Sunday, 2015-06-28

*** dims has joined #openstack-keystone		00:09
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Extract basic validation processing to base class https://review.openstack.org/180818	00:18
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Separate the fetch and validate token processes https://review.openstack.org/190940	00:18
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Don't cache signed tokens https://review.openstack.org/190941	00:18
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Create a simple base class from AuthProtocol https://review.openstack.org/180816	00:18
openstackgerrit	Davanum Srinivas (dims) proposed openstack/python-keystoneclient: Remove unnecessary install_venv_common module https://review.openstack.org/189123	00:21
*** arunkant_ has joined #openstack-keystone		00:43
*** arunkant__ has quit IRC		00:46
*** boris-42 has quit IRC		00:52
openstackgerrit	Morgan Fainberg proposed openstack/keystone: Ensure trust tokens are properly handled in v3 to v2 conversion https://review.openstack.org/196406	00:57
*** stevemar has joined #openstack-keystone		01:26
*** markvoelker has joined #openstack-keystone		01:28
*** stevemar has quit IRC		01:29
*** woodster_ has quit IRC		01:31
*** markvoelker has quit IRC		01:32
*** piyanai has joined #openstack-keystone		01:34
*** arunkant__ has joined #openstack-keystone		01:44
*** ankita_wagh has joined #openstack-keystone		01:45
*** arunkant_ has quit IRC		01:47
*** Ephur has quit IRC		01:55
*** dims has quit IRC		02:23
*** dims has joined #openstack-keystone		02:27
*** stevemar has joined #openstack-keystone		02:28
*** stevemar has quit IRC		02:30
*** ankita_wagh has quit IRC		02:40
*** dims has quit IRC		02:55
*** woodster_ has joined #openstack-keystone		03:09
*** markvoelker has joined #openstack-keystone		03:16
*** boris-42 has joined #openstack-keystone		03:18
*** markvoelker has quit IRC		03:21
*** aix has joined #openstack-keystone		03:28
*** stevemar has joined #openstack-keystone		03:50
*** arunkant has joined #openstack-keystone		04:04
*** arunkant__ has quit IRC		04:07
*** markvoelker has joined #openstack-keystone		05:05
*** markvoelker has quit IRC		05:10
*** spandhe has quit IRC		05:29
*** piyanai has quit IRC		05:30
*** e0ne has joined #openstack-keystone		05:34
openstackgerrit	Steve Martinelli proposed openstack/python-keystoneclient: Update README.rst and remove ancient reference https://review.openstack.org/178759	05:42
*** e0ne has quit IRC		05:42
openstackgerrit	Steve Martinelli proposed openstack/python-keystoneclient: Remove keystoneclient CLI references in README https://review.openstack.org/196413	05:48
openstackgerrit	Steve Martinelli proposed openstack/python-keystoneclient: Remove unused images from docs https://review.openstack.org/196414	05:51
*** woodster_ has quit IRC		05:51
*** arunkant_ has joined #openstack-keystone		05:51
*** e0ne has joined #openstack-keystone		05:53
*** arunkant has quit IRC		05:54
*** e0ne has quit IRC		06:05
*** mabrams has joined #openstack-keystone		06:16
openstackgerrit	Morgan Fainberg proposed openstack/keystone: Issue all V2 tokens the same way as Fernet v2 Tokens https://review.openstack.org/196420	06:20
*** stevemar has quit IRC		06:22
*** stevemar has joined #openstack-keystone		06:22
*** stevemar has quit IRC		06:25
*** vg_ has joined #openstack-keystone		06:45
*** markvoelker has joined #openstack-keystone		06:54
*** markvoelker has quit IRC		06:59
*** ankita_wagh has joined #openstack-keystone		07:01
*** boris-42 has quit IRC		07:22
*** bknudson has quit IRC		07:33
*** spandhe has joined #openstack-keystone		07:43
*** belmoreira has joined #openstack-keystone		07:45
*** henrynash has joined #openstack-keystone		08:06
*** ChanServ sets mode: +v henrynash		08:06
*** lhcheng has joined #openstack-keystone		08:10
*** ChanServ sets mode: +v lhcheng		08:10
*** stevemar has joined #openstack-keystone		08:24
*** stevemar has quit IRC		08:26
*** henrynash has quit IRC		08:31
*** hogepodge has quit IRC		08:38
*** lhcheng has quit IRC		08:38
*** markvoelker has joined #openstack-keystone		08:43
*** ankita_wagh has quit IRC		08:46
*** markvoelker has quit IRC		08:48
*** spandhe has quit IRC		08:55
*** belmoreira has quit IRC		09:09
*** arunkant__ has joined #openstack-keystone		09:17
*** archers has joined #openstack-keystone		09:19
*** archers has quit IRC		09:20
*** arunkant_ has quit IRC		09:20
*** belmoreira has joined #openstack-keystone		09:24
*** belmoreira has quit IRC		09:24
*** henrynash has joined #openstack-keystone		09:40
*** ChanServ sets mode: +v henrynash		09:40
*** hogepodge has joined #openstack-keystone		09:43
*** hogepodge has quit IRC		09:56
*** hogepodge has joined #openstack-keystone		10:00
*** hogepodge has quit IRC		10:06
*** stevemar has joined #openstack-keystone		10:13
*** stevemar has quit IRC		10:15
*** aix has quit IRC		10:25
*** markvoelker has joined #openstack-keystone		10:31
*** markvoelker has quit IRC		10:37
*** hogepodge has joined #openstack-keystone		10:41
*** hogepodge has quit IRC		10:46
*** hogepodge has joined #openstack-keystone		10:48
*** hogepodge has quit IRC		10:53
*** hogepodge has joined #openstack-keystone		10:57
*** hogepodge has quit IRC		11:02
*** hogepodge has joined #openstack-keystone		11:11
*** hogepodge has quit IRC		11:15
*** markvoelker has joined #openstack-keystone		11:33
*** markvoelker has quit IRC		11:37
*** hogepodge has joined #openstack-keystone		12:20
*** hogepodge has quit IRC		12:26
*** hogepodge has joined #openstack-keystone		12:38
*** hogepodge has quit IRC		12:43
*** hogepodge has joined #openstack-keystone		12:44
*** hogepodge has quit IRC		12:48
*** hogepodge has joined #openstack-keystone		12:54
*** hogepodge has quit IRC		12:58
*** hogepodge has joined #openstack-keystone		13:00
*** hogepodge has quit IRC		13:05
*** bknudson has joined #openstack-keystone		13:17
*** ChanServ sets mode: +v bknudson		13:17
*** markvoelker has joined #openstack-keystone		13:22
*** markvoelker has quit IRC		13:26
*** vg_ has quit IRC		13:45
*** rushiagr_away is now known as rushiagr		13:47
*** hogepodge has joined #openstack-keystone		13:56
*** hogepodge has quit IRC		14:00
*** hogepodge has joined #openstack-keystone		14:01
*** hogepodge has quit IRC		14:05
*** stevemar has joined #openstack-keystone		14:09
*** mabrams has left #openstack-keystone		14:11
*** stevemar has quit IRC		14:29
*** hogepodge has joined #openstack-keystone		14:34
*** arunkant_ has joined #openstack-keystone		14:35
*** arunkant__ has quit IRC		14:38
*** piyanai has joined #openstack-keystone		14:41
openstackgerrit	Brant Knudson proposed openstack/keystone: Federation API provides method to evaluate rules https://review.openstack.org/196308	14:55
openstackgerrit	Brant Knudson proposed openstack/keystone: Change mapping model so rules is dict https://review.openstack.org/196293	14:55
*** dims has joined #openstack-keystone		14:56
*** markvoelker has joined #openstack-keystone		15:10
openstackgerrit	Brant Knudson proposed openstack/keystonemiddleware: Refactor use auth_ref.version rather than _token_is_v* https://review.openstack.org/189018	15:14
openstackgerrit	Brant Knudson proposed openstack/keystonemiddleware: Refactor TokenCache store takes auth_ref https://review.openstack.org/189019	15:15
*** markvoelker has quit IRC		15:15
*** arunkant__ has joined #openstack-keystone		15:16
*** rushiagr is now known as rushiagr_away		15:17
*** arunkant_ has quit IRC		15:20
*** wasmum has quit IRC		15:23
*** stevemar has joined #openstack-keystone		15:30
*** dims has quit IRC		15:33
*** dims has joined #openstack-keystone		15:34
*** stevemar has quit IRC		15:35
*** dims has quit IRC		15:39
openstackgerrit	Brant Knudson proposed openstack/keystone: Enable bandit check for password_config_option_not_marked_secret https://review.openstack.org/194420	15:41
openstackgerrit	Brant Knudson proposed openstack/keystone: Bandit config updates https://review.openstack.org/194417	15:41
*** piyanai has quit IRC		15:43
*** rushiagr_away is now known as rushiagr		15:45
*** dims has joined #openstack-keystone		15:46
openstackgerrit	Brant Knudson proposed openstack/keystone: admin and public httpd files https://review.openstack.org/194442	15:53
openstackgerrit	Brant Knudson proposed openstack/keystone: admin and public httpd files https://review.openstack.org/194442	15:55
*** stevemar has joined #openstack-keystone		15:57
openstackgerrit	Brant Knudson proposed openstack/keystone: Document update sample config up to developer https://review.openstack.org/194906	15:59
openstackgerrit	Brant Knudson proposed openstack/keystone: Update MANIFEST.in https://review.openstack.org/195327	16:01
*** dims has quit IRC		16:02
*** arunkant_ has joined #openstack-keystone		16:05
*** arunkant__ has quit IRC		16:08
*** wasmum has joined #openstack-keystone		16:09
*** dims has joined #openstack-keystone		16:10
*** dims has quit IRC		16:11
*** gabriel-bezerra has quit IRC		16:17
*** browne has joined #openstack-keystone		16:27
*** browne has quit IRC		16:34
*** iamjarvo has joined #openstack-keystone		16:39
*** iamjarvo has quit IRC		16:40
*** dims has joined #openstack-keystone		16:44
*** dims has quit IRC		16:51
*** dims has joined #openstack-keystone		16:58
*** gabriel-bezerra has joined #openstack-keystone		16:58
*** markvoelker has joined #openstack-keystone		16:59
*** markvoelker has quit IRC		17:04
*** stevemar has quit IRC		17:07
*** stevemar has joined #openstack-keystone		17:08
*** dims has quit IRC		17:12
*** NomePadrao has joined #openstack-keystone		17:17
*** NomePadrao has quit IRC		17:18
*** sigmavirus24_awa is now known as sigmavirus24		17:18
*** iamjarvo has joined #openstack-keystone		17:22
openstackgerrit	Brant Knudson proposed openstack/keystone: admin and public httpd files https://review.openstack.org/194442	17:49
morganfainberg	stevemar: our token provider code makes me cry	17:57
morganfainberg	it's just so bad.	17:57
morganfainberg	jamielennox: you here?	17:58
morganfainberg	jamielennox: or is it a wierd time for you atm? [my tz math is bad]	17:58
stevemar	morganfainberg: i still like it more than the auth code	18:07
*** stevemar has quit IRC		18:09
*** iamjarvo has quit IRC		18:09
*** stevemar has joined #openstack-keystone		18:09
*** dims has joined #openstack-keystone		18:13
*** stevemar has quit IRC		18:14
*** stevemar has joined #openstack-keystone		18:15
*** dims has quit IRC		18:19
*** iamjarvo has joined #openstack-keystone		18:31
sigmavirus24	morganfainberg: I think it's too early for Jamie, give him a couple more hours	18:36
*** arunkant__ has joined #openstack-keystone		18:36
*** e0ne has joined #openstack-keystone		18:37
*** arunkant_ has quit IRC		18:40
*** rushiagr is now known as rushiagr_away		18:44
*** rushiagr_away is now known as rushiagr		18:47
*** markvoelker has joined #openstack-keystone		18:48
*** iamjarvo has quit IRC		18:49
morganfainberg	sigmavirus24: yeah my brain can't do tzmath atm	18:51
*** markvoelker has quit IRC		18:52
openstackgerrit	Steve Martinelli proposed openstack/keystone: switch to oslo.cache https://review.openstack.org/195873	18:53
morganfainberg	crap	18:53
morganfainberg	found a fernet token bug	18:53
morganfainberg	:(	18:53
*** openstackgerrit has quit IRC		19:02
*** openstackgerrit has joined #openstack-keystone		19:02
stevemar	morganfainberg: oslo.cache was missing a whole whack of tests	19:06
morganfainberg	not surprising	19:06
morganfainberg	stevemar: needs more cowbell	19:07
lifeless	morganfainberg: EAR WORM	19:08
lifeless	morganfainberg: I mean, how could you	19:08
morganfainberg	lifeless: just like that	19:08
morganfainberg	lifeless: ^_^	19:08
lifeless	clonk clonk clonk clonk	19:08
lifeless	I'm not really feeling it	19:08
stevemar	morganfainberg: you've got one auzzie up	19:08
lifeless	stevemar: who?	19:08
stevemar	i dunno	19:08
morganfainberg	lifeless: I got a fever, and the only prescription, is more cowbell	19:09
morganfainberg	stevemar: we might have a NZ/kiwi/whatever they prefer to be called	19:09
morganfainberg	but i don't think we have an auzzie	19:09
stevemar	whooooops	19:09
lifeless	:)	19:09
lifeless	stevemar: if you were referring to me, yeah, Kiwi.	19:10
stevemar	as a canadian, i know how it feels	19:10
morganfainberg	stevemar: wait... you don't live in the US? duck	19:10
* stevemar throws ducks at morgan		19:10
morganfainberg	nah, need to throw wet cats	19:10
morganfainberg	take a lesson from mordred	19:10
morganfainberg	more effective than ducks	19:10
morganfainberg	but you're canadian.. so you can throw moose or geese	19:11
morganfainberg	(don't send those birds this way.. please)	19:11
stevemar	morganfainberg: i'll throw a few beavers at you	19:11
* morganfainberg looks at the change in flight for unifying v2 token issuance		19:11
morganfainberg	god. i think i need to throw them out and start over.	19:12
morganfainberg	more and more and more and more and more and more and more and more and more and more and more edge cases	19:12
morganfainberg	lifeless: so i think we're really close to being able to drop keystoneauth out onto the world.	19:13
morganfainberg	lifeless: yay!	19:13
morganfainberg	lifeless: just need to extract out the oslo.config stuff	19:14
morganfainberg	and i think we'll be 90% there or so.	19:14
bknudson	fernet tokens fail tempest -- https://review.openstack.org/#/c/195780/	19:18
morganfainberg	bknudson: fernet tokens also don't maintain same expiration	19:19
morganfainberg	bknudson: just found this bug (when you rescope)	19:19
morganfainberg	i'll have a fix proposed soon i hope.	19:20
morganfainberg	unless someone beats me to it	19:20
bknudson	morganfainberg: tempest shows it -- http://logs.openstack.org/80/195780/2/check/check-tempest-dsvm-full/957b981/console.html#_2015-06-28_16_43_22_866	19:20
bknudson	there also seem to be a lot of tests that should fail but don't	19:21
stevemar	bknudson: "should" pfft	19:21
stevemar	thats just an opinion	19:21
bknudson	test_list_roles_request_without_token	19:21
bknudson	is supposed to raise but apparently it works	19:22
*** arunkant has joined #openstack-keystone		19:29
morganfainberg	bknudson: yeah	19:30
*** arunkant__ has quit IRC		19:31
*** stevemar has quit IRC		19:33
*** stevemar has joined #openstack-keystone		19:33
*** rushiagr is now known as rushiagr_away		19:34
*** arunkant_ has joined #openstack-keystone		19:58
*** arunkant has quit IRC		20:01
mordred	morganfainberg: what did I do?	20:02
morganfainberg	mordred: you threw wet cats via IRC in the past	20:04
*** arunkant__ has joined #openstack-keystone		20:04
* mordred hands morganfainberg an emu that has been in a small cage for the last week		20:05
morganfainberg	bknudson: https://bugs.launchpad.net/keystone/+bug/1469563	20:07
openstack	Launchpad bug 1469563 in Keystone liberty "Fernet tokens do not maintain expires time across rescope" [High,Triaged]	20:07
*** arunkant_ has quit IRC		20:08
morganfainberg	mordred: should I be worries where you get all these animals from?	20:12
morganfainberg	s/worries/worried	20:12
*** e0ne has quit IRC		20:22
*** stevemar has quit IRC		20:26
*** stevemar has joined #openstack-keystone		20:26
openstackgerrit	Morgan Fainberg proposed openstack/keystone: Maintain the expiry of v2 fernet tokens https://review.openstack.org/196475	20:33
*** markvoelker has joined #openstack-keystone		20:37
*** crc32 has joined #openstack-keystone		20:39
*** pnavarro\|off has joined #openstack-keystone		20:39
*** markvoelker has quit IRC		20:41
*** crc32 has quit IRC		21:00
*** dims has joined #openstack-keystone		21:07
openstackgerrit	Morgan Fainberg proposed openstack/keystone: Do not require the token_id for converting v3 to v2 tokens https://review.openstack.org/196476	21:08
*** dims has quit IRC		21:11
*** pnavarro\|off has quit IRC		21:21
*** stevemar has quit IRC		21:21
*** stevemar has joined #openstack-keystone		21:22
openstackgerrit	Steve Martinelli proposed openstack/keystone: switch to oslo.cache https://review.openstack.org/195873	21:26
*** iamjarvo has joined #openstack-keystone		21:26
*** stevemar has quit IRC		21:31
*** stevemar has joined #openstack-keystone		21:31
*** hogepodge has quit IRC		21:32
*** hogepodge has joined #openstack-keystone		21:34
*** stevemar has quit IRC		21:35
*** stevemar has joined #openstack-keystone		21:36
*** stevemar has quit IRC		21:42
*** stevemar has joined #openstack-keystone		21:43
*** iamjarvo has quit IRC		21:48
*** sigmavirus24 is now known as sigmavirus24_awa		21:54
stevemar	morganfainberg: gonna need you to look @ some oslo.cache stuff when you get a chance	21:55
jamielennox	morganfainberg: what's up?	21:57
openstackgerrit	Steve Martinelli proposed openstack/keystone: switch to oslo.cache https://review.openstack.org/195873	22:00
morganfainberg	jamielennox: i think we're pretty darn close on the KSA stuff	22:02
morganfainberg	jamielennox: i think we need to ditch oslo_config and maybe do some minor massaging	22:02
jamielennox	morganfainberg: so i was out for most of last week so i haven't looked at those patches yet	22:03
jamielennox	the big change left is the loading split	22:03
jamielennox	i don't know how we want to organize that - does it really want to be in its own library?	22:04
morganfainberg	jamielennox: and then figuring out how to drop oslo_config	22:04
morganfainberg	jamielennox: hmmm.. not sure on the split	22:04
morganfainberg	stevemar: ack	22:04
jamielennox	playing with it i like the seperation between classes, but i'm still not sure it needs its own librarry	22:04
jamielennox	dtroyer, mordred: ^ ?	22:04
jamielennox	actually has dtroyer been away?	22:05
stevemar	jamielennox: i think so	22:05
jamielennox	he'd be my best chance of getting some of these v3 devstack patches reviewed - they're going nowhere	22:05
stevemar	morganfainberg: keystone patch: https://review.openstack.org/#/c/195873/11 and some oslo.cache ones: https://review.openstack.org/#/c/196468/ (follow the chain)	22:06
stevemar	jamielennox: no luck from ianw or sdague?	22:06
jamielennox	stevemar: i really haven't tried yet	22:07
stevemar	jamielennox: wanted your opinion on https://review.openstack.org/#/c/178759/ and it's follow ons	22:07
jamielennox	i was hoping something would have happened last week, i can bug ianw - he'll be around son	22:07
stevemar	and this one should be a no brainer: https://review.openstack.org/#/c/196414/	22:07
stevemar	jamielennox: this was also a nice read: https://dmsimard.com/2015/06/28/openstackclient-is-better-than-i-thought/	22:08
jamielennox	stevemar: nice, the only thing is that github won't render the _PyPi links	22:09
jamielennox	i think dolphm found this a while ago and i was looking for the other place he did it	22:09
stevemar	jamielennox: they should still link ... i think... https://pypi.python.org/pypi/python-openstackclient	22:09
jamielennox	ah - ok, must have been fixed	22:10
*** dims has joined #openstack-keystone		22:12
jamielennox	stevemar: nice, who is dmsimard? i don't recognize the nick	22:14
*** dims has quit IRC		22:17
morganfainberg	jamielennox: David Moreau Simard ·	22:20
morganfainberg	jamielennox: not sure who that is though	22:20
jamielennox	morganfainberg: no, i don't think i've come across him either	22:21
morganfainberg	its hot today :(	22:21
jamielennox	lucky you	22:22
morganfainberg	jamielennox: i want cool weather already	22:23
morganfainberg	http://www.wunderground.com/q/zmw:91102.1.99999?sp=KCAPASAD22	22:23
mordred	jamielennox: reading scrollback	22:23
jamielennox	mordred: i assume you are still keen for plugin loading to be a seperate library	22:23
mordred	hrm. I'm not sure I have a big opinion on whether it's a separate library	22:24
morganfainberg	jamielennox: 36C at the moment and feels like 38C - thankfully humidity dropped was almost 60% a couple days ago, today 33% humidity	22:24
morganfainberg	mordred: i think it's fine if it's part of KSA - as long as we can ensure we don;t break compatibility	22:24
morganfainberg	compatibility once we release that is	22:25
mordred	well, the only risk is if we broke the plugin interface, right? and we don't want to do that	22:25
morganfainberg	yeah	22:25
jamielennox	mordred: it changes part of the plugin interface	22:25
*** markvoelker has joined #openstack-keystone		22:25
jamielennox	it will be fine, i can patch it from keystoneclient so people won't notice	22:25
jamielennox	but it moves the .load_from_options and etc to their own object	22:26
jamielennox	which i know dtroyer was a stickler about	22:26
mordred	I think I'm _probably_ fine with whichever thing you like here	22:27
jamielennox	so it's partially a problem of deps	22:27
mordred	it's possible I havent' fully grokked the problem	22:27
jamielennox	the ideal here would be to make it so that the clouds.yaml thing could at least live close	22:27
mordred	so - assuming that I have a clouds.yaml and zero or more environment variables, I should wind up with a plugin name and an opaque dict of arguments	22:29
mordred	I'd imagine that I'd do "session = ksa.Session(plugin_type, **args) or something ... but I'm probably WAY oversimplifying	22:29
jamielennox	mordred: i was hoping to bring it more as a auth.load_from_clouds or something	22:29
jamielennox	ie - i really don't see the point of users getting a dict cause it needs to get re-mangled	22:30
mordred	sure - I mean, we have an object we schelp around	22:30
mordred	so "session = ksa.load_from_cloud_config(my_config_object)" seems totally reasonable	22:30
*** markvoelker has quit IRC		22:30
mordred	and/or	22:31
mordred	just "ksa.load_from_clouds('cloud_name')" to have ksa make you one if you don't have one?	22:31
* mordred is talking himself in circles :)		22:32
jamielennox	yea, i guess it doesn't really matter	22:32
jamielennox	morganfainberg: part of the reason i came around to liking the split is talking to marekd with some of the more complex k2k and saml auths	22:33
jamielennox	where essentially you want to reuse the same plugin object, but have different ways of loading it from the cmdline	22:33
morganfainberg	jamielennox: this is one of the cases i'm going to trust your decision. i think we've talked circles around a lot of this stuff in the past	22:34
morganfainberg	and you have the best handle on it	22:34
jamielennox	i'd like to see if it's possible to make it easy to integrate the clouds.yaml stuff but it will at worst be the same	22:34
*** dims has joined #openstack-keystone		22:35
jamielennox	morganfainberg: https://review.openstack.org/#/c/194470/ fixes a bug that we may want to backport	22:37
*** dims has quit IRC		22:37
morganfainberg	i think i'm running into all sorts of gaps in fernet tokens	22:40
morganfainberg	:(	22:40
morganfainberg	just looking at the code.	22:40
morganfainberg	i'm surprised they work at all	22:40
jamielennox	heh, that's not good	22:45
*** piyanai has joined #openstack-keystone		22:52
breton	btw, I am going to make a big testing of fernet tokens next week for our distro	22:53
breton	maybe it will help somehowe with polishing them	22:55
morganfainberg	breton: well i'm finding more gaps with things like... our intermix v2/v3 testing	23:13
morganfainberg	and that fernet tokens really were written off in a corner	23:13
morganfainberg	breton: so a lot of inconsistencies	23:14
morganfainberg	hopefully i'll have another 3-4 changes posted today that will get them in shape	23:14
morganfainberg	and i think these all probably are going to need a close eye on "do we want to backport"	23:15
* morganfainberg dislikes being a janitor		23:15
kfox1111	mroganfainberg: I gave up. way too many cooks in the kitchen. I just rebooted the spec putting all the knowlege I can on the problem in the description and folks can debate the best way to solve it. :/	23:21
kfox1111	s/mroganfainberg/morganfainberg/	23:21
*** vilobhmm has joined #openstack-keystone		23:23
*** vilobhmm has quit IRC		23:29
*** vilobhmm has joined #openstack-keystone		23:29
*** vilobhmm has quit IRC		23:29
*** vilobhmm has joined #openstack-keystone		23:29
*** mestery has joined #openstack-keystone		23:36
morganfainberg	kfox1111: sorry :(	23:36
*** markvoelker has joined #openstack-keystone		23:41
kfox1111	morganfainberg: Sokay. I really do apreciate all the help youve given. At this point, I think the only way forward though is to lay out all the cards on the table, and let people propose whatever idea's they want, and then when they don't match the problem, we can just say, "wont work. go read the problem description again" rather then have to go over and over the same thing. :/	23:44
morganfainberg	kfox1111: yeah i was trying to keep anything i was advising on to the keystone interaction bits	23:45
morganfainberg	kfox1111: i didn't want to add to the mess on the other project sides(s) where i could avoid it	23:45
morganfainberg	kfox1111: since it's not my area of expertise.	23:46
kfox1111	I did kind of keep that I think. seperated things into phase1 authentication and phase 2. the phase 2 is basically what we discussed. using a barbican ca and keystone federation.	23:46
*** markvoelker has quit IRC		23:46
morganfainberg	yep	23:46
morganfainberg	you did a good job of it :)	23:46
morganfainberg	afaict you covered the keystone concerns decently	23:46
kfox1111	thanks. :)	23:46
morganfainberg	i wasn't super worried about what you were doing causing problems fwiw	23:46
kfox1111	oh good. I was hoping to capture them ok.	23:46
morganfainberg	well at least when dealing with keystone	23:47
morganfainberg	like i said, i didn't have a "we need this" or "this is a terrible idea" view on the overall feature	23:47
morganfainberg	so i tried to stay out of that conversation best I could	23:47
kfox1111	yeah. thats cool. :)	23:48
kfox1111	that really gets into what people want to use openstack for. and everyone has a different opinion at the moment.	23:48
openstackgerrit	Morgan Fainberg proposed openstack/keystone: When validating a V3 token as V2, use the v3_to_v2 conversion https://review.openstack.org/196483	23:50
kfox1111	interesting... would that allow you to use v3 tokens with nova setup as v2?	23:50
bknudson	you can already use v3 tokens with nova setup as v2	23:51
kfox1111	We've wanted to setup all of our service users in a secondary domain, but as of juno, not all services allow v3.	23:51
bknudson	I'm not sure that having service users in a non-default domain even works now.	23:52
kfox1111	:/	23:53
kfox1111	we have primary ldap, secondary sql. was hoping some day to have service accounts in sql, regular accounts in ldap.	23:53
kfox1111	can do it the other way around, if all openstack services allow v3.	23:53
bknudson	I think you'd be happier with primary sql and secondary ldap	23:53
kfox1111	in juno, nova -> neutron was v2 only. :/	23:54
kfox1111	so we had to do primary ldap just to allow users to launch vm's. :/	23:54
kfox1111	I wonder if Kilo provides enough v3 support to at least switch it around like you suggest. secondary ldap, primary sql.	23:57
kfox1111	at least then we woudn't have to have service accounts in ldap any more.	23:57
bknudson	put your service accounts in the default domain in sql	23:58
bknudson	then have the other users in ldap in non-default domain	23:58
kfox1111	will that work in kilo? We're planning on upgrading in a couple of weeks.	23:59
bknudson	that should work even in juno	23:59
kfox1111	We ended up having to do primary ldap, and we ended up making just one service user account in ldap just to have something to work in the mean time.	23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!