Thursday, 2015-03-19

*** jamielennox is now known as jamielennox\|away		00:09
*** dims__ is now known as dims		00:13
*** henrynash has quit IRC		00:16
*** ozialien has joined #openstack-keystone		00:16
*** jamielennox\|away is now known as jamielennox		00:23
jamielennox	boot fixed, finally	00:24
*** gyee has quit IRC		00:30
*** __TheDodd__ has quit IRC		00:32
*** markvoelker has quit IRC		00:37
openstackgerrit	Merged openstack/keystone: Move backend LDAP role testing to the new backend testing module https://review.openstack.org/156830	00:39
*** _cjones_ has quit IRC		00:42
*** bknudson has joined #openstack-keystone		01:00
*** ChanServ sets mode: +v bknudson		01:00
*** omkarjoshi has joined #openstack-keystone		01:04
omkarjoshi	hi..	01:04
omkarjoshi	I am trying to move from keystone-all to httpd based keystone for icehouse	01:04
omkarjoshi	but not able to do it.	01:04
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Deprecate keystone CLI https://review.openstack.org/165669	01:06
jamielennox	omkarjoshi: we probably need a lot more information as httpd is a big topic - what exactly are you seeing go wrong?	01:12
omkarjoshi	https://wiki.openstack.org/wiki/Talk:Keystone_in_HTTPD_on_RHEL6	01:12
omkarjoshi	I am following this doc..	01:12
omkarjoshi	but last step failed for me..	01:12
omkarjoshi	An unexpected error prevented the server from fulfilling your request. (HTTP 500)	01:13
omkarjoshi	but when I added debug logs in keystone ..I saw that it is using user as "keystone" instead of "keystone_admin" for mysql	01:14
jamielennox	omkarjoshi: that sounds like a general config issue, do you have keystone_admin set up correctly in the keystone.conf file? does the same conf file work under keystone-all	01:16
omkarjoshi	{'passwd': 'keystone', 'host': 'localhost', 'db': 'keystone', 'user': 'keystone', 'client_flag': 2} ... connect string which is getting used...	01:16
omkarjoshi	yes..keystone-all was working..before I tried this..	01:17
*** markvoelker has joined #openstack-keystone		01:17
jamielennox	so i'm not sure what deconstructed that but it looks like user=keystone	01:18
omkarjoshi	but any idea from where it is picking that up?	01:18
jamielennox	normally it's [database] connection =	01:20
jamielennox	uh, although you said icehouse so maybe not there	01:21
omkarjoshi	I think you have a point..	01:21
omkarjoshi	in my keystone.conf.. I have two connection entries...	01:21
omkarjoshi	one under [database] and another under [sql]	01:22
*** markvoelker has quit IRC		01:22
jamielennox	i'm just looking at the sample icehouse conf now	01:22
jamielennox	it looks like [database] connection has priority	01:22
omkarjoshi	connection=mysql://keystone:keystone@localhost/keystone	01:22
jamielennox	yep - that's it	01:22
omkarjoshi	let me try modifying it..	01:22
jamielennox	and i have nfi why it would have worked under keystone-all	01:23
omkarjoshi	still same..	01:29
openstackgerrit	Brant Knudson proposed openstack/keystone: Entrypoints for commands https://review.openstack.org/131435	01:30
omkarjoshi	I see this warning when I run the commond	01:30
omkarjoshi	WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).	01:30
openstackgerrit	Brant Knudson proposed openstack/keystone: Entrypoints for commands https://review.openstack.org/131435	01:32
jamielennox	that means you are using the ADMIN_TOKEN for authentication	01:43
jamielennox	omkarjoshi: if you use a username and password it should go away	01:43
*** lhcheng has quit IRC		01:44
*** junhongl has joined #openstack-keystone		01:45
*** ozialien has quit IRC		01:53
omkarjoshi	yeah that warning went away but still same username is getting used ...resulting into a failure..	02:06
*** harlowja_ is now known as harlowja_away		02:14
*** ozialien has joined #openstack-keystone		02:14
*** markvoelker has joined #openstack-keystone		02:18
openstackgerrit	Merged openstack/keystone: Add inline comment and docstrings fixes for Fernet https://review.openstack.org/165489	02:20
*** erkules_ has joined #openstack-keystone		02:20
openstackgerrit	Merged openstack/keystone: Support upload domain config files to database https://review.openstack.org/160364	02:20
* lbragstad highfives dolphm		02:21
*** markvoelker has quit IRC		02:23
*** erkules has quit IRC		02:23
lbragstad	nice work jorge_munoz!	02:23
*** sigmavirus24_awa is now known as sigmavirus24		02:27
*** dims has quit IRC		02:28
*** mhu has quit IRC		03:07
*** mhu has joined #openstack-keystone		03:07
*** stevemar has joined #openstack-keystone		03:08
*** ChanServ sets mode: +v stevemar		03:08
*** samueldmq has joined #openstack-keystone		03:18
*** browne has quit IRC		03:22
*** omkarjoshi has quit IRC		03:25
*** greghaynes has quit IRC		03:43
*** iamjarvo has joined #openstack-keystone		03:53
*** tqtran has quit IRC		03:55
*** tqtran has joined #openstack-keystone		03:56
*** omkarjoshi has joined #openstack-keystone		03:57
*** sigmavirus24 is now known as sigmavirus24_awa		03:57
*** lhcheng has joined #openstack-keystone		04:00
*** ozialien has quit IRC		04:01
*** ozialien has joined #openstack-keystone		04:02
*** jamielennox is now known as jamielennox\|away		04:06
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Remove parent_id in v2 token response https://review.openstack.org/156867	04:17
openstackgerrit	Merged openstack/keystone: Update Apache httpd config docs for token persistence https://review.openstack.org/164508	04:17
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Remove parent_id in v2 token response https://review.openstack.org/156867	04:19
*** dims has joined #openstack-keystone		04:19
*** markvoelker has joined #openstack-keystone		04:19
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Remove parent_id in v2 tenant response https://review.openstack.org/164367	04:20
*** samueldmq has quit IRC		04:22
*** markvoelker has quit IRC		04:24
*** erkules_ is now known as erkules		04:26
*** erkules has joined #openstack-keystone		04:26
*** dims has quit IRC		04:27
*** browne has joined #openstack-keystone		04:30
*** richm has quit IRC		04:38
*** iamjarvo has quit IRC		04:55
*** __afazekas is now known as afazekas		05:03
*** amerine_ has joined #openstack-keystone		05:14
*** amerine has quit IRC		05:16
*** markvoelker has joined #openstack-keystone		05:20
*** markvoelker has quit IRC		05:25
*** ozialien has quit IRC		05:32
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add API to create ecp wrapped saml assertion https://review.openstack.org/162866	05:33
*** greghaynes has joined #openstack-keystone		05:40
openstackgerrit	Steve Martinelli proposed openstack/keystone: Document websso setup https://review.openstack.org/164012	05:45
*** stevemar has quit IRC		06:00
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex https://review.openstack.org/165702	06:04
*** davechen has joined #openstack-keystone		06:12
*** dims has joined #openstack-keystone		06:13
*** dims has quit IRC		06:19
*** markvoelker has joined #openstack-keystone		06:21
*** markvoelker has quit IRC		06:26
*** pcaruana has quit IRC		06:33
*** ishant has joined #openstack-keystone		06:43
openstackgerrit	Merged openstack/keystone: Update sample httpd config file https://review.openstack.org/164510	06:46
*** markvoelker has joined #openstack-keystone		07:22
*** henrynash has joined #openstack-keystone		07:23
*** ChanServ sets mode: +v henrynash		07:23
*** ParsectiX has joined #openstack-keystone		07:23
*** markvoelker has quit IRC		07:26
*** Bsony has joined #openstack-keystone		07:45
*** henrynash has quit IRC		07:47
*** chlong has quit IRC		07:47
*** dims has joined #openstack-keystone		08:04
*** ajayaa has joined #openstack-keystone		08:06
*** ccard has quit IRC		08:09
*** dims has quit IRC		08:10
openstackgerrit	Dave Chen proposed openstack/keystone: Needn't workaround when invoking `app.request()` https://review.openstack.org/165727	08:18
openstackgerrit	Dave Chen proposed openstack/keystone: Needn't workaround when invoking `app.request()` https://review.openstack.org/165727	08:20
*** ccard has joined #openstack-keystone		08:28
*** kashyap has left #openstack-keystone		08:29
*** jistr has joined #openstack-keystone		08:37
*** lhcheng has quit IRC		08:40
*** amerine has joined #openstack-keystone		08:44
*** amerine_ has quit IRC		08:45
breton	davechen:	08:49
davechen	breton: hi ;-)	09:01
davechen	breton: it's hard to connect your nick name with your real name	09:01
davechen	breton: It's lucky to find someone still working, the channel is pretty quiet.	09:03
breton	well, it's 12:05 in my tz	09:03
davechen	breton: 12:05 am or pm?	09:04
breton	PM	09:05
davechen	breton: I am wrong, there is never a time as 12:05 am :)	09:05
breton	the one that goes after 11:00 AM :)	09:05
* breton never understood why it's 11 am, then 12 pm and then 1 pm.		09:05
davechen	breton: agree, seems most of guys like working in the deep night.	09:07
breton	I wonder why gerrit doesn't have any links to lp	09:08
breton	because my nickname is set on lp and, well, it could solve problems.	09:09
davechen	breton: you mean the name used in the channel?	09:09
*** tqtran has quit IRC		09:09
davechen	breton: there is the one who has the same name in the lp.	09:11
openstackgerrit	Endre Karlson proposed openstack/python-keystoneclient: Allow for other then STABLE api version https://review.openstack.org/130159	09:11
breton	davechen: there is https://launchpad.net/~bbobrov :) and there is my nickname	09:12
davechen	breton: you'd better go to sleep, pretty late for you, I am currently okay, my time is 5:00 PM.	09:12
*** henrynash has joined #openstack-keystone		09:12
*** ChanServ sets mode: +v henrynash		09:12
davechen	breton: yeah, it's quite different with your nick name here.	09:12
breton	davechen: err, no, it's just the beginning of the work day. It's 12:15, not 00:15, if we speak in 24h format :)	09:14
davechen	breton: Aha, that's great! we are closer.	09:16
*** rdo has quit IRC		09:16
*** dims has joined #openstack-keystone		09:22
*** markvoelker has joined #openstack-keystone		09:23
*** lhcheng has joined #openstack-keystone		09:25
*** krykowski has joined #openstack-keystone		09:25
*** dims has quit IRC		09:26
*** davechen has left #openstack-keystone		09:27
*** markvoelker has quit IRC		09:28
*** omkarjoshi has quit IRC		09:32
openstackgerrit	David Charles Kennedy proposed openstack/keystone: Improves support for sample data script with ssl https://review.openstack.org/154074	09:36
*** dims has joined #openstack-keystone		09:45
openstackgerrit	henry-nash proposed openstack/keystone: Update configuration documentation for domain config https://review.openstack.org/165754	09:46
*** Trozz has quit IRC		09:50
*** Trozz has joined #openstack-keystone		09:53
*** Trozz is now known as Trozz_		09:55
*** Trozz_ is now known as Trozz		09:55
*** alex_xu has quit IRC		10:12
*** alex_xu has joined #openstack-keystone		10:14
openstackgerrit	henry-nash proposed openstack/keystone: Testing combination of limits and filters https://review.openstack.org/165761	10:14
*** lhcheng has quit IRC		10:22
*** markvoelker has joined #openstack-keystone		10:24
*** henrynash has quit IRC		10:27
*** markvoelker has quit IRC		10:29
*** samueldmq-away is now known as samueldmq		10:33
*** ajayaa has quit IRC		10:54
*** jdennis has quit IRC		10:59
*** ajayaa has joined #openstack-keystone		11:02
*** amakarov_away is now known as amakarov		11:03
*** pcaruana has joined #openstack-keystone		11:05
*** mattfari_ has joined #openstack-keystone		11:11
*** mattfari_ has quit IRC		11:12
openstackgerrit	Merged openstack/keystone: Fix nullable constraints in service provider table https://review.openstack.org/164189	11:14
*** markvoelker has joined #openstack-keystone		11:25
*** markvoelker has quit IRC		11:30
*** markvoelker has joined #openstack-keystone		11:54
*** henrynash has joined #openstack-keystone		12:06
*** ChanServ sets mode: +v henrynash		12:06
*** richm has joined #openstack-keystone		12:08
*** diegows_ has joined #openstack-keystone		12:11
*** chlong has joined #openstack-keystone		12:14
*** bknudson has quit IRC		12:25
*** chlong has quit IRC		12:26
*** rdo has joined #openstack-keystone		12:30
*** htruta has quit IRC		12:31
*** htruta has joined #openstack-keystone		12:32
*** gordc has joined #openstack-keystone		12:34
*** gordc has quit IRC		12:34
*** gordc has joined #openstack-keystone		12:37
*** diegows_ has quit IRC		12:38
*** diegows has joined #openstack-keystone		12:38
openstackgerrit	Dave Chen proposed openstack/keystone: Needn't workaround when invoking `app.request()` https://review.openstack.org/165727	12:40
*** chlong has joined #openstack-keystone		12:43
*** bknudson has joined #openstack-keystone		12:45
*** ChanServ sets mode: +v bknudson		12:45
openstackgerrit	henry-nash proposed openstack/keystone: Testing combination of limits and filters https://review.openstack.org/165761	12:54
*** ParsectiX has quit IRC		12:59
*** dims has quit IRC		13:01
*** dims has joined #openstack-keystone		13:02
openstackgerrit	Henrique Truta proposed openstack/keystone: WIP: Bye bye domain table https://review.openstack.org/161854	13:05
*** henrynash has quit IRC		13:06
*** jistr has quit IRC		13:08
*** jistr has joined #openstack-keystone		13:09
*** ParsectiX has joined #openstack-keystone		13:12
*** ParsectiX has quit IRC		13:14
*** ParsectiX has joined #openstack-keystone		13:15
*** chlong has quit IRC		13:21
*** zzzeek has joined #openstack-keystone		13:28
*** ishant has quit IRC		13:47
*** ParsectiX has quit IRC		13:50
*** ParsectiX has joined #openstack-keystone		14:01
*** sigmavirus24_awa is now known as sigmavirus24		14:02
morganfainberg	K3 is being tagged now.	14:06
bknudson	morganfainberg: you going to go through an -2 reviews that are features?	14:09
*** csoukup has joined #openstack-keystone		14:09
*** ajayaa has quit IRC		14:09
*** henrynash has joined #openstack-keystone		14:10
*** ChanServ sets mode: +v henrynash		14:10
morganfainberg	bknudson: yes. I will be doing that today.	14:10
*** mattfarina has joined #openstack-keystone		14:12
*** samueldmq_ has joined #openstack-keystone		14:13
*** stevemar has joined #openstack-keystone		14:14
*** ChanServ sets mode: +v stevemar		14:14
*** obutenko has joined #openstack-keystone		14:17
*** iamjarvo has joined #openstack-keystone		14:18
henrynash	morgangainberg: is it too late for this doc change to get into K3? https://review.openstack.org/#/c/165754/1	14:19
*** dhellmann has quit IRC		14:19
*** dhellmann has joined #openstack-keystone		14:19
*** timcline has joined #openstack-keystone		14:21
henrynash	stevemar, ayoung: (only once you are done with Fernet reviews)…maybe you could take a quick look	14:21
*** ayoung has quit IRC		14:22
stevemar	henrynash, i think doc changes can go in anytime	14:26
henrynash	stevemar: oh sure….it was more…if someone picks up k3, it would be nice if they tried this out	14:26
henrynash	stevemar: and this tells them how	14:27
stevemar	true, but docs.openstack.org/developer/keystone is refreshed every time a patch is merged	14:27
henrynash	stevemar:…ah…and that’s s damn fine point, sir!	14:28
henrynash	stevemar: when will I learn about taht internet-thingy which means you don’t have to put everyting in a box and get Mr Postman to ship it to your customers	14:29
stevemar	henrynash, i still wonder why some customers want actual CDs/DVDs of software	14:32
henrynash	stevemar: caosters? frizzbees?	14:33
*** jdennis has joined #openstack-keystone		14:34
*** iamjarvo has quit IRC		14:34
* bknudson is glad openstack bot doesn't report bug status changes to irc.		14:39
breton	well, it'd be just ~50 lines	14:39
*** iamjarvo has joined #openstack-keystone		14:39
*** iamjarvo has quit IRC		14:40
*** iamjarvo has joined #openstack-keystone		14:40
jorge_munoz	dolphm: lbragstad \o/	14:46
*** timcline has quit IRC		14:48
*** timcline has joined #openstack-keystone		14:49
openstackgerrit	henry-nash proposed openstack/keystone: Testing combination of limits and filters https://review.openstack.org/165761	14:55
*** ajayaa has joined #openstack-keystone		14:55
*** timcline has quit IRC		14:57
*** timcline has joined #openstack-keystone		14:57
morganfainberg	henrynash, it is too late for kilo3 anything	15:02
henrynash	morganfainberg: np…since as stevemar reminded me…teh doc will get publsihed online anyway!	15:03
henrynash	morganfainberg: (it was a doc only change)	15:04
*** ParsectiX has quit IRC		15:07
*** timcline has quit IRC		15:08
*** timcline has joined #openstack-keystone		15:09
marekd	morganfainberg: still chances for FFE for https://review.openstack.org/#/c/152156/ ? stevemar already +2d it, I like it too, but only +1ed it as I pushed some fixes to this patch.	15:12
morganfainberg	marekd, FFEs sent to the ML will be confirmed asap, but FFE just means it can land post milestone-3	15:13
morganfainberg	marekd, it cannot land in kilo3, kilo3 was already tagged.	15:13
*** angular_mike has joined #openstack-keystone		15:14
marekd	morganfainberg: well, as long as we can land it ~now-is (so March, April, May), not for L release i am happy :-)	15:14
*** pnavarro has joined #openstack-keystone		15:24
*** fmarco76 has joined #openstack-keystone		15:25
marekd	bknudson: you are a member of ACM, aren't you ?	15:25
bknudson	marekd: yes, since college.	15:25
marekd	bknudson: and what this 'membershib' actually mean? you are obliged to publish whitepapers and so on?	15:26
bknudson	marekd: no, you pay dues and get the magazine.	15:27
*** samueldmq__ has joined #openstack-keystone		15:27
marekd	aha, ok	15:27
openstackgerrit	Merged openstack/keystone: Adds test for federation mapping list order issues https://review.openstack.org/163172	15:27
*** samueldmq_ has quit IRC		15:29
*** henrynash has quit IRC		15:31
stevemar	marekd, can i review your OSC sp patch?	15:32
*** fmarco76 has quit IRC		15:33
marekd	stevemar: i didn't add any tests.	15:36
stevemar	:O	15:36
*** ayoung has joined #openstack-keystone		15:36
*** ChanServ sets mode: +v ayoung		15:36
marekd	stevemar: so, if you could it'd be awesome and tmrw i will address yur comments and add tests	15:37
marekd	it's rougly copy/paste from identity_provider.py	15:37
*** gyee has joined #openstack-keystone		15:37
*** ChanServ sets mode: +v gyee		15:37
stevemar	marekd, alright, i'll review it then :)	15:38
marekd	stevemar: thanks :-)	15:38
ayoung	Spotty network connection right now....I'm assuming everything that is going in for K3 is in? Anything pressing?	15:39
marekd	stevemar: liked the idea of osc in a daemon mode, btw	15:39
*** Bsony has quit IRC		15:39
stevemar	marekd, that would be crazy	15:41
*** _cjones_ has joined #openstack-keystone		15:41
openstackgerrit	Alexander Makarov proposed openstack/keystone: Group role revocation invalidates all user tokens https://review.openstack.org/141854	15:44
*** Trozz has quit IRC		15:46
*** krykowski has quit IRC		15:47
*** Trozz has joined #openstack-keystone		15:47
*** pnavarro has quit IRC		15:47
*** browne has quit IRC		15:49
openstackgerrit	Merged openstack/keystone: Imported Translations from Transifex https://review.openstack.org/165702	15:56
raildo	morganfainberg, I already have sent the email requesting the FFE for reseller; http://www.mail-archive.com/openstack-dev@lists.openstack.org/msg48301.html	15:56
morganfainberg	raildo, i know	15:57
morganfainberg	raildo, i need to -2 them until we confirm the FFE	15:57
morganfainberg	ayoung, k3 is tagged	15:58
raildo	morganfainberg, sure, np.	15:58
ayoung	morganfainberg, figured	15:58
ayoung	anything buring then?	15:58
*** arunkant_ has joined #openstack-keystone		15:58
openstackgerrit	Merged openstack/keystone: Prefer . to setattr()/getattr() https://review.openstack.org/164318	15:58
*** arunkant_ has quit IRC		16:00
*** arunkant_ has joined #openstack-keystone		16:00
ayoung	stevemar, running tox on oslo policy I get : File "/opt/stack/oslo.policy/.tox/py27/lib/python2.7/site-packages/oslo_config/cfg.py", line 1021, in __init__	16:02
ayoung	super(MultiOpt, self).__init__(name, item_type, **kwargs)	16:02
ayoung	TypeError: __init__() got an unexpected keyword argument 'deprecated_for_removal'	16:02
stevemar	ayoung, rebuild your venv	16:02
ayoung	ok	16:02
stevemar	oslo.config has a new option now - deprecated_for_removal - and that was in it's latest release	16:03
rodrigods	lots of -2	16:05
rodrigods	:)	16:05
raildo	haha	16:05
morganfainberg	-2's have been sent out. if I missed any features (without specific comment saying "this is not API/feature specifc" please let me know.	16:06
*** henrynash has joined #openstack-keystone		16:08
*** ChanServ sets mode: +v henrynash		16:08
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: WIP: Bye bye domain table https://review.openstack.org/161854	16:13
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Honor domain operations in project table https://review.openstack.org/143763	16:13
*** arunkant_ has quit IRC		16:13
*** samueldmq__ has quit IRC		16:16
*** arunkant_ has joined #openstack-keystone		16:20
*** rushiagr_away is now known as rushiagr		16:29
*** browne has joined #openstack-keystone		16:29
*** Bsony has joined #openstack-keystone		16:32
*** tqtran has joined #openstack-keystone		16:34
*** iamjarvo has quit IRC		16:37
openstackgerrit	ayoung proposed openstack/oslo.policy: Convert Exceptions to failures. https://review.openstack.org/165908	16:37
*** amakarov is now known as amakarov_away		16:37
*** ayoung has quit IRC		16:39
edmondsw	dolphm, nkinder.. sorry I disappeared yesterday. Family thing popped up.	16:43
edmondsw	dolphm, nkinder.. reading back, sounds like you both agreed that bug 1431015 would be valid after all, and the domain_id wouldn't have to be specified by query param if the user and project domain from the token is the same... correct?	16:44
openstack	bug 1431015 in Keystone "v3/users or groups calls not working without domain_id" [Undecided,Invalid] https://launchpad.net/bugs/1431015 - Assigned to lilly (lilly-spandanabarukula)	16:44
*** ljfisher has joined #openstack-keystone		16:47
edmondsw	dolphm, nkinder.. if so, can one of you update the bug accordingly?	16:47
*** Swanson has left #openstack-keystone		16:49
*** gyee has quit IRC		16:56
henrynash	edmondsw: sorry, why do we think the bug is valid?	16:58
edmondsw	henrynash, I thought that was the conclusion here on irc last night... its a usability mess for folks moving from single domain to separate domains for service vs. end users	16:59
marekd	stevemar: why crazy?	16:59
*** lhcheng has joined #openstack-keystone		16:59
edmondsw	henrynash, /v3/users and /v3/groups work in single domain, but no longer when you split out the service users into a separate domain	17:00
henrynash	edmondsw: well, not if you have domain specific drivers enabled, no	17:01
edmondsw	henrynash, ??	17:01
edmondsw	henrynash, agreeing with me that they don't work, or... ?	17:02
henrynash	edmondsw: I think the restriction comes when you throw the switch to use different backend drivers per domain….we really MUST insist on a domain being specified (somehow) in that case when listing users	17:02
edmondsw	henrynash, why? I think dolphm and nkinder finally agreed with me to the contrary last night	17:03
henrynash	edmondsw: so other wise a list all users would (potentially) fan out to, say, 100 different LDAP servers each with 10,000 users….ouch	17:04
edmondsw	henrynash, the domain is implicitly specified in the case we're talking about, so why would it need to be explicitly specified?	17:04
henrynash	edmondsw: how is it explicitely specified?	17:04
edmondsw	henrynash, you can explicitly specify it with the domain_id query param... e.g. /v3/users/domain_id=default	17:05
henrynash	edmondsw: of course, that’s how you are meant to do it	17:05
*** pcaruana has quit IRC		17:05
henrynash	edmondsw: but that works, right?	17:05
edmondsw	henrynash, yes, that works... but you asked for how to do it explicitly.. I'm talking about implicit	17:06
edmondsw	henrynash, if the token user is in domain default, and the token is scoped to a project that is in domain default, then of course you're asking for users in domain default	17:06
edmondsw	henrynash, so you shouldn't have to say /v3/users?domain_id=default... you should just be able to ask for /v3/users and keystone should know the domain is default	17:06
*** jistr has quit IRC		17:07
edmondsw	henrynash, like it already does if you have a domain-scoped token... figures the domain id implicitly based on the token	17:07
henrynash	edmondsw: so of course we could make that assumption…although I’m not sure it’s a good idea	17:07
edmondsw	henrynash, why wouldn't it be a good idea?	17:07
henrynash	edmondsw: yep, I wrote that bit	17:07
henrynash	edmondsw: becuase me being in domain A says nothing about what I want to operate on…..a token scope is exactly that…the scope udner which I want to work	17:08
edmondsw	henrynash which is why personally I don't think the user's token should have anything to do with this, but dolphm and nkinder did	17:08
edmondsw	henrynash, s/token/domain/	17:09
*** harlowja_away is now known as harlowja_		17:09
edmondsw	henrynash, I think the project domain is the only domain that should matter... that comes from the token scope, whereas the user's domain has nothing to do with scope	17:09
henrynash	edmondsw: pretty soon (like between now and RC of Kilo) we’ll probably have multipel layers of domain, beneath which we have hieracies of projects….I think it would be dangerous to assume anything about the scope of a request other than the explicit scope of the token (or explict filter in the request)	17:10
edmondsw	henrynash, but dolphm and nkinder thought they should have to match for some reason... which would solve my use case, so I'd be ok with that, even if it doesn't seem quite right	17:10
nkinder	henrynash: the idea would be to attempt to list users in the same domain of the requesting user if they don't specify a domain in the query parameter (even if they have a project scoped token)	17:11
openstackgerrit	Merged openstack/keystone: Cleanup Fernet testcases and add comments. https://review.openstack.org/165520	17:11
nkinder	henrynash: policy would still block you if it's not allowed	17:11
edmondsw	henrynash, and why isn't the project's domain considered explicit enough?	17:11
nkinder	henrynash: so with policy.v3cloudsample, you will still be denied without a domain-scoped token	17:11
nkinder	edmondsw: I think the user domain is more appropriate personally	17:11
henrynash	edmondsw: ahh, now what they might be saying that (if we get it all in in time) in Kilo a domain is a specical project….and so if you get a token scoped for such a sepecial project then the domain and project ID will be in the token	17:12
edmondsw	nkinder why? user domain seems irrelevant	17:12
openstackgerrit	Merged openstack/keystone: Updated from global requirements https://review.openstack.org/162350	17:12
*** timcline has quit IRC		17:12
henrynash	nkinder, edmondsw: and hence it would satisfy the policy requriement	17:12
nkinder	edmondsw: the same could be said about the project domain...	17:13
edmondsw	nkinder how? project domain is part of the scope... user domain isn't	17:13
henrynash	nkinder: …although I’m personally still a bit skeptical about this dual-ness style token	17:13
nkinder	edmondsw: the way domains are designed, you typically don't have cross-domain visibility unless you are a cloud admin	17:14
nkinder	so listing other users within my domain seems like a natural thing to me	17:15
henrynash	edmondsw: I’m with nkinder on the project domain being relevant, I don’t see that it is…..in fact if we allowed listing all users with a (regualr) project token, then I would expect it do do something very different….liek list all users that have any role on that project or something (which I don’t like any way…we already have an API for that)	17:15
edmondsw	nkinder for which you should use a token scoped to your domain, either directly or scoped to a project in your domain	17:15
nkinder	edmondsw: do you have a user from one domain with a project-scoped token for a project in another domain?	17:15
edmondsw	why would you want to use a token scoped to a project in another domain to read users in your domain?	17:15
*** timcline has joined #openstack-keystone		17:16
nkinder	domains are typically designed for separation, but you're talking about crossing domains (user from "coke" has roles on a project form "pepsi")	17:16
edmondsw	nkinder, no, I don't, which is why I said I'd be ok with user and project domain having to match if we have to go that way, but it seems like someone else could and I don't see how user domain is relevant	17:17
*** Bsony has quit IRC		17:17
edmondsw	nkinder user there would have to be a cloud admin, I agree	17:17
edmondsw	but that cloud admin could have gotten a token for a pepsi project and should only then be seeing users in the pepsi project	17:18
edmondsw	s/in the pepsi project/in the pepsi project's domain/	17:18
edmondsw	they'd need a differently scoped token to read users in the coke domain... they'd be allowed to do that, because they're a cloud admin, but would need a differently scoped token	17:19
*** Bsony has joined #openstack-keystone		17:19
nkinder	top-level cloud admin can just use the query param. All they need is their domain-scoped token from the "admin" domain specified in policy.json	17:19
nkinder	I think any heuristic about where the domain is pulled from is going to be confusing for some (just like I think user is natural, but you thing project is)	17:20
nkinder	...which is why I think dolph said user_domain==project_domain should be enforced for this	17:21
edmondsw	nkinder, and like I said, I'm fine with that... doesn't seem necessary, but satisfies my use case	17:22
edmondsw	nkinder, so can we agree to open bug 1431015 back up?	17:22
openstack	bug 1431015 in Keystone "v3/users or groups calls not working without domain_id" [Undecided,Invalid] https://launchpad.net/bugs/1431015 - Assigned to lilly (lilly-spandanabarukula)	17:23
nkinder	edmondsw: given that henrynash has done much of the domain work, I'd like to see if he's on board	17:23
edmondsw	agreed	17:23
edmondsw	henrynash, you on board?	17:23
henrynash	edmondsw: sorry, had stepped away, reading back	17:23
henrynash	edmondsw: so let me make sure I understand the proposal…	17:25
henrynash	edmondsw: we would deduce the implicit domain “scope” of a list all users request from the users_domain IF it matched the project_domain in a projected scoped token	17:26
edmondsw	henrynash, yes... and same for a list groups request	17:27
henrynash	edmondsw: yes, naturally	17:27
henrynash	edmondsw: I can’t say I like it at all…it just does not seem intuative	17:28
edmondsw	henrynash, why don't you think it's intuitive? Seems to me NOT doing this is unintuitive	17:28
edmondsw	henrynash, what other domain could you possible want the information for? You're scoped in such a way you wouldn't be able to make this request for any other domain	17:29
henrynash	edmondsw: i would expect such a command to only list me the users that have a role on that project	17:29
edmondsw	henrynash, :) there you get into another gripe I have...	17:30
henrynash	edmondsw: (and I’m not angling for that fucntionality…I don’t want it to do that)	17:30
*** mestery_ has joined #openstack-keystone		17:31
henrynash	edmondsw: in fact I think we had such an API and we deprecated it	17:31
*** mestery has quit IRC		17:33
edmondsw	henrynash, I would love to be able to ask for users with a role on a project... can't believe we don't have that today	17:33
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Stop calling domain drivers https://review.openstack.org/165936	17:33
rodrigods	morganfainberg, ^ needs a -2 :)	17:33
henrynash	edmondsw: what I might agree is that (once domains are just projects with a special flag set), then if you have token scoped to THAT sort of project, then yes, waht we suggest might akes ense	17:34
edmondsw	henrynash, but I would think that listing only users with roles would require a query param on the /v3/users query to distinguish that behavior	17:34
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Stop calling domain drivers https://review.openstack.org/165936	17:34
*** packet has joined #openstack-keystone		17:35
edmondsw	henrynash, when we have those special domain projects, will I be able to do everything with a token for that domain/project, or will I have to ask for a token scoped to some sub-project to work on said sub-project?	17:35
henrynash	edmondsw: you’ll have to get a token to project you want to work on	17:36
openstackgerrit	Merged openstack/keystone: Needn't workaround when invoking `app.request()` https://review.openstack.org/165727	17:36
edmondsw	henrynash, a large part of the issue here is a) don't want to have to ask for a second token and b) don't want to have to specify query params I didn't have to specify before moving service users into a separate domain	17:36
henrynash	edmondsw: hierarchical projects are in there already	17:36
edmondsw	henrynash, asking the question another way... would I have to have a subproject under this domain-project, or would it serve the purpose of both?	17:37
henrynash	edmondsw: they can serve both pruposes of you want to use it that way	17:38
henrynash	(at least I think so….that was part of the original design…..it’s possible the first release of it has a restrction…but not sure)	17:39
edmondsw	henrynash, and this may or may not be in kilo?	17:39
*** mestery_ is now known as mestery		17:39
henrynash	edmondsw: so we have requested a FFE to get it in (the patches are up for review, but no in K3)	17:39
*** iamjarvo has joined #openstack-keystone		17:42
henrynash	rodrigods: did you see an email from me agreeing to sponsor the FFE….my email account that I use for OPenStack is going flakey...	17:42
henrynash	rodigods: (and btw, you missed uploading you 069 migration method to https://review.openstack.org/#/c/161854/10)	17:43
rodrigods	henrynash, no...	17:43
edmondsw	henrynash, alright, I'll give up on bug 1431015 :) Tx for the consideration / discussion	17:43
openstack	bug 1431015 in Keystone "v3/users or groups calls not working without domain_id" [Undecided,Invalid] https://launchpad.net/bugs/1431015 - Assigned to lilly (lilly-spandanabarukula)	17:43
henrynash	rodigods: hmm, damn	17:43
edmondsw	nkinder ^ you too	17:44
rodrigods	henrynash, yeah... that patch is going to change, it will be just the domain table drop	17:44
henrynash	edmondsw: i understand that it IS more work when you have these different domains and drivers…but as an Identity service we have to be pretty strict on things like scope	17:44
raildo	henrynash, sorry, I forgot to put int he email that you will sponsor the reseller FFE =/	17:45
edmondsw	henrynash, of course	17:45
henrynash	raildo: and I can’t send anything to the list right now….it will take me a while to un-flake my email account	17:46
raildo	henrynash, If you want, i can send a reply with this information.	17:46
henrynash	raildo: please do	17:46
raildo	henrynash, ok	17:46
henrynash	edmondsw: and appracite you good debate…I am sure this will continue	17:46
*** ayoung has joined #openstack-keystone		17:50
*** ChanServ sets mode: +v ayoung		17:50
*** boris-42 has quit IRC		18:02
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: On creation default service name to empty string https://review.openstack.org/146962	18:04
bknudson	stevemar: were you going to pycon?	18:05
*** gyee has joined #openstack-keystone		18:06
*** ChanServ sets mode: +v gyee		18:06
stevemar	bknudson, i applied to go, but i didn't get approval in time, was sold out before anyone looked at it	18:09
bknudson	:(	18:09
stevemar	bknudson, you going?	18:10
stevemar	bknudson, i applied back in january	18:10
bknudson	stevemar: no, I was just wondering... noticed this: https://us.pycon.org/2015/schedule/tutorials/ -- Tutorial Rate$150 USD each $200 USD each	18:10
stevemar	bknudson, ugh that's pricey	18:11
bknudson	dstanek's got it figured out.	18:11
bknudson	stevemar: only if you're attending a tutorial... lucrative for presenters.	18:11
dstanek	bknudson: :-) i have a co-presenter so i get half the take	18:11
stevemar	bknudson, i was thinking of hopping on a train and going to montreal anyway	18:11
ayoung	lbragstad, stevemar lhcheng ... creating a service without a name seems like it should be forbidden. Wouldn't that be the right way to go instead of defualting to ''? https://review.openstack.org/#/c/146962/14	18:12
*** bernardo-silva has joined #openstack-keystone		18:13
*** omkarjoshi has joined #openstack-keystone		18:13
stevemar	ayoung, other way around, creating a service without a type should be disallowed	18:13
jorge_munoz	Are the docs for http://developer.openstack.org/api-ref-identity-v2.html not up-to-date. I can’t assigned a global role to a user. There is logic in the code that returns “Not Implemented” if a tenant is not provided for `PUT /v2.0/users/{userId}/roles/OS-KSADM/{roleId}`. Are global roles no longer supported in keystone?	18:13
lbragstad	ayoung: service name isn't a required parameter https://github.com/openstack/keystone/blob/master/keystone/catalog/schema.py#L55	18:13
ayoung	stevemar, then the name should be the type if it is not set	18:13
ayoung	lbragstad, having both is madness....madness I tell you!	18:14
lbragstad	ayoung: related https://bugs.launchpad.net/keystone/+bug/1259425 https://review.openstack.org/#/c/138130/	18:14
openstack	Launchpad bug 1259425 in Keystone "service-create allows 2 services with the same name" [Medium,In progress] - Assigned to Lance Bragstad (lbragstad)	18:14
stevemar	ayoung, that's an implementation decision	18:14
lhcheng	ayoung: I think we can't change that due to breaking backward compatibility	18:15
ayoung	Why would we have both name and type? Thus stuff predates me.	18:15
ayoung	lhcheng, I wonder how people actually use name vs. type?	18:15
stevemar	type would be `identity` and name would be `keystone`	18:15
stevemar	why that is... i dunno	18:15
lbragstad	jorge_munoz: I had a commit up for removing the ability to get global roles: https://review.openstack.org/#/c/154238/	18:16
ayoung	stevemar, I know that is the devstack (and what we have done) approach	18:18
ayoung	do we really need "name" for anything?	18:18
lhcheng	name might optional due to templated catalog?	18:18
ayoung	Seems ... foolishly consistent?	18:19
jorge_munoz	lbragstad: Thanks, that answers my question.	18:19
stevemar	ayoung, well you can have multiple service types that are the same	18:19
lbragstad	jorge_munoz: sure thing	18:19
stevemar	you could use name to differentiate	18:19
stevemar	instead of id	18:19
ayoung	morganfainberg, Can we deprecate Name in the service catalog? Law of the Ants: Anything not required is forbidden	18:20
morganfainberg	ayoung, uhm...	18:21
ayoung	stevemar, "can" and "why would anybody do this" are two slightly different but related things	18:21
morganfainberg	who is/could be using it?	18:21
lbragstad	I think that would be backwards incompatible	18:21
morganfainberg	because ... likely no since it's not backwards compatbile	18:21
ayoung	Any clue why we even have it?	18:21
*** _cjones_ has quit IRC		18:21
bknudson	we can deprecate anything... removing it is going to require identity v4	18:21
morganfainberg	someone.	18:21
morganfainberg	bknudson, ++	18:21
morganfainberg	sure.	18:21
morganfainberg	but we can't "warn" or anything if it's deprecated	18:22
morganfainberg	so... is there a point to deprecating at this point?	18:22
ayoung	Yeah...its just confusing	18:22
lbragstad	or, we micro-version, like what nova does?	18:22
morganfainberg	lbragstad, separate discussion	18:22
morganfainberg	lets talk that for liberty and what it means	18:22
bknudson	do we have any dev docs on testing notifications?	18:24
*** _cjones_ has joined #openstack-keystone		18:25
*** ajayaa has quit IRC		18:39
openstackgerrit	Joe Gordon proposed openstack/keystone: Move updating default log levels higher up https://review.openstack.org/165962	18:43
openstackgerrit	Merged openstack/python-keystoneclient: Add OS-SIMPLE-CERT support for v3. https://review.openstack.org/142200	18:51
*** timcline has quit IRC		19:01
openstackgerrit	Joe Gordon proposed openstack/keystone: Fix set_default_for_default_log_levels https://review.openstack.org/165962	19:05
*** _cjones_ has quit IRC		19:08
ayoung	Seems to me that Gerrit should help out on workflow more than just patch submissions. Tagging and branching requests should be done just like other stuff....I'll file that wasy for future research	19:08
openstackgerrit	Joe Gordon proposed openstack/keystone: Fix set_default_for_default_log_levels https://review.openstack.org/165962	19:10
ayoung	amakarov_away, sorry to rain on your parade. That was an inspired approach...but it won't work.	19:11
lhcheng	bknudson: I don't think so, tried looking for it around midcycle but didn't find anything. stevemar had to show me how to test it.	19:20
stevemar	bknudson, what are you looking for the docs to explain?	19:31
*** amerine has quit IRC		19:32
*** _cjones_ has joined #openstack-keystone		19:34
stevemar	jamielennox\|away, around? ... and you're marked as away	19:42
*** bernardo-silva has quit IRC		19:45
*** bernardo-silva has joined #openstack-keystone		19:45
*** rushiagr is now known as rushiagr_away		19:48
bknudson	stevemar: would be interesting if there was some instructions for how to monitor the notify queue to see that notifications were sent.	19:49
stevemar	bknudson, run `ceilometer event-list` ?	19:50
*** bernardo-silva has quit IRC		19:50
stevemar	whatever you have oslo.messaging set up to listen to	19:50
bknudson	ugh, need to get ceilometer running then.	19:50
stevemar	bknudson, are you referring to edmondsw's issue?	19:50
bknudson	stevemar: ? no, someone else here was asking about it.	19:51
stevemar	ah	19:51
stevemar	bknudson, i was referring to https://bugs.launchpad.net/keystonemiddleware/+bug/1421858	19:53
openstack	Launchpad bug 1421858 in keystonemiddleware "v3 to v2 catalog conversion missing id" [Undecided,In progress] - Assigned to Matthew Edmonds (edmondsw)	19:53
stevemar	oh edmondsw updated the bug, i missed that	19:54
edmondsw	edmondsw here... still haven't gotten keystonemiddleware.audit working... but pycadf works now	19:54
edmondsw	stevemar, bknudson ^	19:54
stevemar	edmondsw, whats up with the middleware bits?	19:55
edmondsw	no errors, but nothing shows up in ceilometer, if I use keystonemiddleware	19:55
edmondsw	everything shows up in ceilometer fine if I use pycadf	19:55
*** amerine has joined #openstack-keystone		19:58
stevemar	that's weird	19:58
*** timcline has joined #openstack-keystone		20:02
*** timcline has quit IRC		20:06
*** bernardo-silva has joined #openstack-keystone		20:06
*** amerine has quit IRC		20:07
openstackgerrit	henry-nash proposed openstack/keystone: Update configuration documentation for domain config https://review.openstack.org/165754	20:08
openstackgerrit	Steve Martinelli proposed openstack/keystone: Document websso setup https://review.openstack.org/164012	20:11
stevemar	gyee, ping	20:11
stevemar	gyee, do you know whats wrong with https://review.openstack.org/#/c/162866/ ? :)	20:12
stevemar	AFAIK, relay state should be a uuid, not a redirect url	20:12
*** samueldmq__ has joined #openstack-keystone		20:15
*** samueldmq has quit IRC		20:17
openstackgerrit	Brant Knudson proposed openstack/keystone: Fix setting default log levels https://review.openstack.org/165962	20:22
*** c_soukup has joined #openstack-keystone		20:23
*** csoukup has quit IRC		20:26
*** dims has quit IRC		20:34
openstackgerrit	Brant Knudson proposed openstack/keystone: Corrections to request logging https://review.openstack.org/166002	20:37
*** iamjarvo has quit IRC		20:41
*** timcline has joined #openstack-keystone		20:42
*** timcline has quit IRC		20:42
*** iamjarvo has joined #openstack-keystone		20:42
*** timcline has joined #openstack-keystone		20:42
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct request logging query parameters separator https://review.openstack.org/166002	20:45
openstackgerrit	Steve Martinelli proposed openstack/python-keystoneclient: WIP - add support to samlize a token https://review.openstack.org/159022	20:48
openstackgerrit	Steve Martinelli proposed openstack/python-keystoneclient: WIP - add support to samlize a token https://review.openstack.org/159022	20:50
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add domain_id checking in create_project https://review.openstack.org/159944	20:50
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427	20:50
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Honor domain operations in project table https://review.openstack.org/143763	20:50
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Stop calling domain drivers https://review.openstack.org/165936	20:50
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Change project name constraint https://review.openstack.org/158372	20:50
stevemar	rodrigods, just made my irc client go ding ding ding ding ding	20:50
rodrigods	stevemar, hahah reseller chain	20:52
bknudson	'SCRIPT_NAME': '/v3/auth/tokens/auth/tokens/auth/tokens/auth/tokens/auth/tokens/auth/tokens/auth/tokens/auth/tokens/auth/tokens',	20:57
bknudson	that's weird.	20:57
openstackgerrit	henry-nash proposed openstack/keystone: Remove unused domain config method paramters https://review.openstack.org/166010	20:59
*** raildo is now known as raildo\|away		21:00
gyee	stevemar, I don't know yet	21:07
gyee	haven't had time to investigate	21:07
gyee	I'll take a look tonight	21:07
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct path in request logging https://review.openstack.org/166012	21:07
stevemar	gyee, okie dokie	21:07
stevemar	jdennis, regarding your recent comment on ecp... we're not copying & pasting it	21:09
stevemar	gyee, how are you guys handling the ecp assertions that you send off the wire for k2k?	21:10
jdennis	stevemar: sorry, my misunderstanding, let me look at it again	21:11
stevemar	jdennis, s'all good, i was just copying/pasting in the comments to share the outline	21:11
*** jorge_munoz has quit IRC		21:12
gyee	stevemar, we are using the script from rodrigods	21:15
gyee	that works fine with shibd	21:15
*** iamjarvo has quit IRC		21:15
gyee	stevemar, see http://blog.rodrigods.com/	21:17
gyee	transform_assertion_into_ecp()	21:18
stevemar	gyee, right, transform_assertion_into_ecp	21:18
stevemar	gyee, so it has the same ecp:RelayState everytime?	21:18
stevemar	that seems wrong	21:18
gyee	I did a quick comparison last night, only difference is the missing GeneratedKey attribute	21:19
stevemar	gyee, that the idea... i don't know how rodrigods came up with the value for GeneratedKey	21:22
*** jorge_munoz has joined #openstack-keystone		21:27
*** mattfarina has quit IRC		21:35
*** dims has joined #openstack-keystone		21:39
openstackgerrit	Brant Knudson proposed openstack/keystone: Entrypoints for commands https://review.openstack.org/131435	21:45
*** timcline has quit IRC		21:45
ayoung	bknudson, why https://review.openstack.org/#/c/131435/4 ?	21:46
bknudson	ayoung: consistency with other projects.	21:47
bknudson	not really expecting this for K, unless everyone's comfortable with it.	21:48
openstackgerrit	henry-nash proposed openstack/keystone: Add caching to getting of the fully substituted domain config https://review.openstack.org/166018	21:49
*** bernardo-silva has quit IRC		21:50
openstackgerrit	Brant Knudson proposed openstack/keystone: Entrypoints for commands https://review.openstack.org/131435	21:53
openstackgerrit	henry-nash proposed openstack/keystone: Remove unused domain config method paramters https://review.openstack.org/166010	21:53
openstackgerrit	henry-nash proposed openstack/keystone: Add caching to getting of the fully substituted domain config https://review.openstack.org/166018	21:55
*** lhcheng has quit IRC		21:57
openstackgerrit	henry-nash proposed openstack/keystone: Add caching to getting of the fully substituted domain config https://review.openstack.org/166018	21:58
bknudson	do we want the substituted domain config cached? now you're caching secret values.	21:58
*** ljfisher has quit IRC		22:02
*** jamielennox\|away is now known as jamielennox		22:09
*** packet has quit IRC		22:15
*** timcline has joined #openstack-keystone		22:16
*** dims has quit IRC		22:19
*** timcline has quit IRC		22:20
jamielennox	stevemar: here	22:21
stevemar	jamielennox, i have no idea why i needed to ping you	22:22
jamielennox	np	22:25
*** bknudson has quit IRC		22:27
*** henrynash has quit IRC		22:34
*** boris-42 has joined #openstack-keystone		22:36
*** ccard_ has quit IRC		22:36
*** gordc has quit IRC		22:38
*** ccard_ has joined #openstack-keystone		22:45
jamielennox	two easy reviews with a +2 already: https://review.openstack.org/#/c/164565/ and https://review.openstack.org/#/c/164568/	22:45
jamielennox	they will cause rebases i think so would be good to get them in	22:46
*** samueldmq has joined #openstack-keystone		22:54
*** gordc has joined #openstack-keystone		22:54
*** gordc has quit IRC		22:58
*** c_soukup has quit IRC		23:03
*** ccard_ has quit IRC		23:03
*** arunkant_ has quit IRC		23:04
*** ccard_ has joined #openstack-keystone		23:06
openstackgerrit	Ian Wienand proposed openstack/keystone: Use lower default value for sha512_crypt rounds https://review.openstack.org/165295	23:16
*** stevemar has quit IRC		23:23
*** chlong has joined #openstack-keystone		23:27
*** stevemar has joined #openstack-keystone		23:33
*** ChanServ sets mode: +v stevemar		23:33
*** zzzeek has quit IRC		23:35
*** raildo has joined #openstack-keystone		23:36
gyee	stevemar, found the problem	23:38
gyee	see my latest comment	23:38
*** stevemar has quit IRC		23:40
*** iamjarvo has joined #openstack-keystone		23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!