Wednesday, 2015-07-29

*** htruta_ has joined #openstack-keystone		00:06
*** topol has joined #openstack-keystone		00:14
*** ChanServ sets mode: +v topol		00:14
*** _cjones_ has quit IRC		00:14
*** david-lyle has quit IRC		00:24
*** lhcheng_ is now known as lhcheng		00:28
*** ChanServ sets mode: +v lhcheng		00:28
*** albertom has quit IRC		00:39
*** Guest4324 has quit IRC		00:39
*** albertom has joined #openstack-keystone		00:42
*** browne_ has joined #openstack-keystone		00:45
*** browne_ has quit IRC		00:47
*** sigmavirus24_awa is now known as sigmavirus24		00:48
*** bknudson has joined #openstack-keystone		00:54
*** ChanServ sets mode: +v bknudson		00:54
*** browne has quit IRC		01:08
*** davechen has joined #openstack-keystone		01:15
*** r-daneel has quit IRC		01:19
*** roxanaghe has quit IRC		01:21
*** ankita_w_ has quit IRC		01:23
*** ankita_wagh has joined #openstack-keystone		01:24
*** ankita_wagh has quit IRC		01:28
*** jiaxi has joined #openstack-keystone		01:30
openstackgerrit	Brant Knudson proposed openstack/keystone: Document sample config updated automatically https://review.openstack.org/194906	01:34
*** richm has quit IRC		01:37
openstackgerrit	Brant Knudson proposed openstack/keystone: Use dict.items() rather than six.iteritems() https://review.openstack.org/200762	01:51
openstackgerrit	Brant Knudson proposed openstack/keystone: Cleanup use of iteritems https://review.openstack.org/206785	01:51
*** samleon has quit IRC		01:52
*** samleon has joined #openstack-keystone		01:53
*** ankita_wagh has joined #openstack-keystone		01:53
openstackgerrit	Brant Knudson proposed openstack/keystone: Ensure database options registered for tests https://review.openstack.org/203900	01:56
*** htruta_ has quit IRC		01:57
*** jasonsb has joined #openstack-keystone		01:57
*** ankita_wagh has quit IRC		01:58
*** ankita_wagh has joined #openstack-keystone		01:59
openstackgerrit	jiaxi proposed openstack/keystone: Reject create endpoint with invalid urls https://review.openstack.org/200512	02:09
jiaxi	dstanek: Have you go to bed ?	02:10
jiaxi	davechen: Are you online ?	02:11
davechen	jiaxi: yes, hello, jiaxi.	02:15
jiaxi	davechen: You are in PuDongXinQu of ShangHai ?	02:18
*** david-lyle has joined #openstack-keystone		02:19
jiaxi	davechen: https://review.openstack.org/#/c/200512/ have a look at my patch set. Please.	02:19
davechen	jiaxi: sure, my pleasure.	02:19
jiaxi	davechen: Thanks	02:20
davechen	jiaxi: no, I am in Minghang district.	02:20
jiaxi	davechen: I once lived in Minhang district.	02:21
davechen	jiaxi: which company are you working for?	02:21
jiaxi	davechen: I once in ShangHai. But now work in BeiJing . A small startup.	02:22
*** david-lyle has quit IRC		02:23
davechen	jiaxi: I know, unitstack, a good and great startup.	02:24
jiaxi	davechen: Maybe.	02:24
*** piyanai has joined #openstack-keystone		02:28
*** jasonsb has quit IRC		02:28
*** lhcheng has quit IRC		02:31
*** spandhe has quit IRC		02:33
*** boris-42 has quit IRC		02:40
*** browne has joined #openstack-keystone		02:40
jiaxi	davechen: You work in Inter ?	02:43
jiaxi	davechen: Intel have son company in Minhang ? I only Know Microsoft and Google has son company there	02:44
*** hakimo has joined #openstack-keystone		02:51
*** hakimo_ has quit IRC		02:53
*** ankita_w_ has joined #openstack-keystone		02:55
*** ankita_wagh has quit IRC		02:58
*** ankita_w_ has quit IRC		03:00
*** piyanai has quit IRC		03:02
*** lhcheng has joined #openstack-keystone		03:02
*** ChanServ sets mode: +v lhcheng		03:02
*** spandhe has joined #openstack-keystone		03:03
*** spandhe_ has joined #openstack-keystone		03:09
*** spandhe has quit IRC		03:09
*** spandhe_ is now known as spandhe		03:09
davechen	jiaxi, yes, all of them except google.	03:12
dstanek	jiaxi: yep, i'm still here. just took a shower after a short night run.	03:13
jiaxi	davechen: Zizhu Kejiyuan	03:14
dstanek	jiaxi: did you find how to comment on older patchsets?	03:21
jiaxi	dstanek: No..	03:22
dstanek	jiaxi: if you click on the arrow next to 'Patch Set #' you will see the files from that patchset and a 'Review' button. if you click that you can leave a comment. you can also comment on the files and click review to publish them	03:23
*** topol has quit IRC		03:24
jiaxi	dstanek: I have a try right now	03:26
dstanek	if you have unpublished comments on earlier changesets you'll see a little red cartoon bubble icon	03:27
jiaxi	dstanek: Hi, David. I replied you in patch set 32 yesterday. And published just now.	03:28
*** topol has joined #openstack-keystone		03:29
*** ChanServ sets mode: +v topol		03:29
jiaxi	dstanek: 1 draft in red means I have made a comment, but not published. My god I have replid every comment , but all in red. Never published !!!	03:30
dstanek	jiaxi: yep, that's right	03:31
dstanek	jiaxi: did you pull my changes down using 'git review -d'?	03:31
jiaxi	dstanek: What I said yesterday is not right. I hope you are not angry.	03:31
dstanek	jiaxi: nope, not at all	03:32
jiaxi	dstanek: Thank you. 23:32 in US ?	03:32
dstanek	jiaxi: you'll see people in the keystone community push changes to someone else's review for a couple of reasons	03:33
jiaxi	dstanek: It's 23:30+ in US ?	03:33
jiaxi	jiaxi: And yesterday, It's the first time...	03:33
*** david-lyle has joined #openstack-keystone		03:34
dstanek	jiaxi: no reason to copy/paste tested code in just for someone else to copy paste and cores will do it where there are little tweaks that can be made to quickly get something merged without waiting for author turn around	03:34
*** topol has quit IRC		03:34
dstanek	yes, it's 23:34 (give or take) here	03:34
jiaxi	dstanek: You should go to bed. Sleep too late is harmful to you health.	03:36
jiaxi	dstanek: Okay, I got it	03:36
dstanek	jiaxi: nah, too much to do :-) i need to publish my new project typist before i go to sleep	03:38
*** ayoung has quit IRC		03:38
jiaxi	dstanek: Too hard_working. I should learn from you.	03:39
dstanek	jiaxi: i don't work as hard as you think; for example, between my meetings today i went outside to swim with my kids for an hour and after dinner we went for a family bike ride	03:41
dstanek	jiaxi: it just appears i work all day/night because i spread things out	03:41
davechen	dstanek: happy life.	03:42
jiaxi	dstanek: Very happly life. Like god.	03:43
dstanek	davechen: gotta keep it balanced :-) that has gotten a bit harder since i started working from home	03:43
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/206082	03:43
davechen	dstanek: yep, I am always have trouble to balance my life, since I dont swim. :)	03:44
jiaxi	davechen: You can give me a +1,too. I had given you +1 to your patch set.	03:44
davechen	jiaxi: it's not exchange, +1 is acutally meaningless, you need dstanek's +2, not cheat you.	03:44
jiaxi	davechen: He would if he can.	03:46
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/206818	03:46
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystoneauth: Updated from global requirements https://review.openstack.org/206819	03:46
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystoneauth-saml2: Updated from global requirements https://review.openstack.org/206820	03:46
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements https://review.openstack.org/197254	03:46
davechen	jiaxi, let's take a break have a lunch.	03:47
jiaxi	davechen: Yes, It's time for lunch now.	03:47
dstanek	davechen: +1s can be meaningful. many people +1 saying "good enough" and those are meaningless, but there are others that use the same attention to detail that you would expect from someone giving out a +2. and when i see those people giving a +1 i know i can start reviewing that one.	03:49
dstanek	it's a good way to help me prioritize	03:49
openstackgerrit	OpenStack Proposal Bot proposed openstack/oslo.policy: Updated from global requirements https://review.openstack.org/206840	03:50
openstackgerrit	OpenStack Proposal Bot proposed openstack/pycadf: Updated from global requirements https://review.openstack.org/206847	03:50
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/206082	03:50
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient-kerberos: Updated from global requirements https://review.openstack.org/192319	03:50
davechen	dstanek: thanks.	03:57
davechen	dstanek: have a good dream. :)	03:58
*** davechen is now known as davechen_afk		03:58
*** sigmavirus24 is now known as sigmavirus24_awa		04:14
*** ankita_wagh has joined #openstack-keystone		04:39
*** max__ has joined #openstack-keystone		04:55
*** max__ is now known as Guest72363		04:55
*** max_a has quit IRC		04:56
*** stevemar has joined #openstack-keystone		04:56
*** ChanServ sets mode: +v stevemar		04:56
openstackgerrit	Merged openstack/pycadf: Updated from global requirements https://review.openstack.org/206847	04:58
openstackgerrit	Merged openstack/oslo.policy: Updated from global requirements https://review.openstack.org/206840	04:59
*** jasonsb has joined #openstack-keystone		05:17
*** stevemar has quit IRC		05:19
*** stevemar has joined #openstack-keystone		05:20
*** ChanServ sets mode: +v stevemar		05:20
*** stevemar has quit IRC		05:24
*** ajayaa has quit IRC		05:25
*** yottatsa has joined #openstack-keystone		05:28
openstackgerrit	Merged openstack/keystone: Reuse token_ref fetched in AuthContextMiddleware. https://review.openstack.org/190863	05:36
openstackgerrit	Merged openstack/keystone: Fix remaining mention of KLWT https://review.openstack.org/206195	05:39
openstackgerrit	Merged openstack/keystone: Assign different values to public and admin ports https://review.openstack.org/205667	05:39
openstackgerrit	Merged openstack/keystone: Test admin app in test_admin_version_v3 https://review.openstack.org/206472	05:39
openstackgerrit	Merged openstack/keystone: Test function call result, not function object https://review.openstack.org/206567	05:39
*** topol has joined #openstack-keystone		05:46
*** ChanServ sets mode: +v topol		05:46
*** jasonsb has quit IRC		05:50
*** topol has quit IRC		05:51
*** jasonsb has joined #openstack-keystone		05:57
openstackgerrit	Merged openstack/keystone: Updated from global requirements https://review.openstack.org/206818	06:00
*** yottatsa has quit IRC		06:02
openstackgerrit	Merged openstack/keystone: Document sample config updated automatically https://review.openstack.org/194906	06:04
*** kiran-r has joined #openstack-keystone		06:05
*** ParsectiX has joined #openstack-keystone		06:06
*** pnavarro has joined #openstack-keystone		06:06
*** afazekas has joined #openstack-keystone		06:09
*** ajayaa has joined #openstack-keystone		06:13
*** hrou has quit IRC		06:20
*** josecastroleon has joined #openstack-keystone		06:22
*** yottatsa has joined #openstack-keystone		06:27
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex https://review.openstack.org/206889	06:30
jiaxi	davechen: Needn't escape the '$' in the URL, it's just string substitution.	06:38
jiaxi	davechen: what do you mean ?	06:38
jiaxi	davechen: Needn't escape the '$' in the URL, it's just string substitution.	06:38
*** kfox1111_ has quit IRC		06:47
jiaxi	davechen_afk: what do you mean ?	06:47
marekd	dstanek: Hey there. Are you planning to improving it soon https://review.openstack.org/#/c/203142/ ?	06:48
marekd	dstanek: just wanted to sync wrt this.	06:48
*** browne has quit IRC		06:49
*** lhcheng has quit IRC		06:50
*** ankita_wagh has quit IRC		06:57
*** ankita_wagh has joined #openstack-keystone		06:57
*** davechen_afk is now known as davechen		06:58
davechen	lhcheng: jiaxi just meant there should be a "that" after "indicate" to follow the syntax of english. :)	06:59
davechen	lhcheng, jiaxi, but I am doubt about that. :)	06:59
jiaxi	davechen: I have doubt lhcheng is Chinese.	07:01
*** ankita_wagh has quit IRC		07:02
jiaxi	davechen: When I run tox, always met No space left on device	07:02
davechen	jiaxi: ABC I think, but for sure he is.	07:02
jiaxi	davechen: And my disk is 40G..	07:02
*** yottatsa has quit IRC		07:02
marekd	odyssey4me: hey!	07:02
marekd	odyssey4me: did you have a chance to run the patch ?	07:03
davechen	jiaxi: you need a more powerful PC.	07:04
jiaxi	davechen: A vm. 8G mem 40G disk	07:05
jiaxi	2 vcpu	07:05
jiaxi	davechen: memory-2(2vCPU/8G)	07:05
*** yottatsa has joined #openstack-keystone		07:12
openstackgerrit	Dave Chen proposed openstack/keystone: Move endpoint_filter migrations into keystone core https://review.openstack.org/186988	07:12
openstackgerrit	Dave Chen proposed openstack/keystone: Move endpoint filter into keystone core https://review.openstack.org/183377	07:12
*** ankita_wagh has joined #openstack-keystone		07:21
openstackgerrit	Dave Chen proposed openstack/keystone: Show helpful message when request body is not provided https://review.openstack.org/195903	07:29
openstackgerrit	Dave Chen proposed openstack/keystone: Give some message when an invalid token is in use https://review.openstack.org/199989	07:30
*** fhubik has joined #openstack-keystone		07:31
*** ankita_wagh has quit IRC		07:33
*** ankita_wagh has joined #openstack-keystone		07:33
*** ankita_wagh has quit IRC		07:37
yottatsa	Mooooorning!	07:42
yottatsa	Another day, another auth bug https://bugs.launchpad.net/keystone/+bug/1474942	07:42
openstack	Launchpad bug 1474942 in Keystone "Missing either X-Auth-Token or X-Subject-Token in fernet token gives HTTP500 code." [Medium,Triaged] - Assigned to Vladimir Eremin (yottatsa)	07:42
openstackgerrit	jiaxi proposed openstack/keystone: Reject create endpoint with invalid urls https://review.openstack.org/200512	07:43
openstackgerrit	Vladimir Eremin proposed openstack/keystone: Check Fernet token for None https://review.openstack.org/206921	07:46
*** ParsectiX has quit IRC		07:50
*** ParsectiX has joined #openstack-keystone		07:51
*** woodster_ has quit IRC		07:54
openstackgerrit	Marek Denis proposed openstack/keystone: Fernet payloads for federated scoped tokens. https://review.openstack.org/202176	07:56
*** yottatsa has quit IRC		08:00
*** yottatsa has joined #openstack-keystone		08:07
yottatsa	jiaxi hello	08:07
yottatsa	could you please see on https://review.openstack.org/206921	08:07
*** jistr has joined #openstack-keystone		08:08
jiaxi	yottatsa: Okay, no problem	08:08
yottatsa	thank you	08:08
*** yottatsa has quit IRC		08:10
*** yottatsa has joined #openstack-keystone		08:11
marekd	yottatsa: thanks for the fix	08:13
marekd	did you try v2 and v3 ?	08:13
yottatsa	marekd, yep, I tried both	08:14
marekd	yottatsa: cool.	08:16
yottatsa	marekd, should I check that input is a binary_type explicitly?	08:27
yottatsa	e.g. https://gist.github.com/yottatsa/5b83aeda42e60e0afd68	08:28
davechen	marekd: ping? marek	08:30
breton	yottatsa: heya, could you please try to reproduce your bug with Lance's branch https://review.openstack.org/#/c/196877/12 ?	08:30
*** fhubik is now known as fhubik_afk		08:31
*** pnavarro has quit IRC		08:33
yottatsa	breton I'll try it now	08:35
*** davechen is now known as davechen_afk		08:36
*** fhubik_afk is now known as fhubik		08:38
yottatsa	Automatic merge failed	08:39
marekd	davechen_afk: what's up?	08:40
*** e0ne has joined #openstack-keystone		08:40
yottatsa	marekd, should I check that input is a binary_type explicitly? e.g. https://gist.github.com/yottatsa/5b83aeda42e60e0afd68	08:40
marekd	yottatsa: which file would it be?	08:43
*** e0ne has quit IRC		08:43
yottatsa	keystone.token.providers.fernet.token_formatters.TokenFormatter#validate_token	08:43
yottatsa	I've updated gist	08:45
marekd	yottatsa: hm, i'd rather not answer this question because i am not fernet master. you can search the docs (fernet docs) and look whether the encoded format is binary, but i think it isn't.	08:45
marekd	yottatsa: dolphm and lbragstad can surely help in that matter.	08:45
marekd	(they should be later)	08:45
yottatsa	marekd, it's more code style question :)	08:45
marekd	yottatsa: since sanity check is a code style thing? :P	08:49
yottatsa	breton, it's HTTP 500 on missing or incorrect token	08:49
marekd	sine when*	08:49
yottatsa	I'll wait for Fernet guys :)	08:50
yottatsa	breton, *stlll HTTP 500	08:50
*** davechen_afk is now known as davechen		08:50
davechen	marekd: Just want to ask you a question, but i think it's not important anymore, forgot it. :)	08:51
marekd	davechen: ok	08:52
davechen	marekd: is	08:53
davechen	marekd: Is it in the morning in your local time?	08:53
yottatsa	breton, and with my patch it'll be 400	08:53
marekd	10.53 am	08:55
marekd	davechen: ^^	08:55
davechen	marekd: anything else are you focus on? beside keystone.	08:57
davechen	marekd: it's about 17:00 PM in my region.	08:58
davechen	marekd: time to shutdown my laptop and back home.	08:59
*** spandhe has quit IRC		08:59
davechen	one more day is killed by me.	08:59
jiaxi	davechen: Hello. could you please have a look at a very easy patch ?	09:01
jiaxi	davechen: https://review.openstack.org/#/c/203312/	09:01
breton	yottatsa: cool, thanks	09:02
davechen	jiaxi: sure.	09:02
davechen	jiaxi: when could you off-duty?	09:02
davechen	Ah, KSC.	09:03
*** fhubik is now known as fhubik_afk		09:06
*** fhubik_afk is now known as fhubik		09:08
yottatsa	breton, Ran 5498 tests in 68.211s OK	09:11
openstackgerrit	Vladimir Eremin proposed openstack/keystone: Explicitly check incorrect token input https://review.openstack.org/206921	09:12
*** davechen has left #openstack-keystone		09:13
*** yottatsa has quit IRC		09:19
jiaxi	davechen: off_duty? 19:00	09:28
*** pnavarro has joined #openstack-keystone		09:28
-openstackstatus- NOTICE: Currently our CI system is broken, jobs are not getting processed at all.		09:28
*** ChanServ changes topic to "Currently our CI system is broken, jobs are not getting processed at all."		09:28
jiaxi	davechen: But at night, I was online, too. Learning ceilometer.	09:29
jiaxi	yottatsa: Hi, you owe me a review https://review.openstack.org/#/c/203312/	09:33
*** ParsectiX has quit IRC		09:35
*** alex_xu has quit IRC		09:48
*** alex_xu has joined #openstack-keystone		09:49
*** e0ne has joined #openstack-keystone		09:57
*** Kennan has quit IRC		10:00
*** telemonster has quit IRC		10:00
*** mitz has quit IRC		10:00
*** dguerri` has quit IRC		10:00
*** mitz has joined #openstack-keystone		10:00
*** telemonster has joined #openstack-keystone		10:00
*** Kennan has joined #openstack-keystone		10:01
*** dguerri` has joined #openstack-keystone		10:01
*** dguerri` is now known as dguerri		10:01
*** dguerri has joined #openstack-keystone		10:01
*** e0ne_ has joined #openstack-keystone		10:02
*** kiran-r has quit IRC		10:03
*** e0ne has quit IRC		10:05
*** e0ne_ is now known as e0ne		10:06
*** rdo has quit IRC		10:08
*** fhubik is now known as fhubik_afk		10:10
*** rdo has joined #openstack-keystone		10:10
*** kiran-r has joined #openstack-keystone		10:12
*** josecastroleon has quit IRC		10:15
*** ParsectiX has joined #openstack-keystone		10:17
dstanek	jiaxi: i think by repeatedly asking for reviews you are going to have the opposite effect of what you want	10:35
jiaxi	dstanek: ok, I know.	10:36
jiaxi	dstanek: You go to bed so late, get up so early.	10:36
dstanek	jiaxi: just got up :-)	10:37
jiaxi	dstanek: No space left on device. Do you have better way to deal with.	10:38
*** aix has quit IRC		10:38
jiaxi	dstanek: when I run tox. always Error 'No space left on device'	10:39
dstanek	jiaxi: you testrepository directory may be really big and can be deleted. what does "du -sh .* *" show you?	10:42
jiaxi	dstanek: stack@openstack:/opt/stack/ceilometer$ du -sh .* * 880M .	10:43
jiaxi	stack@openstack:/opt/stack/ceilometer$ du -sh .* * 880M . 4.5G ..	10:43
samueldmq	morning guys	10:48
*** topol has joined #openstack-keystone		10:49
*** ChanServ sets mode: +v topol		10:49
dstanek	jiaxi: anything you can delete?	10:50
dstanek	samueldmq: good morning	10:50
dstanek	jiaxi: can you put the full output on paste.openstack.org?	10:50
jiaxi	dstanek: I don't know. I have just added a cloud volume which size is 40G	10:51
jiaxi	This is the full output : stack@openstack:/opt/stack/ceilometer$ du -sh .* * 880M . 4.5G ..	10:51
*** yottatsa has joined #openstack-keystone		10:52
dstanek	jiaxi: hmm...odd. on my machine it shows a lines for each file/directory including hidden ones	10:53
*** topol has quit IRC		10:53
dstanek	try just "du -sh *"	10:53
jiaxi	in which directory	10:54
dstanek	in whatever directory you think is too big	10:55
dstanek	and then "du -sh .*" should be you hidden files too	10:55
jiaxi	dstanek: http://paste.openstack.org/show/406191/	10:56
dstanek	jiaxi: what about hiddens?	10:57
jiaxi	http://paste.openstack.org/show/406192/	10:58
jiaxi	dstanek: http://paste.openstack.org/show/406192/	10:58
dstanek	somethings not right because you should have at least .tox and .test directories	10:59
*** yottatsa has quit IRC		11:00
*** fhubik_afk is now known as fhubik		11:00
jiaxi	dstanek: drwxrwxr-x 2 stack stack 4096 Jul 29 06:30 .testrepository/ drwxrwxr-x 8 stack stack 4096 Jul 29 06:34 .tox/	11:00
jiaxi	dstanek: when I use 'll' , I can see them	11:01
dstanek	you should be able to use that to find what is eating space	11:01
jiaxi	dstanek: in .testrepository has many files. I think I can delete some ?	11:02
dstanek	you can freely delete .tox and .testrepository directories as they will get regenerated	11:02
jiaxi	dstanek: I will try right now.	11:03
dstanek	if you are running lots of test across lots of projects they 40G may not be enough to hold all of that	11:03
samueldmq	jamielennox: hey, you still around ? need some advice on adding CacheControl support to ksclient (https://pypi.python.org/pypi/CacheControl/0.9.3)	11:03
*** jsheeren has joined #openstack-keystone		11:04
dstanek	samueldmq: i wouldn't add that just yet since we don't do the headers - concentrate on the middleware	11:04
samueldmq	dstanek: so adding our own support (reading the headers etc) in the middleware is ok for now ?	11:05
samueldmq	dstanek: well ... that's how we do with all the other headers (which aren't cachecontrol so far) there	11:06
dstanek	samueldmq: oh, hmmm... ksm uses ksc	11:06
samueldmq	dstanek: yes that's the point	11:06
openstackgerrit	Marek Denis proposed openstack/keystone: Better error message when unable to map user https://review.openstack.org/206987	11:06
dstanek	samueldmq: i started writiing a patch to add it to ksc yesterday, but got distracted	11:06
marekd	samueldmq: dstanek ^^	11:06
*** jiaxi has quit IRC		11:07
samueldmq	dstanek: nice, so can I assume you are grabing this bit ? so I can concentrate on the others	11:07
*** yottatsa has joined #openstack-keystone		11:08
dstanek	samueldmq: sure, i can finish that up today	11:08
samueldmq	dstanek: that's just ..	11:08
samueldmq	dstanek: perfect :)	11:08
dstanek	marekd: now why would you want to make it better :-)	11:08
samueldmq	dstanek: thanks a ton	11:08
dstanek	samueldmq: my pleasure. i started poking around after sigmavirus24_awa suggested it	11:09
samueldmq	dstanek: you're great :)	11:09
samueldmq	dstanek: I am going to update middleware + oslo patches today	11:09
samueldmq	dstanek: btw ... middleware will use ksc to fetch the policy, right ?	11:10
dstanek	nice	11:10
dstanek	yea, i would assume so	11:10
samueldmq	dstanek: and it asks oslo.policy to cache it in a file, so the service can read it from there	11:10
samueldmq	dstanek: I am not sure I got the issue with writting to a file, as you were saying yesterday	11:10
dstanek	samueldmq: no olso.policy won't cache to a file at all. cachecontrol will	11:11
samueldmq	dstanek: but .. how do the oslo.policy enforcer in the service will know what file is that ?	11:11
dstanek	samueldmq: olso.policy will have to either accept a blob of json or a file-like object if it doesn't already	11:11
samueldmq	dstanek: what I did so far is : write to a file specified in the config (dyanamic_policy_path) and then the anotehr instance of oslo.policy (at the serivce) will read from tehre as well	11:12
samueldmq	dstanek: what do you mean by a file-like object ?	11:13
dstanek	samueldmq: an object that it can just call read on	11:13
samueldmq	dstanek: but it can't, because the isntance of oslo.policy enforcer at middleware is different from the instance at the service (nova)	11:14
samueldmq	dstanek: middleware has its oslo.policy.policy.Enforcer() instance and use it to write to the file	11:14
samueldmq	dstanek: the service (nova) has its instance as well and use it as today (read the files and do the enforcement)	11:15
samueldmq	dstanek: so we can't store like an attribute of the object	11:15
dstanek	brb	11:15
samueldmq	dstanek: sure	11:15
*** yottatsa has quit IRC		11:17
*** e0ne has quit IRC		11:25
*** piyanai has joined #openstack-keystone		11:25
dstanek	samueldmq: so the middleware isn't doing any policy enforcement? it's just there to download the file?	11:31
*** belmoreira has joined #openstack-keystone		11:32
*** e0ne has joined #openstack-keystone		11:35
samueldmq	dstanek: yes	11:36
samueldmq	dstanek: when (a day) we split the policy in rbac (only roles check) + other checks (scope, etc), we can perform the enforcement of the former in the middleware	11:37
dstanek	samueldmq: what if we passed a filename in the wsgi headers?	11:37
samueldmq	dstanek: what would that change ?	11:38
dstanek	ksm seems like a really odd place to put the policy fetching logic	11:38
samueldmq	dstanek: the filename should be in the confif, so both enforcers will know where to look for	11:38
dstanek	samueldmq: they can't use the environment var?	11:39
samueldmq	dstanek: oslo.policy doesn't even know about ksc, and it doesn't need to, it's just a llibrary	11:39
samueldmq	dstanek: so I guesss it should be ksmiddleware ..	11:39
samueldmq	dstanek: to pass the centralized_policy_path?	11:39
dstanek	samueldmq: alright i'll see if there is a way i can use centralized_policy_path; 1 of those per service right?	11:40
samueldmq	dstanek: yes one per running service endpoint, so oslo.policy can cache it and retrieve it later	11:41
samueldmq	dstanek: although I am not sure why that'd be better than having something in the config to say such path	11:43
dstanek	i'm confused now. isn't centralized_policy_path the setting in the config file?	11:43
samueldmq	dstanek: yes haha, but I thoguht you were saying to get it from the server	11:44
samueldmq	dstanek: so today I have a config in the [oslo_policy] section saying : centralized_policy_file	11:44
dstanek	samueldmq: no, i'll try to make that work. but it that doesn't there is no reason we can't pass a file path through the headers	11:44
dstanek	samueldmq: i would just have to see what oslo.config gets as input	11:45
samueldmq	dstanek: when, from middleware I call: enforcer.update_dynamic_policy(policy_dict), and then it write to that file	11:45
samueldmq	dstanek: nova calls its enforcer instance with: enforcer.enforcer(...), that will consider the policy in _centralized_policy_path_ (previously written)	11:46
dstanek	samueldmq: is policy using the same config instance as middleware?	11:46
dstanek	hmmm...it should be cause it's the same process	11:46
dstanek	we could also rewrite that at runtime	11:46
dstanek	samueldmq: let me experiment a little and get back to you	11:47
samueldmq	dstanek: yes, both middleware + service read from, let's say etc/glance/glance-api.conf	11:47
dstanek	samueldmq: but is it the same instance of the config	11:47
samueldmq	dstanek: I don't think so	11:47
samueldmq	dstanek: since the things middleware pass to the service are some info through envvars	11:48
samueldmq	dstanek: like info from the token	11:48
marekd	dstanek: the msg?	11:48
samueldmq	dstanek: sure, I appreciate you doing some tests around and giving me some directions :)	11:49
*** jsheeren has quit IRC		11:49
*** piyanai has quit IRC		11:52
*** josecastroleon has joined #openstack-keystone		11:55
dstanek	marekd: ha, yes	11:56
*** pnavarro is now known as pnavarro\|lunch		11:59
*** e0ne has quit IRC		11:59
*** aix has joined #openstack-keystone		12:07
*** woodster_ has joined #openstack-keystone		12:13
*** kiran-r has quit IRC		12:18
marekd	dstanek: don't you think it's a little bit vague?	12:18
dstanek	marekd: what's vague?	12:19
marekd	the msg	12:19
marekd	"couldn't not map user"	12:19
marekd	it doesn't direct me to the wrong maping rules, nobody really complained when i added my mapping rules...where is the problem?	12:19
marekd	and the only way to do this is actually grepping the code.	12:19
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Introduce endpoint_id config https://review.openstack.org/205049	12:19
dstanek	marekd: i think your new message is much better	12:20
*** fhubik is now known as fhubik_afk		12:20
*** gordc has joined #openstack-keystone		12:21
*** e0ne has joined #openstack-keystone		12:25
*** jiaxi has joined #openstack-keystone		12:26
*** edmondsw has joined #openstack-keystone		12:27
*** ajayaa has quit IRC		12:30
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Introduce endpoint_id config https://review.openstack.org/205049	12:31
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Introduce endpoint_id config https://review.openstack.org/205049	12:31
dstanek	jiaxi: no reason to publish all of your old comments	12:43
jiaxi	dstanek: Sorry, so let it be there. I didn't know how to publish comments before.	12:44
dstanek	jiaxi: that's ok. since they don't have any value anymore either just leave them as draft or delete them. i leave mine as draft	12:47
dstanek	we have lots of stuff targeted to liberty-2, but not a ton implemented	12:47
jiaxi	dstanek: liberty is a version after kilo ??	12:48
dstanek	jiaxi: yes	12:48
jiaxi	dstanek: Great	12:49
dstanek	jiaxi: that's what we are working on now	12:49
*** ChanServ changes topic to "Liberty-2 this week! Land Code! \| MidCycle Etherpad: https://etherpad.openstack.org/p/keystone-liberty-midcycle-meetup"		12:50
-openstackstatus- NOTICE: zuul's disks were at capacity. Space has been freed up and jobs are being re-queued.		12:50
jiaxi	dstanek: No wonder have so few cores come to review	12:50
dstanek	jiaxi: lots of reviews are happening :-)	12:50
dstanek	jiaxi: they are just focused on the release critical stuff, which is my i said to be patient with your reviews	12:51
jiaxi	dstanek: okay...	12:51
*** yottatsa has joined #openstack-keystone		12:51
jiaxi	dstanek: You are so kind.	12:51
samueldmq	dstanek: how big is our core-team ? when adding to reviews in gerrit I saw 13, but not all of them are really active	12:53
samueldmq	dstanek: I guess that's because people get requirements/other priorities in the moment, things from their employers	12:53
dstanek	samueldmq: yes, lots to do	12:56
*** jaosorior has joined #openstack-keystone		12:56
*** dims has quit IRC		12:57
*** dims has joined #openstack-keystone		12:57
samueldmq	dstanek: yeah, and each time there are more new contributors coming and proposing tons of changes (features, bug fixes)	12:58
samueldmq	dstanek: lots to do, great responsability :)	12:58
dstanek	samueldmq: i think there are 12 of us. at least that's how many i just counted in my mind :-)	12:58
*** gordc is now known as gordc_idle		13:00
*** bknudson has quit IRC		13:01
dstanek	morganfainberg: the release stuff is happening this morning	13:01
morganfainberg	dstanek: great	13:02
morganfainberg	Im about to get on a plane. Thanks for handling this.	13:02
dstanek	morganfainberg: i just looked though everything and didn't see any blockers; are there any that you know of?	13:02
*** topol has joined #openstack-keystone		13:02
*** ChanServ sets mode: +v topol		13:02
dstanek	morganfainberg: np	13:03
*** hrou has joined #openstack-keystone		13:05
*** jsavak has joined #openstack-keystone		13:08
dstanek	samueldmq: confirmed https://review.openstack.org/#/admin/groups/9,members	13:08
*** sigmavirus24_awa is now known as sigmavirus24		13:08
sigmavirus24	dstanek: don't blame me for your poor life decisions =P	13:10
*** TheIntern has joined #openstack-keystone		13:11
*** bknudson has joined #openstack-keystone		13:16
*** ChanServ sets mode: +v bknudson		13:16
samueldmq	dstanek: there is one very very inactive	13:21
samueldmq	dstanek: OpenStack Hudson	13:21
dstanek	sigmavirus24: i have to blame somenbody	13:21
samueldmq	dstanek: hehe	13:21
dstanek	i thought hudson was fired when we hired jenkins...	13:22
*** piyanai has joined #openstack-keystone		13:22
sigmavirus24	dstanek: no Hudson is Jenkins' butler	13:23
sigmavirus24	or something	13:23
dstanek	sigmavirus24: openstack is so rich even it's butler has a butler	13:23
morganfainberg	dstanek: nope dont knownof any blockers	13:26
-openstackstatus- NOTICE: zuul jobs after about 07:00 UTC may need a 'recheck' to enter the queue. Look if your change is in http://status.openstack.org/zuul/ and recheck if not.		13:26
sigmavirus24	dstanek: well obviously	13:26
openstackgerrit	Merged openstack/keystoneauth-saml2: Updated from global requirements https://review.openstack.org/206820	13:29
*** jecarey has joined #openstack-keystone		13:32
*** stevemar has joined #openstack-keystone		13:34
*** ChanServ sets mode: +v stevemar		13:34
*** ayoung has joined #openstack-keystone		13:36
*** ChanServ sets mode: +v ayoung		13:36
*** raildo has joined #openstack-keystone		13:38
*** yottatsa has quit IRC		13:41
openstackgerrit	Marek Denis proposed openstack/keystone: Better error message when unable to map user https://review.openstack.org/206987	13:43
*** yottatsa has joined #openstack-keystone		13:43
marekd	dstanek: ^^	13:44
*** markvoelker has joined #openstack-keystone		13:44
marekd	dolphm: Hi.	13:46
marekd	dolphm: I wanted to carry on with https://review.openstack.org/#/c/202176/	13:47
dstanek	yottatsa: i saw you mention something about byte types and fernet this morning. what were you trying to do?	13:49
yottatsa	dstanek, hi! take a look on https://review.openstack.org/206921	13:50
*** richm has joined #openstack-keystone		13:53
dstanek	yottatsa: nice, i'll take a detailed look in a bit. i've been working on a patch that cleans up the unicode junk, but i'm trying to verify it	13:53
*** LukeHinds has joined #openstack-keystone		13:54
yottatsa	dstanek, can you look on rev1? I've done it because I want to check the input for None, but then I modified it a bit	13:55
*** pnavarro\|lunch is now known as pnavarro		13:56
*** evrardjp has quit IRC		13:59
*** fhubik_afk is now known as fhubik		13:59
*** mylu has joined #openstack-keystone		14:01
openstackgerrit	Marek Denis proposed openstack/keystone: Refactor: rename Fernet's unscoped federated payload https://review.openstack.org/202190	14:02
*** markvoelker has quit IRC		14:04
*** mhu has quit IRC		14:04
*** EmilienM has quit IRC		14:05
*** evrardjp has joined #openstack-keystone		14:06
*** EmilienM has joined #openstack-keystone		14:09
jiaxi	stevemar: hi	14:09
* breton is reviewing is_domain patches		14:10
*** mylu has quit IRC		14:11
*** mylu has joined #openstack-keystone		14:12
*** ParsectiX has quit IRC		14:12
*** browne has joined #openstack-keystone		14:12
*** jdennis has quit IRC		14:12
breton	stevemar: come on, what's so bad in test@localhost;test account for viewing some sketches in horizon? :)	14:12
*** jdennis has joined #openstack-keystone		14:13
stevemar	breton: i lol'ed at that, cause the ukent folks are all about security!	14:15
*** yottatsa has quit IRC		14:16
marekd	breton: instead of asking for credentials you should have sent them public key asking for adding it	14:17
marekd	:P	14:17
*** yottatsa has joined #openstack-keystone		14:19
*** markvoelker_ has joined #openstack-keystone		14:21
*** mhu has joined #openstack-keystone		14:22
*** r-daneel has joined #openstack-keystone		14:26
*** pnavarro is now known as pnavarro\|afk		14:28
*** markvoelker_ has quit IRC		14:38
*** Ephur has joined #openstack-keystone		14:38
*** markvoelker has joined #openstack-keystone		14:39
*** ajayaa has joined #openstack-keystone		14:39
*** yottatsa has quit IRC		14:42
*** markvoelker has quit IRC		14:47
*** markvoelker has joined #openstack-keystone		14:47
*** yottatsa has joined #openstack-keystone		14:48
jiaxi	What does AFK mean ?	14:52
yottatsa	jiaxi away from keyboard	14:52
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Fetch token's project hierarchy https://review.openstack.org/207077	14:53
jiaxi	yottatsa: Thanks , Which country do you come from	14:53
yottatsa	jiaxi, from Russia (	14:54
samueldmq	ayoung: morganfainberg dstanek ^ a first patch that adds project hierarchy information to the request headers :)	14:54
samueldmq	ericksonsantos is working on the hierarchical quota implementation on cinder and he'll be considering this approach as an option, and put that on the table for discussion	14:54
jiaxi	yottatsa: Great, Near our country, China	14:56
*** belmoreira has quit IRC		14:59
*** jsavak has quit IRC		15:00
dstanek	dhellmann: when do you arrive in Ohio?	15:00
*** jistr has quit IRC		15:00
*** jsavak has joined #openstack-keystone		15:01
*** e0ne has quit IRC		15:02
*** mestery has joined #openstack-keystone		15:02
*** jistr has joined #openstack-keystone		15:02
*** e0ne has joined #openstack-keystone		15:04
*** piyanai has quit IRC		15:04
*** jsavak has quit IRC		15:05
*** jiaxi has quit IRC		15:10
*** josecastroleon has quit IRC		15:15
*** mylu has quit IRC		15:15
*** piyanai has joined #openstack-keystone		15:16
*** gordc_idle has quit IRC		15:16
*** mylu has joined #openstack-keystone		15:17
*** jsavak has joined #openstack-keystone		15:27
*** yottatsa has quit IRC		15:27
breton	can we have this kind of structure in with is_domain patches: A(is_domain=True) - B(is_domain=False) - C(is_domain=True)?	15:27
*** btully has quit IRC		15:34
*** btully has joined #openstack-keystone		15:34
*** gordc has joined #openstack-keystone		15:39
*** gabriel-bezerra has quit IRC		15:39
*** yottatsa has joined #openstack-keystone		15:42
*** fhubik is now known as fhubik_afk		15:42
*** fhubik_afk is now known as fhubik		15:45
*** yottatsa has quit IRC		15:46
*** diazjf has joined #openstack-keystone		15:47
*** yottatsa has joined #openstack-keystone		15:49
*** piyanai has quit IRC		15:49
*** jsavak has quit IRC		15:59
*** gabriel-bezerra has joined #openstack-keystone		16:01
elmiko	hi folks, if i create a v3 Client object from a Session and a Password, is it possible to get the service catalog?	16:02
*** jsavak has joined #openstack-keystone		16:02
elmiko	like, i want to get the service catalog like i used to by calling Client.service_catalog	16:02
*** jasonsb has quit IRC		16:06
*** piyanai has joined #openstack-keystone		16:06
*** jasonsb has joined #openstack-keystone		16:06
*** piyanai has quit IRC		16:07
*** jistr has quit IRC		16:08
*** amakarov_away is now known as amakarov		16:08
*** jasonsb has quit IRC		16:10
*** ctracey has quit IRC		16:13
*** briancurtin has quit IRC		16:13
*** zhiyan has quit IRC		16:13
*** nzeer has quit IRC		16:13
*** LukeHinds has quit IRC		16:13
*** jraim has quit IRC		16:13
*** serverascode has quit IRC		16:13
*** david-lyle has quit IRC		16:18
*** pnavarro\|afk is now known as pnavarro		16:19
*** lsmola has quit IRC		16:20
*** yottatsa has quit IRC		16:21
*** fhubik is now known as fhubik_afk		16:22
*** belmoreira has joined #openstack-keystone		16:23
*** nzeer has joined #openstack-keystone		16:23
*** yottatsa has joined #openstack-keystone		16:23
miguelgrinberg	marekd: around for a couple of federation questions?	16:23
marekd	miguelgrinberg: sure, sir	16:25
*** jraim has joined #openstack-keystone		16:26
miguelgrinberg	marekd: thanks. First question is about querying the list of SPs in the IdP. The endpoint that does that appears to be admin-only. So in my wrapper script that does all the K2K motions I can't get the SP URLs given the SP name.	16:26
dolphm	marekd: reviewed https://review.openstack.org/#/c/202176/	16:27
*** afazekas has quit IRC		16:27
*** browne has quit IRC		16:27
marekd	dolphm: looooking	16:27
dolphm	marekd: answer miguelgrinberg's question first :)	16:27
miguelgrinberg	elmiko: are you using v3? I think you can use /v3/services	16:30
marekd	miguelgrinberg: so, yes - querying SPs via OS-FEDERATION/service_providers is admin only API call.	16:30
marekd	miguelgrinberg: the user should actually look into service catalog	16:30
elmiko	miguelgrinberg: yea, i see the services manager in the client but i need something that behaves like a client.service_catalog.get_data call, and i'm not sure there is an equivalent when using session/auth authentication	16:31
*** TheIntern has quit IRC		16:31
marekd	actually token itself - see here: http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3.html#authentication-responses (ctrl-f service_providers)	16:31
miguelgrinberg	marekd: I don't understand. The user gets the catalog at the very end. My problem is that the user needs to know the URL for the SP, knowing the name isn't sufficient	16:31
marekd	miguelgrinberg: are we talking k2k now?	16:32
miguelgrinberg	marekd: yes, this is for K2K. Sorry, I thought I mentioned that. That's all I've been doing for several weeks, it's kind of a default for me now :)	16:33
marekd	miguelgrinberg: it is not for me - for me SP should ideally be able to work with any saml2 idp, and keystone-idp would be one of them :(	16:33
marekd	miguelgrinberg: anyways, let's get back.	16:33
miguelgrinberg	marekd: so I'd like the user to login to a SP using the SP name, I don't want to have the user provider the URL	16:34
*** fhubik_afk is now known as fhubik		16:34
marekd	miguelgrinberg: so i assume you will know the service provider ID a priori. What you later have to do is to specify its id and existing auth plugin will do the rest.	16:34
marekd	miguelgrinberg: you can do this: see https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/auth/identity/v3/k2k.py#L45	16:35
miguelgrinberg	marekd: right now I'm not using an auth plugin, I'm using curl to post the assertion to the SP. Do you have an example with the auth plugin I can look at?	16:35
marekd	miguelgrinberg: i just posted it :-)	16:36
miguelgrinberg	always a step ahed, good :)	16:36
marekd	i want osc to start using it but i need ksa release for that - complicated and transactional process :-)	16:36
marekd	miguelgrinberg: it's easy to write wrapper around it	16:36
marekd	it's really few lines of code.	16:36
miguelgrinberg	so how does this guy access the SP data? I can't from curl	16:37
*** ctracey has joined #openstack-keystone		16:37
*** ajayaa has quit IRC		16:37
marekd	it logins to you local cloud, get's the token and it's there.	16:38
marekd	token has service_providers list	16:38
miguelgrinberg	marekd: ah, okay. That's what I was missing. Perfect, that solves my (first) problem.	16:39
*** lhcheng has joined #openstack-keystone		16:39
*** ChanServ sets mode: +v lhcheng		16:39
openstackgerrit	Alexander Makarov proposed openstack/keystone: Materialized path mixin https://review.openstack.org/198418	16:39
marekd	miguelgrinberg: great!	16:39
marekd	what else?	16:39
miguelgrinberg	marekd: The other thing I wanted to run by you is regarding using a federated token with the keystone API (also K2K). I get 403s for all endpoints, even if I assign the admin user in the local portion of the mapping. Is this expected?	16:40
*** david-lyle has joined #openstack-keystone		16:42
marekd	miguelgrinberg: no.	16:42
marekd	miguelgrinberg: is the token scoped to a project/domain ?	16:42
marekd	miguelgrinberg: did you succeed getting a token ?	16:43
miguelgrinberg	marekd: yes, I have a scoped token	16:43
marekd	without any errors?	16:43
miguelgrinberg	I can use that token with nova, glance, etc.	16:43
marekd	miguelgrinberg: is it fernet token ?	16:43
miguelgrinberg	uuid	16:43
*** serverascode has joined #openstack-keystone		16:43
marekd	ok, i am sure there is something in logs....	16:43
marekd	because if you managed to scope the token looks like your setup is ok.	16:43
miguelgrinberg	okay, I will research this a bit more now that I know it isn't the expected outcome and bug you again with more info	16:44
marekd	miguelgrinberg: once you have scoped token it should be usable like normal classic token.	16:45
marekd	miguelgrinberg: so you should be able to do anything with respect to the roles you have on a project/domain	16:45
openstackgerrit	Alexander Makarov proposed openstack/keystone: Materialized path mixin https://review.openstack.org/198418	16:46
*** zhiyan has joined #openstack-keystone		16:46
miguelgrinberg	marekd: didn't spend enough time on this, just found it yesterday while I was setting up a three cloud federation setup	16:47
marekd	dolphm: thanks for the review - i will address your comments. However I am more curious about the design of the solution - i don't think we should squeeze groups in fernet token (json from http response) and not do this for other formats. Can we change it for every token then?	16:47
dolphm	marekd: that was my question -- why does anything need to be added to the JSON response?!	16:48
dolphm	marekd: it only needs to be in the fernet payload	16:48
dolphm	(groups)	16:48
marekd	dolphm: sure, but fernet payload is build basing on JSON response.	16:48
marekd	so either we smuggle groups and make it added to payload, or we add it in JSON repsonse for fernet only (hence _handle_maped_token() overrode for fernet) or we just change it for all tokens (no _handle_mapped_token() overriding)	16:49
dolphm	marekd: the JSON response is based on the token -- not the other way around	16:50
*** samleon has quit IRC		16:50
dolphm	marekd: just because groups are encoded into the fernet payload, doesn't mean you need to expose them in the JSON response	16:50
*** samleon has joined #openstack-keystone		16:51
*** ankita_wagh has joined #openstack-keystone		16:53
*** _cjones_ has joined #openstack-keystone		16:53
dolphm	marekd: i understand that groups need to be included in federated unscoped and scoped fernet payloads so that roles can be computed at any time... but why change the HTTP API as a result? if i'm overlooking something, please tell me!	16:53
*** _cjones_ has quit IRC		16:53
*** _cjones_ has joined #openstack-keystone		16:53
marekd	dolphm: when you do issue_v3_token() you call _get_token_id(token_data)	16:53
marekd	dolphm: https://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L496 , https://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L535 , https://github.com/openstack/keystone/blob/master/keystone/token/providers/fernet/core.py#L209	16:56
marekd	dolphm: and _build_federated_info() will not find any groups in JSON response	16:56
*** briancurtin has joined #openstack-keystone		16:57
*** yottatsa has quit IRC		16:59
*** LukeHinds has joined #openstack-keystone		17:00
samueldmq	breton: no, is_domain projects need to have a parent which is is_domain as well, right htruta ?	17:01
marekd	dolphm: ?	17:02
htruta	breton: samueldmq is right. an is_domain=true project must have an is_domain=true parent	17:02
marekd	dolphm: hope i didn't cause you a heart attack	17:02
htruta	breton: or no parent at all, if it is the root	17:02
breton	htruta: thank you! is that tested somewhere?	17:03
*** e0ne has quit IRC		17:03
htruta	breton: yes. here: https://review.openstack.org/#/c/157427/79/keystone/tests/unit/test_backend.py L2275	17:05
*** _hrou_ has joined #openstack-keystone		17:05
*** hrou has quit IRC		17:06
*** jdennis has quit IRC		17:06
*** piyanai has joined #openstack-keystone		17:07
*** jsavak has quit IRC		17:11
dolphm	marekd: apologies, i'm being pulled in a couple different directions, give me a few minutes	17:12
*** jsavak has joined #openstack-keystone		17:12
*** jasonsb has joined #openstack-keystone		17:15
marekd	dolphm: sure	17:15
*** krykowski has quit IRC		17:15
dstanek	breton: did you ever get your answer?	17:16
breton	dstanek: about?	17:16
dstanek	breton: is_domain Projects	17:17
breton	dstanek: yes, see samueldmq's and htruta's answers above	17:17
dstanek	breton: i don't have a scrollback :-) ok, was just making sure	17:18
htruta	breton: next time you can directly ping me :)	17:18
*** mylu has quit IRC		17:18
htruta	I promise I'll answer faster	17:18
breton	htruta: no worries	17:19
*** mylu has joined #openstack-keystone		17:19
*** browne has joined #openstack-keystone		17:19
dstanek	htruta: kinds like breton's own personal Google?	17:21
htruta	dstanek: not sure if I know his personal google heh	17:22
dstanek	L2 is in the can!	17:22
htruta	dstanek: nevermind. just got it :P	17:22
*** jdennis has joined #openstack-keystone		17:22
dstanek	htruta: :-)	17:22
*** mylu has quit IRC		17:24
*** fhubik has quit IRC		17:25
*** mylu has joined #openstack-keystone		17:25
*** piyanai has quit IRC		17:26
*** aix has quit IRC		17:30
*** pnavarro has quit IRC		17:32
*** piyanai has joined #openstack-keystone		17:35
*** krykowski has joined #openstack-keystone		17:38
lhcheng	stevemar, breton, marekd: I've sent an invite for the invision account access. Let me know when you've already accepted, I still need to add you to the OpenStack team after that.	17:39
lhcheng	ayoung, morganfainberg, bknudson, dstanek, nkinder, rodrigods: let me know if you need access to https://openstack.invisionapp.com too	17:41
*** piyanai has quit IRC		17:41
dstanek	lhcheng: what is it?	17:41
rodrigods	lhcheng, yes... I need access: rodrigodsousa@gmail.com	17:41
ayoung	lhcheng, if we are going to use it, then everyone does	17:41
*** mylu has quit IRC		17:42
lhcheng	it is the mockup tool used by the UX team, folks from university of kent uploaded their mockup for the attribute mapping in invision	17:42
dstanek	lhcheng: yeah, then what ayoung said	17:42
lhcheng	okay, I'll send an invite for all cores.	17:42
dstanek	lhcheng: the tricky thing now is that this feels like an exclusive club leaving out the rest of the community	17:43
*** r-daneel has quit IRC		17:44
lhcheng	dstanek: I think they might be looking at other options now, something that could be more open	17:44
lhcheng	dstanek: anita mentioned something about "phabricator" ?	17:45
dstanek	"open" - i think i just let my stallman out	17:46
*** diazjf has quit IRC		17:47
amakarov	samueldmq, hi! I've finally have a working materialized path mixin :)	17:47
lhcheng	dstanek: yeah, I agree. Everyone can join, but they have to ping folks in the openstack-ux room to request an account.	17:47
amakarov	samueldmq, https://review.openstack.org/#/c/198418/	17:47
amakarov	samueldmq, I think you and rodrigods may be interested to look at it!	17:48
marekd	lhcheng: thanks, just loged in. I still don't know what is this invision and why i need it :-)	17:48
marekd	but it's nice to have all those hype acounts :-)	17:48
samueldmq	amakarov: nice, I'll take a look later at it, thanks	17:49
dstanek	marekd: you are one of the cool kids now	17:49
lhcheng	marekd: I think it was to look at: https://openstack.invisionapp.com/d/main#/projects/3983114	17:49
rodrigods	amakarov, great! will take a look soon	17:50
marekd	dstanek: yeah - the problem is when i make a photo - i must upload it to 5 services now and take on who is commenting where and when...	17:50
dstanek	marekd: someone needs to write a new aggregator service	17:51
marekd	i was thinking about it when Google+ was opened.	17:53
marekd	so i don't have to repeat myself	17:53
marekd	:P	17:53
lhcheng	dstanek: here's the new project for the month: https://github.com/openstack/governance/commit/cbc0ec1f7f23ade1a982725fe27192743ea5e6ef	17:53
lhcheng	dstanek: they mentioned they are looking for open source alternatives..	17:54
*** mylu has joined #openstack-keystone		17:56
*** e0ne has joined #openstack-keystone		17:56
lhcheng	dolphm, morganfainberg, ayoung, bknudson, dstanek, jamielennox, topol: Invision account invite sent. Pm when you've accepted the account invite, I still need to add you to a group so you can view all the projects.	17:58
*** mylu has quit IRC		17:59
*** mylu has joined #openstack-keystone		17:59
breton	oh gawd, yes, lets find some libre alternative to it: http://imgur.com/MgmJd4j	18:02
*** jsavak has quit IRC		18:02
lhcheng	breton: lol	18:02
*** browne has quit IRC		18:02
ayoung	lhcheng, consider yourself PMed	18:03
lhcheng	breton: yeah, and this process of inviting won't scale	18:03
*** browne has joined #openstack-keystone		18:04
lhcheng	breton: I was just given access to invite people since I've been pinging Piet for accounts this morning. So don't kill me :P	18:04
lhcheng	ayoung: done, you should be able to access: https://openstack.invisionapp.com/d/main#/projects/3983114	18:05
*** e0ne has quit IRC		18:06
*** e0ne has joined #openstack-keystone		18:09
ayoung	lhcheng, pretty sure it just crashed on me leaving a comment...trying again	18:11
amakarov	ayoung, hi! I've addressed your comments in unified delegations: https://review.openstack.org/#/c/189816/, tell me please: am I just to describe final structure or use cases as well?	18:12
lhcheng	ayoung: the ux for leaving comments is bad, you have to scroll all the way down the list of notified users to find the "Post Comment" button :(	18:13
dolphm	marekd: okay, so you're just pointing me to the current implementation. that says nothing of what the implementation should look like ;)	18:14
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Introduce endpoint_id config https://review.openstack.org/205049	18:14
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Introduce enable_centralized_policy config https://review.openstack.org/207154	18:14
dolphm	marekd: but before we go too far down the implementation rabbit hole, is there any reason to include groups in federated scoped token JSON bodies?	18:15
dstanek	s/view/break/	18:15
*** mylu has quit IRC		18:15
dolphm	marekd: other than the fact that it's convenient in the current implementation	18:15
ayoung	lhcheng, that too, but pretty sure the whole app just disappeared on me, and I had to reopen	18:16
*** TheIntern has joined #openstack-keystone		18:17
*** topol has quit IRC		18:19
*** jsavak has joined #openstack-keystone		18:19
dstanek	lhcheng: accepted	18:20
*** mylu has joined #openstack-keystone		18:20
marekd	dolphm: i ma pointing you to the current implementation as the aim of this excercise was to add another token format, not refactor and fix how the tokens are crated :-) Whether we should keep groups in the token or not - in uuid and PKI we didn't need it to, however my opinoin on that is: yes, we should keep it as in case of federated tokens, the tokens is the 'identity' of that ephemeral user and	18:22
marekd	nowhere else we can find any information about him.	18:22
dolphm	marekd: that's a pretty good argument	18:23
mylu	hi guys I have a federation question...is there a way to have one SP talk to multiple IdPs and one IdP talk to multiple SPs?	18:23
*** dims_ has joined #openstack-keystone		18:24
marekd	dolphm: i can propose this topic for the next meting so everybody can give an opinoin.	18:25
dolphm	marekd: stevemar: ^	18:25
marekd	mylu: yes :-)	18:25
dolphm	marekd: let's get an API change review up	18:25
marekd	dolphm: "Add groups in scoped federated tokens" kind of review?	18:25
dolphm	marekd: yes, i think it's an invert of a patch i did recently	18:26
mylu	marekd: ohh cool! is there any documentations that explains how to do it?	18:26
marekd	AFAIR you fixed docs :-)	18:26
marekd	mylu: i'd rather look for Shibboleth docs/mailing lists.	18:26
marekd	mylu: unfortunately i don't have ready configs/snippets so I won't be able to help you immediately :(	18:27
samueldmq	ayoung: in the case one set enable_centralized_policy=True but don't set endpoint_id so we error when initializing middleware, right ?	18:27
dolphm	marekd: git diff c27e367a3c399f1fcafa47673895c1abc2d84f07 4920bc26d5d8df8ec7dd532c4b01be2021e6bf00 in keystone-specs	18:27
ayoung	samueldmq, yes.	18:27
mylu	marekd: ohh yeah right because federation is handled by shibboleth.	18:27
*** dims has quit IRC		18:28
ayoung	samueldmq, I think so, until we have a better "autodiscover" approach, that is the best and right thing to do	18:28
samueldmq	ayoung: and in the case one set enable_centralized_policy=True + endpoint_id=<somehting valid> but is using V2RequestStrategy	18:28
marekd	mylu: actually...	18:28
ayoung	samueldmq, fail as well	18:28
marekd	take a look here: https://zenodo.org/record/11982/files/CERN_openlab_Luca_Tartarini.pdf (page 20)	18:28
mylu	marekd: wait..was I wrong?	18:28
ayoung	and clearly report the error, please	18:28
samueldmq	ayoung: ++, yes, I am also adding tests, and spliting the changes in a chain	18:28
*** josecastroleon has joined #openstack-keystone		18:28
ayoung	got to go	18:29
*** ayoung has quit IRC		18:29
*** jtomasek has joined #openstack-keystone		18:29
*** amickus has joined #openstack-keystone		18:30
openstackgerrit	Dolph Mathews proposed openstack/keystone-specs: Include groups in federated scoped tokens https://review.openstack.org/207159	18:30
openstackgerrit	Merged openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/206082	18:31
marekd	dolphm: does it qualify as API change ?	18:31
*** openstackgerrit has quit IRC		18:31
marekd	dolphm: or worse..as token format contract change?	18:32
jtomasek	Hi, I am trying to access OpenStack APIs from javascript client app. Is there a documentation to Enable CORS (Cross Origin Resource Sharing) on Keystone (and other OpenStack APIs)? Is this guide still relevant? https://ianunruh.com/2014/11/openstack-cors.html	18:32
*** openstackgerrit has joined #openstack-keystone		18:32
jtomasek	/etc/keystone/keystone-paste.ini seems not to exist any more	18:32
*** jsavak has quit IRC		18:33
*** jsavak has joined #openstack-keystone		18:34
dolphm	marekd: https://review.openstack.org/#/c/207159/	18:35
dolphm	marekd: we can add a paragraph or something, but is there anything beyond that?	18:36
htruta	hey guys... hope you don't mind that I make a little bit of merchan here: https://www.openstack.org/summit/tokyo-2015/vote-for-speakers/presentation/6338 :) that might interest you, dstanek and breton	18:38
openstackgerrit	Alexey Miroshkin proposed openstack/keystone: Fix test_admin to expect admin endpoint https://review.openstack.org/206496	18:39
*** diazjf has joined #openstack-keystone		18:44
openstackgerrit	Marek Denis proposed openstack/keystone: Add groups in scoped federated tokens https://review.openstack.org/207167	18:44
marekd	dolphm: not realy	18:44
marekd	dolphm: ^^ the code change would be ^^	18:44
openstackgerrit	Marek Denis proposed openstack/keystone-specs: Include groups in federated scoped tokens https://review.openstack.org/207159	18:49
*** TheIntern has quit IRC		18:49
marekd	ok, i am out of here.	18:54
marekd	see ya tomorrow.	18:54
*** josecastroleon has quit IRC		18:58
dstanek	htruta: nice	18:59
openstackgerrit	Dolph Mathews proposed openstack/keystone-specs: Include groups in federated scoped tokens https://review.openstack.org/207159	19:00
*** piyanai has joined #openstack-keystone		19:07
dstanek	anyone around for a python 2 vs. python 3 (bytes, str & unicode) conceptual question?	19:11
*** geoffarnold has joined #openstack-keystone		19:12
*** jamiec has joined #openstack-keystone		19:13
*** jsavak has quit IRC		19:14
*** jsavak has joined #openstack-keystone		19:15
*** jamiec has quit IRC		19:19
htruta	hey, guys... should I do anything oslo.config related to deprecate a specific property that will be removed in the future?	19:21
htruta	I'm already showing a warn	19:22
*** ankita_wagh has quit IRC		19:23
*** ankita_wagh has joined #openstack-keystone		19:23
*** dims_ has quit IRC		19:27
*** dims has joined #openstack-keystone		19:27
dstanek	htruta: is deprecated_for_removal already set?	19:28
*** ankita_wagh has quit IRC		19:28
samueldmq	ayoung: ++, yes, I am also adding tests, and spliting the changes in a chain	19:30
samueldmq	aarrgh	19:30
*** jsavak has quit IRC		19:30
*** jsavak has joined #openstack-keystone		19:33
openstackgerrit	Dolph Mathews proposed openstack/keystone: Reduce number of Fernet log messages https://review.openstack.org/207190	19:34
*** doug-fish has joined #openstack-keystone		19:38
*** amakarov is now known as amakarov_away		19:43
*** belmoreira has quit IRC		19:47
*** HenryG has quit IRC		19:49
*** krykowski has quit IRC		19:50
*** topol has joined #openstack-keystone		19:51
*** ChanServ sets mode: +v topol		19:51
*** e0ne has quit IRC		19:51
*** HenryG has joined #openstack-keystone		19:52
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427	19:53
doug-fish	hey keystone friends - anyone familiar with this oauth related unit test failure? http://logs.openstack.org/38/192438/11/check/gate-python-keystoneclient-python26/7b473a4/console.html#_2015-07-28_15_36_21_751	19:53
*** e0ne has joined #openstack-keystone		19:55
*** tqtran has joined #openstack-keystone		19:55
*** mylu has quit IRC		19:56
bknudson	doug-fish: https://bugs.launchpad.net/python-keystoneclient/+bug/1477177 or https://bugs.launchpad.net/python-keystoneclient/+bug/1477247 ?	20:00
openstack	Launchpad bug 1477177 in python-keystoneclient "Tests fail with oauthlib-1.0.0" [Undecided,Fix committed] - Assigned to Boris Bobrov (bbobrov)	20:00
openstack	Launchpad bug 1477247 in python-keystoneclient "wrong values are verified in oauth tests" [Undecided,Fix committed] - Assigned to Boris Bobrov (bbobrov)	20:00
htruta	dstanek: didn't know of this one. just set it. thanks	20:01
*** edmondsw has quit IRC		20:01
doug-fish	bknudson: thanks! those look related	20:02
*** mylu has joined #openstack-keystone		20:03
*** e0ne has quit IRC		20:03
openstackgerrit	Brant Knudson proposed openstack/keystone: admin and public httpd files https://review.openstack.org/194442	20:05
*** e0ne has joined #openstack-keystone		20:11
*** openstackgerrit has quit IRC		20:16
*** tqtran has quit IRC		20:17
*** openstackgerrit has joined #openstack-keystone		20:17
*** TheIntern has joined #openstack-keystone		20:19
lhcheng	dstanek: updated your access in invision, you should be access the project mockups now	20:22
dstanek	lhcheng: great, thanks!	20:23
*** roxanaghe has joined #openstack-keystone		20:25
*** mylu has quit IRC		20:28
*** mylu has joined #openstack-keystone		20:28
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Introduce enable_centralized_policy config https://review.openstack.org/207154	20:36
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Centralized Policy Fetch and Cache https://review.openstack.org/188561	20:36
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Introduce endpoint_id config https://review.openstack.org/205049	20:36
*** stevemar has quit IRC		20:37
*** ankita_wagh has joined #openstack-keystone		20:37
*** TheIntern has quit IRC		20:49
*** edmondsw has joined #openstack-keystone		20:50
*** piyanai has quit IRC		21:00
*** roxanaghe has quit IRC		21:01
openstackgerrit	Henrique Truta proposed openstack/keystone: Restricting domain_id changing https://review.openstack.org/207218	21:01
openstackgerrit	Dolph Mathews proposed openstack/keystone: Test to ensure fernet key rotation results in new key sets https://review.openstack.org/192817	21:04
*** piyanai has joined #openstack-keystone		21:07
*** diazjf has left #openstack-keystone		21:07
*** mylu has quit IRC		21:09
*** mylu has joined #openstack-keystone		21:10
openstackgerrit	Dolph Mathews proposed openstack/keystone: Test to ensure fernet key rotation results in new key sets https://review.openstack.org/192817	21:10
*** pnavarro has joined #openstack-keystone		21:11
iurygregory	hey marekd, if you have time you can review the puppet-spec Enabling Federation? Thanks (https://review.openstack.org/#/c/190361/) ^^	21:15
doug-fish	I think my favorite patch https://review.openstack.org/#/c/192438/ is not passing the gate because it needs the fix for https://review.openstack.org/#/c/192438/	21:16
*** ekarlso has quit IRC		21:16
doug-fish	The fact it's in a feature branch confuses me; if it weren't I'd just rebase it. Any suggestion on how to proceed?	21:17
bknudson	doug-fish: the feature branch needs a fix from master?	21:17
doug-fish	bknudson: yes	21:17
doug-fish	fix for https://bugs.launchpad.net/python-keystoneclient/+bug/1477177	21:17
openstack	Launchpad bug 1477177 in python-keystoneclient "Tests fail with oauthlib-1.0.0" [Undecided,Fix committed] - Assigned to Boris Bobrov (bbobrov)	21:17
bknudson	if so, somebody with merge-push authority needs to merge master to the feature branch	21:17
doug-fish	(I see I failed at cut and paste)	21:17
bknudson	people with merge-push are keystone cores.	21:18
doug-fish	bknudson: what's the right forum to make a request like this?	21:18
bknudson	doug-fish: here or on the openstack-dev mailing list	21:18
openstackgerrit	Dolph Mathews proposed openstack/keystone: Explain the "or None" on eventlet's client_socket_timeout https://review.openstack.org/177443	21:21
*** e0ne has quit IRC		21:24
*** mylu has quit IRC		21:25
*** mylu has joined #openstack-keystone		21:25
*** mylu has quit IRC		21:25
*** spandhe has joined #openstack-keystone		21:28
openstackgerrit	Brant Knudson proposed openstack/keystone: Config option for insecure reponses https://review.openstack.org/207226	21:30
doug-fish	marekd, bknudson, jamielennox, (or any other core!): - can one of you merge master to the keystoneauth_integration to pick up the fix to https://bugs.launchpad.net/python-keystoneclient/+bug/1477177, I think it's needed so https://review.openstack.org/#/c/192438/ can pass the gate	21:31
openstack	Launchpad bug 1477177 in python-keystoneclient "Tests fail with oauthlib-1.0.0" [Undecided,Fix committed] - Assigned to Boris Bobrov (bbobrov)	21:31
*** lhcheng_ has joined #openstack-keystone		21:32
*** lhcheng has quit IRC		21:32
*** htruta_ has joined #openstack-keystone		21:34
*** jsavak has quit IRC		21:34
*** jsavak has joined #openstack-keystone		21:35
bknudson	doug-fish: I'll put it on my list... might take a while if there are conflicts	21:36
doug-fish	thx bknudson - I was just trying it out locally; there are	21:37
*** gordc has quit IRC		21:39
*** ekarlso has joined #openstack-keystone		21:44
*** hrou has joined #openstack-keystone		21:48
*** _hrou_ has quit IRC		21:48
*** pnavarro has quit IRC		21:50
*** hrou has quit IRC		21:52
bigjools	doug-fish: hey, are you working on https://review.openstack.org/#/c/159910 ?	21:53
*** esp has left #openstack-keystone		21:53
*** esp has joined #openstack-keystone		21:53
doug-fish	bigjools: well it's not forgotten! - but it's held up right know becuase of a lack of k2k auth plugin being available	21:54
bigjools	ah!	21:54
bigjools	Is there anything I can do to help this along?	21:55
doug-fish	not sure offhand - again the key roadblock right now is to get a k2k authorization plugin available ...	21:56
bigjools	doug-fish: and presumably that plugin is the stuff in the new keystoneauth? I'm still digging around to see what's what	21:56
doug-fish	and that's been caught up in a bit of a refactor	21:56
doug-fish	bigjools: yes, that's right	21:56
bigjools	ah ok. Is the plan to keep that separate or merge to ksc?	21:57
bigjools	and is someone else doing that who I can badger? :)	21:57
doug-fish	bigjools: I'm going to have to defer to the keystone leadership on that question!	21:57
bigjools	fair enough :)	21:57
doug-fish	Maybe it would be wise for me to propose a k2kauth plugin in python-keystone client so I wouldn't have to wait for the keystoneauth changes to complete	21:59
bigjools	sounds reasonable to me	21:59
bigjools	is the intent to get all this into liberty?	21:59
bigjools	I had a go at getting all this working myself but the existing region switcher is broken	22:00
doug-fish	bknudson, marekd, jamielennox any thoughts on how a k2kauth patch would be received if I proposed a patch to python-keystoneclient? the overall state of the keystoneauth changes isn't quite clear to me	22:00
bknudson	doug-fish: does it bring in new dependencies?	22:01
bknudson	I can't think of a reason it should be left out of keystoneclient other than that.	22:01
* doug-fish looking		22:01
doug-fish	I'll just take a look and propose it if it doesn't	22:01
doug-fish	that's what the review process is for after all!	22:02
*** markvoelker has quit IRC		22:02
*** Kennan2 has joined #openstack-keystone		22:02
*** Kennan has quit IRC		22:03
*** piyanai has quit IRC		22:04
openstackgerrit	Merged openstack/keystone: Ensure database options registered for tests https://review.openstack.org/203900	22:05
*** spandhe has quit IRC		22:06
*** jsavak has quit IRC		22:08
openstackgerrit	Brant Knudson proposed openstack/keystone: Config option for insecure responses https://review.openstack.org/207226	22:12
*** d34dh0r53 has quit IRC		22:13
*** odyssey4me has quit IRC		22:13
*** d34dh0r53 has joined #openstack-keystone		22:13
*** odyssey4me has joined #openstack-keystone		22:14
*** LukeHinds has quit IRC		22:14
*** d34dh0r53 has quit IRC		22:15
*** d34dh0r53 has joined #openstack-keystone		22:16
*** jasonsb has quit IRC		22:16
*** d34dh0r53 has quit IRC		22:23
*** d34dh0r53 has joined #openstack-keystone		22:23
*** odyssey4me has quit IRC		22:24
*** odyssey4me has joined #openstack-keystone		22:25
*** bknudson has quit IRC		22:25
*** d34dh0r53 has quit IRC		22:27
*** d34dh0r53 has joined #openstack-keystone		22:27
*** sigmavirus24 has quit IRC		22:31
*** d34dh0r53 has quit IRC		22:32
*** sigmavirus24 has joined #openstack-keystone		22:32
*** d34dh0r53 has joined #openstack-keystone		22:33
*** jasonsb has joined #openstack-keystone		22:41
*** sigmavirus24 is now known as sigmavirus24_awa		22:43
*** jasonsb has quit IRC		22:47
*** raildo has quit IRC		22:49
*** samueldmq has quit IRC		22:49
*** ericksonsantos has quit IRC		22:50
*** tellesnobrega has quit IRC		22:50
*** htruta has quit IRC		22:50
*** iurygregory has quit IRC		22:50
*** Ephur has quit IRC		22:51
*** topol has quit IRC		22:56
*** markvoelker_ has joined #openstack-keystone		22:57
dstanek	dolphm: i think these tests are actually wrong in a Python 3 world ... were they testing a case you came across?	23:03
*** jecarey has quit IRC		23:04
*** jasonsb has joined #openstack-keystone		23:11
*** samleon has quit IRC		23:13
bigjools	Why would I get a 401 when doing a "role add" user to a domain? I'm doing it with the admin user.	23:14
*** pballand has quit IRC		23:18
*** pballand has joined #openstack-keystone		23:19
*** jaosorior has quit IRC		23:21
*** hrou has joined #openstack-keystone		23:31
dstanek	bigjools: are you using v3 or v2?	23:36
bigjools	v3	23:36
dstanek	bigjools: are you including the domain_id?	23:36
dstanek	bigjools: i remember seeing a bug about getting a 401 instead of a 400 for some cases	23:37
dstanek	maybe you are hitting one of those	23:37
bigjools	I'm using --domain <name>	23:37
bigjools	and this is in Kilo	23:37
bigjools	still get 401 with the ID	23:38
dstanek	bigjools: not sure then...is there anything interesting in the logs?	23:39
*** jamielennox is now known as jamielennox\|away		23:39
bigjools	dstanek: oh huh, I see this:	23:39
bigjools	[Wed Jul 29 23:39:42 2015] [error] 22960 WARNING keystone.common.controller [-] No domain information specified as part of list request	23:39
bigjools	followed by the Authorization failed error	23:40
*** darrenc is now known as darrenc_afk		23:47
*** ankita_wagh has quit IRC		23:47
bigjools	hmm this is interesting	23:48
*** ankita_wagh has joined #openstack-keystone		23:48
bigjools	I'm trying to add a user from a different domain	23:48
lifeless	bigjools: doesn't that take ages? Like, 10+ years?	23:50
bigjools	lifeless: qué?	23:50
lifeless	bigjools: put your terrible joke parsing hat on.	23:50
dstanek	lifeless: that's only if they are from a different realm	23:51
dstanek	bigjools: that's not a helpful error message	23:51
bigjools	dstanek: no :)	23:51
bigjools	lifeless: shouldn't you be on a plane? :)	23:51
lifeless	bigjools: boards at 1215	23:51
lifeless	bigjools: then -> AKL	23:51
lifeless	then at 14:40 -> BNE	23:52
bigjools	oh I thought you went via MEL?	23:52
lifeless	I'm visiting wgrant after pyconau	23:52
bigjools	aha	23:52
*** ankita_wagh has quit IRC		23:52
lifeless	and test driving a tesla	23:52
bigjools	well, you can explain the terrible joke to me in person later :)	23:53
*** Kennan2 is now known as Kennan		23:53
bigjools	dstanek: so is it even possible to add a user from a different domain?	23:53
* bigjools questions own sanity		23:53
*** jiaxi has joined #openstack-keystone		23:54
*** amickus has quit IRC		23:54
*** topol has joined #openstack-keystone		23:57
*** ChanServ sets mode: +v topol		23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!