:21
gyee_	notmyname, I am trying debug an issue in out public cloud, its trying to reprovision the same account for some reason which I think its wrong	00:23
*** dims has quit IRC		00:23
gyee_	s/out/our/	00:23
quack_quack_	gyee_: where does token come from?	00:23
notmyname	gyee_: ok. maybe we should move over to -swift to let keystone have their channel? :-)	00:23
gyee_	my understanding is that once the account is marked is deleted, its not recycleable	00:23
gyee_	definitely a bug on our end	00:24
quack_quack_	you mentioned it's x-auth-token but how	00:24
quack_quack_	ok i get it	00:24
quack_quack_	thanks gyee_	00:25
gyee_	quack_quack_, welcome	00:26
quack_quack_	ok...so s3 canonical string is rolled into x-auth-token	00:28
*** afaranha_ has joined #openstack-keystone		00:29
*** _cjones_ has quit IRC		00:29
gyee_	authorization header I think	00:29
quack_quack_	yup	00:29
*** nellysmitt has joined #openstack-keystone		00:29
gyee_	let me take a look at the code	00:29
quack_quack_	the canonical string is an S3 calculation	00:29
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: duplicate auth-url option returned by BaseGenericPlugin https://review.openstack.org/132652	00:30
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Add missing user-id option to generic.Password https://review.openstack.org/132626	00:30
*** nellysmitt has quit IRC		00:34
gyee_	quack_quack_, right, token contains the canonicalized string	00:38
gyee_	authorization header contains the access key id and signature	00:38
*** thedodd has quit IRC		00:39
*** afaranha_ has quit IRC		00:39
gyee_	rodrigods, your ecp temp has hardcoded "GeneratedKey"?	00:41
gyee_	ecp template I mean	00:41
quack_quack_	Thanks gyee_	00:41
rodrigods	gyee_, yes	00:42
gyee_	rodrigods, why?	00:42
*** dims has joined #openstack-keystone		00:42
gyee_	is that the reason we turned off ecp validation?	00:42
jamielennox	can someone give me some UX advice on this one: https://review.openstack.org/#/c/130159 i'm ok with the idea but the syntax seems horrible	00:43
rodrigods	gyee_, the ecp validation is made via the same assertion I guess	00:43
rodrigods	gyee_, the difficult was to have a valid soap envelope	00:44
rodrigods	gyee_, once I got that one (thx to marekd\|away), used it to perform the tests	00:44
gyee_	rodrigods, but do we have to authenticate ecp? isn't the signature on the saml2 assertion good enough?	00:45
*** kobtea has joined #openstack-keystone		00:45
rodrigods	gyee_, ecp only accepts soap	00:46
rodrigods	gyee_, there is a step where the SP checks the metadata from the IdP against the SAML assertion signature	00:46
rodrigods	which was failing here	00:47
rodrigods	which is failing =(	00:47
gyee_	k	00:47
gyee_	looking at the code, I don't see any IdP metadata baked into ecp though	00:48
*** _cjones_ has joined #openstack-keystone		00:49
*** kobtea has quit IRC		00:50
gyee_	jamielennox, ouch! those allow_* params, shouldn't they be part of the filter?	00:50
gyee_	endpoint filter I mean	00:51
rodrigods	gyee_ the X509 part?	00:51
jamielennox	gyee_: they will end up as part of the endpoint filter	00:51
jamielennox	gyee_: it's how you set it up for the client to use	00:52
jamielennox	this will mean that you could do nova.Client(session, allow_unknown=True)	00:52
jamielennox	which i don't mind it's just ugly	00:52
gyee_	jamielennox, why not just a generic dict for endpoint filter	00:52
jamielennox	wel lthat's what the plugin takes	00:53
jamielennox	it's just how do we set that up to allow users to set it	00:53
gyee_	rodrigods, I am looking at transform_assertion_into_ecp()	00:53
gyee_	just the TEMPLATE part	00:53
gyee_	I don't see any IdP attributes there	00:54
rodrigods	gyee_, this is just the envelope. the idp attributes are in the saml assertion generated by keystone	00:55
gyee_	jamielennox, what I mean is why not just **endpoint_filter or something	00:55
*** afaranha_ has joined #openstack-keystone		00:55
rodrigods	which is included in the "body" of this envelope	00:55
gyee_	instead of keep adding stuff to args list	00:55
gyee_	rodrigods, I see	00:56
jamielennox	i guess we could allow passing an arbitrary endpoint_filter there	00:56
jamielennox	we already take things like service_type at the adapter which gets added to the endpoint_filter	00:56
jamielennox	so i understand why he did it that way	00:57
gyee_	jamielennox, my personal preference, but the Python Jadis may disagree :)	00:57
gyee_	Python Jedis	00:57
gyee_	rodrigods, how many signatures are there? just the saml2 assertion signature right?	00:59
jamielennox	yea, i don't know	00:59
rodrigods	gyee_, yes	00:59
gyee_	rodrigods, so ecp signature = saml2 assertion signature? sorry for asking rudimentary questions as I am still trying to figure out ecp	01:01
rodrigods	gyee_, heh no problem, I mean, AFAIK yes	01:02
*** jimhoagland has quit IRC		01:03
gyee_	rodrigods, cool, thanks for the help!	01:03
rodrigods	gyee_ np! :)	01:03
*** arif-ali has quit IRC		01:05
*** arif-ali has joined #openstack-keystone		01:06
jamielennox	gyee_: if you have a minute can you look at the blocking reviews for ksc and middleware?	01:06
jamielennox	the ksc ones are mostly easy	01:06
*** ncoghlan has joined #openstack-keystone		01:07
gyee_	jamielennox, sure	01:07
gyee_	links?	01:07
jamielennox	https://gist.github.com/dolph/651c6a1748f69637abd0	01:07
gyee_	k	01:08
*** ncoghlan is now known as ncoghlan_afk		01:09
gyee_	-1 from jenkins?	01:09
*** tellesnobrega_ has quit IRC		01:10
openstackgerrit	Brant Knudson proposed openstack/keystone: Remove test PYTHONHASHSEED setting https://review.openstack.org/136593	01:11
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct XMLEquals matcher for ordering https://review.openstack.org/138918	01:11
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct test_auth_unscoped_token_project for result ordering https://review.openstack.org/138919	01:11
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct test_get_v3_catalog test for result ordering https://review.openstack.org/138920	01:11
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct catalog response checker for result ordering https://review.openstack.org/138921	01:11
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct test_identity_attribute_conflict_with_none_value for result ordering https://review.openstack.org/138922	01:11
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct version tests for result ordering https://review.openstack.org/138923	01:11
jamielennox	gyee_: transient, the dependant one works	01:12
*** afaranha_ has quit IRC		01:13
jamielennox	gyee_: assuming you mean the ksc one	01:13
gyee_	right	01:13
gyee_	that's fine	01:13
*** _cjones_ has quit IRC		01:17
*** afaranha_ has joined #openstack-keystone		01:17
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Split identity server into v2 and v3 https://review.openstack.org/130534	01:22
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Allow loading other auth methods in auth_token https://review.openstack.org/129552	01:22
*** _cjones_ has joined #openstack-keystone		01:23
*** jimhoagland has joined #openstack-keystone		01:26
gyee_	jamielennox, gotta run, I'll finish reviewing the rest later tonight	01:27
jamielennox	gyee_: ok, juust saw your no tests comment - not sure what you really want tested there	01:27
jamielennox	gyee_: i'll come up with something	01:27
gyee_	but you are changing the args right?	01:27
*** afaranha_ has quit IRC		01:27
gyee_	tests would make it awesomer	01:27
gyee_	be back in a couple of hours	01:28
*** gyee_ has quit IRC		01:28
jamielennox	gyee: thanks	01:29
*** ncoghlan_afk is now known as ncoghlan		01:29
*** jimhoagland has quit IRC		01:31
*** tellesnobrega_ has joined #openstack-keystone		01:32
*** afaranha_ has joined #openstack-keystone		01:33
*** ncoghlan is now known as ncoghlan_afk		01:45
*** diegows has quit IRC		01:53
bknudson	I feel like I just fixed a gate problem and here we go again.	01:54
*** sluo_wfh has joined #openstack-keystone		01:58
*** dims has quit IRC		01:58
*** sluo_wfh has quit IRC		02:03
*** topol has joined #openstack-keystone		02:10
*** ChanServ sets mode: +v topol		02:10
*** afaranha_ has quit IRC		02:11
*** ncoghlan_afk is now known as ncoghlan		02:14
adam_g	bknudson, master branches should be unblocked now, /w https://review.openstack.org/#/q/Ib08685be252e1fdb0f10853f8fc9a7e19ac54a94,n,z	02:16
*** afaranha_ has joined #openstack-keystone		02:21
*** erkules_ has joined #openstack-keystone		02:23
*** erkules has quit IRC		02:25
*** marcoemorais1 has quit IRC		02:25
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Pass all adapter parameters through to adapter https://review.openstack.org/138228	02:25
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Pass all adapter parameters through to adapter https://review.openstack.org/138228	02:30
*** nellysmitt has joined #openstack-keystone		02:30
*** sluo_wfh has joined #openstack-keystone		02:30
jamielennox	bknudson: are we blocked on neutron stable again?	02:32
*** afaranha_ has quit IRC		02:32
*** _cjones_ has quit IRC		02:34
*** browne has quit IRC		02:34
*** nellysmitt has quit IRC		02:35
*** r-daneel has quit IRC		02:36
adam_g	jamielennox, the fix to master just landed, waiting on https://review.openstack.org/#/c/138933/ for stable	02:39
openstackgerrit	Merged openstack/keystone: sys.exit mock cleanup https://review.openstack.org/124240	02:44
*** markvoelker has quit IRC		02:56
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Allow fetching user_id/project_id from auth https://review.openstack.org/118520	02:59
*** topol has quit IRC		03:03
*** tellesnobrega_ has quit IRC		03:10
*** david-lyle is now known as david-lyle_afk		03:16
*** chrisshattuck has joined #openstack-keystone		03:19
*** zzzeek has quit IRC		03:28
*** afaranha_ has joined #openstack-keystone		03:35
*** richm has quit IRC		03:55
*** lhcheng has quit IRC		04:05
*** lhcheng has joined #openstack-keystone		04:14
*** david-ly_ has joined #openstack-keystone		04:22
*** david-lyle_afk has quit IRC		04:25
*** _cjones_ has joined #openstack-keystone		04:27
*** _cjones_ has quit IRC		04:29
*** _cjones_ has joined #openstack-keystone		04:29
*** nellysmitt has joined #openstack-keystone		04:31
*** nellysmitt has quit IRC		04:36
*** lhcheng has quit IRC		04:38
*** Shohei_ has quit IRC		04:51
*** Shohei_ has joined #openstack-keystone		04:53
*** david-lyle_afk has joined #openstack-keystone		04:58
*** david-ly_ has quit IRC		04:59
ayoung	jamielennox, so I think we have the requirements for DOA down to either do password auth like it is now, or do a redirect to SSO and accept a token for login. I think the Kerberos patch is not going to be needed.	05:02
jamielennox	ayoung: still awake?	05:05
*** rdo_ has joined #openstack-keystone		05:07
jamielennox	ayoung: if i can figure out password auth then the rest are just substituting plugins	05:08
jamielennox	i'm looking at the test code now - it's so tightly bound to the current implementation because it's mocking everywhere	05:08
*** rdo has quit IRC		05:09
jamielennox	ayoung: there's no way i can write these tests in an abstract enough way that they will work with the old and new impl	05:09
ayoung	jamielennox, yeah, don't bother with that.	05:09
*** samuelms has quit IRC		05:10
ayoung	So long as the mocking is a direct replacement, I think it will go ahead OK. I think that the Horizon code also gets a CI of some sort, so you won't break the real thing by replacing direct client creationg with session stuff	05:10
*** samuelms has joined #openstack-keystone		05:11
ayoung	the mocking kindof assumes the sequence of calls...you are not going to make that seamless	05:11
jamielennox	ayoung: i can't find any way to isolate the tests, i can't run nose directly	05:13
jamielennox	the only way they'll work for me is under tox, and there is no filter for individual tests	05:13
ayoung	I recall battling through that...	05:13
ayoung	I might have resorted to nose	05:13
ayoung	activate the venv, pip install nose and run nosetests	05:14
ayoung	ah, no wait	05:15
ayoung	jamielennox, there is a testrunner in that code base...	05:15
ayoung	I think I was running that directly	05:15
jamielennox	ayoung: isn't making a difference, currently got all but one test commented out	05:16
ayoung	jamielennox, yeah...its a pain. I think I did the same thing	05:17
ayoung	I was running using	05:17
ayoung	. .tox/py27/bin/activate	05:17
ayoung	python openstack_auth/tests/run_tests.py	05:17
ayoung	I think I might have hacked it at one point to run a specific test instead of commenting the other ones out	05:17
ayoung	like you, I didn't really want to put the effort into modernizing DOA	05:18
jamielennox	i spent 20 minutes or so doing a first pass, just removing mox	05:19
ayoung	heh	05:19
jamielennox	and got through like 2 cases	05:19
jamielennox	not my problem	05:19
ayoung	jamielennox, OK...gonna crash for tonight...unless you got anything else for me?	05:20
jamielennox	ayoung: nothing pressing i think, need to get a few reviews passed so morgan can do a release	05:21
jamielennox	but they can be tomorrows problem	05:21
ayoung	send an email with the pressing ones, I'll hit in the morning	05:21
jamielennox	ayoung: they're in the blocking review gist in channel header	05:21
openstackgerrit	ayoung proposed openstack/python-keystoneclient: Example Initialization scripts https://review.openstack.org/82687	05:23
*** afaranha_ has quit IRC		05:23
ayoung	jamielennox, ^^ was a rebase to test my script still ran. It does	05:26
ayoung	I'mm make the changes later, thanks for the review on it.	05:27
*** ncoghlan is now known as ncoghlan_afk		05:28
*** chrisshattuck has quit IRC		05:33
*** Shohei_ has quit IRC		05:41
*** Shohei has joined #openstack-keystone		05:41
*** Shohei_ has joined #openstack-keystone		05:43
*** Shohei has quit IRC		05:43
*** ajayaa has joined #openstack-keystone		05:45
*** Shohei_ has quit IRC		05:49
*** ncoghlan_afk is now known as ncoghlan		05:49
*** Shohei has joined #openstack-keystone		05:49
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex https://review.openstack.org/136243	06:03
*** drjones has joined #openstack-keystone		06:06
*** ncoghlan is now known as ncoghlan_afk		06:07
*** _cjones_ has quit IRC		06:09
*** mflobo has quit IRC		06:09
*** mflobo has joined #openstack-keystone		06:10
*** ncoghlan_afk is now known as ncoghlan		06:11
*** kobtea has joined #openstack-keystone		06:11
*** mflobo_ has joined #openstack-keystone		06:13
*** kobtea has quit IRC		06:16
*** mflobo has quit IRC		06:16
*** harlowja_ is now known as harlowja_away		06:19
*** nellysmitt has joined #openstack-keystone		06:32
*** nellysmitt has quit IRC		06:37
*** ncoghlan has quit IRC		06:50
*** ncoghlan has joined #openstack-keystone		06:50
*** drjones has quit IRC		06:51
*** _cjones_ has joined #openstack-keystone		06:52
*** stevemar has quit IRC		06:54
*** k4n0 has joined #openstack-keystone		06:54
*** henrynash has joined #openstack-keystone		06:56
*** ChanServ sets mode: +v henrynash		06:56
*** _cjones_ has quit IRC		07:00
*** _cjones_ has joined #openstack-keystone		07:00
*** lhcheng has joined #openstack-keystone		07:11
*** _cjones_ has quit IRC		07:11
*** henrynash has quit IRC		07:41
*** lhcheng has quit IRC		07:42
*** _cjones_ has joined #openstack-keystone		07:44
openstackgerrit	Andrey Pavlov proposed openstack/keystone: Handle SSL termination proxies for version list https://review.openstack.org/132235	07:44
*** _cjones_ has quit IRC		07:49
*** _cjones_ has joined #openstack-keystone		07:59
*** Maike has joined #openstack-keystone		08:07
*** marekd\|away is now known as marekd		08:07
Maike	Hi, I'm using stable/juno on Ubuntu 14.04. During the stack.sh I got the following error: "Could not find project: alt_demo	08:09
Maike	".. Can anyone help me, please?	08:09
breton	why do you ask here and not in #openstack/#openstack-dev?	08:24
*** Maike has quit IRC		08:25
*** nellysmitt has joined #openstack-keystone		08:26
*** bjornar has quit IRC		08:30
*** ncoghlan has quit IRC		08:34
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Pass all adapter parameters through to adapter https://review.openstack.org/138228	08:35
*** jamielennox is now known as jamielennox\|away		08:37
*** Maike has joined #openstack-keystone		08:39
*** ishant has joined #openstack-keystone		08:43
*** bjornar has joined #openstack-keystone		08:57
*** jistr has joined #openstack-keystone		09:05
*** f13o has joined #openstack-keystone		09:12
Maike	Hi, I'm using stable/juno on Ubuntu 14.04. During the stack.sh I got the following error: "Could not find project: alt_demo	09:25
Maike	".. Can anyone help me, please?	09:25
breton	Maike: why do you ask here and not in #openstack/#openstack-dev?	09:31
*** Maike has quit IRC		09:32
*** mflobo_ has quit IRC		09:33
*** mflobo has joined #openstack-keystone		09:34
*** jistr is now known as jistr\|trng		09:35
*** Maike has joined #openstack-keystone		09:41
*** Maike has quit IRC		09:42
*** Maike has joined #openstack-keystone		09:42
*** kobtea has joined #openstack-keystone		09:49
*** kobtea has quit IRC		09:54
*** henrynash has joined #openstack-keystone		09:54
*** ChanServ sets mode: +v henrynash		09:54
*** _cjones_ has quit IRC		09:54
*** tellesnobrega_ has joined #openstack-keystone		10:34
marekd	henrynash: hey. Looks like currently identity_api doesn't allow for something like get_group_by_name(name, domain), right?	10:35
openstackgerrit	Sergey Skripnick proposed openstack/python-keystoneclient: Raise proper exception in case of connection error https://review.openstack.org/137422	10:37
*** lhcheng has joined #openstack-keystone		10:42
*** lhcheng has quit IRC		10:46
samuelms	moening	11:02
samuelms	morning*	11:02
*** erkules_ is now known as erkules		11:04
*** tellesnobrega_ has quit IRC		11:04
openstackgerrit	Marek Denis proposed openstack/keystone: Identify groups by name/domain in mapping rules. https://review.openstack.org/139013	11:12
*** tellesnobrega_ has joined #openstack-keystone		11:28
henrynash	marked:true…at the manager level you mean? Hmm, I think you are right…there is a get_user_by_name, but not a get_group_by_name	11:46
*** radez is now known as radez_g0n3		11:52
*** dims has joined #openstack-keystone		11:55
*** aix has quit IRC		11:59
marekd	henrynash: yeah, checked it already. I need to implement it for the mapping enhancements.	12:03
marekd	henrynash: btw, thanks for supportive comment in the spec.	12:03
openstackgerrit	Cedric Brandily proposed openstack/python-keystoneclient: Use textwrap instead of home made implementation https://review.openstack.org/139032	12:07
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Comparision of database models and migrations. https://review.openstack.org/80630	12:10
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Use metadata.create_all() to fill a test database https://review.openstack.org/93558	12:11
henrynash	marekd: if you want me to wip up a quick change to idenity to add the get_group_by_name….let me know	12:18
marekd	henrynash: if you think you will be able to do it quickly and have time that would be awesome.	12:20
marekd	henrynash: i started working on mapping engie, but later came across lack of get_group_by_name	12:21
henrynash	marekd: I guess we need a spec..maybe we add that to your spec (i.e. make it one of the actions to be done)	12:21
marekd	henrynash: i think an action would be enough. I will update it	12:21
*** amakarov_away is now known as amakarov		12:23
henrynash	marekd: although it will only be internal I assume, we won’t expose it in the REST APi?	12:23
marekd	henrynash: it won't	12:23
marekd	i mean, we don't need it for my spec	12:23
henrynash	marekd: interestingly the get_user_by_name is exposed by the v2 API, but not the V3 API - so agreed, not required by your spec	12:24
marekd	henrynash: yes, but with v3 API everything can be resolved by name/domain	12:25
svasheka	hi guys	12:25
marekd	hello	12:25
svasheka	can you give me advice on how better to cover enforcement with automation?	12:25
henrynash	marekd: well, usin a list call, yes	12:25
svasheka	and by automation I mean performance testing	12:26
svasheka	which actions I better use for the through python bindings	12:26
marekd	henrynash: http://128.142.152.197:5000/v3/groups?domain_id=default&name=maro	12:26
marekd	henrynash: it uses list, but the final call is like just pasted	12:27
henrynash	marekd: yes, indeeed	12:27
marekd	henrynash: where is a router/controller for that?	12:27
marekd	henrynash: it looks like the logic for getting a group by name/domain is already implemented.	12:28
henrynash	marekd: well it is implemented as part of filtering	12:28
henrynash	marekd: but filteringis optional inthe backends….and relies on the fact that the controller will do any filtering that was not able to be done by teh backends	12:29
henrynash	marekd: so today, the SQL driver WILL do the filtering, but the LDAP will not (and the final wrap_collection in controller.py does teh filter in python)	12:29
marekd	henrynash: aha.	12:30
marekd	henrynash: ok, i am updatng the spec, if you have time, please implement get_group_by_name and in the meantime i will get back to the mapping engine.	12:31
henrynash	marekd: you’ll have a first version in less than an hour	12:31
marekd	henrynash: thanks :-)	12:31
*** mzbik has joined #openstack-keystone		12:47
*** radez_g0n3 is now known as radez		12:48
*** Maike has quit IRC		13:14
*** jaosorior has joined #openstack-keystone		13:17
*** aix has joined #openstack-keystone		13:18
openstackgerrit	Lance Bragstad proposed openstack/keystone: Move test_utils to keystone/tests/unit/ https://review.openstack.org/133989	13:19
*** aix has quit IRC		13:20
*** bknudson has quit IRC		13:22
openstackgerrit	henry-nash proposed openstack/keystone: Add an identity backend methods to get group by name. https://review.openstack.org/139045	13:23
openstackgerrit	henry-nash proposed openstack/keystone: Add an identity backend method to get group by name. https://review.openstack.org/139045	13:24
henrynash	marekd: see: https://review.openstack.org/#/c/139045/	13:24
marekd	henrynash: looking.	13:24
*** kobtea has joined #openstack-keystone		13:27
openstackgerrit	ayoung proposed openstack/keystone: Add an identity backend method to get group by name. https://review.openstack.org/139045	13:27
ayoung	henrynash, +2. I fixed a typo in the commit message.	13:30
henrynash	ayoung: thx!	13:30
marekd	henrynash: i still need to pass domain_id, right?	13:30
henrynash	marekd: tes	13:30
henrynash	yes, even	13:30
mzbik	why again LDAP is "omitted"?	13:30
ayoung	marekd, yep...although you could fake it for LDAP!	13:30
ayoung	mzbik, ?	13:31
marekd	mzbik: https://review.openstack.org/#/c/139045/3/keystone/identity/backends/ldap.py	13:31
henrynash	ayoung: def get_group_by_name(self, group_name, domain_id)	13:31
mzbik	return self.group.get_filtered_by_name(group_name) without use of domain_id	13:31
henrynash	oops sorry, that was meant for marekd	13:31
henrynash	mzbik: because the domain_id is handled at the manager level	13:31
mzbik	hmm	13:31
mzbik	just asking	13:32
*** kobtea has quit IRC		13:32
henrynash	mzbik: our LDAP drivers do not support domains	13:32
mzbik	get_user_by_name is not really working for LDAP due to sth similar	13:32
ayoung	mzbik, LDAP assumes that all of the entities are in a single tree, and that tree represents one domain	13:32
mzbik	agree	13:32
ayoung	it maps to how the vast majority of LDAP servers are set up. We could do multi domain support inside of LDAP, but it would nt be usable by the vast majority of people	13:33
ayoung	mzbik, so henrynash came up with a better approach: we use the domain entry in SQL, and then have separate backends fro LDAP. So if you really need multiple domains in LDAP, you can, its just a little more work. But the end result maps more closely to real deployments	13:33
mzbik	https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap.py#L80-L81	13:34
mzbik	ayoung, yeah I agree just misread it	13:34
*** tellesnobrega_ has quit IRC		13:35
henrynash	mzbik: ..and that’s what I meant by doing it at the manager level - the identity manager is really handling this domain-level indirection	13:35
mzbik	one LDAP = one domain looks good for me	13:35
ayoung	henrynash, we really should look again at handling hints in the LDAP driver, if only for users	13:35
henrynash	ayoung: yeah, I agree….	13:36
mzbik	ayoung, groups too ;) please...	13:36
ayoung	mzbik, yeah	13:36
ayoung	mzbik, care to take a stab at implementing it?	13:36
henrynash	ayoung: as we scale up, without it teh performacne issues will scale too	13:36
marekd	henrynash: what is we use something like https://github.com/openstack/keystone/blob/master/keystone/common/controller.py#L638 ?	13:36
marekd	looks like it should allow users pass either name or id.	13:36
marekd	henrynash: https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L289-L296 here for instance.	13:37
mzbik	ayoung, I tried to read code yesterday and I made sure that Im really poor programmer :(	13:37
marekd	unless i misunderstood something....:(	13:37
ayoung	mzbik, look at how hints are handled for SQL	13:38
henrynash	marked: taht’s for create group...	13:38
mzbik	ayoung, did it ;)	13:38
mzbik	and still stoned	13:38
marekd	yes, but doesn't it resolve domain_id if user passed its name?	13:38
*** svasheka has quit IRC		13:38
marekd	henrynash: ^^	13:38
henrynash	marekd: that’s in normalize_domain_id....	13:39
ayoung	https://github.com/openstack/keystone/blob/master/keystone/common/sql/core.py#L242	13:39
mzbik	ayoung, I know my approach looks like "I want it!" but its not	13:39
henrynash	marekd: if you haven’t specified the domain, I think the spec says we use the domain from the token if it is a domain scoped token	13:39
ayoung	mzbik, how strong is your LDAP kung fu?	13:40
marekd	henrynash: hm...so we need t o change the spec and refuse specyfing domains by names	13:40
mzbik	ayoung, not even white belt :/	13:40
henrynash	marekd: sorry, I guess I’m not following you on what the issue is…	13:40
mzbik	ayoung, my first encounter with LDAP was 2 weeks ago	13:40
ayoung	mzbik, maybe we can browbeat topol into doing it. He loves LDAP	13:41
mzbik	:)	13:41
ayoung	ok...I gotta run.	13:41
*** ayoung is now known as ayoung-dentist		13:41
marekd	henrynash: https://review.openstack.org/#/c/138035/10/specs/kilo/mapping-enhancements.rst so around line 130 there are local rules with domain identified either by id or name	13:41
henrynash	marekd: oh, you maind DOMAIN name, I thought you were talking about group name…	13:42
marekd	henrynash: previously? i was talking about group name.	13:42
henrynash	marekd: so we havea get_domain_by_name methods already	13:43
marekd	but i thought we could identify the group by it's name AND domains name (like group: consumers in domain: pepsi, not group 'consumers' in domain: '342dfgd65456fghfgh')	13:43
henrynash	marekd: we can....	13:43
marekd	henrynash: ah, ok so i'll need to add one intermediate step.	13:44
henrynash	marekd: in the code, yes	13:44
marekd	before get_group_by_name is invoked.	13:44
henrynash	marekd: yep	13:44
marekd	henrynash: ok	13:44
marekd	henrynash: thanks for the patch	13:44
marekd	appreciate it.	13:44
henrynash	marekd: yw	13:44
openstackgerrit	Lance Bragstad proposed openstack/keystone: Move test_utils to keystone/tests/unit/ https://review.openstack.org/133989	13:45
*** tellesnobrega_ has joined #openstack-keystone		13:48
marekd	ok, be back soon.	13:48
*** svasheka has joined #openstack-keystone		13:49
*** bdossant_ has joined #openstack-keystone		13:49
*** bdossant_ has quit IRC		13:50
*** bdossant has quit IRC		13:52
*** bdossant has joined #openstack-keystone		13:52
samuelms	henrynash, ping .. the new spec I've to create is to define the api changes of domain-roles, right?	13:54
henrynash	samulems: oh, right…sorry I forgot you were going to do that! I just started writing it in response to Guang’s comment on my sepc!	13:55
henrynash	samuelms: but I only just got started!	13:55
samuelms	henrynash, can I still do that?	13:55
henrynash	samuelms: so happy for you to run with it	13:55
samuelms	henrynash, cool .. should that be a new spec or a change on the api?	13:56
henrynash	samuelms: so you (i think) propose an api spec to keystone-specs/api/v3	13:56
*** dims has quit IRC		13:58
henrynash	samuelms: actually, now extensions are dead, maybe you just proposes a chaneg to; keystone-specs/api/v3/identity-api-v3.rst	13:58
*** dims has joined #openstack-keystone		13:58
samuelms	henrynash, was about to ask that :p	13:59
samuelms	henrynash, going to submit the first version in few hours	13:59
henrynash	samuelms: ok :-)	14:00
samuelms	henrynash, just to recap : i) domain-role will have its own CRUD ii) the grant api will be extended to accept domain-roles	14:00
henrynash	samulems: so we need it own crud to great them and add roles (and other domain-roles) to them	14:01
henrynash	hower to questions to ponder:	14:01
henrynash	1) Do we need new grant apis….or can you just use a domain-role-id where you can use a role-id and we’ll figure it out?	14:02
samuelms	henrynash, ++ for the 2nd :p	14:02
henrynash	2) Do you ahve a new CRUD to create/delete domain-roles or do you augment the current one for roels, e.g. add a domain_id to teh role create json structure	14:03
henrynash	samuelms: my only reservation is that I think we are going to want different permissions on who can create gobal role and a domain role…so having them as searpate APIs might be better...	14:04
samuelms	henrynash, ++	14:05
samuelms	henrynash, and when/if we rename roles -> capabilities and domain-roles -> roles we'll have real rbac :p	14:06
samuelms	henrynash, as we've discussed some days ago	14:06
henrynash	samulems: indeed	14:06
samuelms	henrynash, :-)	14:06
*** bdossant has quit IRC		14:06
*** bdossant has joined #openstack-keystone		14:06
samuelms	henrynash, so we've agreed i) new create/delete api ii) extend grant api to support domain-role-id	14:06
samuelms	henrynash, when creating a domain-role, how do you expect to receive the contained roles/domain-roles?	14:07
henrynash	samuelms: so my concern on jsut acceptin domain-roles=-ids in the exitsing grant IDs…is that kind of maeans that for efficiency, we’ll want to store domain-roles nad roles in the same table	14:07
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Migrate_repo init version helper https://review.openstack.org/137640	14:09
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Share engine between migration helpers. https://review.openstack.org/137778	14:09
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Add primary key to the endpoint_group id column. https://review.openstack.org/137638	14:09
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Add index to the revocation_event.revoked_at. https://review.openstack.org/137639	14:09
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Explicit MySQL engine designation. https://review.openstack.org/138712	14:09
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Comparision of database models and migrations. https://review.openstack.org/80630	14:09
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Fix index name the assignment.actor_id table. https://review.openstack.org/137637	14:09
henrynash	samuelms: and I guess I get a bit twichy there….since I saw the roles table very seperate from the domain specifc roles (i.e. roles table might disappear and get_roles might end coming from the service entry or something crazy)	14:09
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Use metadata.create_all() to fill a test database https://review.openstack.org/93558	14:10
henrynash	samulems: on domain-role members, I kind of expected add/remove role….. a bit liek group membership…but open to ideas	14:10
samuelms	henrynash, I also see domain-roles and role tables separated .. but don't seee a big problem on accepting both when granting a permission ..	14:12
samuelms	henrynash, the only impact would be when listing/getting role assignments where we have to put a flag (I think) to say when domain-roles should be expanded to global ones	14:13
henrynash	samuelms: so whcih tabel do you look in?	14:13
*** jistr\|trng has quit IRC		14:13
samuelms	henrynash, that would be used when generating tokens .. but the user can ask for role assingments with domain-roles	14:14
henrynash	samuelms: yes, agreed - we need somthing liek that….one might argue that “effective” woudl mean expand everything…teh question is whether we need more fine grained control than that	14:15
samuelms	henrynash, yes .. that's an issue .. if the id had a kind of namespace .. we had solved that	14:15
*** richm has joined #openstack-keystone		14:16
samuelms	henrynash, did you get what I just said?	14:17
*** aix has joined #openstack-keystone		14:18
samuelms	henrynash, suppose a domain-role named 'hn.vm-manager' .. if we had its id as something like 'hn.<whatever>' .. we could know when we have a domain-role or global role .. even when working with ids	14:18
*** Maike has joined #openstack-keystone		14:18
samuelms	henrynash, this would resolve the problem of so which tabel we look in	14:20
*** tellesnobrega_ has quit IRC		14:21
*** jistr has joined #openstack-keystone		14:22
*** lhcheng has joined #openstack-keystone		14:22
*** jistr is now known as jistr\|trng		14:22
*** tellesnobrega_ has joined #openstack-keystone		14:24
henrynash	samuelms: sorry, was called afk	14:25
*** ayoung-dentist has quit IRC		14:26
henrynash	samuelms: hmm. not too much of a fan of an id as a composite…I	14:27
*** mzbik has quit IRC		14:28
samuelms	henrynash, other than that we have to ask on both tables if that role/domain-roles belongs to them	14:28
henrynash	samulems: which is pretty yuk	14:28
samuelms	henrynash, yep	14:28
henrynash	samuelms: or we haev one table, or we distinguish it in the url (i.e. use /domain-role/ rather than /role/)	14:29
samuelms	dolphm, just abandoned that change . I'm rebasing the work on the split of assignment backend ..	14:31
samuelms	dolphm, I'm talking about 'list role assignments performance'	14:32
*** bknudson has joined #openstack-keystone		14:32
*** ChanServ sets mode: +v bknudson		14:32
dolphm	samuelms: ack	14:32
samuelms	henrynash, yes	14:33
*** k4n0 has quit IRC		14:33
samuelms	henrynash, or distinghish by the namespace .. (workaround)	14:34
henrynash	samuelms: yes	14:34
samuelms	henrynash, I think different url's brake the ux	14:34
samuelms	henrynash, since both stand for the same reason	14:34
henrynash	samuelms: this is one of those “go mull on it a bit” problems	14:35
samuelms	henrynash, yes, I'll write that as a single url .. and we get comments on that and start discussing	14:37
samuelms	henrynash, works for you?	14:37
*** tellesnobrega_ has quit IRC		14:38
*** Maike has quit IRC		14:38
henrynash	samuelms: i’m still troubled by how that would work….so personally, I need to think some more before saying what I feel is best	14:39
samuelms	henrynash, so what should I put on the spec.. for now?	14:41
*** joesavak has joined #openstack-keystone		14:41
*** nkinder has quit IRC		14:45
henrynash	samuelms: so I was planning to write it up as seaprate urls, and then examiine it to see how I felt about it….that’s how I (personally) develop my thoughts….but I can’t necessarily say that’s the best way for you to do it	14:45
*** gordc has joined #openstack-keystone		14:48
openstackgerrit	Brant Knudson proposed openstack/keystone: Remove test PYTHONHASHSEED setting https://review.openstack.org/136593	14:48
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct a v3 auth test for result ordering https://review.openstack.org/138922	14:48
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct version tests for result ordering https://review.openstack.org/138923	14:48
*** ishant\|2 has joined #openstack-keystone		14:50
*** ishant has quit IRC		14:53
openstackgerrit	Dolph Mathews proposed openstack/keystone: refactor: use _get_project_endpoint_group_url() where applicable https://review.openstack.org/139080	14:59
*** stevemar has joined #openstack-keystone		15:00
*** ChanServ sets mode: +v stevemar		15:00
*** bdossant has quit IRC		15:00
dolphm	lbragstad: follow up requested on https://review.openstack.org/#/c/126029/ !	15:00
*** kobtea has joined #openstack-keystone		15:00
*** luisjariz has joined #openstack-keystone		15:01
*** bdossant has joined #openstack-keystone		15:02
lbragstad	dolphm: cool, that looks good to me. I'm happy with that being a follow on patch	15:03
dolphm	lbragstad: my supertab stopped working i blame you	15:04
lbragstad	lol	15:04
* lbragstad has the amazing ability to break things by looking at them		15:04
openstackgerrit	Merged openstack/keystonemiddleware: Make everything in audit middleware private https://review.openstack.org/138907	15:04
samuelms	henrynash, ++ .. will go thorugh that road :-)	15:05
dolphm	lbragstad: which leads me to https://github.com/gmarik/Vundle.vim	15:05
*** Ctina has joined #openstack-keystone		15:05
*** samuelms is now known as samuelms-away		15:05
lbragstad	dolphm: you're using that instead of pathogen?	15:06
*** _cjones_ has joined #openstack-keystone		15:06
dolphm	lbragstad: considering it	15:06
lbragstad	dolphm: you'll have to let me know how it goes	15:06
dolphm	lbragstad: i figured since my vim is broken i should start over, right?	15:06
lbragstad	hah, yes	15:06
dolphm	bknudson: whoa! https://review.openstack.org/#/c/136593/	15:07
lbragstad	dolphm: you could try reverse engineering nonameentername's dotfiles if you're ambitious	15:07
dolphm	are we actually there already?	15:07
bknudson	dolphm: yea, there were a few tests that didn't work	15:08
openstackgerrit	Merged openstack/python-keystoneclient: Fix importing config module and classmethod params https://review.openstack.org/133866	15:09
dolphm	lbragstad: actually, supertab is working for me in gvim, but not in vim	15:09
dolphm	bknudson: long sequence of patches though, but awesome!	15:09
lbragstad	dolphm: strange!	15:10
bknudson	dolphm: I didn't know how long it would take to merge it and figured new broken tests would be added before the final one was merged.	15:10
bknudson	so might as well get the individual fixes out of the way	15:10
dolphm	bknudson: =) i'll try and get through the sequence today	15:11
*** r-daneel has joined #openstack-keystone		15:18
stevemar	henrynash, one comment about https://review.openstack.org/#/c/139045/3/keystone/identity/backends/sql.py the exception says group_id but you pass in group_name	15:19
stevemar	actually, we do that for get_user_by_name, too, so that's not a big deal	15:20
bknudson	it is a big deal because it's confusing	15:21
*** ajayaa has quit IRC		15:21
dolphm	stevemar: i'd like to fix that everywhere :-/	15:21
dolphm	pretty sure we do that for almost every not-found-by-name	15:21
*** henrynash has quit IRC		15:21
stevemar	dolphm, probably, it's relatively harmless though	15:22
bknudson	when you're an admin trying to figure out what went wrong and you're sent down the wrong path it's not harmless.	15:23
dolphm	stevemar: except devananda filed a UX bug recently with similar confusion	15:23
*** topol has joined #openstack-keystone		15:23
*** ChanServ sets mode: +v topol		15:23
dolphm	stevemar: the UX fix https://review.openstack.org/#/c/131255/	15:24
stevemar	okay okay, no need to twist my arm about it bknudson :)	15:24
dolphm	lbragstad: i wrote you 45 lines of tests for my UX improvement ^	15:24
*** bdossant has quit IRC		15:26
stevemar	dolphm, bknudson so i guess we just have to introduce a new exception and fix it in certain spots	15:26
lbragstad	dolphm: nice!	15:26
bknudson	luckily there's no limit on the number of exceptions in python.	15:27
dolphm	stevemar: yeah, or maybe just a new optional kwarg on the existing exceptions to say "hey this is a name, it needs a different message"? i haven't looked at what would be easier	15:28
stevemar	dolphm, maybe, just keep in mind that with an ldap the ids can be names too	15:29
*** bdossant has joined #openstack-keystone		15:30
*** luisjariz has quit IRC		15:32
openstackgerrit	Marek Denis proposed openstack/keystone-specs: Mapping enhancements - direct groups mapping. https://review.openstack.org/138035	15:33
*** pc-m has quit IRC		15:33
*** lhcheng has quit IRC		15:34
dhellmann	dolphm: I'm looking into https://bugs.launchpad.net/oslo.config/+bug/1398979 do you have a second to discuss it?	15:42
bknudson	dolphm: found another one... I wonder what the HASHSEED was? http://logs.openstack.org/93/136593/3/check/gate-keystone-python27/6b7f495/console.html#_2014-12-04_15_09_58_059	15:42
uvirtbot	Launchpad bug 1398979 in oslo.config "oslo-config-generator omits entire sections" [Undecided,Incomplete]	15:42
dolphm	bknudson: that's	15:42
bknudson	here it is: PYTHONHASHSEED='123197142'	15:42
dolphm	bknudson: a good question. we should totally log it on init	15:42
bknudson	I didn't try that one.	15:42
bknudson	I only did 1 - 10	15:42
dolphm	bknudson: haha	15:42
dolphm	bknudson: get your act together, son	15:43
bknudson	I'm going to need a faster computer	15:43
dolphm	bknudson: Dear Watson, please test all the hash seeds for me, thanks.	15:44
dolphm	bknudson: maybe compute the hashseed based on the day or week or something for other projects, so they're forced to fix at least one of these bugs on some ongoing basis	15:45
*** aix has quit IRC		15:49
marekd	stevemar: thanks for (another) +2 on mapping enhancements spec!	15:53
stevemar	np marekd ;)	15:55
openstackgerrit	Brant Knudson proposed openstack/keystone: Remove test PYTHONHASHSEED setting https://review.openstack.org/136593	16:00
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct test_get_v3_catalog test for result ordering https://review.openstack.org/138920	16:00
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct catalog response checker for result ordering https://review.openstack.org/138921	16:00
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct a v3 auth test for result ordering https://review.openstack.org/138922	16:00
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct version tests for result ordering https://review.openstack.org/138923	16:00
*** darren-wang has joined #openstack-keystone		16:00
*** aix has joined #openstack-keystone		16:01
darren-wang	hi, are Paste filters "user_crud_extension" and "crud_extension" still necessary in v3 API?	16:01
*** pc-m has joined #openstack-keystone		16:03
*** ishant\|2 has quit IRC		16:03
*** david-lyle_afk is now known as david-lyle		16:05
*** Ctina has quit IRC		16:05
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Comparision of database models and migrations. https://review.openstack.org/80630	16:05
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Use metadata.create_all() to fill a test database https://review.openstack.org/93558	16:06
*** tellesnobrega_ has joined #openstack-keystone		16:07
*** Ctina has joined #openstack-keystone		16:07
*** jorge_munoz has joined #openstack-keystone		16:12
*** eglynn-regus has joined #openstack-keystone		16:14
openstackgerrit	Brant Knudson proposed openstack/keystone: Remove test PYTHONHASHSEED setting https://review.openstack.org/136593	16:15
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct XMLEquals matcher for ordering https://review.openstack.org/138918	16:15
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct test_auth_unscoped_token_project for result ordering https://review.openstack.org/138919	16:15
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct test_get_v3_catalog test for result ordering https://review.openstack.org/138920	16:15
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct catalog response checker for result ordering https://review.openstack.org/138921	16:15
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct a v3 auth test for result ordering https://review.openstack.org/138922	16:15
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct version tests for result ordering https://review.openstack.org/138923	16:15
bknudson	unfortunately the issue with the 123197142 HASHSEED was in the first commit in the chain.	16:16
*** Nakato_ has joined #openstack-keystone		16:16
*** gus_ has joined #openstack-keystone		16:16
bknudson	I thought sets would be sorted.	16:17
*** eglynn-officeafk has quit IRC		16:18
*** dolphm has quit IRC		16:18
*** d34dh0r53 has quit IRC		16:18
*** Nakato has quit IRC		16:18
*** dtroyer has quit IRC		16:18
*** adam_g has quit IRC		16:18
*** gus has quit IRC		16:18
*** mhu has quit IRC		16:18
*** aix has quit IRC		16:18
*** dtroyer has joined #openstack-keystone		16:18
*** mhu has joined #openstack-keystone		16:19
*** adam_g has joined #openstack-keystone		16:19
*** aix has joined #openstack-keystone		16:19
*** adam_g has quit IRC		16:19
*** adam_g has joined #openstack-keystone		16:19
*** d34dh0r53 has joined #openstack-keystone		16:20
*** dguerri has joined #openstack-keystone		16:20
*** dolphm has joined #openstack-keystone		16:20
*** ChanServ sets mode: +o dolphm		16:20
stevemar	darren-wang, they shouldn't be required	16:22
stevemar	but we keep them around for v2 calls	16:22
*** arif-ali has quit IRC		16:23
*** ajayaa has joined #openstack-keystone		16:24
*** arif-ali has joined #openstack-keystone		16:27
*** mikedillion has joined #openstack-keystone		16:28
*** zzzeek has joined #openstack-keystone		16:28
bknudson	darren-wang: they're not in the default v3 pipeline -- http://git.openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini#n91	16:30
*** pc-m has quit IRC		16:41
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Migrate_repo init version helper https://review.openstack.org/137640	16:43
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Share engine between migration helpers. https://review.openstack.org/137778	16:43
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Add primary key to the endpoint_group id column. https://review.openstack.org/137638	16:43
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Add index to the revocation_event.revoked_at. https://review.openstack.org/137639	16:43
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Comparision of database models and migrations. https://review.openstack.org/80630	16:43
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Fix index name the assignment.actor_id table. https://review.openstack.org/137637	16:43
openstackgerrit	Ilya Pekelny proposed openstack/keystone: Use metadata.create_all() to fill a test database https://review.openstack.org/93558	16:43
*** pc-m has joined #openstack-keystone		16:45
*** kobtea has quit IRC		16:47
mfisch	can someone explain what keystone needs rabbit for?	16:47
mfisch	its in the config file but I dont have it setup	16:47
openstackgerrit	Marek Denis proposed openstack/keystone: WebSSO implementation. https://review.openstack.org/139110	16:50
mfisch	maybe its standard oslo messaging config thats unused?	16:51
darren-wang	+bknudson: thx +bknudson! they are not in the defualt pipeline, but we can manually add them into pipeline like "federation_extension". yet they are not related to v3, I will not do that.	16:52
*** lhcheng has joined #openstack-keystone		16:52
*** darren-wang has left #openstack-keystone		16:54
*** pc-m has quit IRC		16:55
*** andreaf has joined #openstack-keystone		16:57
*** pc-m has joined #openstack-keystone		16:58
*** kobtea has joined #openstack-keystone		17:03
*** kobtea has quit IRC		17:03
*** stevemar has quit IRC		17:06
*** gyee_ has joined #openstack-keystone		17:07
*** tellesnobrega_ has quit IRC		17:11
*** saipandi has joined #openstack-keystone		17:13
*** pc-m has quit IRC		17:14
*** saipandi has quit IRC		17:14
*** tellesnobrega_ has joined #openstack-keystone		17:25
*** boris-42 has joined #openstack-keystone		17:29
*** marcoemorais has joined #openstack-keystone		17:33
*** samuelms-away is now known as samuelms		17:33
samuelms	Haneef, just replied your patch on 'Add support for domain specific roles'	17:33
samuelms	Haneef, I meant your comment	17:33
samuelms	Haneef, just didn't understand why you -1 that if you just had a question :P	17:34
samuelms	Haneef, and that doesn't mean that you disagree with something there	17:34
*** aix has quit IRC		17:35
*** chrisshattuck has joined #openstack-keystone		17:36
*** mikedillion has quit IRC		17:40
*** tellesnobrega_ has quit IRC		17:44
*** dims_ has joined #openstack-keystone		17:48
*** avozza has joined #openstack-keystone		17:51
*** jistr\|trng has quit IRC		17:51
*** dims has quit IRC		17:52
*** stevemar has joined #openstack-keystone		17:54
*** ChanServ sets mode: +v stevemar		17:54
gyee_	samuelms, I think he mean -0.5 instead of -1	18:00
Haneef	samuelms: I agree with the patchset, just need little bit clarification on inherited aspects of domain roles. I will remove -1	18:07
Haneef	samuelms: Won't the domain roles leak if use inheritance in HMT Is that fine?	18:09
*** Ctina has quit IRC		18:09
*** harlowja_away is now known as harlowja_		18:10
openstackgerrit	Merged openstack/keystone: Add an identity backend method to get group by name. https://review.openstack.org/139045	18:12
*** avozza is now known as zz_avozza		18:15
gyee_	Haneef, I think we may ended up defining the scope of inheritance	18:15
*** shakamunyi has joined #openstack-keystone		18:18
openstackgerrit	David Stanek proposed openstack/keystone: Support for running functional federation tests https://review.openstack.org/139137	18:18
*** markvoelker has joined #openstack-keystone		18:21
*** mikedillion has joined #openstack-keystone		18:33
*** saipandi has joined #openstack-keystone		18:41
*** saipandi has quit IRC		18:42
*** saipandi has joined #openstack-keystone		18:43
openstackgerrit	Merged openstack/keystone: remove deprecated access log middleware https://review.openstack.org/125703	18:43
openstackgerrit	Merged openstack/keystone: Fixes endpoint_filter tests https://review.openstack.org/126029	18:44
*** saipandi has quit IRC		18:45
*** gyee_ has quit IRC		18:45
samuelms	Haneef, gyee ++	18:47
samuelms	for HMT, we need to define the scope of inheritance, as gyee said ..	18:48
*** openstackgerrit has quit IRC		18:50
*** openstackgerrit has joined #openstack-keystone		18:50
samuelms	Haneef, the answer is no .. if you use role inheritance . .that inheritance is only applied on that domain	18:50
samuelms	Haneef, if the inherited role is on domain, apply that to all projects (and stop where a new domain starts, for the reseller use case)	18:51
dolphm	topol: i love this quote: "run ... at scales ranging from individual developers' laptops to multiple hosts in the cloud" - http://t.co/4s67vuj7iL	18:51
dolphm	#ibm #multiplehosts	18:51
samuelms	Haneef, if the inherited role is on a project, apply that to all subprojects	18:51
quack_quack_	hi, i'm trying to find documentation on the keystone extension for s3	18:53
*** stevemar2 has joined #openstack-keystone		18:53
*** ChanServ sets mode: +v stevemar2		18:53
quack_quack_	and, i can't find this anywhere	18:53
quack_quack_	that is, /v2.0/s3tokens	18:54
*** stevemar has quit IRC		18:54
topol	dolphm, refresh the link: its says "Docker containers, have a dynamic lifecycle, and can scale to run in concert anywhere from the developer’s laptop to hundreds of hosts in the cloud."	18:55
topol	dolphm, you spreading FUD? Shame on you	18:56
dolphm	topol: now you done it http://imgur.com/VJvqs88	18:57
*** diegows has joined #openstack-keystone		18:57
topol	dolphm, you know I have magic powers. I just don't brag about them	18:58
quack_quack_	ok i think i found my answer. s3tokens is just an extension of ec2	18:59
*** amakarov is now known as amakarov_away		18:59
*** ajayaa has quit IRC		18:59
dolphm	topol: you can't escape copy pasta http://www.zdnet.com/ibm-strikes-docker-deal-and-rolls-out-its-own-containers-beta-7000036377/	19:00
*** nellysmitt has quit IRC		19:00
*** stevemar3 has joined #openstack-keystone		19:02
*** ChanServ sets mode: +v stevemar3		19:02
Haneef	samuelms: domain_role inheritane on a project stops if the project is not part of domain. Is that correct?	19:02
*** stevemar2 has quit IRC		19:03
*** marcoemorais has quit IRC		19:03
samuelms	Haneef, just answered your question on the patch	19:03
*** marcoemorais has joined #openstack-keystone		19:04
*** marcoemorais has quit IRC		19:04
*** marcoemorais has joined #openstack-keystone		19:05
samuelms	Haneef, domain_role (or global role) inheritance on a project applies to all that project's subtree	19:05
Haneef	samulems: Thanks. I have removed -1	19:05
samuelms	Haneef, does that answer your question? :-)	19:05
samuelms	Haneef, cool .. just saw your +1, fell free to ask additional questions you have	19:06
*** markvoelker has quit IRC		19:06
*** tellesnobrega_ has joined #openstack-keystone		19:06
*** amcrn has joined #openstack-keystone		19:12
topol	dolphm. wasnt copy pasta. Toby butchered it. I refer you to the IBM press release as being the trusted source.	19:17
topol	dolphm, I'll work some magic in the background :-)	19:18
*** jaosorior has quit IRC		19:23
*** ayoung has joined #openstack-keystone		19:25
*** ChanServ sets mode: +v ayoung		19:25
*** stevemar2 has joined #openstack-keystone		19:30
*** ChanServ sets mode: +v stevemar2		19:30
*** stevemar3 has quit IRC		19:33
*** amcrn has quit IRC		19:34
*** marcoemorais has quit IRC		19:37
*** marcoemorais has joined #openstack-keystone		19:37
*** tellesnobrega_ has quit IRC		19:38
openstackgerrit	Nathan Kinder proposed openstack/keystone-specs: Mapping enhancements - direct groups mapping. https://review.openstack.org/138035	19:41
*** tellesnobrega_ has joined #openstack-keystone		19:42
openstackgerrit	Andre Aranha proposed openstack/keystone-specs: Modify the policy file https://review.openstack.org/135408	19:44
*** marcoemorais has quit IRC		19:44
*** marcoemorais has joined #openstack-keystone		19:44
*** stevemar2 is now known as stevemar		19:45
*** radez is now known as radez_g0n3		19:51
*** dolphm has quit IRC		19:56
*** dolphm has joined #openstack-keystone		20:00
*** openstackgerrit has quit IRC		20:04
*** openstackgerrit has joined #openstack-keystone		20:04
*** ChanServ sets mode: +o dolphm		20:11
*** marcoemorais has quit IRC		20:12
*** marcoemorais has joined #openstack-keystone		20:13
*** marcoemorais has quit IRC		20:13
*** lhcheng has quit IRC		20:14
*** marcoemorais has joined #openstack-keystone		20:14
openstackgerrit	Lance Bragstad proposed openstack/keystone: Reuse call to _get_project_endpoint_group in tests https://review.openstack.org/139174	20:17
*** _cjones_ has quit IRC		20:18
*** lhcheng has joined #openstack-keystone		20:23
*** lhcheng has quit IRC		20:28
*** shakamunyi has quit IRC		20:30
openstackgerrit	Lance Bragstad proposed openstack/keystone-specs: Authenticated Encryption Tokens https://review.openstack.org/130050	20:31
*** shakamunyi has joined #openstack-keystone		20:32
openstackgerrit	Andre Aranha proposed openstack/keystone-specs: Modify the policy file https://review.openstack.org/135408	20:32
openstackgerrit	werner mendizabal proposed openstack/keystone-specs: Multifactor Authentication https://review.openstack.org/130376	20:37
*** lhcheng has joined #openstack-keystone		20:38
*** lhcheng has quit IRC		20:40
*** lhcheng has joined #openstack-keystone		20:40
*** dims_ has quit IRC		21:05
*** dims has joined #openstack-keystone		21:06
*** mikedillion has quit IRC		21:08
*** _cjones_ has joined #openstack-keystone		21:10
*** tellesnobrega_ has quit IRC		21:14
*** lhcheng has quit IRC		21:14
*** marcoemorais has quit IRC		21:16
*** marcoemorais has joined #openstack-keystone		21:16
*** lhcheng has joined #openstack-keystone		21:24
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Inherited role assignments to projects https://review.openstack.org/138552	21:25
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Create, update and delete hierarchical projects https://review.openstack.org/138550	21:25
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Adds correct checks in LDAP backend tests https://review.openstack.org/138551	21:25
rodrigods	we are almost there ^	21:27
morganfainberg	rodrigods, can almost taste it.	21:28
openstackgerrit	Lance Bragstad proposed openstack/keystone-specs: Authenticated Encryption Tokens https://review.openstack.org/130050	21:30
*** marcoemorais has quit IRC		21:31
*** marcoemorais1 has joined #openstack-keystone		21:32
*** marcoemorais1 has quit IRC		21:32
*** marcoemorais1 has joined #openstack-keystone		21:33
*** marcoemorais1 has quit IRC		21:33
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/134794	21:34
*** lhcheng_ has joined #openstack-keystone		21:39
*** radez_g0n3 is now known as radez		21:40
*** lhcheng has quit IRC		21:41
ayoung	bknudson, if I run tox -epep8 on keystoneclient I get a slew of errors like: ./keystoneclient/tests/v2_0/utils.py:13:1: H302 import only modules.'from keystoneclient.tests import utils' does not import a module	21:48
ayoung	from keystoneclient.tests import utils	21:48
ayoung	dstanek, ^^ do you guys get that, too?	21:48
morganfainberg	ayoung, latest master?	21:48
ayoung	morganfainberg, yeah	21:48
morganfainberg	hm.	21:48
bknudson	I'll try it.	21:49
ayoung	morganfainberg, I've not tried bloxing away the venv but I think I saw it last time before I blew it away, too	21:49
stevemar	anyone want to take bets on whether the new OSC release will break the gate?	21:49
bknudson	It's rebuilding venv now.	21:50
morganfainberg	ayoung, https://review.openstack.org/#/c/138228/ didn't see it in gate - and that's pretty new	21:50
morganfainberg	ayoung, review wise.	21:50
ayoung	morganfainberg, yeah, I don't see it in gate	21:50
ayoung	just local...wondering what is broken	21:50
ayoung	stevemar, not taking that bet	21:50
morganfainberg	check your tox.ini	21:50
stevemar	bknudson, you're ever the pessimist, i'll even give you favorable odds	21:50
stevemar	ayoung, cammon!	21:50
morganfainberg	also did something pickup oslo_concurrency issue?	21:50
ayoung	morganfainberg, haven't touched tox.ini	21:51
morganfainberg	ayoung, because we had H302 with that version of oslo.concurrency	21:51
bknudson	stevemar: how are you going to tell if it's openstackclient or neutron?	21:51
morganfainberg	bknudson, easy, stevemar works on OSC, we can blame him and let him redirect to neutron as needed ;)	21:51
stevemar	bknudson, lol!	21:52
ayoung	morganfainberg, what am Iooking for?	21:52
stevemar	hue hue	21:52
bknudson	ayoung: tox -e pep8 on keystoneclient worked for me... I'll try to wipe out .tox	21:52
morganfainberg	ayoung, is the H302 line it's complaining about related to oslo.concurrency?	21:52
* morganfainberg goes and checks		21:52
bknudson	still worked after rm -r .tox.	21:52
morganfainberg	or at least in your local env?	21:52
morganfainberg	alternatively, you have a python syntax error	21:53
morganfainberg	or circular imports	21:53
bknudson	flake8==2.1.0 pep8==1.5.6	21:53
morganfainberg	pep8 check fails like that in those cases	21:53
ayoung	hmmm...that is possible	21:53
morganfainberg	bknudson, figured your env would work ;)	21:53
*** marcoemorais has joined #openstack-keystone		21:54
ayoung	morganfainberg, OK...figuring I straighten out the pep8, I'll resubmit the access_info patch. I'm going to do this work in the client. Revoke events will use it	21:55
ayoung	and then I'll try to hit policy	21:55
morganfainberg	sounds good	21:55
* morganfainberg is still mired in internal stuff.		21:55
ayoung	I'm thinking that if policy and revoke events use it, and I can carry over the existing set of tests, we are in decent shape	21:55
morganfainberg	probably going to be through tomorrow.	21:55
morganfainberg	:(	21:55
* morganfainberg learns not to volunteer for reviewing things.		21:56
ayoung	'salrigh...you bumped the token provider rewrite to K2 anyway	21:56
morganfainberg	well non-openstack things ;)	21:56
ayoung	OK...I wiped the venv and reran tox, errors galore...I'll see if it is my code...	21:56
*** htruta_ has joined #openstack-keystone		21:56
ayoung	ahhhh. picked up the old venv...	21:57
ayoung	Now it is fine....strange...ok, sorry, false alarm	21:57
ayoung	must have needed to wipe the venv to pick up the concurrency fix?	21:57
ayoung	morganfainberg, I know what I was going to ask you: for policy in client, should I use the oslo for now, or have we made any progress toward hosting our own repo for policy?	21:58
morganfainberg	ayoung, uh, i think someone was working on a spec for that	21:59
morganfainberg	marekd, pass till tomorrow on ECP wrap.	21:59
ayoung	one from team Brazil, I think	21:59
morganfainberg	marekd, sorry --- i really do want to talk about it	21:59
morganfainberg	worst case, i'll carve out time on monday or tues	21:59
*** marcoemorais has quit IRC		22:04
*** marcoemorais1 has joined #openstack-keystone		22:04
*** marcoemorais1 has quit IRC		22:04
*** marcoemorais has joined #openstack-keystone		22:05
*** zz_avozza is now known as avozza		22:05
*** marcoemorais has quit IRC		22:11
*** marcoemorais has joined #openstack-keystone		22:11
*** marcoemorais has quit IRC		22:11
*** marcoemorais has joined #openstack-keystone		22:12
ayoung	ImportError: bad magic number in 'keystoneclient.openstack.common.timeutils': b'\x03\xf3\r\n'	22:14
morganfainberg	ayoung, annnnd there ya go	22:14
morganfainberg	;)	22:14
ayoung	ImportError: bad magic number in 'keystoneclient.openstack.common.jsonutils': b'\x03\xf3\r\n'	22:14
ayoung	Bad Magic Everywhere	22:14
ayoung	Python 3 issue?	22:15
morganfainberg	ayoung, or missing a utf-8 specifier?	22:15
morganfainberg	is this py3k or py2 throwing the error?	22:15
ayoung	py33 runtests: commands[0] \| python setup.py testr --testr-args=	22:15
morganfainberg	hm	22:15
ayoung	27 ran fine	22:16
morganfainberg	well you know b'' is different in py2 and 3	22:16
morganfainberg	my guess is that is something that can't be b'	22:16
ayoung	File "./keystoneclient/tests/v3/test_revoke.py", line 16, in <module>	22:16
ayoung	from keystoneclient.openstack.common import jsonutils	22:16
*** tellesnobrega_ has joined #openstack-keystone		22:16
morganfainberg	oh	22:17
morganfainberg	hmmm	22:17
ayoung	not in kc yet?	22:17
morganfainberg	did somehow you get a wonky file in jsonutils?	22:17
morganfainberg	or some weird change?	22:17
morganfainberg	and shouldn't that be oslo.serialization	22:18
*** joesavak has quit IRC		22:18
morganfainberg	not common.jsonutils?	22:18
ayoung	prolly	22:18
*** bknudson has quit IRC		22:18
ayoung	moved the code over from server, but did that change recently?	22:18
morganfainberg	yeah	22:18
morganfainberg	jsonutils doesn't exist	22:19
morganfainberg	in master keystoneclient	22:19
morganfainberg	it's oslo.serialization	22:19
morganfainberg	https://github.com/openstack/python-keystoneclient/tree/master/keystoneclient/openstack/common	22:19
*** gyee has quit IRC		22:24
*** gyee has joined #openstack-keystone		22:27
*** ChanServ sets mode: +v gyee		22:27
ayoung	and timeutils moved, too	22:32
*** packet has joined #openstack-keystone		22:34
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/139230	22:37
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements https://review.openstack.org/139231	22:37
*** radez is now known as radez_g0n3		22:37
openstackgerrit	OpenStack Proposal Bot proposed openstack/pycadf: Updated from global requirements https://review.openstack.org/139236	22:42
*** topol has quit IRC		22:42
openstackgerrit	ayoung proposed openstack/python-keystoneclient: Revocation event API https://review.openstack.org/81166	22:42
openstackgerrit	ayoung proposed openstack/python-keystoneclient: Access Info https://review.openstack.org/138519	22:42
*** dims_ has joined #openstack-keystone		22:53
*** gordc has quit IRC		22:54
*** dims has quit IRC		22:55
*** stevemar has quit IRC		23:01
*** oomichi has joined #openstack-keystone		23:07
*** toddnni has quit IRC		23:16
*** toddnni has joined #openstack-keystone		23:18
*** jamielennox\|away is now known as jamielennox		23:18
*** shakamunyi has quit IRC		23:19
*** shakamunyi has joined #openstack-keystone		23:20
jamielennox	ayoung: https://review.openstack.org/#/c/138228/	23:23
*** chrisshattuck has quit IRC		23:32
openstackgerrit	Rodrigo Duarte proposed openstack/keystone-specs: Fixes HEAD return code for OS-INHERIT extension https://review.openstack.org/137782	23:36
openstackgerrit	Rodrigo Duarte proposed openstack/keystone-specs: API doc for Inherited Role Assignments to Projects https://review.openstack.org/130277	23:40
*** kobtea has joined #openstack-keystone		23:41
*** _cjones_ has quit IRC		23:43
*** kobtea has quit IRC		23:45
*** _cjones_ has joined #openstack-keystone		23:49
openstackgerrit	Merged openstack/keystonemiddleware: Updated from global requirements https://review.openstack.org/139231	23:52

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!