Friday, 2016-01-29

« Thursday, 2016-01-28 Index Saturday, 2016-01-30 »
*** EinstCra_ has quit IRC00:00
*** shoutm has joined #openstack-keystone00:03
*** tsymancz1k has quit IRC00:04
*** tsymanczyk has joined #openstack-keystone00:04
*** tsymanczyk has quit IRC00:04
*** ninag has quit IRC00:04
*** tsymancz1k has joined #openstack-keystone00:13
notmorganbigjools: no version00:15
bigjoolsnotmorgan: cool thanks very much. Did I miss documentation for this?00:15
*** timcline has quit IRC00:18
openstackgerritayoung proposed openstack/keystone: Implied Roles API  https://review.openstack.org/24261400:34
notmorganI don't think it is documented because some apis have versions.00:39
*** arunkant_ has quit IRC00:39
notmorganIn devstack00:39
notmorganWe are trying to fix that00:39
*** shoutm_ has joined #openstack-keystone00:39
*** shoutm has quit IRC00:41
*** Ephur has quit IRC00:46
bigjoolsI know tempest breaks if you put them in00:47
*** ayoung has joined #openstack-keystone00:49
*** ChanServ sets mode: +v ayoung00:49
*** chlong has joined #openstack-keystone00:49
*** RichardRaseley has quit IRC00:55
*** _cjones_ has quit IRC00:56
*** _cjones_ has joined #openstack-keystone00:56
*** alexvictorchan has quit IRC01:00
*** drjones has joined #openstack-keystone01:01
*** spandhe has quit IRC01:01
*** spandhe has joined #openstack-keystone01:01
*** _cjones_ has quit IRC01:02
*** drjones has quit IRC01:06
*** _cjones_ has joined #openstack-keystone01:06
*** jbell8 has joined #openstack-keystone01:16
*** shoutm_ has quit IRC01:16
*** shoutm has joined #openstack-keystone01:17
*** jbell8 has quit IRC01:17
*** jbell8 has joined #openstack-keystone01:18
*** hockeynut has quit IRC01:31
*** yarkot has quit IRC01:32
*** hughsaunders has quit IRC01:32
*** mgagne has quit IRC01:32
*** _cjones_ has quit IRC01:32
*** mgagne has joined #openstack-keystone01:32
*** mgagne has quit IRC01:32
*** mgagne has joined #openstack-keystone01:32
*** hughsaunders has joined #openstack-keystone01:32
*** hockeynut has joined #openstack-keystone01:34
*** davechen has joined #openstack-keystone01:34
*** jbell8 has quit IRC01:37
*** fawadkhaliq has joined #openstack-keystone01:38
*** fawadkhaliq has quit IRC01:38
*** amakarov has joined #openstack-keystone01:45
*** diazjf has joined #openstack-keystone01:49
*** alexvictorchan has joined #openstack-keystone01:56
*** jasonsb has joined #openstack-keystone01:58
*** jbell8 has joined #openstack-keystone02:00
ayoungSOMEONE IS DOING SOMETHING EVIL IN OUR CHECK JOB!02:00
*** browne has quit IRC02:02
*** bill_az has quit IRC02:06
*** gildub has quit IRC02:07
*** Ephur has joined #openstack-keystone02:15
*** tsymancz1k has quit IRC02:16
*** woodster_ has quit IRC02:16
openstackgerritayoung proposed openstack/keystone: Implied Roles API  https://review.openstack.org/24261402:23
ayoungcaching.  Its what's for dinner.02:24
*** vivekd has joined #openstack-keystone02:32
*** jbell8 has quit IRC02:32
*** jbell8 has joined #openstack-keystone02:33
*** Nirupama has joined #openstack-keystone02:36
*** gildub has joined #openstack-keystone02:41
*** RichardRaseley has joined #openstack-keystone02:44
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204502:47
*** yarkot has joined #openstack-keystone02:48
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204502:48
*** RichardRaseley has quit IRC02:49
*** mgagne has quit IRC02:51
*** mgagne has joined #openstack-keystone02:51
*** jasonsb has quit IRC02:55
*** browne has joined #openstack-keystone02:59
*** e0ne has joined #openstack-keystone03:00
*** dims has quit IRC03:11
*** fpatwa has joined #openstack-keystone03:14
*** vivekd has quit IRC03:17
*** tsymanczyk has joined #openstack-keystone03:17
*** tsymanczyk is now known as Guest913703:18
*** e0ne has quit IRC03:19
*** su_zhang has quit IRC03:23
*** su_zhang has joined #openstack-keystone03:29
*** Guest9137 has quit IRC03:31
*** jbell8 has quit IRC03:32
*** su_zhang has quit IRC03:32
*** richm has quit IRC03:33
*** fpatwa has quit IRC03:36
*** fpatwa has joined #openstack-keystone03:37
*** spandhe has quit IRC03:43
*** tsymancz2k has joined #openstack-keystone03:45
*** shoutm has quit IRC03:48
*** jasonsb has joined #openstack-keystone03:49
*** shoutm has joined #openstack-keystone03:55
*** vivekd has joined #openstack-keystone04:01
*** su_zhang has joined #openstack-keystone04:27
bigjoolsoh and Rally breaks if you *don't* have the versions in the URLs.  Awesome.04:28
*** spandhe has joined #openstack-keystone04:30
*** diazjf has quit IRC04:31
openstackgerrithenry-nash proposed openstack/keystone: Add tests for role management with v3policy file  https://review.openstack.org/26184604:38
*** markvoelker has quit IRC04:38
openstackgerrithenry-nash proposed openstack/keystone: Add CRUD support for domain specific roles  https://review.openstack.org/26187004:39
openstackgerrithenry-nash proposed openstack/keystone: Modify rules in the v3 policy sample for domain specifc roles  https://review.openstack.org/26207804:39
openstackgerrithenry-nash proposed openstack/keystone: Modify implied roles to honor domain specific roles  https://review.openstack.org/26306404:39
openstackgerrithenry-nash proposed openstack/keystone: Modify rules for domain specific role assignments  https://review.openstack.org/26354904:39
*** henrynash has joined #openstack-keystone04:43
*** ChanServ sets mode: +v henrynash04:43
*** vivekd has quit IRC04:46
*** bill_az has joined #openstack-keystone04:58
*** vgridnev has joined #openstack-keystone05:04
stevemardavechen: yay https://review.openstack.org/#/c/237448/ is gating!05:05
stevemardavechen: also, congratulations :)05:06
*** reddy has joined #openstack-keystone05:07
openstackgerritMerged openstack/keystone: Use the oslo.utils.reflection to extract the class name  https://review.openstack.org/24149405:09
*** browne has quit IRC05:09
davechenstevemar: thanks boss!05:11
davechenstevemar: it's a big surprise.05:11
*** chlong has quit IRC05:12
henrynashdavechen: and well deserved!05:17
davechenhenrynash: thanks you sir.05:19
davechenhenrynash: are you at the midcycle meetups?05:19
*** fpatwa has quit IRC05:19
henrynashdavechen: yep05:19
davechenhenrynash: cool, when will you back?05:20
*** jaosorior has joined #openstack-keystone05:20
henrynashdavechen: in the UK? I get back on Mon/Tues05:20
davechenhenrynash: do you have a extra plan to look around?05:21
davechenyeah05:21
davechenhenrynash: nice.05:21
davechenhenrynash: enjoy the weekend.05:21
henrynashdavechen: thx (I’m actually going back via California…so will spend the weekend there)05:21
davechenhenrynash: see you in the coming summit, miss you guys! although I was in Cananda last time but haven't got a chance to talk with you personally.05:22
henrynashdavechen: look forward to it05:22
*** amakarov has quit IRC05:23
*** fpatwa has joined #openstack-keystone05:25
*** chlong has joined #openstack-keystone05:33
*** markvoelker has joined #openstack-keystone05:39
openstackgerritMerged openstack/keystone: Add checks for domain scoped data creep  https://review.openstack.org/25367105:41
openstackgerritMerged openstack/keystone: remove KVS backend for keystone.contrib.revoke  https://review.openstack.org/27213405:42
openstackgerritMerged openstack/keystone: Replace tenant for project in resource files  https://review.openstack.org/24829505:43
*** markvoelker has quit IRC05:43
*** vgridnev has quit IRC05:49
*** fpatwa has quit IRC05:50
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947905:59
*** henrynash has quit IRC06:01
*** vivekd has joined #openstack-keystone06:02
*** jbell8 has joined #openstack-keystone06:10
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947906:13
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947906:15
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947906:17
*** vgridnev has joined #openstack-keystone06:22
*** fpatwa has joined #openstack-keystone06:26
*** chlong has quit IRC06:28
*** rcernin has quit IRC06:29
*** bill_az has quit IRC06:30
*** chlong has joined #openstack-keystone06:39
*** jaosorior has quit IRC06:40
*** spandhe has quit IRC06:40
*** jaosorior has joined #openstack-keystone06:47
*** vgridnev has quit IRC06:51
*** fpatwa has quit IRC06:56
*** vgridnev has joined #openstack-keystone06:58
*** xek_ has quit IRC07:00
*** xek_ has joined #openstack-keystone07:01
*** shoutm_ has joined #openstack-keystone07:01
*** shoutm has quit IRC07:02
*** vgridnev has quit IRC07:06
*** shoutm_ has quit IRC07:07
*** vgridnev has joined #openstack-keystone07:10
*** shoutm has joined #openstack-keystone07:14
openstackgerritMerged openstack/keystone: Add checks for project scoped data creep to tests  https://review.openstack.org/25367007:17
openstackgerritMerged openstack/keystone: Reuse project scoped token check for trusts  https://review.openstack.org/25367207:18
openstackgerritMerged openstack/keystone: Fix schema validation to use JSONSchema for empty entity  https://review.openstack.org/23744807:18
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947907:20
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947907:21
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947907:22
*** jbell8 has quit IRC07:25
*** rcernin has joined #openstack-keystone07:25
*** jbell8 has joined #openstack-keystone07:26
*** jbell8 has quit IRC07:27
*** jbell8 has joined #openstack-keystone07:28
*** chlong has quit IRC07:32
*** belmoreira has joined #openstack-keystone07:33
*** jbell8 has quit IRC07:36
*** jbell8 has joined #openstack-keystone07:37
*** su_zhang has quit IRC07:39
*** markvoelker has joined #openstack-keystone07:40
*** markvoelker has quit IRC07:44
*** shoutm has quit IRC07:48
*** shoutm has joined #openstack-keystone07:49
*** shoutm has quit IRC07:51
*** boris-42 has joined #openstack-keystone07:58
*** jbell8 has quit IRC08:09
*** jbell8 has joined #openstack-keystone08:10
*** shoutm has joined #openstack-keystone08:13
*** oomichi has quit IRC08:17
*** jbell8 has quit IRC08:19
*** jbell8 has joined #openstack-keystone08:20
*** sinese has joined #openstack-keystone08:26
*** shoutm has quit IRC08:35
*** vgridnev has quit IRC08:36
*** vgridnev has joined #openstack-keystone08:43
*** fpatwa has joined #openstack-keystone08:56
*** fhubik has joined #openstack-keystone09:00
*** fpatwa has quit IRC09:00
*** RA_ has quit IRC09:04
*** vgridnev has quit IRC09:08
*** jaosorior has quit IRC09:22
*** jaosorior has joined #openstack-keystone09:22
*** vgridnev has joined #openstack-keystone09:28
*** jbell8 has quit IRC09:29
*** jistr has joined #openstack-keystone09:30
*** mhickey has joined #openstack-keystone09:37
*** links has joined #openstack-keystone09:38
*** links has quit IRC09:38
*** vgridnev has quit IRC09:40
*** markvoelker has joined #openstack-keystone09:41
*** davechen has left #openstack-keystone09:43
*** markvoelker has quit IRC09:45
*** jaosorior has quit IRC10:08
*** jaosorior has joined #openstack-keystone10:08
*** fpatwa has joined #openstack-keystone10:23
*** vgridnev has joined #openstack-keystone10:27
*** reddy has quit IRC10:37
*** RA_ has joined #openstack-keystone10:44
openstackgerritAndreas Jaeger proposed openstack/oslo.policy: Update translation setup  https://review.openstack.org/27400010:48
*** reddy has joined #openstack-keystone10:48
*** markvoelker has joined #openstack-keystone10:56
*** markvoelker has quit IRC11:02
*** aix has joined #openstack-keystone11:04
*** dims has joined #openstack-keystone11:08
*** reddy has quit IRC11:22
*** dulek has joined #openstack-keystone11:23
*** fpatwa has quit IRC11:30
*** RA_ has quit IRC11:31
*** reddy has joined #openstack-keystone11:36
*** gildub has quit IRC11:42
*** fpatwa has joined #openstack-keystone11:44
*** vivekd has quit IRC11:49
*** reddy has quit IRC11:51
*** doug-fish has quit IRC11:51
*** BlackDex has joined #openstack-keystone11:55
BlackDexHello there, we have an issue where keystone returns unauthorized while the credentials are correct. When keystone is restarted it works for a few minutes, and after that it stops again.11:56
BlackDexWe can't seem to pinpoint the problem.11:56
BlackDexSome suggestions?11:56
ktychkovaBlackDex: is it possible that you have some time sync issues? Is datetime correct?12:07
*** raildo-afk is now known as raildo12:08
BlackDexbetween the keystone and ldap server?12:08
*** thiagolib has quit IRC12:09
ktychkovaBlackDex: between client machine and keystone, i think. I had something simullar - it was time sync issue between client and keystone12:09
BlackDexand does milli-seconds generate a issue?12:10
zigoIn the Keystone Mitaka b2 package, I'm running "keystone-manage --noverbose db_sync", but its still seem to be quite verbose, what's going on?12:13
zigoIs the option --noverbose broken, somehow? :)12:13
zigoNot a big deal, but I'd like to have it fixed still ... :P12:14
ktychkovaBlackDex: no :) it can not be milli-seconds issue. Check that time at all your machines is almost same12:14
BlackDexthe seconds seem to be the same, on the keystone server and ldap server atleat. Ill go and check others12:15
BlackDexktychkova: some other suggestions maybe where to look?12:15
*** daemontool has joined #openstack-keystone12:15
*** RA_ has joined #openstack-keystone12:15
*** rcernin has quit IRC12:18
ktychkovaBlackDex: give me more details. What type of authorization do you use? How to reproduce issue - what request do you send?12:18
*** rcernin has joined #openstack-keystone12:18
BlackDexwell every client which want to use something like `nova list` etc.. or even using the horizon dashboard failes to login12:20
BlackDexit uses LDAP12:20
*** eandersson has quit IRC12:23
BlackDexktychkova: we have checked all compute nodes, and keystone server and ldap server, all have the same date/time12:23
*** fpatwa has quit IRC12:26
ktychkovaBlackDex: I suggest you try to send dirrect request to keystone by curl. Here is manual: http://docs.openstack.org/developer/keystone/api_curl_examples.html  Try: 1. restart keystone 2. send request to check it works (it should) 3. wait 4. send again12:30
ktychkovaBlackDex: so we can understand it is not a client issue12:31
ktychkovaBlackDex: you need to use first requeest from manual12:31
BlackDexktychkova: we still use the v2 api12:44
BlackDexone moment12:44
*** vivekd has joined #openstack-keystone12:44
*** markvoelker has joined #openstack-keystone12:57
BlackDexktychkova: with some changes because we uses v2.0 but retreiving an auth-token works, and using that auth token to for instance get all tenants works also12:59
BlackDexso using curl is just fine12:59
BlackDexeven using the commands a few times after eachother12:59
BlackDexwhen i change the token one char, it is unauth, and change it back again, it works again13:00
*** mattt has left #openstack-keystone13:00
BlackDexwe receive a large auth-token btw.13:01
*** markvoelker has quit IRC13:01
ktychkovaBlackDex: I'm afraid then it is some deployment issue or client issue. And I'm not the right person to help you with it. At least we know that it is not keystone bug13:02
openstackgerritHenrique Truta proposed openstack/keystone: Allow project domain_id to be nullable at the manager level  https://review.openstack.org/26453313:02
openstackgerritHenrique Truta proposed openstack/keystone: Add tests in preparation of projects acting as a domain  https://review.openstack.org/27236913:02
openstackgerritHenrique Truta proposed openstack/keystone: Projects acting as domains  https://review.openstack.org/23128913:02
openstackgerritHenrique Truta proposed openstack/keystone: Verify project unique constraints for projects acting as domains  https://review.openstack.org/15837213:02
*** pauloewerton has joined #openstack-keystone13:04
BlackDexktychkova: Thx for your help, we atleat have ruled-out something13:08
*** kragniz has quit IRC13:12
*** gordc has joined #openstack-keystone13:16
*** kragniz has joined #openstack-keystone13:18
htrutatjcocozz: hey. Are you still working on that patch?13:21
openstackgerritHenrique Truta proposed openstack/keystone: Manager support for project cascade delete  https://review.openstack.org/24414913:23
openstackgerritHenrique Truta proposed openstack/keystone: Add backend support for deleting a projects list  https://review.openstack.org/24591613:23
*** markvoelker has joined #openstack-keystone13:24
*** daemontool has quit IRC13:29
*** peter-hamilton has joined #openstack-keystone13:31
*** doug-fish has joined #openstack-keystone13:31
*** doug-fish has quit IRC13:32
openstackgerritHenrique Truta proposed openstack/keystone: Manager support for project cascade update  https://review.openstack.org/24358413:32
*** doug-fish has joined #openstack-keystone13:32
samueldmqhtruta: yes he is, he's just finishing a more robust test13:46
openstackgerritHenrique Truta proposed openstack/keystone: Restricting domain_id update  https://review.openstack.org/20721813:46
htrutasamueldmq: ok. Just be aware that I've just rebased it due to merge conflicts13:46
samueldmqhtruta: I'd expect him to submit it this morning13:47
samueldmqhtruta: got it, tjcocozz ^13:47
*** daemontool has joined #openstack-keystone13:47
*** vgridnev has quit IRC13:47
*** vgridnev has joined #openstack-keystone13:48
*** ninag has joined #openstack-keystone13:51
openstackgerritMerged openstack/oslo.policy: Update translation setup  https://review.openstack.org/27400013:53
*** daemontool has quit IRC13:56
*** daemontool has joined #openstack-keystone13:57
bretonoslo_config folks had a discussion about implementing storing config in a database13:57
bretonmaybe someone could have a look at how they do want to do it and how we could use it for out domain-specific configs13:58
samueldmqbreton: or even share our experience with domain specific configs with them13:59
samueldmqbreton: thanks for the heads up, I will let folks know today at midcycle (cc stevemar)13:59
*** peter-hamilton has quit IRC14:00
notmorganbreton: i am frightened.14:00
*** peter-hamilton_ has joined #openstack-keystone14:00
*** EinstCrazy has joined #openstack-keystone14:01
*** Nirupama has quit IRC14:01
*** RA_ has quit IRC14:03
openstackgerritMorgan Fainberg proposed openstack/keystone: Deprecate keystone.common.kvs  https://review.openstack.org/27194814:06
notmorganstevemar: ^ fixed14:06
*** peter-hamilton_ has quit IRC14:09
bretonI see only spec https://review.openstack.org/#/c/243114/ and bknudson already -1-reviewed it14:10
openstackgerritMorgan Fainberg proposed openstack/keystone: Revert "Unit test for checking cross-version migrations compatibility"  https://review.openstack.org/27407914:13
notmorgandolphm, lbragstad, dstanek, henrynash, ^ revert of the problem test for migrations14:14
bretonnotmorgan: why revert it?14:14
notmorganbreton: it is not an accurate nor valid test and it is blocking work. We also have spent a significant time evaluating how we are handling cross version schemas and there is a lot of work to do to prove out the "right" approach14:15
notmorganbreton: look at the commit message for a bit more detail, but in short, unit test is the wrong approach and it misses thing. We also have gone circles on how we can even suppot x-version schemas and the original spec was both insufficient and would not really work.14:16
bretongot it14:17
notmorganbreton: new plan is in order, and we'll be moving this type of test into it's own gate/check job that has more control and the ability to verify actual cross-version run and upgrade patterns :)14:17
notmorganbut to unblock mitaka, we need to back it out.14:17
bretonyou need to revert the spec too then14:18
*** richm has joined #openstack-keystone14:18
notmorganbreton: or update the spec to reflect new plan14:18
*** e0ne has joined #openstack-keystone14:19
notmorganbreton: that will be determined today14:19
*** vgridnev has quit IRC14:19
*** vgridnev has joined #openstack-keystone14:21
openstackgerritMorgan Fainberg proposed openstack/keystone: Add in TRACE logging for the manager  https://review.openstack.org/27408514:27
notmorgandhellmann, dims: ^ first pass at some TRACE level logging, if you want to take a look :)14:27
*** fpatwa has joined #openstack-keystone14:27
*** jsavak has joined #openstack-keystone14:29
*** fpatwa has quit IRC14:31
*** EinstCrazy has quit IRC14:51
*** fhubik has quit IRC14:51
*** mhickey has quit IRC14:59
*** bill_az has joined #openstack-keystone15:01
*** mhickey has joined #openstack-keystone15:03
*** su_zhang has joined #openstack-keystone15:03
*** pushkaru has joined #openstack-keystone15:05
*** sigmavirus24_awa is now known as sigmavirus2415:05
*** fesp has joined #openstack-keystone15:05
*** KarthikB has joined #openstack-keystone15:07
tjcocozzhtruta, samueldmq: I will push your test up within the hour.15:08
*** fesp has quit IRC15:09
*** vivekd has quit IRC15:09
*** krotscheck has quit IRC15:10
*** slberger has joined #openstack-keystone15:11
dimsnotmorgan : nice!15:11
*** thebloggu has joined #openstack-keystone15:12
*** vivekd has joined #openstack-keystone15:13
*** amakarov has joined #openstack-keystone15:15
thebloggukeystone supports multiple endpoints for a service type and it's not considered bad practice right? I have swift running over http and https and would like to add both the endpoints to keystone15:16
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204515:19
*** clenimar has quit IRC15:19
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204515:20
*** clenimar has joined #openstack-keystone15:20
*** edmondsw has joined #openstack-keystone15:20
*** krotscheck has joined #openstack-keystone15:21
*** timcline has joined #openstack-keystone15:25
*** diazjf has joined #openstack-keystone15:27
*** diazjf has left #openstack-keystone15:27
*** diazjf has joined #openstack-keystone15:27
*** vgridnev has quit IRC15:28
*** vgridnev has joined #openstack-keystone15:32
*** vgridnev has quit IRC15:33
*** clenimar_ has quit IRC15:36
*** clenimar has quit IRC15:36
*** tonytan4ever has joined #openstack-keystone15:40
*** amakarov has quit IRC15:41
*** shaleh has joined #openstack-keystone15:41
lbragstadshaleh https://etherpad.openstack.org/p/keystone-office-hours15:42
*** jsavak has quit IRC15:44
*** jsavak has joined #openstack-keystone15:50
*** mhickey has quit IRC15:51
*** mhickey has joined #openstack-keystone15:52
*** jbell8 has joined #openstack-keystone15:55
openstackgerritDavid Stanek proposed openstack/keystone: WiP: make cache invalidation safe  https://review.openstack.org/27412915:55
*** jbell8 has quit IRC15:57
*** jbell8 has joined #openstack-keystone15:58
*** roxanagherle has joined #openstack-keystone16:01
*** spandhe has joined #openstack-keystone16:03
*** belmoreira has quit IRC16:08
*** mgarza has joined #openstack-keystone16:14
notmorgan3616:16
*** jbell8 has quit IRC16:17
*** csoukup has joined #openstack-keystone16:17
openstackgerritDolph Mathews proposed openstack/keystone: Introduce an identity_admin role to policy.json  https://review.openstack.org/27414316:17
*** jbell8 has joined #openstack-keystone16:18
*** su_zhang has quit IRC16:19
*** sinese has quit IRC16:19
*** alejandrito has joined #openstack-keystone16:19
*** jbell8 has quit IRC16:20
*** alexvictorchan has quit IRC16:20
ayoungcan we dial in?16:22
openstackgerritDavid Stanek proposed openstack/keystone: Correctly handle direct mapping with keywords  https://review.openstack.org/17598016:22
*** su_zhang has joined #openstack-keystone16:22
ayoungedmondsw, You OK with my rationale on https://review.openstack.org/#/c/242614/16:25
*** rcernin has quit IRC16:27
*** fpatwa has joined #openstack-keystone16:28
*** spandhe has quit IRC16:30
openstackgerritTom Cocozzello proposed openstack/keystone: Manager support for project cascade delete  https://review.openstack.org/24414916:31
openstackgerritTom Cocozzello proposed openstack/keystone: Add backend support for deleting a projects list  https://review.openstack.org/24591616:31
tjcocozzhtruta, samueldmq ^^16:31
*** jaosorior has quit IRC16:31
notmorgandstanek: https://review.openstack.org/#/c/272007/ and trace logger: https://review.openstack.org/#/c/274085/16:32
*** fpatwa has quit IRC16:32
*** jbell8 has joined #openstack-keystone16:33
htrutatjcocozz: nice. looking16:35
tjcocozzhtruta, glade to hear that.  I wanted to add a little more complex tree test just to make sure everything was still working.16:36
*** c_soukup has joined #openstack-keystone16:38
tjcocozzping stevemar16:38
stevemartjcocozz: oh hai16:38
tjcocozzstevemar, if you have time could you help me set up a federated keystone?16:39
htrutatjcocozz: liked it. Just found some minor nits. Do you want me to comment there? If not, I can fix them later16:39
tjcocozzhtruta, you don't need to comment, you can fix it later! :-)16:40
*** csoukup_ has joined #openstack-keystone16:41
openstackgerritRoxana Gherle proposed openstack/keystone: Make WebSSO trusted_dashboard hostname case-insensitive  https://review.openstack.org/27339416:41
*** csoukup has quit IRC16:42
openstackgerritDolph Mathews proposed openstack/keystone: Add "manager" roles to policy.json  https://review.openstack.org/27415316:42
*** amakarov has joined #openstack-keystone16:42
stevemar#success devstack now defaults to v3 for keystone16:43
openstackstatusstevemar: Added success to Success page16:43
edmondswayoung, I don't think so... WHY do you think the implied roles are safe to allow everyone to do if we don't think it's safe to allow everyone to get/list roles in general?16:43
ayoungedmondsw, I do think it is safe to let everyone list roles16:44
edmondswwhy don't we need consistency, one way or the other?16:44
ayoungbut changing that is not in the scope of my review16:44
edmondswso then you should be arguing to change the others, not to make this inconsistent16:44
ayoungI am arguing, but that is not in the scope of this review16:44
edmondswso make these new ones consistent with what we have for the general get/list roles, and then submit a later patch to change them both to less restricted16:44
htrutatjcocozz: nice :) Thank you!16:44
edmondswdon't have them inconsistent, and then make them consistent later... make them consistent now, and change them both later16:45
*** c_soukup has quit IRC16:45
ayoungMust I quote Thoreau at you?16:45
edmondswand at that point we can have the discussion of whether that second change is appropriate or not, since you don't want to have it here :)16:45
edmondswdo you think it'll do any good? ;)16:45
edmondswinconsistency is clearly wrong... whereas whether get/list roles should be allowed for everyone is at least debatable... so make them consistent as first priority16:46
ayoungedmondsw, aside from that, then,16:46
*** mhickey_ has joined #openstack-keystone16:47
edmondswwhat was the "needed to take caching into account" comment?16:48
edmondswoh, that just probably wasn't replying to me... k16:48
ayoungedmondsw, that is why the unit tests started failin in test_v3_auth16:48
edmondswyeah, gotcha16:48
ayoungif you add a role inference rule, you need to invalidate the cache16:48
ayoungotherwise, the user has the same roles in the token before and after16:49
ayoungsame for delete16:49
*** mhickey has quit IRC16:49
edmondswright, sure16:49
ayoungedmondsw, there was some git weirdness that origin/master did not have the changes that gerrit/master had, and a local rebase was not working.16:49
edmondswthe "additional APIs required should be submitted as follow-on changes" comment... I'm not a core, so I can't -2 this. you need to convince the other cores there, not me.16:50
ayoungtook me a while to be able to reproduce the issue16:50
edmondswI would argue that it's always easier to make API changes before they're merged, but it's not my call16:50
edmondswwe're not talking about additional APIs here... we're talking about replacing some of these with different APIs16:50
ayoungedmondsw, the spec was approved as is.  If you want a different API, post it as a spec change16:50
ayoungwe can certainly change to that, but at this point it really is bike shedding16:51
ayoungwe have the infomration we need to do implied roles16:51
ayoungwe can probably modify the core role APIs to show the data you want16:51
ayoungalthough I don't know if we want it to have both implied and prior in the response16:52
*** diazjf has quit IRC16:53
edmondswayoung, wish you were here... you'd love the conversation we just had about why we don't actually need implied roles after all...16:55
lbragstad notmorgan https://review.openstack.org/#/c/258650/16:55
gordcstevemar: do i have to change anything that says v2.0 to v3 now?16:55
gordcstevemar: https://github.com/openstack-dev/devstack/commit/f4ce44bf3fbf06e53c2ae3ec6aa4996831cf460516:56
lbragstadnotmorgan consolidation stuff needs to happen too https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:consolidate-fernet-provider16:56
ayoungedmondsw, well I'm not there.  What was the rationale16:56
edmondswnot sure where to begin there... outcome of a long discussion16:57
*** alexvictorchan has joined #openstack-keystone16:57
ayoungedmondsw, I can call in16:57
ayoungedmondsw, then it didn't happen and is meaning less.16:57
ayoungAnd yes, I am starting to get a little annoyed16:57
openstackgerritDolph Mathews proposed openstack/keystone: Add an "auditor" role to policy.json  https://review.openstack.org/27415716:57
edmondswlol we cannot be blamed for your absence... to my knowledge ;)16:57
ayoungdolphm, there was a spec by jamielennox|away for this16:57
dolphmayoung: *shrug*16:58
ayoungdolphm, fot all the roles...let me find it16:58
edmondswayoung, check with normorgan and henrynash... I'll let them explain16:58
ayoungI think you are on the same page as him16:58
dolphmayoung: cross project spec?16:58
ayoungdolphm, yea16:58
ayoungdolphm, https://review.openstack.org/#/c/245629/16:59
ayoungdolphm, he called it observer,16:59
ayoungbut the identity_admin is in keeping with what he had16:59
notmorganayoung: and we talked about some changes to oslo.policy to make it easier17:00
ayoungnotmorgan, I can call in17:00
notmorganayoung: it's not really a group thing small breakout groups17:00
notmorganso a call in doesn't help17:00
notmorgan[and the wifi sucks so hangouts may tip over :( ]17:01
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204517:01
notmorgans/may/will.17:01
ayoungnotmorgan, I need to be part of this discsussion17:01
*** diazjf has joined #openstack-keystone17:01
notmorganayoung: we will continue it on IRC after midcycle17:01
notmorgandolphm: is setting up the "code example" so we can discuss more17:01
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204517:01
notmorganthis is not "merge as is proposed"17:01
gordcanyone? do i need to update keystone target( https://github.com/openstack/aodh/blob/master/devstack/plugin.sh#L202) now that devstack defaults to v3?17:01
notmorganand most people are picking up to leave soon since flights17:02
ayoungnotmorgan, give me the summary please17:02
notmorganayoung: will do once it's all posted.17:02
ayoungI'm happy to call direct17:02
*** jbell8_ has joined #openstack-keystone17:02
notmorganayoung: easier to do so then so we have common things to look at.17:02
notmorganconcrete examples = easier to discuss than nebulous hand-waving-over-the-phone17:02
*** shaleh has quit IRC17:02
*** e0ne has quit IRC17:03
*** shaleh has joined #openstack-keystone17:03
*** jbell8 has quit IRC17:03
lbragstadnotmorgan looks like devstack already does #1 on your list - https://github.com/openstack-dev/devstack/blob/f4ce44bf3fbf06e53c2ae3ec6aa4996831cf4605/lib/keystone#L461-L46417:03
notmorganlbragstad: fantastic17:04
notmorganlbragstad: easy then17:04
*** daemontool has quit IRC17:04
lbragstadnotmorgan so then we make this fernet?17:05
lbragstadhttps://github.com/openstack-dev/devstack/blob/f4ce44bf3fbf06e53c2ae3ec6aa4996831cf4605/lib/keystone#L25017:05
ayoungnotmorgan, of course we don't need implied roles.  We can do it all in policy.  Except then we can't query it.17:05
notmorganayoung: and i think what we're saying is we don't need to query it17:06
ayoungnotmorgan, then you have not really solved the problem17:06
edmondswgordc, everything should be changing to v3, so I would say yes17:06
edmondswyou'd need to change more than just the auth_url... you'd at least have to specify domain as well17:07
*** diazjf has quit IRC17:08
gordcedmondsw: sigh... i hope this was broadcasted and i just missed it.17:08
*** vivekd has quit IRC17:08
gordcedmondsw: do you happen to have example service_credentials list required?17:08
*** spandhe has joined #openstack-keystone17:09
notmorganayoung: we would create local groups [regardless of the idm groups], so you can use groups to do the assignment of a "set of roles" which we already support17:09
notmorganayoung: so, always have "keystone managed groups"17:09
ayoungnotmorgan, I'm calling in17:09
*** su_zhang has quit IRC17:09
notmorgani wanted to hold up until we had the concrete examples then we can figure this out and discuss it more17:09
ayoungthere are so many things you have not considered.17:10
notmorganayoung: we have a lot of other convos happening17:10
notmorganayoung: so example will be posted and we can then have the convo17:10
notmorgannot "merge this example"17:10
notmorganjust so we can explain with a concrete example and we can say "oh we are missing X then"17:10
ayoungor you are completely missing the point and I have been heads down on this problem for 2 years.17:10
notmorganayoung: so.. lets have the example first then make sure we covered the bases and aren't missing something.17:10
ayoungand by you I mean all of you17:11
*** pushkaru has quit IRC17:11
*** diazjf has joined #openstack-keystone17:11
* notmorgan has to jump into a different convo now.17:11
*** pushkaru has joined #openstack-keystone17:12
edmondswgordc, I'm trying to remember what service_credentials is and why it's distinct from keystone_authtoken ?17:12
ayoungedmondsw, stevemar, bknudson topol please dial in to the conf line17:12
lbragstadraildo o/17:12
raildolbragstad: \o17:12
lbragstadraildo getting a few minutes here at the mid-cycle. when you left your comment on https://review.openstack.org/#/c/258650/15 did you test that patch on the consolidation patches?17:13
*** _cjones_ has joined #openstack-keystone17:13
*** sinese has joined #openstack-keystone17:14
edmondswgordc, look at stack.sh lines 1009-101717:15
raildolbragstad: no I didn't but I saw that a lot of tests was broking on the issue_v2_token17:15
lbragstadah gotcha - let me see if I can rebase those17:16
lbragstadthe validate_v3_token patch is ready for review17:16
*** thiagolib has joined #openstack-keystone17:16
*** sinese has quit IRC17:16
raildolbragstad: so I thought that this patch https://review.openstack.org/#/c/197647/23 will fix this erros17:16
openstackgerritDolph Mathews proposed openstack/keystone: Add granular roles (per policy capability) to policy.json  https://review.openstack.org/27416817:16
raildolbragstad: nice, i'll review it in a few minutes :)17:17
openstackgerritRoxana Gherle proposed openstack/keystone: Allow '_' character in mapping_id value  https://review.openstack.org/26493717:17
lbragstadraildo thanks - I'll see if I can fix up the v2 ones17:17
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Remove foreign assignments when deleting a domain  https://review.openstack.org/12743317:17
samueldmqdstanek: lbragstad: ^ this should fix one more bug17:17
gordcedmondsw: ack. thanks17:17
raildolbragstad: great :) anything that you want related to this, I'm available17:18
edmondswgordc, and for endpoint type, note that v2 would be something like "publicURL" whereas v3 would be something like "public"... drops the "URL" from the end17:18
lbragstadraildo awesome - let's start with https://review.openstack.org/#/c/196877/ and see if we can get that close to merging17:19
lbragstadraildo then we can move to fixing up the issue_v2_token and validate_v2_token paths17:19
edmondswgordc, why is service_credentials distinct from keystone_authtoken?17:19
raildolbragstad: sounds good to me :)17:20
*** _cjones_ has quit IRC17:20
lbragstadwhich are https://review.openstack.org/#/c/197647/ and https://review.openstack.org/#/c/197706/17:20
*** _cjones_ has joined #openstack-keystone17:20
lbragstadthen we can rebase https://review.openstack.org/#/c/267781/ and https://review.openstack.org/#/c/258650/15 on top of all those17:20
lbragstadraildo then we should have a better idea of the other failures (hopefully)17:20
raildolbragstad: there is a lot of odd tests :(17:22
bknudsonayoung: I don't have the moderator passcode17:23
gordcedmondsw: we use service_credentials to access other service apis (polling)17:23
bknudsonayoung: we're just having small group discussion so I don't think you'd be able to hear anything17:23
lbragstaddstanek https://review.openstack.org/#/c/196877/3217:23
lbragstadraildo some of that is going to be the lack of sub-second precision17:23
bknudsonayoung: plus, we'll be breaking up for lunch17:23
lbragstadraildo which notmorgan wants to mock the time on17:23
ayoungbknudson, something was discussed about implied groups, something is going on with that and if that discussion is happening I should be a part of it.17:24
bknudsonayoung: that discussion is complete17:24
ayoungIf someone proposed that it can all be done in policy, they don't understand the full problem17:24
ayoungbknudson, you missed a word17:25
bknudsonI think it's about domain roles17:25
raildolbragstad: hum... got it17:25
ayoungis henry still there?17:25
bknudsonayoung: henry is here.17:25
ayoungbknudson, tell him to call me17:27
*** sinese has joined #openstack-keystone17:27
bknudsonayoung: apparently he can't get on irc so I told him you're interested17:27
*** shaleh_ has joined #openstack-keystone17:28
*** woodster_ has joined #openstack-keystone17:29
*** sinese has quit IRC17:30
*** shaleh has quit IRC17:31
notmorganbknudson, stevemar: https://review.openstack.org/#/c/274074/217:33
*** jasonsb has quit IRC17:36
*** jasonsb has joined #openstack-keystone17:37
*** sinese has joined #openstack-keystone17:38
*** sinese has quit IRC17:39
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider issue_v2_token()  https://review.openstack.org/19764717:44
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider validate_v3_token()  https://review.openstack.org/19687717:44
*** jasonsb has quit IRC17:46
dolphmnotmorgan: freezegun usage in keystone https://review.openstack.org/#/c/227995/17:47
openstackgerritDavid Stanek proposed openstack/keystone: Correctly handle direct mapping with keywords  https://review.openstack.org/17598017:49
*** jistr has quit IRC17:49
*** timcline has quit IRC17:49
*** browne has joined #openstack-keystone17:51
*** sinese has joined #openstack-keystone17:56
*** rodrigods has quit IRC17:57
*** rodrigods has joined #openstack-keystone17:57
*** sinese has quit IRC17:58
*** su_zhang has joined #openstack-keystone17:59
dolphmupdated the cross-project spec https://review.openstack.org/#/c/245629/18:01
*** su_zhang has quit IRC18:01
dolphmfor "common default policy" conventions / schema18:01
*** sigmavirus24 is now known as sigmavirus24_awa18:02
openstackgerritDolph Mathews proposed openstack/keystone: Add an "observer" role to policy.json  https://review.openstack.org/27415718:03
dolphmayoung: replaced "auditor" with "observer," btw ^18:03
openstackgerritDolph Mathews proposed openstack/keystone: Add granular roles (per policy capability) to policy.json  https://review.openstack.org/27416818:06
*** diazjf has quit IRC18:08
*** edmondsw has quit IRC18:23
*** roxanagherle has quit IRC18:24
*** timcline has joined #openstack-keystone18:25
*** fpatwa has joined #openstack-keystone18:29
*** timcline has quit IRC18:30
openstackgerritayoung proposed openstack/keystone: Implied Roles API  https://review.openstack.org/24261418:32
*** fpatwa has quit IRC18:33
*** sigmavirus24_awa is now known as sigmavirus2418:41
*** iurygregory has quit IRC18:41
*** amakarov has quit IRC18:45
*** su_zhang has joined #openstack-keystone18:57
*** pcaruana has joined #openstack-keystone18:57
*** su_zhang has quit IRC18:58
*** daemontool has joined #openstack-keystone18:58
*** markd_ has joined #openstack-keystone18:59
*** gordc has quit IRC19:00
*** su_zhang has joined #openstack-keystone19:02
thebloggui'm trying to get the service catalog using keystonclient with a token but the client seems not to have one. can someone help me? if I try to use a token and the cli to get the catalog I get the message "Configuration error: Client configured to run without a service catalog. Run the client using --os-auth-url or OS_AUTH_URL, instead of --os-endpoint or OS_SERVICE_ENDPOINT, for example."19:02
*** timcline has joined #openstack-keystone19:03
*** jsavak has quit IRC19:04
*** markd_ has quit IRC19:04
openstackgerritMerged openstack/keystone: Update bandit.yaml  https://review.openstack.org/26704419:10
*** daemontool has quit IRC19:10
openstackgerritMerged openstack/keystone: Enable bandit tests  https://review.openstack.org/26705119:11
*** mhickey_ has quit IRC19:11
*** jsavak has joined #openstack-keystone19:13
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947919:17
*** pushkaru has quit IRC19:17
*** krotscheck has quit IRC19:17
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947919:18
*** pcaruana has quit IRC19:24
*** gordc has joined #openstack-keystone19:26
*** jsavak has quit IRC19:29
*** jsavak has joined #openstack-keystone19:30
openstackgerritMorgan Fainberg proposed openstack/keystone: Add in TRACE logging for the manager  https://review.openstack.org/27408519:32
*** pcaruana has joined #openstack-keystone19:37
*** jistr has joined #openstack-keystone19:37
*** fesp has joined #openstack-keystone19:38
*** diazjf has joined #openstack-keystone19:38
*** pushkaru has joined #openstack-keystone19:39
jorge_munozayoung: lbragstad I think I found another issue with trust, but I wanted to double check with you guys. User A creates a trust for redelegation to User B, then User B gets a trust scope token and is able to create a trust to User C with impersonation set to True. That should return something like bad request, right?19:42
ayoungdolphm, I really like this https://review.openstack.org/#/c/245629/4..5/specs/common-default-policy.rst19:42
lbragstadjorge_munoz meaning that you can't create an impersonated trust with a trust?19:43
ayoungjorge_munoz, if the origianly trust allowed impersonation, it probably should not allow redelegation, but it might be required19:43
ayoungif the origianly trust did not allow impersonation, the redelegated trust should not allow impersonation19:43
*** shaleh_ has quit IRC19:43
openstackgerritMorgan Fainberg proposed openstack/keystone: Use requst local in-process cache per request  https://review.openstack.org/27200719:44
lbragstadi agree - i don't think we should allow *any* intermixing of redelegation and impersonation19:44
lbragstadas someone creating a trust - i either need to use impersonation, redelegation, or neither19:45
ayounglbragstad, what we want, and what is required are two different things19:45
ayoungif impersonation is needed, it will need to be redelegated19:45
jorge_munozYes, the original trust did not allow impersonation, but i was able to create a redelegated trust with impersonation.19:45
jorge_munozimpersonation set to trust.19:46
ayoungfor example,  if the resournce is owned by a user, and you need to be that user to change it, such as some swift and barbican resources, then I delegate to, say Ansible-as-a-server which tehn delegates to heat which delelagest to glance, which needs to do the actual work19:46
jorge_munoztrue*19:46
ayoungjorge_munoz, that is a bug19:46
jorge_munozayoung: lbragstad thanks, I’ll create a bug for it then.19:47
*** su_zhang has quit IRC19:48
dstaneknotmorgan: http://paste.openstack.org/show/485480/19:52
*** fesp has quit IRC19:56
*** jasonsb has joined #openstack-keystone19:59
*** thebloggu has quit IRC20:03
*** jsavak has quit IRC20:03
*** pcaruana has quit IRC20:06
*** jsavak has joined #openstack-keystone20:06
*** pcaruana has joined #openstack-keystone20:09
samueldmqstevemar: http://fairy-slipper.russellsim.org/#/by-tag/identity/v3/20:09
*** pcaruana has quit IRC20:19
*** thiagolib has quit IRC20:19
*** diazjf has quit IRC20:21
*** timcline has quit IRC20:25
*** slberger has quit IRC20:25
*** timcline has joined #openstack-keystone20:26
*** vgridnev has joined #openstack-keystone20:29
*** fpatwa has joined #openstack-keystone20:30
*** richm has quit IRC20:30
*** fpatwa has quit IRC20:34
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/27279020:45
*** richm has joined #openstack-keystone20:46
*** slberger has joined #openstack-keystone20:47
openstackgerritPaulo Ewerton Gomes Fragoso proposed openstack/keystone: WIP API support for project cascade update  https://review.openstack.org/24358520:51
openstackgerritJorge Munoz proposed openstack/keystone: Fix trust redelegation tests  https://review.openstack.org/27323220:53
openstackgerritJorge Munoz proposed openstack/keystone: Add tests for trust using impersonation  https://review.openstack.org/27327920:53
*** diazjf has joined #openstack-keystone20:57
*** diazjf1 has joined #openstack-keystone20:58
openstackgerritJorge Munoz proposed openstack/keystone: Add tests for trust using impersonation  https://review.openstack.org/27327920:59
*** diazjf has quit IRC20:59
*** jasonsb has quit IRC20:59
*** tsymanczyk has joined #openstack-keystone21:04
*** tsymancz2k has quit IRC21:04
*** tsymanczyk is now known as Guest7594021:04
openstackgerritJorge Munoz proposed openstack/keystone: Add tests for trust using impersonation  https://review.openstack.org/27327921:05
*** dims has quit IRC21:09
*** su_zhang has joined #openstack-keystone21:09
*** jistr has quit IRC21:10
openstackgerritJorge Munoz proposed openstack/keystone: Do not allow creating redelegated trust when using impersonated token.  https://review.openstack.org/27425021:30
*** bill_az has quit IRC21:35
*** rcernin has joined #openstack-keystone21:36
*** dims has joined #openstack-keystone21:39
*** jgriffith is now known as jgriffith_away21:43
*** vgridnev has quit IRC21:44
*** ninag has quit IRC21:48
*** raildo is now known as raildo-afk21:48
*** jsavak has quit IRC21:49
*** jsavak has joined #openstack-keystone21:49
*** diazjf1 has quit IRC21:50
*** zqfan has quit IRC21:51
*** pauloewerton has quit IRC21:51
*** timcline has quit IRC21:52
*** vgridnev has joined #openstack-keystone21:52
*** timcline has joined #openstack-keystone21:53
*** alejandrito has quit IRC21:54
*** vgridnev has quit IRC21:56
*** su_zhang has quit IRC21:59
*** alexvictorchan has quit IRC22:00
*** Guest75940 has quit IRC22:03
*** su_zhang has joined #openstack-keystone22:07
*** doug-fis_ has joined #openstack-keystone22:10
*** doug-fi__ has joined #openstack-keystone22:14
*** gordc has quit IRC22:14
*** doug-fish has quit IRC22:14
*** timcline has quit IRC22:15
*** doug-fis_ has quit IRC22:17
*** doug-fi__ has quit IRC22:18
*** jbell8_ has quit IRC22:19
*** e0ne has joined #openstack-keystone22:24
*** doug-fish has joined #openstack-keystone22:26
*** tonytan4ever has quit IRC22:27
*** RA_ has joined #openstack-keystone22:28
*** fpatwa has joined #openstack-keystone22:30
*** doug-fish has quit IRC22:31
* notmorgan does the hotel bar devstack build dance.22:33
*** fpatwa has quit IRC22:35
*** RA_ has quit IRC22:36
*** cdcasey has joined #openstack-keystone22:36
*** spzala has joined #openstack-keystone22:36
*** e0ne_ has joined #openstack-keystone22:37
*** dims has quit IRC22:38
*** cdcasey has left #openstack-keystone22:38
*** cdcasey has joined #openstack-keystone22:38
*** e0ne has quit IRC22:39
*** aix has quit IRC22:39
*** aix has joined #openstack-keystone22:40
*** aix is now known as Guest96522:40
*** e0ne has joined #openstack-keystone22:45
*** e0ne_ has quit IRC22:45
*** e0ne_ has joined #openstack-keystone22:46
*** lhcheng has joined #openstack-keystone22:47
*** ChanServ sets mode: +v lhcheng22:47
*** e0ne has quit IRC22:49
*** roxanaghe has joined #openstack-keystone22:54
*** su_zhang has quit IRC22:59
*** KarthikB has quit IRC22:59
*** su_zhang has joined #openstack-keystone23:00
openstackgerritJorge Munoz proposed openstack/keystone: Do not allow creating redelegated trust when using impersonated token.  https://review.openstack.org/27425023:00
*** sigmavirus24 is now known as sigmavirus24_awa23:00
*** alejandrito has joined #openstack-keystone23:01
*** alexvictorchan has joined #openstack-keystone23:02
*** jsavak has quit IRC23:03
cdcaseyI'm assuming keystone client is only deprecated for CLI, correct? E.G., when writing a python script, we should still be importing from keystoneclient.v3, not from some openstack lib?23:04
*** jorge_munoz has quit IRC23:04
*** tsymancz1k has joined #openstack-keystone23:10
*** roxanaghe has quit IRC23:15
*** cdcasey has quit IRC23:23
bretonyes, that's correct, the guy who quit23:29
*** mgarza has quit IRC23:30
*** sshen has quit IRC23:34
*** sshen has joined #openstack-keystone23:37
*** csoukup_ has quit IRC23:41
*** alejandrito has quit IRC23:41
*** sshen has quit IRC23:43
*** su_zhang has quit IRC23:44
*** sshen has joined #openstack-keystone23:45
*** e0ne_ has quit IRC23:49
*** hughsaunders has quit IRC23:59
« Thursday, 2016-01-28 Index Saturday, 2016-01-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!