Wednesday, 2016-01-27

« Tuesday, 2016-01-26 Index Thursday, 2016-01-28 »
*** roxanaghe has quit IRC00:00
*** henrynash has quit IRC00:00
navidpjamielennox, yeah i ma just trying to first work the authentication then try to fix others00:00
*** oomichi has quit IRC00:01
*** RichardRaseley has quit IRC00:01
navidpjamielennox, thanks for your time.00:03
jamielennoxnavidp: yep, i think you'll have to fix a couple of different projects, get it working and the see what they need00:03
jamielennoxnavidp: any time00:03
navidpjamielennox, :)00:04
*** daemontool_ has quit IRC00:04
*** dims has quit IRC00:04
*** rbak has quit IRC00:04
*** pushkaru has quit IRC00:05
*** gordc has quit IRC00:06
*** daemontool_ has joined #openstack-keystone00:06
*** phalmos has quit IRC00:09
*** _cjones_ has quit IRC00:12
*** _cjones_ has joined #openstack-keystone00:12
*** daemontool_ has quit IRC00:13
*** lhcheng has joined #openstack-keystone00:14
*** ChanServ sets mode: +v lhcheng00:14
*** mylu has quit IRC00:15
*** slberger has left #openstack-keystone00:22
*** ebalduf has joined #openstack-keystone00:26
*** mylu has joined #openstack-keystone00:37
jamielennoxnotmorgan: bknudson: we reverted all the caching changes to auth_token?00:37
*** shoutm_ has joined #openstack-keystone00:38
*** shoutm has quit IRC00:39
*** markvoelker has quit IRC00:51
*** markvoelker has joined #openstack-keystone00:56
*** EinstCrazy has quit IRC01:01
*** gildub has quit IRC01:04
*** ebalduf has quit IRC01:04
*** spzala has quit IRC01:10
*** mgarza has quit IRC01:10
*** spzala has joined #openstack-keystone01:10
*** mylu has quit IRC01:14
*** spzala has quit IRC01:15
*** shoutm_ has quit IRC01:17
*** spzala has joined #openstack-keystone01:19
*** shoutm has joined #openstack-keystone01:19
*** lhcheng_ has joined #openstack-keystone01:30
*** lhcheng has quit IRC01:31
*** phalmos has joined #openstack-keystone01:35
*** david-lyle has quit IRC01:36
*** gildub has joined #openstack-keystone01:37
*** shoutm_ has joined #openstack-keystone01:41
*** phalmos has quit IRC01:42
*** EinstCrazy has joined #openstack-keystone01:43
*** shoutm has quit IRC01:44
*** ninag has joined #openstack-keystone01:49
*** _cjones_ has quit IRC01:50
*** _cjones_ has joined #openstack-keystone01:50
*** _cjones_ has quit IRC01:50
*** _cjones_ has joined #openstack-keystone01:51
*** lhcheng_ has quit IRC01:52
*** ninag has quit IRC01:53
*** lhcheng has joined #openstack-keystone01:53
*** ChanServ sets mode: +v lhcheng01:53
*** _cjones_ has quit IRC01:55
*** fawadkhaliq has joined #openstack-keystone01:58
*** fawadkhaliq has quit IRC01:59
*** mylu has joined #openstack-keystone02:00
*** topol has quit IRC02:10
*** topol_ has joined #openstack-keystone02:12
notmorganjamielennox: yes02:19
notmorgan:(02:19
notmorganSome folks made a lot of noise and I wasn't awake to.fight the revert02:19
jamielennoxnotmorgan: out of interest who cares?02:21
jamielennoxi saw devstack, but you had a fix for that02:21
notmorganThis was folks in nova and other upstream projects complaint we needed to depreciate02:21
jamielennoxbah02:21
notmorganFor 2/cycles cause omg it broke so much02:21
jamielennox2 cycles!02:22
notmorganWas a overreaction02:22
notmorganBut I honestly was asleep.02:22
notmorgan:(02:22
notmorganIf I had been awake I would have halted the revert02:22
jamielennoxit broke testing because devstack - that's it02:22
jamielennoxwtf does nova etc care02:23
jamielennoxcaching of pki certs got reverted as well02:23
*** dims has joined #openstack-keystone02:24
jamielennoxhmm, ok brant has already proposed the deprecation02:24
*** daemontool has joined #openstack-keystone02:31
*** browne has quit IRC02:32
*** diazjf has joined #openstack-keystone02:33
*** su_zhang has quit IRC02:35
*** richm has quit IRC02:37
*** jasonsb has joined #openstack-keystone02:39
openstackgerritLance Bragstad proposed openstack/keystone-specs: Time-based One-time Password  https://review.openstack.org/13037602:47
openstackgerritLance Bragstad proposed openstack/keystone-specs: Add spec for multifactor authentication  https://review.openstack.org/27228702:47
*** e0ne has joined #openstack-keystone02:48
*** alexvictorchan has quit IRC02:57
*** spzala has quit IRC03:00
*** spzala has joined #openstack-keystone03:01
*** spandhe has quit IRC03:04
*** spzala has quit IRC03:05
*** diazjf has quit IRC03:08
*** mylu has quit IRC03:14
*** mylu has joined #openstack-keystone03:14
*** spzala has joined #openstack-keystone03:15
*** gokrokve has joined #openstack-keystone03:18
*** browne has joined #openstack-keystone03:21
*** gokrokve has quit IRC03:22
*** mylu has quit IRC03:24
*** dims has quit IRC03:30
*** shoutm_ has quit IRC03:33
*** mylu has joined #openstack-keystone03:33
*** shoutm has joined #openstack-keystone03:40
*** doug-fish has joined #openstack-keystone03:49
ayoungjamielennox, notmorgan Roles API.  Cleaned up the controller, made the policy enforec admin only for all calls, and made a hardcoded check that admin could not be an implied role (only prior)  https://review.openstack.org/#/c/242614/04:00
*** markvoelker has quit IRC04:04
*** gokrokve has joined #openstack-keystone04:05
*** gokrokve has quit IRC04:10
openstackgerrithenry-nash proposed openstack/keystone: Allow project domain_id to be nullable at the manager level  https://review.openstack.org/26453304:14
openstackgerrithenry-nash proposed openstack/keystone: Allow project domain_id to be nullable at the manager level  https://review.openstack.org/26453304:14
openstackgerrithenry-nash proposed openstack/keystone: Verify project unique constraints for projects acting as domains  https://review.openstack.org/15837204:14
openstackgerrithenry-nash proposed openstack/keystone: Add tests in preparation of projects acting as a domain  https://review.openstack.org/27236904:14
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains  https://review.openstack.org/23128904:14
*** henrynash has joined #openstack-keystone04:15
*** ChanServ sets mode: +v henrynash04:15
*** henrynash has quit IRC04:19
openstackgerritfengzhr proposed openstack/keystone: The name can be just white character except project and user  https://review.openstack.org/27235804:20
*** spzala has quit IRC04:23
*** spzala has joined #openstack-keystone04:24
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains  https://review.openstack.org/23128904:24
*** david-lyle has joined #openstack-keystone04:25
*** EinstCrazy has quit IRC04:25
*** david-lyle has quit IRC04:25
*** spzala has quit IRC04:28
*** gokrokve has joined #openstack-keystone04:30
*** gokrokve has quit IRC04:36
*** david-lyle has joined #openstack-keystone04:37
*** fpatwa has joined #openstack-keystone04:44
*** fawadkhaliq has joined #openstack-keystone04:46
*** fpatwa has quit IRC04:49
*** vivekd has joined #openstack-keystone04:56
*** ebalduf has joined #openstack-keystone05:01
*** roxanaghe has joined #openstack-keystone05:03
*** markvoelker has joined #openstack-keystone05:05
openstackgerrithenry-nash proposed openstack/keystone: Allow project domain_id to be nullable at the manager level  https://review.openstack.org/26453305:09
*** su_zhang has joined #openstack-keystone05:09
openstackgerrithenry-nash proposed openstack/keystone: Verify project unique constraints for projects acting as domains  https://review.openstack.org/15837205:09
*** markvoelker has quit IRC05:10
openstackgerrithenry-nash proposed openstack/keystone: Add tests in preparation of projects acting as a domain  https://review.openstack.org/27236905:11
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains  https://review.openstack.org/23128905:11
*** vivekd has quit IRC05:12
*** vivekd has joined #openstack-keystone05:12
*** pushkaru has joined #openstack-keystone05:16
*** spandhe has joined #openstack-keystone05:17
*** EinstCrazy has joined #openstack-keystone05:21
*** spzala has joined #openstack-keystone05:24
*** gokrokve has joined #openstack-keystone05:30
*** spzala has quit IRC05:30
*** fawadkhaliq has quit IRC05:31
*** topol_ has quit IRC05:32
*** e0ne has quit IRC05:33
*** topol_ has joined #openstack-keystone05:34
*** vivekd has quit IRC05:35
notmorganjamielennox: yeah05:41
openstackgerritChangBo Guo(gcb) proposed openstack/keystone: Use the oslo.utils.reflection to extract the class name  https://review.openstack.org/24149405:43
*** fawadkhaliq has joined #openstack-keystone05:47
*** fawadkhaliq has quit IRC05:47
*** EinstCrazy has quit IRC05:47
*** ebalduf has quit IRC05:47
*** EinstCrazy has joined #openstack-keystone05:48
*** gokrokve has quit IRC05:49
*** fawadkhaliq has joined #openstack-keystone05:50
*** mylu has quit IRC06:00
openstackgerrithenry-nash proposed openstack/keystone: Allow project domain_id to be nullable at the manager level  https://review.openstack.org/26453306:01
openstackgerrithenry-nash proposed openstack/keystone: Verify project unique constraints for projects acting as domains  https://review.openstack.org/15837206:02
openstackgerrithenry-nash proposed openstack/keystone: Add tests in preparation of projects acting as a domain  https://review.openstack.org/27236906:03
*** spandhe has quit IRC06:05
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains  https://review.openstack.org/23128906:05
*** vgridnev has joined #openstack-keystone06:07
stevemarwho's online?!06:09
jamielennoxnope06:11
*** vivekd has joined #openstack-keystone06:12
stevemarjamielennox: you're on opposite time06:16
jamielennoxstevemar: not in my opinion06:17
stevemarjamielennox: you have an opposite opinion06:17
*** Nirupama has joined #openstack-keystone06:18
*** jaosorior has joined #openstack-keystone06:27
*** spzala has joined #openstack-keystone06:27
*** shoutm_ has joined #openstack-keystone06:28
*** shoutm has quit IRC06:30
*** spzala has quit IRC06:32
*** spandhe has joined #openstack-keystone06:43
*** spandhe_ has joined #openstack-keystone06:46
*** roxanaghe has quit IRC06:47
*** spandhe has quit IRC06:48
*** spandhe_ is now known as spandhe06:48
*** spandhe has left #openstack-keystone06:49
*** spandhe has joined #openstack-keystone06:51
*** jasonsb has quit IRC06:57
openstackgerritMerged openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/27279106:58
*** vgridnev has quit IRC07:00
*** pushkaru has quit IRC07:05
*** markvoelker has joined #openstack-keystone07:06
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/27279207:07
*** markvoelker has quit IRC07:11
*** EinstCrazy has quit IRC07:12
*** browne has quit IRC07:13
*** belmoreira has joined #openstack-keystone07:15
*** spandhe has quit IRC07:21
*** EinstCrazy has joined #openstack-keystone07:22
*** gokrokve has joined #openstack-keystone07:24
*** rcernin has joined #openstack-keystone07:27
openstackgerritMerged openstack/oslo.policy: Updated from global requirements  https://review.openstack.org/27281707:28
*** roxanaghe has joined #openstack-keystone07:28
*** gokrokve has quit IRC07:28
*** chlong_zzz is now known as chlong07:31
*** roxanaghe has quit IRC07:33
*** pnavarro has joined #openstack-keystone07:35
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947907:36
*** vgridnev has joined #openstack-keystone07:38
*** ninag has joined #openstack-keystone07:43
*** ninag has quit IRC07:48
openstackgerritMerged openstack/pycadf: Updated from global requirements  https://review.openstack.org/27282408:03
*** EinstCrazy has quit IRC08:05
*** EinstCrazy has joined #openstack-keystone08:09
*** lhcheng has quit IRC08:18
*** su_zhang has quit IRC08:27
*** spzala has joined #openstack-keystone08:28
*** roxanaghe has joined #openstack-keystone08:29
*** roxanaghe has quit IRC08:33
*** spzala has quit IRC08:35
*** gildub has quit IRC08:35
*** vgridnev has quit IRC08:36
*** shoutm_ has quit IRC08:38
*** vgridnev has joined #openstack-keystone08:44
*** vgridnev has quit IRC08:46
*** fhubik has joined #openstack-keystone08:51
*** markvoelker has joined #openstack-keystone09:07
*** markvoelker has quit IRC09:12
*** LZ has joined #openstack-keystone09:16
*** woodster_ has quit IRC09:16
*** jaosorior has quit IRC09:19
*** jaosorior has joined #openstack-keystone09:20
*** jaosorior has quit IRC09:25
*** jaosorior has joined #openstack-keystone09:25
*** spzala has joined #openstack-keystone09:31
*** permalac has joined #openstack-keystone09:34
*** spzala has quit IRC09:36
*** mhickey has joined #openstack-keystone09:37
*** jistr has joined #openstack-keystone09:43
*** vgridnev has joined #openstack-keystone09:46
*** david8hu has quit IRC09:48
*** david8hu has joined #openstack-keystone09:48
*** EinstCrazy has quit IRC09:55
*** alex_xu has quit IRC09:56
*** vgridnev has quit IRC09:57
*** aix has joined #openstack-keystone09:57
*** alex_xu has joined #openstack-keystone09:58
*** vgridnev has joined #openstack-keystone09:58
*** vgridnev has quit IRC09:58
*** vgridnev has joined #openstack-keystone10:00
*** lhcheng has joined #openstack-keystone10:06
*** ChanServ sets mode: +v lhcheng10:06
*** markvoelker has joined #openstack-keystone10:08
*** davechen has joined #openstack-keystone10:08
*** lhcheng has quit IRC10:11
*** markvoelker has quit IRC10:13
*** lhcheng has joined #openstack-keystone10:14
*** ChanServ sets mode: +v lhcheng10:14
*** davechen1 has joined #openstack-keystone10:17
*** davechen has quit IRC10:19
*** roxanaghe has joined #openstack-keystone10:24
*** davechen has joined #openstack-keystone10:26
*** roxanaghe has quit IRC10:28
*** davechen1 has quit IRC10:30
*** spzala has joined #openstack-keystone10:32
*** spzala has quit IRC10:37
*** shoutm has joined #openstack-keystone10:37
*** lhcheng has quit IRC10:38
openstackgerritDave Chen proposed openstack/keystone: Create V9 version of catalog driver interface  https://review.openstack.org/26945510:49
samueldmqdavechen: hey10:52
davechensamueldmq: hey, hey10:53
davechensamueldmq: are you in summit?10:53
davechensorry10:54
davechenmid cycle10:54
openstackgerritDave Chen proposed openstack/keystone: Create V9 version of catalog driver interface  https://review.openstack.org/26945510:54
samueldmqdavechen: yes I am, you too ?10:55
davechensamueldmq: no, too far, no budget. :-(10:55
davechensamueldmq: how is going?10:56
samueldmqdavechen: :-(10:56
davechensamueldmq: Have you relocated to US?10:56
davechensamueldmq: it's fine, Brazil is close to US. :)10:57
*** gokrokve has joined #openstack-keystone11:02
*** davechen1 has joined #openstack-keystone11:04
samueldmqdavechen: no I didn't do yet11:05
samueldmqdavechen: yes, not too far11:06
*** davechen has quit IRC11:06
*** gokrokve has quit IRC11:06
*** davechen1 is now known as davechen11:07
davechensamueldmq: see many friends there? Haven't visited Austin last time, but I guess it's  fantastic place.11:10
davechensamueldmq: maybe have a travel in San Antonio too. :)11:11
samueldmqdavechen: looks to be a great place, I arrived yesterday and haven't have a chance to visit some places yet11:13
davechensamueldmq: have a good rest.11:15
samueldmqdavechen: I did, and actually woke up early :)11:17
samueldmqdavechen: 5 am here11:17
davechensamueldmq: why wake up so early, if it was me i will sleep all the morning.11:18
davechensamueldmq: i't might be very quiet  there, how stevemar will treat you guys?  :)11:20
samueldmqdavechen: very quiet at midcycle ?11:21
davechensamueldmq: quiet in the morning.11:21
davecheneveryone is sleeping.11:21
*** fhubik has quit IRC11:22
samueldmqyes11:22
*** e0ne has joined #openstack-keystone11:22
davechenask stevemar to take some beer in the midcycle.11:22
*** davechen1 has joined #openstack-keystone11:25
*** davechen has quit IRC11:27
*** davechen1 is now known as davechen11:30
*** spzala has joined #openstack-keystone11:33
*** spzala has quit IRC11:38
openstackgerritDave Chen proposed openstack/keystone: Create V9 version of catalog driver interface  https://review.openstack.org/26945511:40
openstackgerritDave Chen proposed openstack/keystone: Service Providers and Projects associations  https://review.openstack.org/26485411:40
*** fawadkhaliq has quit IRC11:42
*** fawadkhaliq has joined #openstack-keystone11:42
*** aix has quit IRC11:43
*** pcaruana has joined #openstack-keystone11:44
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Improve Development Environment Docs  https://review.openstack.org/24640011:50
*** clenimar has joined #openstack-keystone11:52
*** reddy has joined #openstack-keystone11:57
reddyHi. can someone help me in one doubt about keystone authentication method. Q: if i integrate LDAP to my openstack environment and if i want to use horizon login screen to authenticate both openstack and other servers outside openstack at same time ?12:00
reddyjust want to know is it possible that i can use same login details for authenticating openstack and another application at same time from horizon login screen12:02
*** jsheeren has joined #openstack-keystone12:04
*** vgridnev has quit IRC12:07
*** markvoelker has joined #openstack-keystone12:09
*** pauloewerton has joined #openstack-keystone12:09
*** vgridnev has joined #openstack-keystone12:10
*** davechen has left #openstack-keystone12:13
*** markvoelker has quit IRC12:14
*** vgridnev has quit IRC12:15
*** roxanaghe has joined #openstack-keystone12:18
*** daemontool has quit IRC12:19
*** vgridnev has joined #openstack-keystone12:21
*** dims has joined #openstack-keystone12:23
*** roxanaghe has quit IRC12:23
*** aix has joined #openstack-keystone12:25
*** gordc has joined #openstack-keystone12:29
*** spzala has joined #openstack-keystone12:34
*** fhubik has joined #openstack-keystone12:35
*** fhubik is now known as fhubik_brb12:35
*** pcaruana has quit IRC12:37
*** ninag has joined #openstack-keystone12:39
*** daemontool has joined #openstack-keystone12:39
*** spzala has quit IRC12:40
*** fhubik_brb is now known as fhubik12:40
*** ninag has quit IRC12:40
*** ninag has joined #openstack-keystone12:41
*** e0ne has quit IRC12:42
*** e0ne has joined #openstack-keystone12:52
*** clenimar has quit IRC12:56
*** david-lyle has quit IRC13:08
*** markvoelker has joined #openstack-keystone13:09
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split assignment backend tests  https://review.openstack.org/26830713:13
*** markvoelker has quit IRC13:14
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split resource backend tests  https://review.openstack.org/26870213:15
*** chlong has quit IRC13:15
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split token backend tests  https://review.openstack.org/26911113:18
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split trust backend tests  https://review.openstack.org/26911513:20
*** e0ne has quit IRC13:21
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains  https://review.openstack.org/23128913:24
*** chlong has joined #openstack-keystone13:28
*** Ephur has joined #openstack-keystone13:31
*** spzala has joined #openstack-keystone13:35
*** raildo-afk is now known as raildo13:36
*** vgridnev has quit IRC13:39
*** vgridnev has joined #openstack-keystone13:40
*** spzala has quit IRC13:41
*** markvoelker has joined #openstack-keystone13:45
*** richm has joined #openstack-keystone13:48
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split catalog backend tests  https://review.openstack.org/26912513:53
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split policy backend tests  https://review.openstack.org/26913313:54
*** fawadkhaliq has quit IRC13:55
*** fawadk has joined #openstack-keystone13:55
*** daemontool has quit IRC14:00
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split identity backend tests  https://review.openstack.org/26914814:00
*** vivekd has quit IRC14:07
*** Nirupama has quit IRC14:08
*** phalmos has joined #openstack-keystone14:10
*** jsavak has joined #openstack-keystone14:12
*** fawadk has quit IRC14:12
*** fawadkhaliq has joined #openstack-keystone14:15
*** EinstCrazy has joined #openstack-keystone14:16
*** fawadkhaliq has quit IRC14:16
*** david-lyle has joined #openstack-keystone14:17
*** jsheeren has quit IRC14:17
*** dims has quit IRC14:21
*** spzala has joined #openstack-keystone14:21
*** jsheeren has joined #openstack-keystone14:21
notmorgansamueldmq: wow14:30
*** daemontool has joined #openstack-keystone14:31
openstackgerritMarek Denis proposed openstack/keystone: Service Providers and Projects associations  https://review.openstack.org/26485414:35
*** jsavak has quit IRC14:35
*** dims has joined #openstack-keystone14:36
*** jsavak has joined #openstack-keystone14:36
*** spzala has quit IRC14:38
*** jsheeren has quit IRC14:39
*** spzala has joined #openstack-keystone14:40
*** dulek has left #openstack-keystone14:41
*** henrynash has joined #openstack-keystone14:41
*** ChanServ sets mode: +v henrynash14:41
*** jsheeren has joined #openstack-keystone14:42
*** david-lyle has quit IRC14:44
*** david-lyle has joined #openstack-keystone14:48
*** pushkaru has joined #openstack-keystone14:49
*** reddy has quit IRC14:49
*** henrynash has quit IRC14:49
*** e0ne has joined #openstack-keystone14:53
*** david-lyle has quit IRC14:53
*** su_zhang has joined #openstack-keystone14:53
*** sigmavirus24_awa is now known as sigmavirus2414:55
*** ChanServ sets mode: +v topol_14:56
*** topol_ is now known as topol14:56
*** edmondsw has joined #openstack-keystone14:57
*** rbak has joined #openstack-keystone14:57
*** gokrokve has joined #openstack-keystone14:58
*** e0ne has quit IRC14:59
*** e0ne has joined #openstack-keystone15:05
*** shoutm has quit IRC15:07
*** diazjf has joined #openstack-keystone15:11
*** EinstCrazy has quit IRC15:13
*** gokrokve has quit IRC15:16
*** AJaeger has joined #openstack-keystone15:18
AJaegerHi, is Morgan Fainberg here?15:18
AJaegersorry, not sure which nick he uses...15:18
*** slberger has joined #openstack-keystone15:19
*** timcline has joined #openstack-keystone15:19
*** chris_19 has joined #openstack-keystone15:19
*** rderose has joined #openstack-keystone15:20
*** KarthikB has joined #openstack-keystone15:20
*** narengan12 has joined #openstack-keystone15:20
*** paul-carlton2 has joined #openstack-keystone15:22
lbragstaddstanek I assume this is one of the bugs we were just talking about - https://review.openstack.org/#/c/175980/15:23
AJaegerkeystone folks, Morgan just abandoned a change of me and I disagree with him naturally ;) Do you know whether he's around here?15:25
*** tonytan4ever has joined #openstack-keystone15:25
bknudsonmidcycle time.15:25
bknudsonAJaeger: he's at the midcycle here15:25
bknudsonwe can throw stuff at him.15:26
AJaegerbknudson: happy midcycling ;)15:26
AJaegerbknudson: don't throw stuff at him ;)15:26
bknudsonI think you should restore it.15:26
AJaegerbknudson: I did already, just wanted to discus it here with him, since that might be better than in the comment15:26
AJaegerhttps://review.openstack.org/#/c/270370/ is the change...15:27
ayounglbragstad, anything on telepresence?15:28
ayoungbknudson, dstanek stevemar ?15:28
lbragstadayoung I think we are going to try a Google hangout here in a minute15:29
ayoungcool15:29
ayoungstanding by15:29
dstanekAJaeger: why remove it? just curious15:30
*** chris_19 has quit IRC15:32
AJaegerdstanek: you already merged I1a4cc85ff6b61174ca06048d353c7a87c523e8f0 to remove python 2.6 support15:33
AJaegerargparse moved from external to internal in 2.7 and later, so installing it is not needed at all.15:34
*** csoukup has joined #openstack-keystone15:34
dstanekdoes it work in 2.6 at all or is it just busted15:34
AJaegerthe new pip 8.0 broke also with argparse as requirement - but that was fixed with 8.0.215:34
AJaegerdstanek: keystoneauth does not support 2.6 anymore since November with I1a4cc85ff6b61174ca06048d353c7a87c523e8f0 merged.15:35
AJaegerdstanek: so, why keep an old artefact around?15:35
AJaegerdstanek: see also https://review.openstack.org/27035415:35
bknudsonif somebody wants to try to run on 2.6 they can install argparse... and, they probably have it already15:35
*** jgriffith is now known as Guest9423415:36
dstanekAJaeger: i don't care either way. it seems the argument is that it may work and doesn't hurt anything15:36
AJaegerdstanek: we're not gating for it, you removed already python 2.6 from setup.cfg as marker...15:37
dstanekAJaeger: i realize that. just wanted to see why it was important to you15:38
ayounglbragstad, have things actually started there?15:38
*** vgridnev has quit IRC15:38
ayoungI forgot you are an hour later than I am here15:39
lbragstadayoung talking about caching15:39
*** chris_19 has joined #openstack-keystone15:39
lbragstadjust started15:39
AJaegerdstanek: it was important to me last week in an effort to fix pip 8.0 breakage15:39
lbragstadstevemar are we doing teleconferencing?15:39
AJaegerdstanek: with pip 8.0.2 it's not important, just a cleanup15:39
dolphmstevemar: for our sanity, please use a unified diff15:39
dstanekdolphm: ++15:39
*** fawadkhaliq has joined #openstack-keystone15:40
*** fawadkhaliq has quit IRC15:40
*** fawadkhaliq has joined #openstack-keystone15:40
* AJaeger is just irritated, especially seeing bugs marked as closed like https://bugs.launchpad.net/keystone/+bug/1519449 "15:41
openstackLaunchpad bug 1519449 in python-keystoneclient-kerberos "Remove Python 2.6 Support" [Low,Fix released] - Assigned to David Stanek (dstanek)15:41
AJaegerRemove Python 2.6 Support"15:41
*** gokrokve has joined #openstack-keystone15:42
lbragstadayoung stevemar wants to wait until a break to try out a hangout with you on the big screen15:42
*** vgridnev has joined #openstack-keystone15:43
ayoungstevemar, lbragstad OK.  I just did a test run, have it all set up15:43
ayoungtill then lbragstad gets to live chat15:43
lbragstadayoung reviewing the internal interface changes of https://review.openstack.org/#/c/215715/15:49
lbragstadayoung which will get better when https://review.openstack.org/#/c/272007/ and we get that into dogpile15:49
*** tonytan_brb has joined #openstack-keystone15:50
ayounglbragstad, is there any controversy there?15:51
lbragstadayoung not really - we are just discussing the maintenance of holding https://review.openstack.org/#/c/215715/23/keystone/common/cache/core.py internally15:52
lbragstaduntil we get the fix in dogpile15:53
lbragstadayoung no real objections15:53
openstackgerritDolph Mathews proposed openstack/keystone: Add caching to role assignments  https://review.openstack.org/21571515:53
*** tonytan4ever has quit IRC15:53
ayounglbragstad, nah push yours first15:53
ayoungmy argument is that token validation is unlikely to benefit from request level caching15:53
ayoungmaybe marginally, but we only fetch roles ones per validation15:53
ayoungwhere notmorgan 's will really help is with identityt, cuz that is where we look up a lot of info time and again15:54
*** vgridnev has quit IRC15:59
*** su_zhang has quit IRC16:03
*** mgarza_ has joined #openstack-keystone16:03
*** su_zhang has joined #openstack-keystone16:06
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split token backend tests  https://review.openstack.org/26911116:08
*** rcernin has quit IRC16:09
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split trust backend tests  https://review.openstack.org/26911516:10
*** alexvictorchan has joined #openstack-keystone16:11
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split catalog backend tests  https://review.openstack.org/26912516:12
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split policy backend tests  https://review.openstack.org/26913316:13
*** tonytan_brb has quit IRC16:13
*** tonytan4ever has joined #openstack-keystone16:14
*** david-lyle has joined #openstack-keystone16:14
*** su_zhang has quit IRC16:17
*** diazjf has quit IRC16:17
*** fhubik is now known as fhubik_brb16:18
raildolbragstad: change this for fernet, fix a test :) https://github.com/openstack/keystone/blob/master/keystone/tests/unit/test_token_provider.py#L74616:18
lbragstadraildo awesome - thanks16:19
lbragstadraildo if you propose a patch I'll pull it into ayoung 's review16:19
*** jsavak has quit IRC16:19
ayoungthanks16:19
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Split identity backend tests  https://review.openstack.org/26914816:20
raildolbragstad: nice, I'll try fix some other tests and send a patch today :)16:20
lbragstadraildo thank you sir!16:20
*** woodster_ has joined #openstack-keystone16:21
*** dgonzalez has quit IRC16:23
*** jsavak has joined #openstack-keystone16:23
*** dgonzalez has joined #openstack-keystone16:24
*** chris_19 has quit IRC16:24
ayounglbragstad, at some point I'll free uop enough time to rip the not-needed revocation events out16:26
*** avarner has joined #openstack-keystone16:27
*** jsheeren has quit IRC16:27
*** diazjf has joined #openstack-keystone16:28
*** chris_19 has joined #openstack-keystone16:28
*** jsavak has quit IRC16:29
*** jsavak has joined #openstack-keystone16:29
*** simondodsley has joined #openstack-keystone16:32
lbragstadayoung you and jorge_munoz share a common goal :)16:34
lbragstadayoung that was his mission that lead him to the trust rework16:35
ayoungI need to get back to jorge_munoz .  Is he there?16:35
jorge_munozo/16:35
lbragstadayoung unfortunately no :(16:35
lbragstadayoung but he's right there ^16:35
lbragstad:)16:35
ayoungjorge_munoz, so, on the trust thing, I think the biggest thing is the policy check16:35
ayoungIIUC the bug is that we enforce on user_id16:35
ayoungand that forces us to use impersonation16:35
ayoungquestion is, what is the right policy rule to enforce16:36
ayoungand maybe it is not not policy16:36
ayoungmaybe it is in the trust code itsef16:36
ayoungitself16:36
ayoungif there is no existing trust, then the trust needs to be created by the trustor. Period.16:36
ayoungIf extending a trust, the trust must be extended by the trustee.16:37
ayoungDoes that make sense?16:37
ayoungI don;t think you should have a trust token to extend a trust16:37
ayoungthat makes you use up one of the count if it is a limited use trust16:38
ayoungjorge_munoz, am I making sense?16:38
jorge_munozYes, there are still some bug that I’m trying to expose by fixing the trust test cases. I just opened a bug to fix those: https://bugs.launchpad.net/keystone/+bug/153862616:38
openstackLaunchpad bug 1538626 in OpenStack Identity (keystone) "Fix trust test cases for redelegation and add test for impersonation" [Undecided,New] - Assigned to Jorge Munoz (jorge-munoz)16:38
*** belmoreira has quit IRC16:38
*** david-lyle has quit IRC16:38
jorge_munozSo, we need to stop creating trust if impersonation is used.16:38
jorge_munozI don’t know the use case for creating a new trust using impersonation.16:39
ayoungright.  that means first changing the policuy rule, but we can't do that without enforcing something else16:39
lbragstadyeah - that's where the "weird" condition is16:39
ayoung creating a new trust using impersonation  should only be done by the trustee16:39
dstaneksamueldmq: !16:40
*** david-lyle has joined #openstack-keystone16:40
*** jbell8 has joined #openstack-keystone16:42
jorge_munozayoung: Yea, a check to be done to prevent a user from creating a trust using a trusted token with impersonation, but that would still pass the policy enforment.16:42
*** spandhe has joined #openstack-keystone16:42
jorge_munozby check I mean with code.16:43
ayoungjorge_munoz, there are some use cases from Heat where they use the users token to create a trust, but I think those would still work. I don't think they use a trust token to create a trust16:43
jorge_munozayoung: Yes, that should work. Only thing not working was redelegation, but that should be fixed now. I can strart working on fixing the policy issue and making sure impersonation is not used when attemping to redelegate a new trust.16:48
*** fhubik_brb is now known as fhubik16:48
ayoungjorge_munoz, is that in you latest patch?16:48
jorge_munozYes, that fixed the redelegation work flow. There are still some bug that i want to address. Ex. Passing redelegation_trust_id is allowed even if its the frist trust in the chain.16:50
ayoungjorge_munoz, sounds good.  Are you familiar with amakarov's work on unified delegation?16:51
*** haneef_ has quit IRC16:51
jorge_munozayoung: No, but if I get pointed to the right direction I can take a look.16:52
lbragstadayoung https://etherpad.openstack.org/p/keystone-mitaka-midcycle16:55
*** gokrokve has quit IRC16:57
*** _cjones_ has joined #openstack-keystone16:58
*** _cjones_ has quit IRC16:58
*** _cjones_ has joined #openstack-keystone16:58
*** jistr has quit IRC16:59
ayoungstevemar, turn your computer around ,please. so mike can pike up the conversation17:00
*** chris_19 has quit IRC17:01
*** fhubik is now known as fhubik_brb17:01
*** fhubik_brb is now known as fhubik17:03
*** gokrokve has joined #openstack-keystone17:03
*** cdcasey has joined #openstack-keystone17:03
*** clenimar has joined #openstack-keystone17:05
*** paul-carlton2 has quit IRC17:07
*** chris_19 has joined #openstack-keystone17:09
*** mhickey has quit IRC17:12
*** fhubik has quit IRC17:19
*** jaosorior has quit IRC17:20
*** jaosorior has joined #openstack-keystone17:20
*** jaosorior has quit IRC17:21
*** permalac has quit IRC17:22
*** jasonsb has joined #openstack-keystone17:29
*** cdcasey has quit IRC17:30
*** chris_19 has quit IRC17:30
*** chris_19 has joined #openstack-keystone17:30
*** pgbridge_ has quit IRC17:33
*** aix has quit IRC17:36
*** pgbridge_ has joined #openstack-keystone17:36
*** narengan12 has quit IRC17:42
*** jed56 has quit IRC17:43
*** pwp has joined #openstack-keystone17:47
*** mylu has joined #openstack-keystone17:48
*** fawadkhaliq has quit IRC17:51
raildolbragstad: I have the feeling that most of this tests will only be fixed after the issue_v2_token() and v3 patches... =/17:53
*** su_zhang has joined #openstack-keystone17:53
*** pwp has quit IRC17:55
*** dims has quit IRC17:58
*** rcernin has joined #openstack-keystone18:00
*** rderose has quit IRC18:01
*** cdcasey has joined #openstack-keystone18:03
*** narengan12 has joined #openstack-keystone18:07
*** browne has joined #openstack-keystone18:12
*** jsavak has quit IRC18:13
*** mylu has quit IRC18:13
*** jsavak has joined #openstack-keystone18:13
*** EinstCrazy has joined #openstack-keystone18:14
lbragstaddolphm https://review.openstack.org/#/c/215715/1918:16
lbragstadraildo yeah, probably18:16
*** chris_19 has left #openstack-keystone18:16
*** mylu has joined #openstack-keystone18:16
*** doug-fish has quit IRC18:16
*** EinstCrazy has quit IRC18:18
*** jsavak has quit IRC18:19
samueldmqAJaeger: if you're still looking for morgan, he's notmorgan18:19
samueldmqAJaeger: fyi irc conversations may be a bit slow today because of midcycle18:20
*** fhubik has joined #openstack-keystone18:21
*** fhubik has quit IRC18:22
*** doug-fish has joined #openstack-keystone18:22
*** KarthikB has quit IRC18:25
*** pwp has joined #openstack-keystone18:26
*** doug-fish has quit IRC18:27
bknudsonhttp://eavesdrop.openstack.org/18:30
lbragstaddstanek https://review.openstack.org/#/c/253671/718:31
lbragstaddstanek https://review.openstack.org/#/c/253670/618:31
lbragstaddstanek and https://review.openstack.org/#/c/253672/718:31
*** jsavak has joined #openstack-keystone18:33
*** stack_ has joined #openstack-keystone18:33
*** rderose has joined #openstack-keystone18:33
*** jasonsb has quit IRC18:34
lbragstadbknudson ^18:35
*** cdcasey has quit IRC18:35
*** doug-fish has joined #openstack-keystone18:35
*** cdcasey has joined #openstack-keystone18:36
*** KarthikB has joined #openstack-keystone18:36
*** narengan12 has quit IRC18:37
*** doug-fish has quit IRC18:40
samueldmqtjcocozz: dstanek: https://review.openstack.org/#/c/26830718:40
samueldmqtest_backend split ^18:40
*** pwp has quit IRC18:41
*** mylu has quit IRC18:43
openstackgerritRaildo Mascena proposed openstack/keystone: Make fernet default token provider  https://review.openstack.org/25865018:43
*** mylu has joined #openstack-keystone18:43
*** daemontool_ has joined #openstack-keystone18:45
*** clenimar has quit IRC18:45
ayounglbragstad, topol have we started yet?18:45
lbragstadayoung not yet18:46
*** stack_ is now known as narengan18:46
lbragstadayoung people are still lunching18:46
samueldmqtjcocozz: https://review.openstack.org/#/c/24640018:46
lbragstadayoung starting in 10 minutes18:47
*** daemontool has quit IRC18:47
ayoungI'm dialed in18:47
*** cdcasey_ has joined #openstack-keystone18:48
*** spzala has quit IRC18:49
*** spzala has joined #openstack-keystone18:50
*** cdcasey_ has quit IRC18:51
topolayoung, time to call back in18:53
*** phalmos has quit IRC18:54
openstackgerritMatthew Edmonds proposed openstack/keystone: Simplify admin_required policy  https://review.openstack.org/27319318:54
*** spzala has quit IRC18:54
*** doug-fish has joined #openstack-keystone18:55
openstackgerrithenry-nash proposed openstack/keystone: Change get_project permission  https://review.openstack.org/27005718:58
*** doug-fish has quit IRC19:00
*** doug-fish has joined #openstack-keystone19:01
*** fpatwa has joined #openstack-keystone19:02
*** doug-fis_ has joined #openstack-keystone19:02
openstackgerritDavid Stanek proposed openstack/keystone: Correctly handle direct mapping with keywords  https://review.openstack.org/17598019:02
edmondswayoung, please take another look at the review I proposed above. I don't see any case where admin_required and admin_or_cloud_admin are not equivalent19:03
*** doug-fi__ has joined #openstack-keystone19:03
*** pwp has joined #openstack-keystone19:04
*** cdcasey has quit IRC19:04
*** cdcasey has joined #openstack-keystone19:04
ayoungedmondsw, look at the dom,ain match19:04
*** doug-fish has quit IRC19:06
ayoungedmondsw, Oh..I see what you are saying...there is a mistake in policy19:06
edmondswayoung, look at how that is part of an AND... it won't matter unless the other side of the AND matches19:06
ayoungedmondsw, “I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.”19:07
edmondswlol19:07
*** doug-fis_ has quit IRC19:07
edmondswok...19:07
edmondswright back at you? ;)19:07
ayoungedmondsw, we wanted to split admin project (is_admin) from cloud-admin (admin for domain)19:07
*** alexpro2 has joined #openstack-keystone19:07
*** pwp has quit IRC19:08
ayoungand..I thought that was what we were doing...and we are not19:08
ayoungso...you exposed a bug19:08
*** csoukup has quit IRC19:08
*** cdcasey has quit IRC19:08
*** alexpro2 has quit IRC19:08
*** cdcasey has joined #openstack-keystone19:08
*** apetrov has joined #openstack-keystone19:09
edmondswyou thought admin_required was matching admin project?19:09
edmondswnot clear what you thought it was doing / want it to do19:10
*** apetrov has quit IRC19:10
*** _cjones_ has quit IRC19:11
*** boris-42 has quit IRC19:13
*** e0ne has quit IRC19:13
*** phalmos has joined #openstack-keystone19:14
openstackgerritMatthew Edmonds proposed openstack/keystone: Simplify admin_required policy  https://review.openstack.org/27319319:19
*** RichardRaseley has joined #openstack-keystone19:21
*** _cjones_ has joined #openstack-keystone19:24
*** _cjones_ has quit IRC19:24
*** _cjones_ has joined #openstack-keystone19:24
*** e0ne has joined #openstack-keystone19:25
*** fpatwa has quit IRC19:26
*** rderose has quit IRC19:27
*** spandhe has quit IRC19:28
*** spandhe has joined #openstack-keystone19:28
*** csoukup has joined #openstack-keystone19:28
*** ebalduf has joined #openstack-keystone19:30
*** tonytan_brb has joined #openstack-keystone19:32
*** pwp has joined #openstack-keystone19:33
*** tonytan4ever has quit IRC19:35
*** spzala has joined #openstack-keystone19:37
*** pece has joined #openstack-keystone19:38
*** jsavak has quit IRC19:38
*** jsavak has joined #openstack-keystone19:39
ayoungedmondsw, admin_required should require is is_admin_project check19:40
*** pece has quit IRC19:40
*** pwp has left #openstack-keystone19:41
edmondswayoung, that would make it nearly equivalent to cloud_admin19:41
ayoungedmondsw, it should be like this19:41
openstackgerritDavid Stanek proposed openstack/keystone: Test hyphens instead of underscores in request attributes  https://review.openstack.org/25860119:42
ayoung"admin_required": "role:admin and token.is_admin_project:True"19:42
ayoung"cloud_admin": "role:admin and domain_id:admin_domain_id",19:42
ayoungedmondsw, that make sense?19:43
edmondswno...19:43
edmondswwhy aren't we deprecating admin_domain_id?19:44
edmondswin favor of token.is_admin_project19:44
ayoungoh, I did that wrong19:44
ayoung"cloud_admin": "role:admin and domain_id:domain_id",19:44
ayoungor better19:44
ayoung"cloud_admin": "role:admin and token.domain_id:domain_id",19:44
ayoungbut that is domain admin...19:44
ayoungmeh19:44
ayoungneed henry, and he is in the midcycle convo right now19:45
ayoungedmondsw, I'll downgrade to -119:45
edmondswhenry's having trouble getting on IRC, but he's sitting next to me19:45
ayoungthere is certainly someothig that can be cleanedup19:45
edmondswlet's talk after this midcycle convo finishes19:45
ayoung++19:45
*** tonytan_brb has quit IRC19:46
*** tonytan4ever has joined #openstack-keystone19:46
*** dims has joined #openstack-keystone19:53
openstackgerritDavid Stanek proposed openstack/python-keystoneclient: Missing defaults in the create() method in the v2 ServiceManager  https://review.openstack.org/26245020:01
dstanekayoung: lbragstad: dolphm: stevemar: samueldmq: bknudson: my last two pushes close out bugs ^20:03
*** daemontool has joined #openstack-keystone20:06
*** tonytan_brb has joined #openstack-keystone20:07
*** tonytan4ever has quit IRC20:09
*** daemontool_ has quit IRC20:09
samueldmqdstanek: just left a comment there20:10
openstackgerritMatthew Edmonds proposed openstack/keystone: invalidate cache immediately  https://review.openstack.org/27321820:14
edmondswdstanek notmorgan ^20:14
*** ebalduf has quit IRC20:15
notmorganedmondsw: cool we might need more of those btw20:16
notmorganyou can't delete after invalidate20:16
edmondswyeah, figured I'd throw this up before we forgot20:16
notmorganyou need to delete then invalidate20:16
notmorgan:)20:16
*** tonytan_brb has quit IRC20:16
notmorganbut you want it to be .deletE() next line .invalidatE()20:16
edmondswoh, did I do that?20:16
notmorganyeah20:16
edmondswoops20:16
notmorganhehe20:17
*** tonytan4ever has joined #openstack-keystone20:17
*** jsavak has quit IRC20:18
edmondswhmmm... not seeing it20:18
notmorgancommented20:19
notmorganyou moved one that didn't need to be moved20:19
notmorganoh wait hmm.20:20
notmorgani mis read the patch20:20
notmorgansec20:20
notmorganeeek, that is a hard one.20:20
edmondswshould the assignment be deleted before the project itself?20:21
edmondswand same for credentials20:22
*** timcline has quit IRC20:24
openstackgerritDavid Stanek proposed openstack/python-keystoneclient: Missing defaults in the create() method in the v2 ServiceManager  https://review.openstack.org/26245020:25
*** jsavak has joined #openstack-keystone20:27
*** doug-fi__ is now known as doug-fish20:27
*** mylu has quit IRC20:28
dstaneknotmorgan: counter on https://review.openstack.org/#/c/273218/120:30
notmorganyeah i need to think about thos that works20:30
notmorganthis was a weired on20:30
notmorganwait we're invalidating project and project_name, how does that impact delete assignments?20:31
notmorganassignment delete should be fine.20:32
notmorganafter the invalidate? or am i mis-reading your comment?20:32
notmorgandstanek: ^20:32
*** timcline has joined #openstack-keystone20:32
*** jsavak has quit IRC20:34
edmondsware assignments cached, and we'd need to call invalidate on those as well?20:35
notmorganedmondsw: the delete assignments should do that20:37
edmondswok good... so... why wouldn't we delete the assignments, then the project?20:37
notmorganbecause we don't want a race where someone adds a new assignment that isn't in the assignment list but the project is still valid20:38
notmorganso delete the project so no new assignments can be created for that project, then cleanup the assignments20:38
samueldmqdstanek: ping20:38
notmorgansamueldmq: i see you20:38
edmondswseems like we need some kind of synchronization20:38
samueldmqdstanek: regarding your patch above, looking at https://wiki.openstack.org/wiki/OpenStackClient/Commands20:38
samueldmqnotmorgan: o/20:39
notmorganedmondsw: you also can't login once the project is deleted20:39
notmorganedmondsw: this is less sync and more ordering.20:39
notmorganso, .delete .invalidate20:39
notmorganno more logins20:39
samueldmqdstanek: type is also optional, shouldn't its default be none as well20:39
dstaneknotmorgan: i was thinking about just being careful - once you delete the project then go ahead and invalidate the project - if the next delete fails the cache will be correct20:39
notmorgancleanup the assignments (which are invalid anyway)20:39
notmorgandstanek: once this convo in the room is done, expalin it i'm still missing it20:40
edmondswI guess if we invalidate twice... dstanek, is that what you were suggesting?20:40
dstaneksamueldmq: no reason to test every combination of everything - just want to focus on the thing being tested and in this case that's description20:40
dstaneknotmorgan: k, i may be missing something too :-) between pushing code, reviewing other code and trying to listen20:41
notmorganyeah20:41
notmorganexactly20:41
samueldmqdstanek: sure, not about the tests, but about the bug reported itself20:41
samueldmqdstanek: if the bug wouldn't apply to the type filter as well20:41
*** diazjf has quit IRC20:41
openstackgerritLance Bragstad proposed openstack/keystone: Reuse project scoped token check for trusts  https://review.openstack.org/25367220:42
openstackgerritLance Bragstad proposed openstack/keystone: Add checks for domain scoped data creep  https://review.openstack.org/25367120:42
openstackgerritLance Bragstad proposed openstack/keystone: Add checks for project scoped data creep to tests  https://review.openstack.org/25367020:42
lbragstadbknudson stevemar dstanek address comments and rebased ^20:42
*** jsavak has joined #openstack-keystone20:44
openstackgerritJorge Munoz proposed openstack/keystone: Fix trust redelegation tests  https://review.openstack.org/27323220:46
*** jsavak has quit IRC20:47
*** jsavak has joined #openstack-keystone20:47
*** narengan has quit IRC20:48
*** narengan has joined #openstack-keystone20:52
*** alexpro has quit IRC20:54
*** apetrov has joined #openstack-keystone20:56
*** gokrokve has quit IRC20:57
*** gokrokve_ has joined #openstack-keystone20:57
*** apetrov has quit IRC20:58
*** gokrokve_ has quit IRC20:59
*** gokrokve has joined #openstack-keystone20:59
*** gokrokve has quit IRC21:00
*** gokrokve has joined #openstack-keystone21:05
edmondswayoung, so I've chatted with henrynash, and he thinks this is correct as-is21:05
edmondswwe think you're assuming all the checks throughout the policy that use admin_required are doing more than they are... they just check that you're some kind of admin, not what kind21:06
edmondswif we need to check more than that in some places, sure... I'd probably agree with that. I'm just starting to go through the file and see what makes sense and what may need to change21:06
edmondswthis patch was just the first of what will probably be more to address that kind of thing21:07
edmondswtalking about https://review.openstack.org/#/c/27319321:07
ayoungedmondsw, yeah21:07
*** raildo has left #openstack-keystone21:07
edmondswso... you gonna +2 or what do you want here?21:08
ayoungI'm tempted to call in again and talk with him directly, but I'm kind of on something urgent...killing eventelt in Tripleo21:08
edmondswsure21:08
ayoungi'LL +221:08
edmondswtx21:08
*** amakarov has joined #openstack-keystone21:13
*** timcline has quit IRC21:13
*** jsavak has quit IRC21:14
*** gokrokve has quit IRC21:14
*** timcline has joined #openstack-keystone21:14
*** jsavak has joined #openstack-keystone21:14
*** diazjf has joined #openstack-keystone21:15
*** rcernin has quit IRC21:16
*** raildo has joined #openstack-keystone21:18
*** narengan has quit IRC21:19
*** RichardRaseley has quit IRC21:19
*** raildo is now known as raildo-afk21:20
dstanekedmondsw: this is what i was thinking http://paste.openstack.org/show/485193/21:23
edmondswmakes sense21:24
edmondswwant to throw that up as a separate patch, since this was already +workflow, or do you want me to add this here?21:25
amakarovdstanek: please, give me a link to your change(s) related to dependency21:26
*** pauloewerton has quit IRC21:26
*** paul-carlton2 has joined #openstack-keystone21:27
paul-carlton2jamielennox, hi21:27
paul-carlton2jamielennox, https://openstack.nimeyo.com/69269/openstack-keystone-addressing-keysone-running-operations21:27
paul-carlton2any progress on this?21:27
samueldmqtjcocozz: https://review.openstack.org/#/c/231289/21:29
stevemardstanek: please approve: https://review.openstack.org/#/c/258601/21:30
stevemardstanek: 1 character change is not co-authorship :)21:30
*** timcline_ has joined #openstack-keystone21:33
*** timcline has quit IRC21:36
openstackgerritLance Bragstad proposed openstack/keystone: Reuse project scoped token check for trusts  https://review.openstack.org/25367221:38
openstackgerritLance Bragstad proposed openstack/keystone: Add checks for domain scoped data creep  https://review.openstack.org/25367121:38
openstackgerritLance Bragstad proposed openstack/keystone: Add checks for project scoped data creep to tests  https://review.openstack.org/25367021:38
lbragstadbknudson followed a different pattern suggested by dstanek ^ and removed the comments since they no longer apply21:38
*** andrewbogott has joined #openstack-keystone21:40
openstackgerritMerged openstack/python-keystoneclient: Remove bandit tox environment  https://review.openstack.org/26926921:40
openstackgerritMerged openstack/python-keystoneclient: Remove Babel from requirements.txt  https://review.openstack.org/27211221:41
ayoungedmondsw, make sure https://review.openstack.org/#/c/242614/   gets some love, would you21:42
edmondswseveral of us looking at that one now21:43
edmondswat least me and topol21:43
andrewbogottHow does /v2.0/tenants/​{tenantId}​/users relate to roles?  Does that return all users that have the role ‘user’ on {tenantId}?  Or some other role?21:44
ayoungedmondsw, I'm here to answer questions, and can call back in if that helps21:44
topolayoung, I'm on it!!!21:45
*** dims has quit IRC21:46
*** ajmiller has joined #openstack-keystone21:46
*** e0ne has quit IRC21:49
*** su_zhang has quit IRC21:49
*** spzala has quit IRC21:50
*** spzala has joined #openstack-keystone21:51
*** diazjf has quit IRC21:51
openstackgerritBrant Knudson proposed openstack/python-keystoneclient: Bandit profile updates  https://review.openstack.org/26781021:51
*** lifeless has quit IRC21:53
*** lifeless has joined #openstack-keystone21:55
*** spzala has quit IRC21:55
*** spzala has joined #openstack-keystone21:57
mgagneayoung so far, I got much better UX/performance by leaving the keystone service in a centralized zone (with 100ms) and memcached in keystonestonemiddleware VS having regional keystone service/nodes but with centralized database (with 100ms)21:58
ayoungmgagne, very good to know21:58
ayoungmgagne, does put you at risk if the central keystone is not avaialble, but you know that21:59
mgagneayoung we are talking about: 2s/0.03s VS 1m15s/0.03s when 1st is initial call to nova API and 2nd subsequent calls21:59
mgagneayoung it's already the case, nothing changes here. will work on distributed keystone later21:59
mgagneayoung we are working on fernet migration, we just don't want to introduce performance regression.22:00
ayoungmgagne, sounds good.  I think Fernet will close the gap on what you need.22:00
ayoung++22:00
mgagneI very much like the non-persisted token22:01
ayoungmgagne, me too...I tried to make that happend a couple years ago22:02
mgagne"I felt a great disturbance in Keystone, as if millions of PKI tokens suddenly cried out in terror, and were suddenly deleted. I feel something great has happened."22:02
*** spzala has quit IRC22:03
*** daemontool has quit IRC22:19
*** KarthikB has quit IRC22:21
*** KarthikB has joined #openstack-keystone22:24
*** paul-carlton2 has quit IRC22:25
dolphmhow trusts redelegation works in keystone (with impersonation) https://twitter.com/dolphm/status/69247316493746585622:25
*** diazjf has joined #openstack-keystone22:25
dolphmjorge_munoz: ^ cc- stevemar lbragstad ayoung22:25
stevemaryo22:25
stevemarmgagne: lol22:27
ayoungdolphm, can you get a clearer picture?  All I see is foot gun, but can't tell if the folks to the right are all getting capped22:27
jorge_munozlol22:27
stevemarmgagne: move to fernet?22:27
mgagnetrying to =)22:27
dolphmayoung: lol it's a trust "chain" between them!22:27
ayoungdolphm, so only the first guy gets shot, but anyone of them can pull the chain, which then pulls the trigger?22:28
*** daemontool has joined #openstack-keystone22:30
*** pnavarro has quit IRC22:32
*** daemontool_ has joined #openstack-keystone22:37
*** daemontool has quit IRC22:39
*** timcline_ has quit IRC22:39
*** RA_ has joined #openstack-keystone22:42
*** jsavak has quit IRC22:47
*** jsavak has joined #openstack-keystone22:48
*** dims has joined #openstack-keystone22:51
*** dims has quit IRC22:54
*** jsavak has quit IRC22:55
*** jsavak has joined #openstack-keystone22:56
*** daemontool has joined #openstack-keystone22:58
*** c_soukup has joined #openstack-keystone23:00
openstackgerritMorgan Fainberg proposed openstack/keystone: Use requst local in-process cache per request  https://review.openstack.org/27200723:00
*** tonytan4ever has quit IRC23:01
openstackgerritLance Bragstad proposed openstack/keystone: Reuse project scoped token check for trusts  https://review.openstack.org/25367223:01
openstackgerritLance Bragstad proposed openstack/keystone: Add checks for domain scoped data creep  https://review.openstack.org/25367123:01
openstackgerritLance Bragstad proposed openstack/keystone: Add checks for project scoped data creep to tests  https://review.openstack.org/25367023:01
*** daemontool_ has quit IRC23:01
*** diazjf has quit IRC23:01
*** e0ne has joined #openstack-keystone23:02
*** su_zhang has joined #openstack-keystone23:02
*** pushkaru has quit IRC23:02
*** csoukup has quit IRC23:03
*** doug-fish has quit IRC23:03
*** harlowja has quit IRC23:03
*** jbell8 has quit IRC23:03
*** e0ne_ has joined #openstack-keystone23:04
*** harlowja has joined #openstack-keystone23:04
*** cdcasey has quit IRC23:04
*** e0ne has quit IRC23:06
openstackgerritMerged openstack/python-keystoneclient: Missing defaults in the create() method in the v2 ServiceManager  https://review.openstack.org/26245023:06
*** simondodsley has quit IRC23:08
*** slberger has left #openstack-keystone23:10
*** doug-fish has joined #openstack-keystone23:10
*** pushkaru has joined #openstack-keystone23:15
*** amakarov has quit IRC23:15
*** sigmavirus24 is now known as sigmavirus24_awa23:16
*** edmondsw has quit IRC23:17
*** doug-fish has quit IRC23:18
*** chlong has quit IRC23:18
*** jbell8 has joined #openstack-keystone23:19
*** doug-fish has joined #openstack-keystone23:21
*** vivekd has joined #openstack-keystone23:23
*** e0ne_ has quit IRC23:24
*** doug-fish has quit IRC23:24
*** doug-fish has joined #openstack-keystone23:25
*** doug-fish has quit IRC23:25
*** doug-fish has joined #openstack-keystone23:25
*** KarthikB has quit IRC23:26
*** jbell8 has quit IRC23:26
*** doug-fish has quit IRC23:27
*** doug-fish has joined #openstack-keystone23:27
*** jbell8 has joined #openstack-keystone23:29
*** dims_ has joined #openstack-keystone23:30
*** timcline has joined #openstack-keystone23:31
*** chlong has joined #openstack-keystone23:31
*** timcline has quit IRC23:31
*** timcline has joined #openstack-keystone23:32
*** doug-fish has quit IRC23:32
*** jbell8 has quit IRC23:35
*** jbell8 has joined #openstack-keystone23:38
openstackgerritJorge Munoz proposed openstack/keystone: Add tests for trust using impersonation  https://review.openstack.org/27327923:39
*** timcline has quit IRC23:39
*** avarner has quit IRC23:42
*** _cjones_ has quit IRC23:42
*** _cjones_ has joined #openstack-keystone23:43
*** jbell8 has quit IRC23:44
*** c_soukup has quit IRC23:44
*** _cjones__ has joined #openstack-keystone23:45
*** rbak has quit IRC23:46
*** _cjones__ has quit IRC23:46
*** _cjones_ has quit IRC23:46
*** _cjones__ has joined #openstack-keystone23:46
*** jsavak has quit IRC23:48
*** jbell8 has joined #openstack-keystone23:49
*** pushkaru has quit IRC23:50
*** su_zhang has quit IRC23:56
*** shoutm has joined #openstack-keystone23:59
« Tuesday, 2016-01-26 Index Thursday, 2016-01-28 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!