Monday, 2015-07-06

« Sunday, 2015-07-05 Index Tuesday, 2015-07-07 »
*** lhcheng has quit IRC00:01
*** chlong has joined #openstack-keystone00:04
*** mylu has joined #openstack-keystone00:25
*** notmyname has quit IRC00:27
*** notmyname has joined #openstack-keystone00:28
*** Kennan2 is now known as Kennan00:33
*** arunkant__ has joined #openstack-keystone00:51
*** arunkant_ has quit IRC00:54
*** dims__ has joined #openstack-keystone00:55
*** stevemar has quit IRC00:55
*** stevemar has joined #openstack-keystone00:56
*** dims_ has quit IRC00:56
*** mylu has quit IRC01:02
*** dims__ has quit IRC01:06
*** dims_ has joined #openstack-keystone01:07
*** mylu has joined #openstack-keystone01:11
*** dims_ has quit IRC01:15
*** btully has joined #openstack-keystone01:17
*** davechen has joined #openstack-keystone01:26
*** mylu has quit IRC01:28
*** mylu has joined #openstack-keystone01:35
*** mylu has quit IRC01:36
*** lhcheng has joined #openstack-keystone01:50
*** ChanServ sets mode: +v lhcheng01:50
*** jamielennox is now known as jamielennox|away01:51
*** stevemar has quit IRC01:51
*** stevemar has joined #openstack-keystone01:52
*** stevemar has quit IRC01:54
*** lhcheng has quit IRC01:54
*** jamielennox|away is now known as jamielennox02:02
*** ayoung has joined #openstack-keystone02:11
*** ChanServ sets mode: +v ayoung02:11
*** ayoung has quit IRC02:16
*** marzif has quit IRC02:22
*** lhcheng has joined #openstack-keystone02:22
*** ChanServ sets mode: +v lhcheng02:22
*** ayoung has joined #openstack-keystone02:28
*** ChanServ sets mode: +v ayoung02:28
*** hakimo has joined #openstack-keystone02:51
*** stevemar has joined #openstack-keystone02:53
*** hakimo_ has quit IRC02:55
*** piyanai has quit IRC02:56
*** stevemar has quit IRC02:58
*** stevemar_ has joined #openstack-keystone02:58
*** tobe has joined #openstack-keystone03:31
*** BrAsS_mOnKeY has quit IRC03:32
*** jamielennox is now known as jamielennox|away03:38
*** btully has quit IRC03:45
*** jamielennox|away is now known as jamielennox03:49
*** hrou has quit IRC03:54
*** hrou has joined #openstack-keystone03:54
jamielennoxdo we have a logout path for saml?03:59
*** dims_ has joined #openstack-keystone04:12
*** arunkant has joined #openstack-keystone04:14
*** dims__ has joined #openstack-keystone04:16
*** arunkant__ has quit IRC04:16
*** dims_ has quit IRC04:18
*** dims__ has quit IRC04:20
*** dims__ has joined #openstack-keystone04:21
*** dims___ has joined #openstack-keystone04:22
*** dims__ has quit IRC04:26
*** dims___ has quit IRC04:27
*** tobe has quit IRC04:51
bigjoolsjamielennox: I've not seen one, assuming you're talking about logging out of the IdP?05:12
jamielennoxbigjools: i think it's a SAML or mod_mellon thing, i'm not sure keystone is supposed to handle it05:17
jamielennoxbigjools: i think i was confusing myself trying to do the metadata generation05:18
bigjoolsyeah, this stuff is confusing enough already05:18
*** chenhong has joined #openstack-keystone05:26
bigjoolsjamielennox: I don't suppose you've tried to use testshib lately have you?05:29
*** btully has joined #openstack-keystone05:29
chenhonghi, May I ask for reviewing for these two changes: https://review.openstack.org/#/c/197184/ and https://review.openstack.org/#/c/187899/ , they adding new test cases05:29
jamielennoxbigjools: no, i'm doing all this on centos and i don't think anything shib is packaged there05:30
bigjoolsfair enough05:30
bigjoolsyou're using mellon I guess?05:30
*** chenhong has quit IRC05:31
*** henrynash has joined #openstack-keystone05:31
*** ChanServ sets mode: +v henrynash05:31
jamielennoxbigjools: yes05:32
*** chenhong has joined #openstack-keystone05:32
jamielennoxchenhong: reviewed05:35
*** arunkant_ has joined #openstack-keystone05:37
chenhongjamielennox: thanks. I don't quite understand 'you don't need to/shouldn't maintain backwards compatibility in tests. '. Do you mean I should just use the new functions or keep test_v3_assignment.py intact?05:38
jamielennoxchenhong: i mean you should just use the new functions05:39
chenhongjamielennox: And you think we should put these new functions in test_v3.AuthTestMixin?05:40
*** arunkant has quit IRC05:41
jamielennoxchenhong: i don't know on that one, it's probably going in test_v3 somewhere. I just mean that it should be around other functions that do similar tasks05:42
chenhongjamielennox: well, I thought to put those functions in the TestMixin class. It seems reasonable to put them together. I agree with you.05:44
chenhongjamielennox: I'm going to modify it. Thanks for review.05:46
jamielennoxchenhong: np05:46
chenhongjamielennox: B.T.W, what does 'np' mean?05:46
jamielennoxchenhong: no problem05:47
chenhongjamielennox: :-)05:47
*** dikonoor has joined #openstack-keystone05:48
*** ig0r__ has joined #openstack-keystone05:51
*** ig0r_ has quit IRC05:55
*** arunkant_ has quit IRC05:55
*** scorpio-xiatian has joined #openstack-keystone05:59
*** henrynash has quit IRC06:05
*** dims_ has joined #openstack-keystone06:10
*** hrou has quit IRC06:13
*** dims_ has quit IRC06:15
openstackgerritChenhong Liu proposed openstack/keystone: Centralizing build_role_assignment_* functions  https://review.openstack.org/19718406:20
openstackgerritChenhong Liu proposed openstack/keystone: Add testcases for list_role_assignments of v3 domains  https://review.openstack.org/18789906:25
*** BrAsS_mOnKeY has joined #openstack-keystone06:29
openstackgerritChenhong Liu proposed openstack/keystone: Add testcases for list_role_assignments of v3 domains  https://review.openstack.org/18789906:36
*** tobe has joined #openstack-keystone06:38
*** belmoreira has joined #openstack-keystone06:53
*** stevemar_ has quit IRC06:56
*** henrynash has joined #openstack-keystone06:57
*** ChanServ sets mode: +v henrynash06:57
*** browne has quit IRC07:04
*** henrynash has quit IRC07:05
*** tobe has quit IRC07:08
*** dims_ has joined #openstack-keystone07:12
*** dims_ has quit IRC07:16
*** tobe has joined #openstack-keystone07:20
*** ankita_wagh has joined #openstack-keystone07:23
*** mikedillion has joined #openstack-keystone07:26
*** mikedillion has left #openstack-keystone07:28
openstackgerritDave Chen proposed openstack/keystone: Refactor: Don't hard code the error code  https://review.openstack.org/19862307:30
*** ankita_wagh has quit IRC07:34
*** chlong has quit IRC07:35
*** joe__ has joined #openstack-keystone07:36
*** viktors|afk is now known as viktors07:37
*** joe__ has quit IRC07:40
chenhongjamielennox: May I ask you to review these two changes again, https://review.openstack.org/#/c/197184/, https://review.openstack.org/#/c/187899/07:46
openstackgerritDave Chen proposed openstack/keystone: Fix the invalid testcase  https://review.openstack.org/19862907:53
*** scorpio-xiatian is now known as chengkunye07:55
davechenchenhong: may be you can add him as the reviewer, he could help to review those patches when he got a chance. :)07:56
chenhongdavechen: ok, thanks07:56
davechenchenhong: btw, what do you focus on? upstream or product? just curious, you needn't reply me if this is confidential. :)07:59
chenhongdavechen: I think both. If you want, we can talk by other tools, not to disrupt others in irc. :-)08:03
*** bdossant has joined #openstack-keystone08:18
*** btully has quit IRC08:23
*** chenhong has quit IRC08:50
*** chenhong has joined #openstack-keystone08:53
*** jamielennox is now known as jamielennox|away09:11
*** stevemar has joined #openstack-keystone09:12
*** stevemar has quit IRC09:15
*** jamielennox|away is now known as jamielennox09:18
*** lufix has joined #openstack-keystone09:30
*** lhcheng has quit IRC09:53
*** davechen has left #openstack-keystone09:54
*** mtruck has joined #openstack-keystone09:58
*** mtruck has quit IRC09:59
*** Kennan has quit IRC10:05
marekdodyssey4me: ping.10:05
odyssey4memarekd pong :)10:06
marekdodyssey4me: what client did you use for your Friday tests?10:06
marekdodyssey4me: hi, btw :-)10:06
odyssey4memarekd howdy :) hope you had a good weekend!10:06
odyssey4memarekd I was using Horizon for most tests, but eventually extracted the token and was using openstackclient for further tests10:07
marekdand you were using pdb or something like that.10:09
marekdto debug.10:09
odyssey4memarekd nope, I just set nova and keystone to the log level of debug and added extra information to the debug output where necessary10:10
*** marzif has joined #openstack-keystone10:12
odyssey4memarekd I also set Horizon into debug mode10:15
marekdodyssey4me: aha, ok10:17
*** Kennan has joined #openstack-keystone10:21
openstackgerritMarek Denis proposed openstack/python-keystoneclient-saml2: Depend on keystoneauth  https://review.openstack.org/18685410:26
openstackgerritMarek Denis proposed openstack/python-keystoneclient-saml2: Standardize federated auth token scoping  https://review.openstack.org/17722710:26
*** marzif_ has joined #openstack-keystone10:33
*** chenhong has quit IRC10:38
*** Kennan2 has joined #openstack-keystone10:39
*** Kennan has quit IRC10:41
*** dims_ has joined #openstack-keystone10:47
*** Kennan2 is now known as Kennan10:48
*** dims_ has quit IRC10:52
*** tobe has quit IRC11:01
*** chengkunye has quit IRC11:04
*** chlong has joined #openstack-keystone11:05
*** e0ne has joined #openstack-keystone11:17
*** jaosorior has joined #openstack-keystone11:34
amaretskiyHi all! Please review https://review.openstack.org/#/c/188457/11:38
bretondavechen_afk: hi11:41
bretondavechen_afk: are messages in https://review.openstack.org/#/c/198280/ visible to the user?11:41
*** lhcheng has joined #openstack-keystone11:42
*** ChanServ sets mode: +v lhcheng11:42
*** e0ne has quit IRC11:45
*** lhcheng has quit IRC11:47
*** ajayaa has joined #openstack-keystone11:55
*** e0ne has joined #openstack-keystone11:57
*** bradjones has joined #openstack-keystone12:01
*** bradjones has quit IRC12:01
*** bradjones has joined #openstack-keystone12:01
*** amirosh has joined #openstack-keystone12:01
*** piyanai has joined #openstack-keystone12:02
amiroshHello, could somebody check https://review.openstack.org/#/c/198270/ there are two +2 but no workflow12:02
*** radez_g0n3 is now known as radez12:02
*** dims_ has joined #openstack-keystone12:04
*** dims_ has quit IRC12:08
*** hrou has joined #openstack-keystone12:09
bretondavechen_afk: nevermind :)12:14
*** joe1_ has joined #openstack-keystone12:15
joe1_Hello. May I ask keystone v3 questions here?12:15
*** nzeer has quit IRC12:15
*** raildo has joined #openstack-keystone12:15
*** nzeer has joined #openstack-keystone12:15
bretonsure12:17
joe1_1. I set up keystone v3 (kilo) and created a domain and a domain user by cloud_admin.12:19
joe1_2. Authenticate this user with this domain scope.12:19
joe1_3. Create a project in this domain.12:20
joe1_4. Now I wanna list projects with the same token that created the project.12:20
joe1_All I got is "You are not authorized to perform the requested action: identity:list_projects".12:20
joe1_If I take out the rule domain_id:%(domain_id)s in policy.v3cloudsample.json for "identity:list_projects", everything works well.12:20
joe1_Why cannot I list projects with the rule domain_id:%(domain_id)s?12:20
joe1_Thanks.12:21
*** edmondsw has joined #openstack-keystone12:24
*** gordc has joined #openstack-keystone12:27
openstackgerritMarek Denis proposed openstack/python-keystoneclient-saml2: Depend on keystoneauth  https://review.openstack.org/18685412:27
openstackgerritMarek Denis proposed openstack/python-keystoneclient-saml2: Depend on keystoneauth  https://review.openstack.org/18685412:28
bretonin my policy.v3cloudsample.json from kilo I have12:28
breton"identity:list_projects": "rule:cloud_admin or rule:admin_and_matching_domain_id",12:28
breton"admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s"12:29
breton"admin_required": "role:admin",12:29
*** afaranha has joined #openstack-keystone12:31
*** afaranha has left #openstack-keystone12:31
joe1_It still has "domain_id:%(domain_id)s". I got token with domain scope and list the project in the domain. It seems to be verified failed with this rule.12:31
*** ajayaa has quit IRC12:38
*** jraim has quit IRC12:43
*** jraim has joined #openstack-keystone12:43
bretonjoe1_: do you specify a domain when try to list projects?12:45
*** jecarey has quit IRC12:46
joe1_How do I SEPCIFY a domain? Doesn't it get a token with domain scope?12:46
bretonjoe1_: it does. But that's just token and you (I think) make a request to list all projects. You need to pass domain using something like http://keystone:35357/v3/projects/?domain_id=your_domain12:48
*** stevemar has joined #openstack-keystone12:51
joe1_Work! It works.12:53
*** stevemar has quit IRC12:55
*** dims_ has joined #openstack-keystone12:55
joe1_But Identity API v3 on OpenStack.org about listing projects only presents "/v3/projects" without any filter in URI.12:55
bretonjoe1_: go to http://developer.openstack.org/api-ref-identity-v3.html#listProjects , click "detail"12:57
*** dims__ has joined #openstack-keystone12:57
joe1_Yes. I saw it. Filters on domain......12:57
*** e0ne is now known as e0ne_12:57
joe1_So "domain_id:%(domain_id)s", the first domain_id means the domain in token and the second one means domain in URI filter, right?12:58
*** csoukup has joined #openstack-keystone12:59
*** amirosh_ has joined #openstack-keystone12:59
*** dims___ has joined #openstack-keystone13:00
*** dims_ has quit IRC13:00
*** dims_ has joined #openstack-keystone13:01
*** amirosh has quit IRC13:03
*** amirosh_ has quit IRC13:03
*** dims__ has quit IRC13:03
joe1_Thanks. breton13:04
*** dims___ has quit IRC13:05
*** dims__ has joined #openstack-keystone13:06
marekdlbragstad: dolph. Hi. I have a fernet token intercepted, I would like now to be able to see what it was built from (original data), any easy way to do this?13:07
marekddolphm: ^^13:09
*** dims_ has quit IRC13:09
openstackgerritMarek Denis proposed openstack/python-keystoneclient-saml2: Standardize federated auth token scoping  https://review.openstack.org/17722713:11
*** dims__ has quit IRC13:11
*** chengkunye has joined #openstack-keystone13:12
*** dsirrine has joined #openstack-keystone13:14
*** henrynash has joined #openstack-keystone13:16
*** ChanServ sets mode: +v henrynash13:16
*** sigmavirus24_awa is now known as sigmavirus2413:24
*** annasort has joined #openstack-keystone13:24
*** davidckennedy has joined #openstack-keystone13:24
*** e0ne_ is now known as e0ne13:24
*** TheIntern has joined #openstack-keystone13:24
*** lhcheng has joined #openstack-keystone13:31
*** ChanServ sets mode: +v lhcheng13:31
davidckennedyHello, I'm getting an issue trying to run tox in keystone:13:32
davidckennedyValueError: ("Expected ',' or end-of-list in", "python-ldap>=2.4;python_version=='2.7'", 'at', ";python_version=='2.7'")13:32
davidckennedyERROR: could not install deps [-r/home/david/development/git_repositories/keystone_wip/requirements.txt, -r/home/david/development/git_repositories/keystone_wip/test-requirements.txt]13:32
*** mylu has joined #openstack-keystone13:32
davidckennedyHas anyone any suggestions?  This is on master so I'm a little suprised.13:33
*** browne has joined #openstack-keystone13:33
*** btully has joined #openstack-keystone13:34
*** amakarov_away is now known as amakarov13:34
*** jsavak has joined #openstack-keystone13:35
*** lhcheng has quit IRC13:36
*** davechen has joined #openstack-keystone13:36
marekddavidckennedy: versions mismatching?13:37
marekdhave you tried tox -r ?13:37
davechenbreton: ping? :)13:37
davechenbreton: are you around?13:37
amakarovdavechen, hi! He'll return 2 hours later13:38
*** chlong has quit IRC13:39
davechenamakarov: thanks, that fine. I will reply him and may catch him in the next day.13:39
*** chlong has joined #openstack-keystone13:40
*** zzzeek has joined #openstack-keystone13:40
*** ajayaa has joined #openstack-keystone13:41
lbragstadmarekd: do you have the key that was used to generate the token?13:43
*** lastops has joined #openstack-keystone13:43
lbragstadmarekd:  you should be able to do something like this if you have the key http://cdn.pasteraw.com/nm4zd59j6551enibxjz03zr92oysaca13:44
*** richm has joined #openstack-keystone13:45
davechenlbragstad, marekd: hi, may I ask you a question?13:46
davidckennedyThanks marekd, I'll take another look in a little while.  Doesn't see to help.  I've blown away my venv and recreated as far as possible but maybe I've missed something.13:46
*** davidckennedy has quit IRC13:46
davechenmaybe quite easy for you guys, but i am not quite sure about it.13:47
davechencan we get the exception message if we invoke the method like 'self.post'?13:47
*** ctracey has quit IRC13:47
*** ctracey has joined #openstack-keystone13:48
openstackgerrithenry-nash proposed openstack/keystone-specs: Enable retrieval of default values of domain config options  https://review.openstack.org/18565013:49
*** henrynash has quit IRC13:49
*** lxsli has joined #openstack-keystone13:51
lxsliHi there, when Keystone starts up it seems to need 5 seconds settle time before it will accept requests. Does anyone know what it's doing in that time please? And is there a way to tell it not to say it's started until it really, really is?13:53
lbragstaddavechen: for what exactly? (I might be missing some context here)13:53
lbragstadlxsli: how are you running Keystone (i.e. Apache/Eventlet)?13:54
lxslilbragstad: via Apache13:54
davechenlbragstad: ah, acutally, that's the patch you may reviewed for an while.13:54
lxsliin a modwsgi container I believe13:54
davechenhttps://review.openstack.org/#/c/195903/13:54
lbragstaddavechen: thanks13:54
davechenlbragstad: this is the link, can you help to give a look at Boris's comments.13:55
lbragstadlxsli: what does Keystone do after you start apache? Does is deny requests, or just hang?13:55
davechenlbragstad:why thanks me, :)13:55
lbragstaddavechen: yep13:55
davechenlbragstad: i need thanks you instead.13:55
lbragstaddavechen: you saved me from going to dig for the link!13:55
davechenlbragstad: :P13:55
*** r-daneel has joined #openstack-keystone13:56
davechenlbragstad: I once considered to fetch the error message via rest  api calls, such as self.post, self.patch etc.13:56
davechenlbragstad: but it's seems impossible.13:57
lxslilbragstad: the client connects but the server doesn't send a response13:57
davechenlbragstad: And I know Boris want us to to do like that, is that really possible?13:57
davechenIf not possible, I can just reply to him that's impossible since that's not the way we fetch the error message.13:58
davechenlbragstad: and Lance, thanks for you comment in the initial patch, as you said, we need address three cases, so far, the last patch will be submit soon to address the last case you metioned, possbily tomorrow in my time.14:00
lbragstaddavechen: hmmm, interesting... so we want to do a separate post to keystone to retrieve an error message from a previous call?14:01
lbragstadnot sure I'm understanding that right14:01
lbragstadlxsli: what does your apache config look like?14:02
*** jecarey_ has joined #openstack-keystone14:02
davechenlbragstad: may be not.14:02
davechenlbragstad: what I did right now to fetch the exception message is by this way: `e = self.assertRaises(exception.ValidationError`, you see this in the patch.14:03
lbragstadlxsli: we've done some perf testing against a keystone cluster with this config https://github.com/dolph/keystone-deploy/blob/master/playbooks/roles/keystone/templates/apache/keystone.vhost14:04
lbragstadlxsli: ^ if that helps you14:04
dstanekdavechen: why are you creating controllers and catching exceptions in that patch? the v3 tests should be web based and use the client14:04
lxslilbragstad: I'll have to go and check, thanks for now14:04
lbragstadlxsli: yep14:05
davechenlbragstad: beacuse, we need fetch the exception and verfiy that exception is really helpful for end user.14:05
davechenlbragstad: exception message.14:05
davechendstanek: sorry, since we need the exception message.14:06
dstanekdavechen: that's not the place for those types of tests. if you wanted to do a web request and check the body then that's different14:06
*** r-daneel has quit IRC14:07
davechendstanek: I don't want to check the body, just want to check the exception message, as the bug desc, current exeption is not useful, it's python error.14:08
dstanekdavechen: right. so the tests don't belong there.14:09
davechendstanek: where?14:09
davechendstanek: where they should belong?14:09
davechendstanek: do you know if it possible to fetch the exception message if we do a web request like 'self.post'?14:10
*** Ephur has joined #openstack-keystone14:11
davechendstanek: if we could, then it seems okay to align with other testcases, but seems it's impossible.14:12
dstanekdavechen: why do you need the exception message? why not just check the returned body?14:13
davechendstanek: good question :), that14:13
dstanekdavechen: why isn't the validation catching this already?14:14
*** stevemar has joined #openstack-keystone14:15
davechendstanek: that's what the patch want to address the bug.14:15
davechendstanek: currently, it will return python error, that kinds of error is not useful for the end use.14:15
davechendstanek: let14:15
davechendstanek: let's paste the bug link, one mins.14:15
dstanekdavechen: i read the bug already14:15
dstanekwhat i don't get is why the schema validation isn't catching this14:15
davechenif there is no request body, it will not go to schema validation.14:16
marekddavechen: sure14:16
dstanekdavechen: really? why not?14:17
marekdlbragstad: sorry, missed your msg.14:17
davechenit will go to the api, but parameters number is not matched at all, so the python error is throw14:17
marekdlbragstad: the token was generated by my server, so yes, I can have whatever I need.14:17
davechendstanek: mins, let's me paste the code link.14:17
*** amirosh has joined #openstack-keystone14:18
dstanekmaybe keystone.common.validation.validated is broken14:18
davechenhttps://github.com/openstack/keystone/blob/master/keystone/common/validation/__init__.py#L34.14:18
lbragstadmarekd: then that should be the process for viewing the payload of the token, without having to give it back to keystone14:19
dstanekin what case is that the right thing to do?14:19
davechensee this line, since resource_to_validate is *not* in kwargs, then it will go to API14:19
*** bdossant has quit IRC14:20
lbragstaddavechen: I think that is because the keyword arguments aren't matching and it's throwing a python error, which happens before the validation module can do anything about it14:20
*** r-daneel has joined #openstack-keystone14:20
lbragstadI think?14:20
davechendstanek: so, I think we need check it in the controller layer, if no parameter is passed in, it will raise the ValidationError exception.14:20
*** woodster_ has joined #openstack-keystone14:21
dstanekdavechen: read my comments above14:21
davechenlbragstad: cannot agree more with you. :)14:21
dstaneklbragstad: no, the decorator is called first.14:21
*** mylu has quit IRC14:21
dstaneklbragstad: the decorator decides not to validate the request and i can't think of a case where that's the correct behavior14:22
*** mylu has joined #openstack-keystone14:22
davechendstanek, lbragstad, decorator is called first but it will skip if there is no parameters passed in.14:22
lbragstadthis is on a post operation,14:22
lbragstadoh...14:22
dstanekdavechen: right :-) so you don't agree with lbragstad14:23
lbragstadI would expect the validation module to fail and thrown an error because it can't find the required attributes in the request, even if the request is non14:23
lbragstadnone*14:23
davechendstanek, my mistake.14:23
davechenlbragstad: see this line: https://github.com/openstack/keystone/blob/master/keystone/common/validation/__init__.py#L3414:23
davechendstanek, lbragstad, so I think if the parameters is not passed in, we should catch it in the controller layer.14:24
dstanekdavechen: why wouldn't we want the validation to catch it?14:24
lbragstadwhy can't we make the validation layer look in args too?14:24
lbragstadit'd be nice to have all the validation logic in one place14:25
lbragstadinstead of all over the different controllers14:25
davechendstanek: validation current designed cannot do that.14:25
dstanekright, otherwise you'll have to change controllers all over the place14:25
lbragstadcan't we change the validation logic14:25
dstanekdavechen: why? just delete the if?14:25
davechenhmmm...14:26
lbragstador look for the resource to validate in the args too14:26
lbragstad(and the kwargs)?14:26
davechenkwargs[resource_to_validate]14:26
lbragstaddstanek: probably has a more elegant way to fix that14:26
dstaneki think it's already passed as kwargs14:26
davechenwhat will this being? kwargs[resource_to_validate]14:27
lbragstaddavechen: it's that just being passed in as None?14:27
dstanekit's empty right now in the error case14:27
lbragstadkwargs['service'] = None14:27
davechenlbragstad: I think so.14:27
dstaneklbragstad: i think the key just won't exist14:28
dstanekhttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/wsgi.py#n24014:28
davechenlbragstad, dstanek, resource to validate this kind of issue seems okay.14:29
dstanekarguments are always passed to controller methods as kwargs (not the context though)14:29
dstanekin theory you can remove the 'if' and change the item lookup to a .get()14:29
dstaneki don't know if that would break other cases14:30
*** topol has joined #openstack-keystone14:30
*** ChanServ sets mode: +v topol14:30
*** blewis has joined #openstack-keystone14:30
davechendstanek: seems a good approach, need have a debug on that. :)14:32
*** marzif_ has quit IRC14:32
*** marzif_ has joined #openstack-keystone14:33
*** bdossant has joined #openstack-keystone14:33
davechendstanek, lbragstad: if get none, jsonschema will not has the useful message as well.14:34
davechendstanek, lbragstad: it will throw no enough properties, and nothing more.14:34
davechendstanek, lbragstad: it's thrown by the jsonschema.14:35
*** bdossant has quit IRC14:35
davechendstanek, lbragstad, marekd, thanks guys for your input, let's stick to current approach until we find a better one. I will reply to Brois comment in each of the patch, sirs, pls kindly drop your comments if there is a good way to fix it.14:40
amaretskiySirs, can someone review patch https://review.openstack.org/#/c/188457/14:45
*** davechen has left #openstack-keystone14:45
dstanekdavechen_afk: i don't understand why you can't change validated()14:46
*** mylu has quit IRC14:48
*** chenhong has joined #openstack-keystone14:52
*** Lactem has joined #openstack-keystone15:00
*** Ephur has quit IRC15:01
*** jsavak has quit IRC15:03
*** jsavak has joined #openstack-keystone15:04
*** slberger has joined #openstack-keystone15:04
*** serverascode has quit IRC15:05
*** serverascode has joined #openstack-keystone15:07
*** dims_ has joined #openstack-keystone15:09
*** viktors is now known as viktors|afk15:09
*** markvoelker has quit IRC15:14
*** lhcheng has joined #openstack-keystone15:20
*** ChanServ sets mode: +v lhcheng15:20
*** jsavak has quit IRC15:21
*** jsavak has joined #openstack-keystone15:21
*** lhcheng has quit IRC15:25
marekdlbragstad: the token i should use is AccessInfo.auth_token roght?15:26
marekdright?15:26
*** belmoreira has quit IRC15:27
lbragstad?15:27
lbragstadmarekd: are you talking about the token to decrypt?15:27
marekdi get a token in a client15:27
lbragstadyeah15:27
marekdfernetfed token.15:27
marekdit's usually AccessInfo instance, so I the token to be decrypted is access.auth_token15:27
marekd(making sure)15:27
lbragstadI haven't tested that I don't think, it should be15:28
lbragstadI'm not sure15:28
marekdand the key is one of the files from server's /etc/keystone/fernet-keys15:28
marekdi have two files there 0 and 1, which one is better?15:28
lbragstadmarekd: yeah, which ever key was primary15:28
lbragstaduse 115:28
marekdok15:28
lbragstadso cat the contents of it and use that string in the Fernet() instantiation from cryptography15:29
*** davechen has joined #openstack-keystone15:29
marekdhm, it raises InvalidToken15:30
*** tjcocozz has joined #openstack-keystone15:30
lbragstadmarekd: how long do your tokens live?15:31
lbragstadmarekd: cryptography does the validation of the token expiry *in* cryptography15:31
lbragstadmarekd: so, if it's a stale token, it will be invalid15:31
marekdlbragstad: standard devstack expiration, but i am generating the token and trying them out seconds later.15:31
lbragstadok15:31
davechendstanek: Just reply all of your comments in that patch, pls kindly let me know if there is any other concerns. I need heads off to bed. Have a good day, sir.15:32
*** amirosh has quit IRC15:32
*** davechen has left #openstack-keystone15:32
*** amirosh has joined #openstack-keystone15:32
*** amirosh has quit IRC15:37
openstackgerritRichard Megginson proposed openstack/keystone: add federation docs for mod_auth_mellon  https://review.openstack.org/19808315:37
dstanekdavechen_afk: i'll propose an alternative patch15:37
*** Lactem has quit IRC15:38
*** slberger has quit IRC15:40
*** thedodd has joined #openstack-keystone15:42
*** btully has quit IRC15:47
mordredmorganfainberg: morning! so - if an ansible user comes up to me and asks about using an "admin token" with keystone for bootstrapping purposes ...15:47
*** henrynash has joined #openstack-keystone15:47
*** ChanServ sets mode: +v henrynash15:47
*** zhiyan has quit IRC15:47
*** gyee has joined #openstack-keystone15:47
*** ChanServ sets mode: +v gyee15:47
mordredmorganfainberg: I'm correct at pointing them to the token_url auth plugin, yeah?15:47
*** zhiyan has joined #openstack-keystone15:47
*** jkomg has joined #openstack-keystone15:48
stevemarrichm: your patch was gating lol15:49
morganfainbergmordred: ahaha. Guess i cant lurk here too much more this morning :P15:49
stevemarrichm: could have done the changes in a follow on patch15:49
mordredmorganfainberg: oops. I outed you15:49
morganfainbergmordred: token_url ? I am unfamiliar with this one15:49
mordreduh - or whatever the one is that is token based15:49
mordredtoken_endpoint15:50
morganfainbergmordred: admin token is special for bootstrapping. It should work. But honestly i want to kill yhat whole thing and male bootstrap part of keystone-manage15:50
morganfainbergWow. Typos15:50
morganfainbergMake*15:50
* morganfainberg kills non autocorrect phone today.15:50
mordredwell......15:50
mordredsake of argument here ...15:51
morganfainbergBut the token plugin should work.15:51
morganfainbergAfaik15:51
morganfainbergThe one you said because it doesnt need a catalog15:51
mordredif you make it part of keystone-manage, I'm then probably going to need to write a keystone-manage ansible module separate from the os-keystone-service and os-keystone-endpoint modules15:51
mordredwhich is fine15:51
mordredbut also is different than normal day to day operations15:52
mordredit's possible this is the right choice - I have very few opinions on this subject15:52
dstanekmorganfainberg: interesting idea. how would you do that? more like django fixtures?15:52
morganfainbergThe reason is it means you dont need to restart keystone to make it secure. Thibk of admin token as a root passwd15:52
dstanekright now i bootstrap in ansible by using auth_token and remove it when i am done15:52
mordredmorganfainberg: so what actions do you do with the admin token?15:52
morganfainbergdstanek: kindof.15:53
morganfainbergmordred: usually, create a basic user, project, and admin role on the project15:53
morganfainbergThen you do the rest kf the setup15:53
* mordred assumes a domain too ... since the world is keystone v3 of course :)15:53
morganfainbergThe admin token is a passwordtype thing in the keystone.conf and a special middleware that gives admin access15:53
morganfainbergDefault domain is created with migrations.15:54
morganfainbergSo we jusy usually use that.15:54
mordredah - well, I can certainly see doing something that doesn't require a special middleware15:54
mordredbecause that does seem a bit craycray15:54
morganfainbergmordred: yeah. And not requiring a restsrt to make keystone secure is good.15:54
morganfainbergWe could also just bootstrap a user with migrations like we do domain. But i feel like that will leave to insecure default deploys.15:56
* morganfainberg goes for a bike ride.15:56
morganfainbergBe back in a bit.15:56
richmstevemar: ?15:58
stevemarrichm: i had approved your patch15:59
richmah, sorry15:59
richmdo I need revoke my latest patch and submit a new one?16:00
*** slberger has joined #openstack-keystone16:02
marekdodyssey4me: hi16:03
stevemarrichm: nah, we can just re-approve16:03
*** rwsu has joined #openstack-keystone16:04
*** markvoelker has joined #openstack-keystone16:10
*** _hrou_ has joined #openstack-keystone16:11
*** hrou has quit IRC16:12
* morganfainberg sneaks out while no one is looking. Shhhh.16:13
odyssey4memarekd o/16:17
marekdodyssey4me: i am looking at fenet + fed tokens.16:17
*** ankita_wagh has joined #openstack-keystone16:17
marekdi can list images16:17
marekdbut yeah, something is crashing on nova for instance.16:17
marekdCan you giv me more details on what exactly crashes?16:17
marekdupdating bug is fine.16:18
marekdit will be attached to the bug history16:18
odyssey4memarekd interesting that you can get an image list - I couldn't get anything at all16:18
odyssey4meI was getting a crash simply on trying to list instances16:18
marekdlist instances is different than listing images.16:19
stevemargordc: wth is up with rbac in ceilometer :P16:20
odyssey4memarekd so I saw the crash in nova-api-os-compute when trying to list instances - the error appeared to be that the token wasn't scoped to the project16:20
odyssey4memarekd note that the error was seen when using websso with horizon16:21
marekdodyssey4me: oh, wait16:22
marekdand how about CLI ?16:22
odyssey4memarekd through CLI the issue was also there when using the same token that was provided to horizon16:22
marekdlet's cut off Horizon for now.16:23
marekddid CLI work by itself?16:23
odyssey4memarekd when using an internal user, everything worked fine16:24
marekdodyssey4me: no, federated user.16:24
odyssey4mewhen using a federated user, it did not16:24
marekdodyssey4me: ok, and what was the error when you tried to list images from glance?16:24
marekdbecause it works for me.16:24
*** btully has joined #openstack-keystone16:24
gordcstevemar: you asked this question 1 month ago16:24
marekdlbragstad: o/16:25
odyssey4meI didn't try accessing glance - I got a little fixated on the nova issue :/16:25
marekdlbragstad: remind me, when we use fernet federated tokens, we store groups in the token, right?16:25
lbragstadmarekd: o/16:25
*** ankita_wagh has quit IRC16:25
lbragstadmarekd: yes16:25
lbragstadmarekd: https://github.com/openstack/keystone/blob/992d9ecbf4f563c42848147d4d66f8ec8efd4df0/keystone/token/providers/fernet/token_formatters.py#L512-L51416:26
marekdok, so I have a funny situation, where I get a fed fernet token , scoped to a valid project, I can then list images for that project, but my token (glance logs) look like this: http://cdn.pasteraw.com/crbcl7gsj2kx5eqq0o11yrwi5q73qbf16:26
odyssey4memarekd it seemed to me that the lack of groups in the token was the issue, and it seemed that the mapping was being done right, but the fernet token was somehow missing the groups in the token... whereas uuid tokens were perfectly fine16:27
marekdodyssey4me: yep16:27
marekdodyssey4me: and...actually i am not so sure, without groups keystone should return HTTP 40116:27
odyssey4memarekd yep, you've got the same missing groups issue that I had - happy to see it validated!16:27
*** jk|osx has joined #openstack-keystone16:29
*** chenhong has quit IRC16:30
marekdodyssey4me: yes but on the other hand I can interacti with glance....16:30
marekdlet me do another test.16:30
odyssey4memarekd that could very easily be a failure in the glance api somewhere :o16:31
*** jkomg has quit IRC16:32
lbragstadmarekd: that's strange, because the fernet provider is using the same logic to issue_v3_tokens that the uuid provider is https://github.com/openstack/keystone/blob/992d9ecbf4f563c42848147d4d66f8ec8efd4df0/keystone/token/providers/common.py#L49616:33
lbragstadhttps://github.com/openstack/keystone/commit/91a0b29809cb71c1b2df1642d6c34a3f60a801ed16:33
odyssey4memarekd I've got to run, but I'll be online tomorrow again. Thanks again for looking into this!16:34
*** chengkunye has quit IRC16:35
*** jaosorior has quit IRC16:36
*** packet has joined #openstack-keystone16:39
*** sp4wnr0ot_ has joined #openstack-keystone16:42
openstackgerritNathan Jewell proposed openstack/keystone: Saves output of run_tests.sh to .log file  https://review.openstack.org/19628516:43
*** Akshay00 has joined #openstack-keystone16:43
*** ankita_wagh has joined #openstack-keystone16:44
*** ankita_wagh has quit IRC16:46
*** ankita_wagh has joined #openstack-keystone16:46
openstackgerritDavid Charles Kennedy proposed openstack/keystone: Move endpoint catalog filtering to default driver  https://review.openstack.org/16767516:46
*** e0ne has quit IRC16:47
openstackgerritNathan Jewell proposed openstack/keystone: Saves output of run_tests.sh to .log file  https://review.openstack.org/19628516:47
marekdlbragstad: i think we have a problem....16:49
lbragstadmarekd: ?16:50
*** mylu has joined #openstack-keystone16:51
*** tqtran has joined #openstack-keystone16:53
marekdlbragstad: looks like we need another fernet format.16:57
marekdlbragstad: for federated *scoped* token16:57
*** shaleh has joined #openstack-keystone16:58
*** _cjones_ has joined #openstack-keystone17:00
marekdlbragstad: look what happens: we first get unscoped token, and there we only need some OS-FEDERATION information like groups - and then token_provider works fine. But later, a user wants to scope his token, and have brand new token with project/domain inside but also some OS-FEDERATION leftovers (no groups this time)17:00
marekdlbragstad: see http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#request-a-scoped-os-federation-token17:01
*** amaretskiy has quit IRC17:03
*** lhcheng has joined #openstack-keystone17:03
*** ChanServ sets mode: +v lhcheng17:03
*** tjcocozz has quit IRC17:03
*** _hrou_ has quit IRC17:04
*** _hrou_ has joined #openstack-keystone17:04
*** Akshay00 has quit IRC17:05
*** Akshay00 has joined #openstack-keystone17:06
*** piyanai has quit IRC17:09
*** henrynash has quit IRC17:14
*** lhcheng_ has joined #openstack-keystone17:18
*** lhcheng has quit IRC17:20
*** jk|osx has quit IRC17:21
*** jk|osx has joined #openstack-keystone17:22
openstackgerritRichard Megginson proposed openstack/keystone: add federation docs for mod_auth_mellon  https://review.openstack.org/19808317:24
*** btully has quit IRC17:26
*** albertom has quit IRC17:28
*** marzif_ has quit IRC17:28
*** iamjarvo has joined #openstack-keystone17:29
*** jsavak has quit IRC17:32
*** jsavak has joined #openstack-keystone17:32
lbragstadmarekd: ah, that makes sense17:32
lbragstadmarekd: yeah, that's not supported by the current federated tokenm17:33
lbragstadfederated fernet token17:33
*** solomondg has joined #openstack-keystone17:34
marekdlbragstad: I will be on a leave until next Monday, but if you don't do this by that time I will be happy to work on it together during the meetup.17:34
marekdActually this would be nice topic for those 3 days.17:34
lbragstadmarekd: agreed, I have a pretty tight schedule at the moment, but working on this at the meetup is a great idea17:35
marekdlbragstad: cool17:35
lbragstadmarekd: thanks for reporting it, do you think we need a blueprint for this or a bug?17:35
*** albertom has joined #openstack-keystone17:35
marekdlbragstad: it was not me reporting, i just confirmed and maanaged to trace down (i think) the reason: https://bugs.launchpad.net/keystone/+bug/147128917:36
openstackLaunchpad bug 1471289 in Keystone "Fernet tokens and Federated Identities result in token scope failures" [Undecided,Confirmed] - Assigned to Marek Denis (marek-denis)17:36
*** amit213 has quit IRC17:39
*** amit213 has joined #openstack-keystone17:39
*** amit213 has quit IRC17:40
*** amit213 has joined #openstack-keystone17:40
*** amit213 has quit IRC17:41
*** amit213 has joined #openstack-keystone17:42
*** amit213 has quit IRC17:42
*** amit213 has joined #openstack-keystone17:42
*** topol has quit IRC17:45
*** slberger has quit IRC17:45
*** mylu has quit IRC17:50
*** janonymous has joined #openstack-keystone17:53
*** e0ne has joined #openstack-keystone17:54
*** jk|osx is now known as jkomg17:55
*** jaosorior has joined #openstack-keystone17:59
*** mylu has joined #openstack-keystone17:59
*** fangzhou has joined #openstack-keystone18:00
*** ankita_w_ has joined #openstack-keystone18:00
*** ankita_wagh has quit IRC18:03
*** Kennan2 has joined #openstack-keystone18:03
*** Kennan has quit IRC18:04
*** e0ne is now known as e0ne_18:04
*** slberger has joined #openstack-keystone18:06
*** Lactem has joined #openstack-keystone18:07
*** gyee has quit IRC18:07
*** med_` is now known as med_18:07
*** med_ has joined #openstack-keystone18:07
*** Lactem has quit IRC18:08
*** jsavak has quit IRC18:12
*** jsavak has joined #openstack-keystone18:12
*** nathan has joined #openstack-keystone18:13
nathand18:13
*** nathan has quit IRC18:14
*** nathanj has joined #openstack-keystone18:14
*** nathanj has quit IRC18:14
*** dims_ has quit IRC18:20
*** jsavak has quit IRC18:20
*** jk|osx has joined #openstack-keystone18:23
*** jsavak has joined #openstack-keystone18:23
*** jkomg has quit IRC18:24
*** dikonoor has quit IRC18:24
*** mylu has quit IRC18:24
*** e0ne_ is now known as e0ne18:24
*** ajayaa has quit IRC18:26
*** Akshay00 has quit IRC18:28
*** mylu has joined #openstack-keystone18:28
openstackgerritDeepti Ramakrishna proposed openstack/keystone: Reject user creation using admin token without explicitly passing the domain.  https://review.openstack.org/19694218:28
*** jsavak has quit IRC18:31
*** jsavak has joined #openstack-keystone18:32
*** diazjf has joined #openstack-keystone18:32
*** btully has joined #openstack-keystone18:32
*** _hrou_ has quit IRC18:39
*** hrou has joined #openstack-keystone18:40
*** browne has quit IRC18:41
*** gyee has joined #openstack-keystone18:42
*** ChanServ sets mode: +v gyee18:42
openstackgerritHenrique Truta proposed openstack/keystone: Add is_domain field in Project Table  https://review.openstack.org/15742718:46
*** Rockyg has joined #openstack-keystone18:55
*** piyanai has joined #openstack-keystone18:57
*** e0ne has quit IRC19:06
openstackgerritRichard Megginson proposed openstack/keystone: add federation docs for mod_auth_mellon  https://review.openstack.org/19808319:09
*** browne has joined #openstack-keystone19:14
*** mylu has quit IRC19:14
*** piyanai has quit IRC19:17
*** mylu has joined #openstack-keystone19:19
*** piyanai has joined #openstack-keystone19:19
*** solomondg has quit IRC19:21
*** iamjarvo has quit IRC19:22
*** piyanai has quit IRC19:24
*** janonymous has quit IRC19:24
*** iamjarvo has joined #openstack-keystone19:26
*** iamjarvo has quit IRC19:26
*** e0ne has joined #openstack-keystone19:26
*** iamjarvo has joined #openstack-keystone19:26
*** piyanai has joined #openstack-keystone19:27
*** shaleh has quit IRC19:28
*** Ephur has joined #openstack-keystone19:30
sigmavirus24stevemar: ping19:35
*** ngupta has quit IRC19:35
stevemarsigmavirus24: whaddup19:35
*** dims_ has joined #openstack-keystone19:36
sigmavirus24Hm, hold on19:36
sigmavirus24sorry for the premature ping19:36
stevemarsigmavirus24: all good19:38
sigmavirus24Trying to figure out why jamielennox's nova changes allowing for neutronv2 module to use Keystone v3 for auth aren't working19:39
sigmavirus24Think it might be that we're specifying admin_tenant_name in our nova config file and am investigating19:39
sigmavirus24yep, that looks like it19:40
sigmavirus24time to test this19:40
sigmavirus24sorry for the ping19:40
*** mylu has quit IRC19:44
*** e0ne has quit IRC19:47
openstackgerritLance Bragstad proposed openstack/keystone: Update federation docstring  https://review.openstack.org/19887219:47
*** mylu has joined #openstack-keystone19:49
*** mylu has quit IRC19:53
*** Akshay00 has joined #openstack-keystone19:55
openstackgerritLance Bragstad proposed openstack/keystone: Add unit test for fernet provider  https://review.openstack.org/19764919:57
*** fangzhou has quit IRC19:57
*** mylu has joined #openstack-keystone19:58
*** njnjnj has joined #openstack-keystone20:00
njnjnjhello20:00
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider validate_v3_token()  https://review.openstack.org/19687720:01
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider issue_v2_token()  https://review.openstack.org/19764720:01
*** fangzhou has joined #openstack-keystone20:04
lbragstadmarekd: you're not still around are you?20:09
*** Akshay00 has quit IRC20:11
lbragstadoh, maybe stevemar?20:13
stevemarlbragstad: whaddup20:14
lbragstadstevemar: quick federation question for you20:14
lbragstadstevemar: and it might be silly, but I wanted to double check20:14
stevemarlbragstad: shoot20:14
*** lhcheng_ is now known as lhcheng20:15
*** ChanServ sets mode: +v lhcheng20:15
*** mylu has quit IRC20:15
lbragstadstevemar: I've done a little digging in the federation code and it doesn't look like there is any specific apis that the federation code needs in order to operate, hence the federation api not needing any dependencies on other keystone apis (https://github.com/openstack/keystone/blob/master/keystone/contrib/federation/core.py#L50)20:16
*** dims_ has quit IRC20:17
*** mylu has joined #openstack-keystone20:18
openstackgerritHenrique Truta proposed openstack/keystone: Change project name constraint  https://review.openstack.org/15837220:19
*** piyanai has quit IRC20:20
*** mylu has quit IRC20:20
*** slberger has quit IRC20:21
*** mylu has joined #openstack-keystone20:21
openstackgerritFernando Diaz proposed openstack/keystone: Adding Documentation for Mapping Combinations  https://review.openstack.org/19285020:22
*** piyanai has joined #openstack-keystone20:22
*** _hrou_ has joined #openstack-keystone20:23
*** hrou has quit IRC20:24
*** packet has quit IRC20:25
*** dramakri has joined #openstack-keystone20:26
*** shaleh has joined #openstack-keystone20:29
*** jsavak has quit IRC20:31
*** jsavak has joined #openstack-keystone20:31
stevemarlbragstad: i think you're right?20:31
stevemarlbragstad: what are you getting at? :)20:32
*** mylu has quit IRC20:32
lbragstadstevemar: I thought that sounded right but I wanted to double check to make sure I wasn't missing something blatantly obvious. I am imagining the case where keystone may be using different backends or they are stood up in different orders, so would there be a case where x would have to be done before federation in order for it to work, for example.20:33
stevemarso a quick clarification20:35
stevemarlbragstad: the federation code itself doesn't need any other APIs20:35
lbragstadstevemar: makes sense20:36
stevemarbut the federation branches of say the token handler doesn't needs assignment/group api20:36
*** slberger has joined #openstack-keystone20:36
*** Akshay00 has joined #openstack-keystone20:37
*** mylu has joined #openstack-keystone20:39
*** jsavak has quit IRC20:43
*** jsavak has joined #openstack-keystone20:43
*** bradjones is now known as bradjones|away20:44
*** Rockyg has quit IRC20:45
*** RichardRaseley has joined #openstack-keystone20:46
*** mylu has quit IRC20:47
*** gordc has quit IRC20:49
*** mylu has joined #openstack-keystone20:49
*** Akshay00 has quit IRC20:49
*** thedodd has quit IRC20:51
dstanekhtruta: does that last patch pass all of the tests for you?20:53
htrutadstanek: which one? the change project name constraint?20:54
htrutait did20:54
dstanekhtruta: yes, it seems to be failing on the test_list_group_role_assignment for me20:55
*** mylu has quit IRC20:56
htrutajust ran it again and it passed20:57
htrutadstanek: ^20:57
*** piyanai has quit IRC20:58
*** stevemar has quit IRC20:58
dstanekhtruta: i'm see lots of logging errors20:59
dstanek"Donflict domain: (sqlite3.IntegrityError) column name is not unique"...20:59
*** Akshay00 has joined #openstack-keystone20:59
dstaneks/D/C20:59
htrutadstanek: shall we wait for jenkins?21:08
*** dims_ has joined #openstack-keystone21:09
*** slberger has left #openstack-keystone21:12
*** dims_ has quit IRC21:14
*** jaosorior has quit IRC21:16
*** dims has joined #openstack-keystone21:16
*** piyanai has joined #openstack-keystone21:18
*** Akshay00 has quit IRC21:23
*** jk|osx is now known as jkomg21:24
*** piyanai has quit IRC21:27
*** bknudson has joined #openstack-keystone21:27
*** ChanServ sets mode: +v bknudson21:27
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Refactor TokenCache store takes auth_ref  https://review.openstack.org/18901921:30
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Refactor use auth_ref.version rather than _token_is_v*  https://review.openstack.org/18901821:30
*** jsavak has quit IRC21:34
*** jsavak has joined #openstack-keystone21:34
*** jecarey_ has quit IRC21:36
*** iamjarvo has quit IRC21:36
*** csoukup has quit IRC21:47
*** jsavak has quit IRC21:53
openstackgerritBrant Knudson proposed openstack/keystone: Enable bandit check for password_config_option_not_marked_secret  https://review.openstack.org/19442021:57
openstackgerritBrant Knudson proposed openstack/keystone: Bandit config updates  https://review.openstack.org/19441721:57
*** njnjnj has quit IRC22:01
*** diazjf has left #openstack-keystone22:02
*** Kennan has joined #openstack-keystone22:02
*** Kennan2 has quit IRC22:03
*** dramakri has quit IRC22:04
*** njnjnj has joined #openstack-keystone22:04
*** zzzeek has quit IRC22:25
*** hogepodge has quit IRC22:30
jamielennoxsigmavirus24: all good?22:32
sigmavirus24jamielennox: yeah eventually figured out how to use auth_plugin, etc.22:32
*** Akshay00 has joined #openstack-keystone22:32
sigmavirus24The docs /could/ be better and not reference teh class names instead of the entry-points you're expected to use, but I figured it out22:32
jamielennoxsigmavirus24: yea, it's not a hard concept but i can never seem to explain it well22:33
sigmavirus24jamielennox: yeah, I could probably take a crack at those docs, but I won't =P22:34
sigmavirus24I have lots on my plate like getting this test cloud properly deployed on v3 with osad22:35
sigmavirus24It'd also be good to know what the base options are, e.g., user-name, password, etc. for each of the plugins22:35
sigmavirus24fwiw22:35
*** Akshay00 has quit IRC22:36
jamielennoxyea, with keystoneauth we get a chance to essentially start from scratch so i'm going to sink some time into the docs there22:36
*** Akshay00 has joined #openstack-keystone22:36
*** blewis has quit IRC22:37
jamielennoxsigmavirus24: in the mean time i link https://gist.github.com/jamielennox/7f5cfabd64a6922e643c#file-list-plugins-py from one of my blogs which is useful22:37
sigmavirus24jamielennox: yeah feel free to add me to reviews for those docs22:38
*** dramakri has joined #openstack-keystone22:41
*** hogepodge has joined #openstack-keystone22:46
*** edmondsw has quit IRC22:47
*** chlong_ has joined #openstack-keystone22:50
*** chlong_ has quit IRC22:50
*** chlong has quit IRC22:51
*** chlong has joined #openstack-keystone22:51
*** browne has quit IRC22:54
*** piyanai has joined #openstack-keystone22:54
*** dims has quit IRC22:54
*** Akshay00 has quit IRC23:01
*** Akshay00 has joined #openstack-keystone23:02
*** ankita_wagh has joined #openstack-keystone23:04
*** Akshay00 has quit IRC23:06
*** _hrou_ has quit IRC23:06
*** ankita_w_ has quit IRC23:07
*** Ephur has quit IRC23:07
*** jamielennox is now known as jamielennox|away23:11
*** ankita_wagh has quit IRC23:12
*** ankita_wagh has joined #openstack-keystone23:12
*** piyanai_ has joined #openstack-keystone23:12
*** shaleh has quit IRC23:14
*** shaleh has joined #openstack-keystone23:14
*** piyanai has quit IRC23:15
*** piyanai_ is now known as piyanai23:15
*** piyanai has quit IRC23:16
*** btully has quit IRC23:21
*** jamielennox|away is now known as jamielennox23:22
*** jkomg has quit IRC23:29
openstackgerritChloe Jensen proposed openstack/keystone: Modified command used to run keystone-all.  https://review.openstack.org/19892423:34
*** browne has joined #openstack-keystone23:38
*** piyanai has joined #openstack-keystone23:38
njnjnjI was wondering where the source code for commands like "keystone endpoint-create" is for a bug that I am working on.23:39
openstackgerritMerged openstack/keystonemiddleware: Don't allow webob to set a default content type  https://review.openstack.org/19447023:40
jamielennoxnjnjnj: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v2_0/shell.py23:44
jamielennoxnjnjnj: but we aren't accepting new features to the CLI, you should look to use openstackclient instead o23:45
njnjnjthanks23:46
*** njnjnj has quit IRC23:49
*** sigmavirus24 is now known as sigmavirus24_awa23:52
*** RichardRaseley has quit IRC23:54
*** jkomg has joined #openstack-keystone23:55
*** zzzeek has joined #openstack-keystone23:55
*** lufix has quit IRC23:58
*** jkomg has quit IRC23:59
« Sunday, 2015-07-05 Index Tuesday, 2015-07-07 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!