Monday, 2016-02-22

« Sunday, 2016-02-21 Index Tuesday, 2016-02-23 »
*** boris-42 has joined #openstack-keystone00:04
*** EinstCra_ has joined #openstack-keystone00:05
*** EinstCrazy has quit IRC00:06
*** EinstCra_ has quit IRC00:07
*** subscope has quit IRC00:27
*** fpatwa has quit IRC00:29
*** fpatwa has joined #openstack-keystone00:32
*** markvoelker has joined #openstack-keystone01:09
*** markvoelker has quit IRC01:13
*** fpatwa has quit IRC01:32
*** shoutm has joined #openstack-keystone01:36
*** mylu has quit IRC01:48
*** EinstCrazy has joined #openstack-keystone01:48
*** mylu has joined #openstack-keystone01:51
*** davechen2 has joined #openstack-keystone02:01
*** davechen2 is now known as davechen02:04
*** mylu has quit IRC02:24
*** vivekd has joined #openstack-keystone03:07
*** markvoelker has joined #openstack-keystone03:09
stevemardavechen: yeah, but we need to fix the bug before we release mitaka-3 :\03:13
bigjoolsstevemar: hey!03:14
stevemarbigjools: hola03:14
*** markvoelker has quit IRC03:14
bigjoolsstevemar: would you mind doing me a huge favour and checking what I am doing here is not insane please? https://bugs.launchpad.net/python-keystoneclient/+bug/154733103:15
openstackLaunchpad bug 1547331 in python-keystoneclient "AuthorizationFailure: Authorization failed: Cannot authenticate without an auth_url" [Undecided,New]03:15
*** mylu has joined #openstack-keystone03:17
stevemarbigjools: hmm, looks like jamie already commented (that makes my life easier)03:17
bigjoolsstevemar: indeed, but the last thing I'm doing specifically to make service_catalog available03:17
davechenstevemar: sure, it will be cool to update the testcase,  maybe amakarov_away is working on that. :)03:22
davechenstevemar: any other patches need immediate attention?03:25
stevemardavechen: just this stuff: https://launchpad.net/keystone/+milestone/mitaka-303:25
stevemardavechen: the shadow user patches?03:26
davechenstevemar: but it always WIP :(03:26
stevemardavechen: i need to talk to ron about that :)03:26
stevemardavechen: i think review it regardless03:26
davechenstevemar: and I feel that SP filtering is defer to N by default?03:27
stevemardavechen: yep, i said that at the last meeting, sorry for not updating you :\03:27
davechenstevemar: glad to know that.03:27
davechenstevemar: no need to rush.03:27
*** mylu has quit IRC03:29
*** mylu has joined #openstack-keystone03:30
stevemardavechen: also https://review.openstack.org/#/c/277436/ - but also WIP03:31
patchbotstevemar: patch 277436 - keystone - Return 404 instead of 401 for tokens w/o roles03:31
stevemardavechen: also this one.. https://review.openstack.org/#/c/231289/5403:31
patchbotstevemar: patch 231289 - keystone - Projects acting as domains03:31
davechenstevemar: i will take a look at both of them.03:32
*** fpatwa has joined #openstack-keystone03:33
*** fpatwa has quit IRC03:37
*** davechen is now known as davechen_afk03:45
*** links has joined #openstack-keystone03:57
*** diazjf has joined #openstack-keystone04:16
*** mylu has quit IRC04:16
*** mylu has joined #openstack-keystone04:19
*** mylu has quit IRC04:20
stevemarbigjools: finally looking at your bug, family stuff before04:23
bigjoolsno worries04:23
bigjoolsit's still sunday for you04:23
stevemarbigjools: yep04:24
*** dave-mcc_ has joined #openstack-keystone04:24
stevemarbigjools: so you're using keystone auth or keystoneclient's old deprecated auth bits?04:24
*** dave-mccowan has quit IRC04:25
bigjoolsI am trying to get Rally doing something sane with its clients. First up is to get it using sessions, but I end up with the problem described.04:25
*** mylu has joined #openstack-keystone04:25
bigjoolsso the old auth stuff is no more04:26
bigjoolsbut - with it seems to go the service_catalog04:26
*** dave-mcc_ has quit IRC04:28
stevemarbigjools: got some paste code?04:30
bigjoolsstevemar: even better: https://review.openstack.org/#/c/282918/104:30
patchbotbigjools: patch 282918 - rally - Make Rally cope with unversioned keystone URL04:30
stevemarbigjools: oh that is even better04:31
bigjoolsthe old code was doing all its own discovery and crazy things04:31
bigjoolsI only found out that client.authenticate() doesn't work with sessions when someone tried to use an endpoint override04:32
bigjoolsand jamie pointed out authenticate() is deprecated for sessions04:32
*** mylu has quit IRC04:38
*** mylu has joined #openstack-keystone04:40
*** davechen_afk has quit IRC04:40
*** dave-mccowan has joined #openstack-keystone04:40
*** davechen has joined #openstack-keystone04:41
*** Nirupama has joined #openstack-keystone04:42
jamielennoxbigjools: use full irc nicks - i would have joined in earlier04:50
jamielennoxwhat's up?04:50
bigjoolsjamielennox: see my last question on https://bugs.launchpad.net/python-keystoneclient/+bug/154733104:50
openstackLaunchpad bug 1547331 in python-keystoneclient "AuthorizationFailure: Authorization failed: Cannot authenticate without an auth_url" [Undecided,New]04:50
bigjoolssorry didn't think you were on and then realised my client sorted you into the voiced section at the top of the list... d'oh04:51
jamielennoxbigjools: np04:51
jamielennoxbigjools: do you need to iterate the catalog or just know if something is present04:52
bigjoolsit's iterating it and collecting service_types04:52
bigjoolshang on I'll find the code04:52
jamielennoxsession.get_endpoint is none if nothing matches so you can do like if session.get_endpoint(service_type='identity', version=(3,0))04:52
jamielennoxbut there isn't normally a list exposed04:53
bigjoolsyeah04:53
bigjoolshttps://github.com/openstack/rally/blob/master/rally/osclients.py#L70204:53
*** fpatwa has joined #openstack-keystone04:53
bigjoolsthat is the problematic code04:53
stevemarjamielennox: be telepathic instead :P04:54
jamielennoxstevemar: ever more reasonable requests from our PTL04:55
jamielennoxbigjools: so two options04:55
stevemarjamielennox: i ask for so little04:56
bigjoolsProblematic Telepathy Lead04:56
jamielennoxbigjools: rally has a predefined list of services: https://github.com/openstack/rally/blob/master/rally/consts.py#L114 so you can loop through those and do the get_endpoitn check04:56
jamielennoxthe request is cached but it's not the fastest way04:56
jamielennoxotherwise i'd do like04:56
jamielennoxtry:04:57
jamielennoxhmm04:57
bigjoolsthere's also myriad call sites using client.service_catalog.url_for()04:57
jamielennoxif hasattr(auth, 'get_access'):04:57
jamielennox    auth.get_access(session).service_catalog.url_for(...)04:58
jamielennoxbigjools: all identity plugins (things that talk to keystone) should implement get_access04:58
bigjoolsright - that's what I've tried to use in my hack04:58
jamielennoxbigjools: which is realistically everything you would want to use rally for04:58
jamielennoxbut you should make sure anyway04:58
bigjoolsso how greasy is my hack that copies the result of get_access into the auth_ref?04:59
jamielennoxoh, you install it back onto the client?04:59
jamielennoxthat's greasy04:59
bigjoolsI figured :)04:59
bigjoolsit just saved changing a ton of code04:59
jamielennoxany reason not to do it from the auth object?04:59
bigjoolsand the tests in Rally suck04:59
jamielennoxyea i can imagine04:59
boris-42bigjools: why they suck lol?05:00
bigjoolsboris-42: hey :)05:00
jamielennoxwhat most services like this lack is like a current context object05:00
bigjoolsboris-42: too many mocks05:00
boris-42bigjools: you mean unit tests ?)05:00
jamielennoxthey assume that the keystoneclient is authenticated and then pass that around05:00
bigjoolsboris-42: yes05:00
boris-42bigjools: so we have to mock services05:00
jamielennoxusing it for state rather than as an entry point for requests05:00
boris-42bigjools: in unit tests05:00
boris-42bigjools: otherwise they would be intergration tests (which we have)05:01
boris-42bigjools: but if you have any ideas how to do the better testing of scenarios/oslicents you are very welocme05:01
jamielennoxboris-42: i wish rally didn't encorporate a database05:01
bigjoolsjamielennox: right. If I save the identity object on the rally client object I can use it to get the auth object05:01
bigjoolsand hence service_catalog05:01
boris-42jamielennox: you mean db less mode?05:02
bigjoolsboris-42: fakes implemented as fixtures05:02
jamielennoxboris-42: that's a thing? (it's not mentioned in any docs i read)05:02
bigjoolsboris-42: re-implementing a function should not involve re-writing its test05:02
boris-42jamielennox: so I heard that request before05:02
boris-42jamielennox: like just run rally task and get report05:02
boris-42jamielennox: in one line05:02
boris-42jamielennox: it sound like a very interesting idea05:03
jamielennoxboris-42: yep, you can wrap something that stores result in a db around that runner05:03
jamielennoxbut for me i want to automatic deploy to a vm, run tests get results05:03
boris-42jamielennox: so I am thinking about it05:03
boris-42jamielennox: however I didn't find a nice solution yet05:03
jamielennoxand it's a pain to have to go through the process of registering environments into a db05:03
jamielennoxrather than just provide ENV vars like the other clients05:03
bigjools^ +105:03
boris-42jamielennox: hm one just question05:03
boris-42jamielennox: why not next: "rally deployment create --fromenv --name any"05:04
boris-42jamielennox: rally task start <your_file>05:04
boris-42jamielennox: if you have in env variables (it will be just few commands)05:04
boris-42jamielennox: instead of one05:04
jamielennoxi more or less have, but it's not idempotent for ansible05:04
jamielennoxi've currently got05:04
bigjoolsI'd like to be able to specify multiple task files as well05:05
boris-42bigjools: but why not putting everything in single file?)05:05
bigjoolsboris-42: same reason the samples aren't05:05
boris-42bigjools: seems like people is willing to have this multi file stuff (we will need to implement it)05:05
boris-42bigjools: rally/certification/ ?05:06
boris-42bigjools: single file https://github.com/openstack/rally/tree/master/certification/openstack05:06
jamielennoxhttp://paste.openstack.org/show/487717/05:06
bigjoolsboris-42: samples/tasks/05:06
boris-42bigjools: those are samples05:06
boris-42bigjools: this one is the thing that you should run =)05:06
boris-42jamielennox: reading05:07
bigjoolsalso same reason you don't put all your code in the same file05:07
bigjools:)05:07
boris-42jamielennox: so you are trying to use rally as a lib05:07
boris-42jamielennox: this is pain in the neck I know, we are almost done with refactoring this part and making it sexy05:07
jamielennoxboris-42: there i am because it was proving difficult to parse CLI output05:08
boris-42jamielennox: andreykuriling is hardworking on it05:08
boris-42bigjools: ok05:08
jamielennoxboris-42: anyway i think if you extract the part that is a test runner and have that take only CLI or env vars or even be called only as a python entry point05:09
jamielennoxthen you can wrap the rally database stuff around it05:09
boris-42jamielennox: yep yep05:09
jamielennoxbut it would mean for those of us who don't have a long running rally deployment i could just take my output and feed it back to my own analysis05:09
boris-42jamielennox: I agree that it is valid case (you don't need to convince me+)05:10
*** markvoelker has joined #openstack-keystone05:10
boris-42jamielennox: so we will need to do some magic around rally.task.engine05:10
*** GB21 has joined #openstack-keystone05:10
jamielennoxboris-42: no worries, i just haven't seen you around since i started playing with rally, that's been my big pain so far05:10
jamielennoxand then writing the ansible tasks it's very tied into the db05:10
boris-42jamielennox: btw we have feature reuqest05:11
boris-42jamielennox: https://rally.readthedocs.org/en/latest/feature_requests.html05:11
boris-42jamielennox: so please if you are facing troubles just put them all there and we will find the way to address those things05:11
boris-42jamielennox: it's hard to see the project like new users are seeing it after 3 years=)05:12
jamielennoxboris-42: completely understand that05:12
*** markvoelker has quit IRC05:15
bigjoolsI'd love to see a KeystoneFixture provided by keystone itself, such that other projects can use it in tests05:16
bigjoolscan run it up as a fixtureresource05:16
boris-42bigjools: yep that will be nice (we would use that in rally)05:17
bigjoolsboris-42: yeah - can then get rid of all those nasty mocks :)05:17
bigjoolswhich I am sure are hiding bugs :(05:17
boris-42bigjools: they are not hidding bugs (cause we are covering almost all by integration tests)05:18
boris-42bigjools: take a look at the amount of jobs that we have in gates https://review.openstack.org/#/c/269958/05:18
patchbotboris-42: patch 269958 - rally - Using 'dt' as alias for datetime imports05:18
bigjoolsboris-42: choose_version returns "None" as a string. That's a hidden bug :)05:18
bigjoolswhat I mean is, traps that are waiting when stuff gets changed05:19
bigjoolsjamielennox: thanks for the advice BTW. I'll try to implement it, sadly not easy because of the way the code is currently organised but it's all a challenge...05:21
*** EinstCra_ has joined #openstack-keystone05:23
*** EinstCrazy has quit IRC05:25
*** diazjf has quit IRC05:33
*** dave-mccowan has quit IRC05:37
*** mylu has quit IRC05:41
*** rdo has quit IRC05:45
*** rdo has joined #openstack-keystone05:47
*** ChengKun has joined #openstack-keystone05:50
*** mylu has joined #openstack-keystone05:55
*** roxanaghe has joined #openstack-keystone05:58
*** jaosorior has joined #openstack-keystone06:11
*** Guest61736 is now known as mariusv06:27
*** mariusv has joined #openstack-keystone06:27
*** fpatwa has quit IRC06:37
*** EinstCrazy has joined #openstack-keystone06:38
*** roxanaghe has quit IRC06:39
*** EinstCra_ has quit IRC06:39
*** vivekd_ has joined #openstack-keystone06:43
*** vivekd has quit IRC06:46
*** vivekd_ is now known as vivekd06:46
*** mylu has quit IRC06:49
*** jasonsb has joined #openstack-keystone06:52
*** josecastroleon has joined #openstack-keystone07:00
*** belmoreira has joined #openstack-keystone07:11
*** markvoelker has joined #openstack-keystone07:11
bretonstevemar: 5507:14
*** markvoelker has quit IRC07:15
*** chlong_ has quit IRC07:30
*** jasonsb has quit IRC07:33
*** tomoiaga has joined #openstack-keystone07:35
*** jasonsb has joined #openstack-keystone07:36
*** subscope has joined #openstack-keystone07:51
*** su_zhang has quit IRC07:51
*** subscope has quit IRC07:51
*** jamielennox is now known as jamielennox|away07:52
*** su_zhang has joined #openstack-keystone07:52
*** iurygregory has quit IRC07:56
*** su_zhang has quit IRC07:56
*** ericksonsantos has quit IRC07:57
*** wolsen has quit IRC07:57
*** wolsen has joined #openstack-keystone08:00
*** jamielennox|away is now known as jamielennox08:02
*** pcaruana has joined #openstack-keystone08:05
*** subscope has joined #openstack-keystone08:07
*** raildo is now known as raildo-afk08:08
*** subscope has quit IRC08:17
*** vivekd_ has joined #openstack-keystone08:26
*** subscope has joined #openstack-keystone08:26
*** vivekd has quit IRC08:28
*** vivekd_ is now known as vivekd08:28
*** martinus___ has joined #openstack-keystone08:29
*** jistr has joined #openstack-keystone08:37
*** fpatwa has joined #openstack-keystone08:38
*** subscope has quit IRC08:40
*** tomoiaga has quit IRC08:40
*** fpatwa has quit IRC08:42
*** tomoiaga has joined #openstack-keystone08:48
*** fhubik has joined #openstack-keystone08:57
*** subscope has joined #openstack-keystone09:00
*** rvba has quit IRC09:03
*** davechen has left #openstack-keystone09:05
*** spring_ is now known as davechen_afk09:06
*** markvoelker has joined #openstack-keystone09:12
*** henrynash has joined #openstack-keystone09:15
*** ChanServ sets mode: +v henrynash09:15
*** markvoelker has quit IRC09:16
*** rvba has joined #openstack-keystone09:22
*** rvba has quit IRC09:23
*** rvba has joined #openstack-keystone09:23
*** subscope has quit IRC09:25
*** subscope has joined #openstack-keystone09:29
*** fhubik has quit IRC09:30
*** fhubik has joined #openstack-keystone09:31
*** fhubik is now known as fhubik_brb09:32
*** mvk has joined #openstack-keystone09:38
*** wanghua has quit IRC09:54
*** fhubik_brb is now known as fhubik09:54
*** daemontool has joined #openstack-keystone10:01
samueldmqmorning keystoners10:01
samueldmqhenrynash: hello, let me know when you have a momento to discuss 24358510:01
henrynashsamuedlmq: hi10:02
samueldmqhenrynash: I saw your latest comments there10:02
henrynashsamueldmq: ok10:02
samueldmqhenrynash: are you okay with checking the policy for each project in the tree?10:03
henrynashsamueldmq: I’m not sure having a role on ecery project givens them any more or less right to be able to modify it10:03
samueldmqhenrynash: I think that's correct, since what we provide is a shortcut for not doing them separately10:03
henrynashsamueldmq: so an “observer” has more rights to edit than someone who has no role?10:04
henrynashsamuedlmq: I don’t see why that should be so10:04
samueldmqhenrynash: if he has observer on every project10:04
samueldmqhenrynash: AND observer is allowed to PATCH a proejct10:05
samueldmqhenrynash: it hsould be able to do it, but I don't think observer will be able to update a project10:05
henrynashsamueldmq: and the PATCH policy endpoint is the same for cascase and not cascade?10:05
samueldmqhenrynash: yes10:06
*** chlong_ has joined #openstack-keystone10:06
henrynashsamueldmq: did we consider what we have done for other “tree operations” and have a separate policy endpoint for the regular vs tree-version of the API?10:07
samueldmqhenrynash: if you see it as a shortcut for not doing each update separately, that makes sense ?10:07
samueldmqhenrynash: okay, what are the other operations?10:07
samueldmq(an example)10:07
henrynashsamueldmq: list tree assignment10:07
samueldmqhenrynash: list_role_assignments?10:08
henrynashsamueldmq: yes, so you can pass it ?include_sub_tree and it then returns all the assignments for the subtree below the project specified10:09
samueldmqhenrynash: hmm, I see list_role_assignments_for_tree in the policy10:09
henrynashsamueldmq: yep10:10
henrynashsameldmq: like to be a specifially granted role maybe and/or require a domain scoped token perhaps10:10
henrynashsamueldmq: we don’t know, it’s up to how the deployer (or domain admin) wants to allow such an operation10:11
samueldmqhenrynash: if we allowed tree checks in the policy somehow life would be easier10:11
samueldmqhenrynash: but they can do that today10:12
samueldmqhenrynash: if you do identity:update_project: domain_id:%(target.domain_id)s10:13
samueldmqhenrynash: that rule would pass for every project in the tree, as they have the same domain_id10:13
henrynashsamueldmq: maybe…although I have a feeling that tree-operations will always be considered something special10:13
henrynashsamueldmq: either that, we we need to basically re-issuse the actual policy check for each node10:15
samueldmqhenrynash: I think checking policy for every node in the tree mkes it more secure10:15
samueldmqhenrynash: but notice that update/delete are write operations in the tree10:15
henrynashsamueldmq: are you actually doing that…or just checking they have a role on each node?10:15
samueldmqhenrynash: while list assignments is a read-only10:15
*** EinstCrazy has quit IRC10:16
samueldmqhenrynash: I am pretty sure we check the policy, let me recheck10:17
henrynashsamueldmq: no…we are just looking to see if the user has any role on each project in the tree10:18
samueldmqhenrynash: yes 'The policy rule might want to inspect if the user have access for every project in the subtree.'10:18
henrynashsamueldmq: ah, you are right…OK, so that’s much better…sorry missed that bit10:19
samueldmqhenrynash: if it was only checking any role assignments in the node10:20
samueldmqthat was pretty bad, I agree10:20
samueldmqhenrynash: so I'd expand the comment in the test to say it needs an ADMIN inherited role assginment, because that will make every nodepass against policy10:21
henrynashsamueldmq: yes, likelythat inherited roles will be the ones to use here….10:21
samueldmqhenrynash: let me do it right now (add that comment)10:22
samueldmqhenrynash: yes they will10:22
samueldmqhenrynash: and perhaps your second point about using a wrapper in that controller, as we did for dommain role assingments10:22
henrynashsamueldmq: the other thing is that I’d liek us not to call @filterproetcted and @protected10:22
samueldmqhenrynash: maybe addressed in a followup10:22
samueldmqhenrynash: perhaps we could extract the logic from the annotation in a method that can also be called separately?10:23
samueldmqhenrynash: in addition to the annotation itself10:23
henrynashsamueldmq: I think we’re only useing filterprotected to extract the ‘cascade’ bit so we know whether to to that logic or nor….10:25
samueldmqhenrynash: yes10:25
samueldmqhenrynash: so that can definitely be refactored to be done as you did in domain roles with wrappers10:25
henrynashok10:26
samueldmqhenrynash: I will leave a todo there10:26
samueldmqhenrynash: maybe as a followup?10:26
samueldmqhenrynash: okay I will add a TODO and expand the comments in the tests for now10:26
henrynashsamueldmq: just trying to think through whether there is any negative consquence of teh filter and protected version….and whether we need to change it now, before the patch goes in10:27
samueldmqhenrynash: I will update it now10:27
henrynashsamueldmq: ok…I’ll check back in a while…and am now happy with the principle of what we are doing…maybe add doc string or something to the check_proetction method making it clear what the algorithim is10:29
samueldmqhenrynash: ++ will do in bit10:31
henrynashsamueldmq: I still wonder if _check_user_has_access_to_subtree() is needed….maybe the policy rule might want to not require a cascade operation to have a role on each proejct…but that certainly fits more with our previous techniques10:32
*** henrynash has quit IRC10:33
*** fpatwa has joined #openstack-keystone10:39
*** lhcheng has quit IRC10:40
*** fpatwa has quit IRC10:43
*** ChengKun has quit IRC10:56
*** subscope has quit IRC10:57
*** markvoelker has joined #openstack-keystone11:12
*** markvoelker has quit IRC11:17
*** subscope has joined #openstack-keystone11:30
*** henrynash has joined #openstack-keystone11:32
*** ChanServ sets mode: +v henrynash11:32
*** martinus___ has quit IRC11:34
*** mgagne has quit IRC11:39
*** andrewbogott has quit IRC11:39
*** sigmavirus24_awa has quit IRC11:39
*** wasmum has quit IRC11:39
*** errr has quit IRC11:40
*** ryanpetrello has quit IRC11:40
*** BlackDex has quit IRC11:40
*** raorn has quit IRC11:40
*** eglute has quit IRC11:40
*** zigo has quit IRC11:40
*** mhu has quit IRC11:40
*** d34dh0r53 has quit IRC11:40
*** dhellmann has quit IRC11:41
*** zigo has joined #openstack-keystone11:41
*** DuncanT has quit IRC11:41
*** raorn has joined #openstack-keystone11:42
*** DuncanT has joined #openstack-keystone11:42
*** BlackDex has joined #openstack-keystone11:42
*** andrewbogott has joined #openstack-keystone11:43
*** subscope has quit IRC11:45
*** eglute has joined #openstack-keystone11:45
*** subscope has joined #openstack-keystone11:45
*** mgagne has joined #openstack-keystone11:45
*** ryanpetrello has joined #openstack-keystone11:46
*** mhu has joined #openstack-keystone11:46
*** mgagne is now known as Guest5143511:46
*** wasmum has joined #openstack-keystone11:46
*** dhellmann has joined #openstack-keystone11:46
*** sigmavirus24_awa has joined #openstack-keystone11:46
*** d34dh0r53 has joined #openstack-keystone11:46
*** links has quit IRC11:53
*** fpatwa has joined #openstack-keystone11:53
*** errr has joined #openstack-keystone11:54
*** rodrigods has quit IRC11:57
*** rodrigods has joined #openstack-keystone11:57
*** fpatwa has quit IRC12:00
*** links has joined #openstack-keystone12:07
*** henrynash has quit IRC12:09
*** chlong_ has quit IRC12:17
*** raildo-afk is now known as raildo12:19
*** fhubik is now known as fhubik_brb12:20
*** fhubik_brb is now known as fhubik12:20
*** fhubik is now known as fhubik_brb12:25
*** fhubik_brb is now known as fhubik12:25
*** lhcheng has joined #openstack-keystone12:28
*** ChanServ sets mode: +v lhcheng12:28
*** lhcheng has quit IRC12:33
*** henrynash has joined #openstack-keystone12:38
*** ChanServ sets mode: +v henrynash12:38
*** Nirupama has left #openstack-keystone12:39
*** fhubik is now known as fhubik_brb12:39
*** raildo is now known as raildo-afk12:40
samueldmqhenrynash:12:41
samueldmqhenrynash: so, if I don't use @filterprotected, we will need to call chack_protection explicitely12:42
samueldmqcheck*12:42
samueldmqhenrynash: which means we will need to create the internal protection_info param, which is bizarre12:43
*** markvoelker has joined #openstack-keystone12:43
henrynashsamueldmq: let me take a quick look…..12:45
*** raildo-afk is now known as raildo12:46
samueldmqhenrynash: sure12:46
samueldmqhenrynash: an alternative I was thinking was: 1) we check the cascade in a wrapper (similar to in domain roles)12:46
samueldmqhenrynash: 2) 2 different methods called by the wrapper (also as in domain roles), but they have diffrent wrappers12:47
samueldmq@protected and @tree_protected12:47
*** markvoelker has quit IRC12:47
samueldmqbut that would require them to receive a method name, as they will both point to the same 'update_project' policy entry12:48
*** jaosorior has quit IRC12:49
henrynashsamueldmq: hmm, have to think abou this…sorry, I’m actually off sick today, so not sure my brain is firing on all cylnders!]12:49
*** jaosorior has joined #openstack-keystone12:50
samueldmqhenrynash: that's okay, you may look once you're better :)12:50
*** jaosorior has quit IRC12:50
*** henrynash has quit IRC12:50
*** jaosorior has joined #openstack-keystone12:51
*** gordc has joined #openstack-keystone12:54
*** iurygregory has joined #openstack-keystone12:55
*** clenimar has joined #openstack-keystone12:56
*** pauloewerton has joined #openstack-keystone13:02
*** links has quit IRC13:08
*** vivekd has quit IRC13:16
*** martinus___ has joined #openstack-keystone13:17
openstackgerritDavid Stanek proposed openstack/keystoneauth: Adds a TOTP authentication method  https://review.openstack.org/28307613:17
*** links has joined #openstack-keystone13:22
*** fhubik_brb is now known as fhubik13:25
*** jdennis has joined #openstack-keystone13:27
openstackgerritChaozhe Chen(ccz) proposed openstack/keystone: Deprecate logger.WritableLogger  https://review.openstack.org/28307813:28
*** markvoelker has joined #openstack-keystone13:29
*** edmondsw has joined #openstack-keystone13:35
*** esp has joined #openstack-keystone13:50
*** links has quit IRC13:50
*** rk4n has joined #openstack-keystone13:53
*** jsavak has joined #openstack-keystone13:55
*** andrewbogott has quit IRC13:55
*** andrewbogott has joined #openstack-keystone13:55
*** subscope has quit IRC13:56
*** petertr7_away is now known as petertr713:58
*** annasort has joined #openstack-keystone13:58
*** esp has quit IRC13:58
*** richm has joined #openstack-keystone14:02
*** ninag has joined #openstack-keystone14:05
*** chlong_ has joined #openstack-keystone14:06
*** jistr has quit IRC14:06
*** jistr has joined #openstack-keystone14:07
*** subscope has joined #openstack-keystone14:09
*** vivekd has joined #openstack-keystone14:10
*** dave-mccowan has joined #openstack-keystone14:14
*** openstackgerrit has quit IRC14:17
*** openstackgerrit has joined #openstack-keystone14:17
*** sdake has joined #openstack-keystone14:21
*** raildo is now known as raildo-afk14:26
*** bdossant has joined #openstack-keystone14:28
*** raildo-afk is now known as raildo14:29
*** superdan is now known as dansmith14:30
*** shoutm has quit IRC14:37
*** doug-fish has joined #openstack-keystone14:39
*** belmoreira has quit IRC14:40
openstackgerritHenrique Truta proposed openstack/keystone-specs: Fix cascade operations documentation  https://review.openstack.org/27483614:43
*** bdossant has quit IRC14:43
*** bdossant_ has joined #openstack-keystone14:44
*** su_zhang has joined #openstack-keystone14:45
*** josecastroleon has quit IRC14:46
*** rderose has joined #openstack-keystone14:47
*** roxanaghe has joined #openstack-keystone14:48
*** bdossant_ has quit IRC14:52
*** vivekd has quit IRC14:57
*** bdossant has joined #openstack-keystone14:58
*** sigmavirus24_awa is now known as sigmavirus2414:59
*** diazjf has joined #openstack-keystone14:59
*** slberger has joined #openstack-keystone15:00
*** vivekd has joined #openstack-keystone15:11
openstackgerritRon De Rose proposed openstack/keystone: Shadow users - Shadow federated users  https://review.openstack.org/27916215:14
*** diazjf1 has joined #openstack-keystone15:18
*** ayoung has joined #openstack-keystone15:19
*** ChanServ sets mode: +v ayoung15:19
*** diazjf has quit IRC15:21
*** timcline_ has joined #openstack-keystone15:23
*** bdossant has quit IRC15:23
*** phalmos has joined #openstack-keystone15:24
*** bdossant has joined #openstack-keystone15:27
*** jorge_munoz has joined #openstack-keystone15:32
*** woodster_ has joined #openstack-keystone15:34
*** tomoiaga has quit IRC15:42
*** jaugustine has joined #openstack-keystone15:48
*** roxanaghe has quit IRC15:49
*** Gage has joined #openstack-keystone15:49
*** Gage has quit IRC15:50
*** nkinder has joined #openstack-keystone15:50
*** phalmos_ has joined #openstack-keystone15:52
*** phalmos has quit IRC15:55
*** jsavak has quit IRC16:03
marekdrderose: hi, i just submited a comment on your federated users patch.16:03
*** jsavak has joined #openstack-keystone16:04
marekdrderose: let me know if you see my point16:04
rderosemarekd okay, working on that now16:04
marekdrderose: thanks.16:05
*** belmoreira has joined #openstack-keystone16:07
*** vivekd has quit IRC16:08
rderosemarekd, agree with your comment regarding not creating a foreign key relationship with federation_protocol16:10
*** Oku_OS has joined #openstack-keystone16:10
rderosemarekd regarding adding protocol_id to the unqiue constraint (currently idp_id and unqiue_id), I'm still not getting it.  if your coming in from an IDP one time using SAML and another time using OpenID, it's still the same federated user.16:11
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Fix/refactor policy check for cascade operations  https://review.openstack.org/28314516:11
rderosemarekd, the scenario you commented on is covered by the unique constraint of idp_id and unique_id, right?16:12
marekdwhich scenario?16:13
rderosemarekd "Ron: If you are using same e-mail address in two trusted IdPs you may end up with unique_id equal to same email address. But coming from more than one IdP means there are two users."16:14
marekdunique_id would be an attribute coming from the IdP, right?16:14
rderoseright16:14
marekdso, you cannot simply put this value in the user_id in token.16:15
rderoseno, will map this user to a local user (shadow federated user) and user_id will be a local user id16:16
marekdrderose: is there any code that does that mapping so far?16:17
marekdso I could look and try to understand16:17
*** browne has joined #openstack-keystone16:17
*** jsavak has quit IRC16:19
rderosemarekd only my current patch, take a look at keystone/identity/core.py ln 1213 and follow down to keystone/identity/shadow_backends/sql.py16:19
rderosemarekd, but working on this now, so will submit another patch soon16:19
marekdrderose: i will16:20
*** jsavak has joined #openstack-keystone16:20
marekdlet's sync later on (or tomorrow)16:20
rderosemarekd, cool16:20
marekdbecause i might be missing some things :-)16:20
marekdand then I would need your guidance :-)16:20
rderosemarekd you and me both :)16:20
marekdrderose: we'll figure something out!16:21
rderosemarekd: yeah, hopefully :)16:22
*** vivekd has joined #openstack-keystone16:22
*** mvk has quit IRC16:22
*** pushkaru has joined #openstack-keystone16:22
*** bdossant has quit IRC16:26
*** belmoreira has quit IRC16:26
*** vivekd_ has joined #openstack-keystone16:27
*** pcaruana has quit IRC16:27
*** ericksonsantos has joined #openstack-keystone16:29
*** josecastroleon has joined #openstack-keystone16:29
*** vivekd has quit IRC16:29
*** vivekd_ is now known as vivekd16:29
*** jsavak has quit IRC16:31
*** jsavak has joined #openstack-keystone16:31
*** wolsen has quit IRC16:34
openstackgerritRon De Rose proposed openstack/keystone: Shadow users - Shadow federated users  https://review.openstack.org/27916216:36
*** wolsen has joined #openstack-keystone16:42
*** martinus___ has quit IRC16:42
*** gyee has joined #openstack-keystone16:45
*** ChanServ sets mode: +v gyee16:45
*** fhubik is now known as fhubik_brb16:53
*** daemontool has quit IRC16:53
*** fhubik_brb is now known as fhubik16:57
*** rderose has quit IRC16:58
*** josecastroleon has quit IRC16:59
bknudson_I guess patchbot is no more.17:01
*** browne has quit IRC17:02
*** rderose has joined #openstack-keystone17:02
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: API support for project cascade delete  https://review.openstack.org/24424817:06
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Fix/refactor policy check for cascade operations  https://review.openstack.org/28314517:06
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: API support for project cascade update  https://review.openstack.org/24358517:06
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Expose bug in cascade policy enforcement  https://review.openstack.org/28316817:06
samueldmqstevemar: htruta: raildo: change 283145 should address Henry Nash's concerns on the update/delete cascade patches17:07
samueldmqI've added it as a followup17:07
samueldmqhowever I've found a bug, and it's exposed via patch 28316817:07
patchbotsamueldmq: https://review.openstack.org/#/c/283168/ - keystone - Expose bug in cascade policy enforcement17:07
samueldmqso I am -1'ing them17:07
*** daemontool has joined #openstack-keystone17:08
raildosamueldmq: I just didn't understand why we are exposing a bug in a code that wasn't merged yet. why not just fix it in the patch?17:09
*** dan_nguyen has joined #openstack-keystone17:09
samueldmqraildo: because I don't know how to fix it now, and I have already put a ton of effort fixing henrynash's comments17:10
samueldmqraildo: also the tests are already done, making the life much easier for the authr17:11
samueldmqraildo: I don't want the patch exposing the bug to be merged17:12
samueldmqraildo: I want that to serve as guidance to the author to fix it in the proposed code17:12
*** mylu has joined #openstack-keystone17:12
samueldmqraildo: makes sense?17:13
raildosamueldmq: got it, I'll work to fix this issue before we have the code merged.. btw I'll push your cascade wrapper to inside the update cascade and reuse on the delete17:16
*** rderose has quit IRC17:16
*** rderose has joined #openstack-keystone17:16
samueldmqraildo: perfect, also pull the tests exposing the bugs17:17
samueldmqraildo: they should all be together in the 2 proposed patches17:18
raildosamueldmq: ++17:18
*** fawadkhaliq has joined #openstack-keystone17:18
morganbknudson_: i still see patchbot17:19
morganpatch 28316817:19
patchbotmorgan: https://review.openstack.org/#/c/283168/ - keystone - Expose bug in cascade policy enforcement17:19
morganbknudson_: ^ see17:19
*** fawadkhaliq has quit IRC17:19
bknudson_oh, notmyname said it was disabled17:19
morganwas that requested?17:20
* morgan still thinks it's useful.17:20
morganit doesn't respond to the openstackgerrit account for sure.17:20
bknudson_morgan: http://git.openstack.org/cgit/openstack/keystone/tree/.testr.conf#n1017:20
bknudson_oops17:20
bknudson_(10:59:55 AM) notmyname: bknudson_: FYI, I was asked to remove patchbot from community channels since -infra doesn't run it17:21
morganbknudson_: /me rolls eyes17:21
morgannow we can't have 3rd party run bots in our channels.17:21
* morgan shrugs.17:23
morganwhatever.17:23
*** morgan sets mode: -o morgan17:24
morgananyway.17:25
dhellmannstevemar, morgan : I'm having some trouble making a change to oslo.config, because of http://git.openstack.org/cgit/openstack/keystoneauth/tree/keystoneauth1/loading/opts.py being used and not complying with the new api change (there's an attribute missing). Do you have a few minutes to go over the history there?17:26
rderosedolphm Regarding the constraint for the federated_user table (idp_id, protocol_id, unique_id), why include the protocol_id?  It's the same user regardless of how they came in, right?  What's your thinking here?17:28
morgandhellmann: happy to rush a fix through17:29
morgandhellmann: fwiw17:29
*** jsavak has quit IRC17:29
morgandhellmann: but basically ksa cannot have oslo_config as a dep17:29
dhellmannmorgan : I'm going to have to work around the situation regardless. The question I have is why not?17:29
*** jsavak has joined #openstack-keystone17:29
morgandhellmann: since we are lining up for inclusion in swift and swiftclient17:29
morgandhellmann: among other "general" non-openstack cases.17:30
*** jasonsb has quit IRC17:30
*** fhubik has quit IRC17:30
*** daemontool has quit IRC17:33
dhellmannmorgan : the issue I'm having is in neutron generating its sample config. I don't know yet why it's returning the wrong class there. http://logs.openstack.org/35/282435/5/check/gate-tempest-dsvm-neutron-src-oslo.config/77044c6/logs/devstacklog.txt.gz17:36
morgandhellmann: weird17:37
*** josecastroleon has joined #openstack-keystone17:38
*** spandhe has joined #openstack-keystone17:39
*** su_zhang has quit IRC17:40
*** su_zhang has joined #openstack-keystone17:41
*** petertr7 is now known as petertr7_away17:41
*** fawadkhaliq has joined #openstack-keystone17:42
*** su_zhang has quit IRC17:44
*** rderose has quit IRC17:45
*** timcline_ has quit IRC17:46
*** subscope has quit IRC17:47
morgandhellmann: so, i'm happy to push through any fix really needed [honestly, KSA should be doing an explicit convert to an oslo opt, but... eh that ship may have sailed]17:49
*** jsavak has quit IRC17:49
morgandhellmann: little distracted today, so writing the code may not happen until later today/tomorrow if you need me to step in for that bit, but pushing a change through is easy if you have a fix.17:49
dhellmannmorgan: https://bugs.launchpad.net/keystoneauth/+bug/154843317:50
openstackLaunchpad bug 1548433 in neutron "neutron returns objects other than oslo_config.cfg.Opt instances from list_opts" [Undecided,New]17:50
morgandhellmann: /me nods.17:51
*** fawadkhaliq has quit IRC17:51
morganit's like i said, likely just a missed ._to_oslo_opt call, we have that kind of thing17:51
*** mylu has quit IRC17:54
*** jistr has quit IRC17:55
*** Guest45731 is now known as tsymanczyk17:56
*** jsavak has joined #openstack-keystone17:57
stevemarmorgan: thanks for answering dhellmann's question -- yes, there is a _to_oslo_opt call that might have been missed, let me poke aroun18:01
stevemard18:01
dhellmannstevemar : take a look at the neutron code linked from the bug report18:02
openstackgerritMerged openstack/keystone: Tidy up configuration documentation for inherited assignments  https://review.openstack.org/28074718:05
*** browne has joined #openstack-keystone18:07
*** josecastroleon has quit IRC18:10
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28319718:13
*** mylu has joined #openstack-keystone18:13
*** timcline_ has joined #openstack-keystone18:15
*** su_zhang has joined #openstack-keystone18:16
*** rderose has joined #openstack-keystone18:19
*** Ephur has joined #openstack-keystone18:20
*** josecastroleon has joined #openstack-keystone18:23
*** mylu has quit IRC18:24
*** petertr7_away is now known as petertr718:24
*** david-lyle_ has quit IRC18:34
dolphmrderose: sorry, stepped away unexpectedly. we can't say for sure that a user exposed to keystone from the same idp ID using two different protocols (which could be mapped different) are necessarily the same user. further, we treat them as distinct users today, and we shouldn't change that assumption with this patch. finally, if they are the same user, then we can link them back together in newton with account linking.18:40
morganstevemar: email sent.18:40
morgandolphm: ++18:41
*** ChanServ sets mode: +v morgan18:41
*** ChanServ sets mode: +v morgan18:41
*** ChanServ sets mode: +v morgan18:42
rderosedolpm: reading...18:45
rderose* dolphm18:45
rderosedolphm: okay, I'll treat them as separate users then and add the constraint18:46
rderosedolphm: Regarding the foreign key relationship from federated_user to the federation_protocol table, the federation_protocol table has the following columns: id, idp_id, and mapping_id.18:47
rderosedolphm: I'm not clear how the mapping_id is being used.  And if the idp_id is in this table, then I wouldn't needed it in the federated_user table.  But to be honest, I think I'd simply rather not create a relationship to this table if I don't have to.18:47
*** josecastroleon has quit IRC18:52
dolphmrderose: it determines which mapping is applied to the SAML payload, and thus how the user is identified by the idp + protocol + mapping18:53
openstackgerritBrant Knudson proposed openstack/keystone: Add tests for fetching the revocation list  https://review.openstack.org/27107118:55
openstackgerritBrant Knudson proposed openstack/keystone: Parameter to return audit ids only in revocation list  https://review.openstack.org/26015318:55
*** vivekd has quit IRC18:56
rderosedolphm: hmm...  okay, so do you still feel like we need a foreign key relationship to this table?  if so, then I don't think I need the idp_id in the federated_user table since it is in the federation_protocol table18:57
*** sdake has quit IRC18:58
dolphmrderose: remind me what the schema of the federation protocl table is?18:58
dolphmlink?18:58
rderoseid, idp_id, mapping_id18:59
rderose* dolphm:18:59
openstackgerritJorge Munoz proposed openstack/keystone: Fix trust chain tests  https://review.openstack.org/27816319:00
dolphmrderose: what's the PK in that table? just id?19:01
rderoseyeah, just id19:01
*** jsavak has quit IRC19:02
dolphmstevemar: can you not have two federation endpoints using "saml2" as their protocol ID?19:02
*** sdake has joined #openstack-keystone19:03
*** subscope has joined #openstack-keystone19:04
*** jsavak has joined #openstack-keystone19:04
rderosedolphm: sorry, don't know how I missed this but PK is id and idp_id19:05
*** josecastroleon has joined #openstack-keystone19:10
rderosedolphm: okay, so does a composite foreignkey relationship make sense then?19:11
*** vivekd has joined #openstack-keystone19:11
rderosedolphm: federated_user (protocol_id, idp_id) -> federation_protocol (id, idp_id)19:11
openstackgerritBrant Knudson proposed openstack/keystone: Switch to configless bandit  https://review.openstack.org/27813619:13
*** mylu has joined #openstack-keystone19:13
*** vgridnev has joined #openstack-keystone19:13
openstackgerritBrant Knudson proposed openstack/oslo.policy: Support policy file in YAML  https://review.openstack.org/27851319:17
openstackgerritBrant Knudson proposed openstack/oslo.policy: Deprecate load_json() in favor of load()  https://review.openstack.org/28037319:17
openstackgerritBrant Knudson proposed openstack/oslo.policy: Change default behavior for YAML  https://review.openstack.org/28038419:17
*** vivekd_ has joined #openstack-keystone19:19
*** su_zhang has quit IRC19:19
*** su_zhang has joined #openstack-keystone19:19
*** vivekd has quit IRC19:20
*** vivekd_ is now known as vivekd19:21
*** su_zhang has quit IRC19:21
*** su_zhang has joined #openstack-keystone19:21
dolphmrderose: that would work19:21
dolphmrderose: that way you know the mapping as well, even though that field is mutable19:22
rderosedolphm: sounds good19:22
rderosedolphm stevemar do you know when the federation_protocol get's populated?  does it happen when the operator configures the IdP for federation19:23
dolphmrderose: yes19:23
rderosedolphm: cool19:23
rderosedolphm: one last question :)  I'm thinking about renaming UserType.EPHEMERAL to UserType.FEDERATED?  My thought is that since federated users are linked to a local user, they are not really ephemeral any more.  Does this change make sense to you?19:24
dolphmrderose: ++19:25
*** ninag has quit IRC19:27
*** ninag has joined #openstack-keystone19:28
*** ninag_ has joined #openstack-keystone19:29
*** ninag_ has quit IRC19:29
*** ninag_ has joined #openstack-keystone19:29
*** mvk has joined #openstack-keystone19:29
*** neophy has joined #openstack-keystone19:30
*** jsavak has quit IRC19:32
*** ninag has quit IRC19:32
*** jsavak has joined #openstack-keystone19:33
*** ninag_ has quit IRC19:34
*** ninag has joined #openstack-keystone19:34
*** ninag has quit IRC19:39
*** josecastroleon has quit IRC19:39
*** sdake_ has joined #openstack-keystone19:49
*** e0ne has joined #openstack-keystone19:50
*** jaugustine has quit IRC19:50
*** sdake has quit IRC19:50
*** vivekd_ has joined #openstack-keystone19:51
*** vivekd has quit IRC19:53
*** vivekd_ is now known as vivekd19:54
*** jsavak has quit IRC19:54
*** jsavak has joined #openstack-keystone19:55
*** mylu has quit IRC19:58
*** maxabidi has joined #openstack-keystone19:59
*** mylu has joined #openstack-keystone20:01
*** vivekd__ has joined #openstack-keystone20:04
*** belmoreira has joined #openstack-keystone20:05
*** vivekd has quit IRC20:06
*** vivekd__ is now known as vivekd20:06
*** vivekd__ has joined #openstack-keystone20:07
*** fpatwa has joined #openstack-keystone20:07
*** su_zhang has quit IRC20:08
*** su_zhang has joined #openstack-keystone20:09
*** vivekd_ has joined #openstack-keystone20:09
*** vivekd has quit IRC20:11
*** vivekd_ is now known as vivekd20:11
*** vivekd__ has quit IRC20:12
*** su_zhang has quit IRC20:13
*** e0ne has quit IRC20:16
openstackgerritBrant Knudson proposed openstack/keystone: Remove migration_helpers.get_default_domain  https://review.openstack.org/28204920:18
openstackgerritBrant Knudson proposed openstack/keystone: db_sync doesn't create default domain  https://review.openstack.org/28204220:18
*** vivekd has quit IRC20:18
*** mylu has quit IRC20:18
*** belmoreira has quit IRC20:20
*** dstanek has quit IRC20:20
*** lbragstad_ has quit IRC20:20
*** ngupta has quit IRC20:20
*** patchbot has quit IRC20:20
*** mnaser has quit IRC20:20
*** SpamapS has quit IRC20:20
*** _fortis has quit IRC20:20
*** topol has quit IRC20:20
*** davechen_afk has quit IRC20:20
*** sileht has quit IRC20:20
*** Guest40848 has quit IRC20:20
*** Daviey has quit IRC20:20
*** dulek has quit IRC20:20
*** opilotte- has quit IRC20:20
*** ekarlso has quit IRC20:20
*** akscram has quit IRC20:20
*** bknudson_ has quit IRC20:20
*** amakarov_away has quit IRC20:20
*** dulek has joined #openstack-keystone20:20
*** bknudson has joined #openstack-keystone20:20
*** ChanServ sets mode: +v bknudson20:20
*** opilotte- has joined #openstack-keystone20:20
*** Daviey has joined #openstack-keystone20:20
*** lbragstad_ has joined #openstack-keystone20:20
*** akscram has joined #openstack-keystone20:21
*** davechen_afk has joined #openstack-keystone20:21
*** ekarlso has joined #openstack-keystone20:21
*** Guest40848 has joined #openstack-keystone20:21
*** dstanek has joined #openstack-keystone20:21
*** ngupta has joined #openstack-keystone20:21
*** topol_ has joined #openstack-keystone20:21
*** mnaser has joined #openstack-keystone20:21
*** sileht has joined #openstack-keystone20:21
*** ChanServ sets mode: +v dstanek20:22
*** SpamapS has joined #openstack-keystone20:22
*** ninag has joined #openstack-keystone20:22
*** amakarov_away has joined #openstack-keystone20:22
*** patchbot has joined #openstack-keystone20:23
*** bknudson has quit IRC20:26
*** mylu has joined #openstack-keystone20:27
*** jsavak has quit IRC20:28
openstackgerritMerged openstack/keystone: Updating sample configuration file  https://review.openstack.org/28319720:29
*** jsavak has joined #openstack-keystone20:30
*** _fortis has joined #openstack-keystone20:31
*** spzala has joined #openstack-keystone20:32
*** timclin__ has joined #openstack-keystone20:33
*** timcline_ has quit IRC20:33
*** sdake_ is now known as sdake20:35
*** bknudson has joined #openstack-keystone20:36
*** ChanServ sets mode: +v bknudson20:36
*** samueldmq has quit IRC20:37
*** krotscheck has quit IRC20:37
*** anteaya has quit IRC20:38
*** lhcheng has joined #openstack-keystone20:41
*** ChanServ sets mode: +v lhcheng20:41
*** mylu has quit IRC20:42
*** jaosorior has quit IRC20:43
*** doug-fish has quit IRC20:45
*** rk4n_ has joined #openstack-keystone20:46
*** rk4n_ has quit IRC20:46
*** krotscheck has joined #openstack-keystone20:46
*** rk4n_ has joined #openstack-keystone20:47
*** openstackgerrit has quit IRC20:47
*** openstackgerrit has joined #openstack-keystone20:47
*** neophy has quit IRC20:48
*** rk4n_ has quit IRC20:48
*** anteaya has joined #openstack-keystone20:48
*** samueldmq has joined #openstack-keystone20:48
*** doug-fish has joined #openstack-keystone20:48
*** rk4n has quit IRC20:49
*** mylu has joined #openstack-keystone20:52
*** doug-fish has quit IRC20:53
*** raildo is now known as raildo-afk20:56
openstackgerritBrant Knudson proposed openstack/keystone: Stop using oslotest.BaseTestCase  https://review.openstack.org/28157921:00
*** vgridnev has quit IRC21:01
*** ayoung has quit IRC21:06
*** clenimar has quit IRC21:08
*** ayoung has joined #openstack-keystone21:12
*** ChanServ sets mode: +v ayoung21:12
openstackgerritRon De Rose proposed openstack/keystone: Shadow users - Shadow federated users  https://review.openstack.org/27916221:13
*** Nakato has quit IRC21:17
*** jamielennox has quit IRC21:19
*** Nakato has joined #openstack-keystone21:19
*** darrenc is now known as darrenc_afk21:20
*** jamielennox has joined #openstack-keystone21:20
*** ChanServ sets mode: +v jamielennox21:20
*** pauloewerton has quit IRC21:22
*** doug-fish has joined #openstack-keystone21:22
*** jsavak has quit IRC21:24
*** jsavak has joined #openstack-keystone21:24
*** su_zhang has joined #openstack-keystone21:27
*** darrenc_afk is now known as darrenc21:28
*** doug-fish has quit IRC21:31
*** mylu has quit IRC21:33
*** mylu has joined #openstack-keystone21:33
*** rk4n has joined #openstack-keystone21:34
*** rk4n has quit IRC21:37
*** rk4n has joined #openstack-keystone21:38
*** mylu has quit IRC21:40
*** ChanServ sets mode: +v samueldmq21:41
*** mylu has joined #openstack-keystone21:41
*** timclin__ has quit IRC21:42
*** bdossant has joined #openstack-keystone21:42
*** porunov has joined #openstack-keystone21:43
*** sileht_ has joined #openstack-keystone21:43
*** phalmos_ has quit IRC21:43
*** bdossant has quit IRC21:44
*** sileht has quit IRC21:46
*** maxabidi has quit IRC21:47
*** edmondsw has quit IRC21:48
*** sileht_ has quit IRC21:49
*** petertr7 is now known as petertr7_away21:49
*** sileht has joined #openstack-keystone21:51
morganstevemar: you know what I dislike? finding shards of crystal from a wine glass that was shattered 2 weeks ago... 3 rooms over *ouch*21:53
*** rk4n_ has joined #openstack-keystone21:53
*** sdake has quit IRC21:57
*** rk4n has quit IRC21:57
*** mylu has quit IRC21:59
openstackgerritRon De Rose proposed openstack/keystone: Shadow users - Separate user identities  https://review.openstack.org/27857022:00
rderoseahhhhhh!!!!  I made a bunch of code changes under the wrong branch, how to I revert?22:02
rderoseanyone know the git commit to remove the last patch?22:03
*** mylu has joined #openstack-keystone22:03
*** rloo has joined #openstack-keystone22:04
*** sileht has quit IRC22:05
*** rk4n_ has quit IRC22:05
*** sileht has joined #openstack-keystone22:05
*** mylu has quit IRC22:05
*** rk4n has joined #openstack-keystone22:07
*** rk4n has quit IRC22:09
bknudsonrderose: git revert , or git rebase -i HEAD~3, or git reset --hard HEAD^22:10
bknudsongit reflog22:10
rderosebknudson so if I want to go back to a specific patch set, which one would I use22:11
rderose?22:11
rderoseactually, it would be the last patch22:12
bknudsonrderose: if you want to check out a patch set then you can do git-review -d review-id,patch-set22:12
rderosebknudson: ah, cool22:12
rderosethx22:12
*** sdake has joined #openstack-keystone22:13
openstackgerritRon De Rose proposed openstack/keystone: Shadow users - Separate user identities  https://review.openstack.org/27857022:14
rderosebknudson: you are a life saver, thx again :)22:15
bknudsonrderose: no problem.22:15
openstackgerritRon De Rose proposed openstack/keystone: Shadow users - Shadow federated users  https://review.openstack.org/27916222:18
*** mylu has joined #openstack-keystone22:20
dolphmrderose: https://review.openstack.org/#/c/278570/ is exactly the same as patchset 37?22:22
patchbotdolphm: patch 278570 - keystone - Shadow users - Separate user identities22:22
openstackgerritBrant Knudson proposed openstack/keystone: Simplify use of secure_proxy_ssl_header  https://review.openstack.org/28328822:32
*** Adis has joined #openstack-keystone22:32
Adishellooouuu22:32
*** Adis has left #openstack-keystone22:38
*** mylu has quit IRC22:42
*** mylu has joined #openstack-keystone22:43
*** sdake has quit IRC22:44
*** rk4n has joined #openstack-keystone22:53
*** ayoung has quit IRC22:54
*** jorge_munoz has quit IRC23:00
*** jorge_munoz has joined #openstack-keystone23:01
*** jsavak has quit IRC23:02
*** lhcheng has quit IRC23:03
*** dims has joined #openstack-keystone23:04
*** lhcheng has joined #openstack-keystone23:04
*** ChanServ sets mode: +v lhcheng23:04
*** ninag has quit IRC23:05
*** rloo has quit IRC23:07
morgan.23:09
samueldmq..23:09
morgan...23:09
samueldmq:)23:09
morgana23:09
morganoh hai23:09
samueldmqb?23:09
* samueldmq waves at morgan23:10
*** sdake has joined #openstack-keystone23:10
*** spzala has quit IRC23:13
morganstevemar: let me know if you got me email.23:14
*** sigmavirus24 is now known as sigmavirus24_awa23:14
*** spzala has joined #openstack-keystone23:14
morganstevemar: and if it worked. if not i'll dig up other way to getting you photos23:14
stevemarmorgan: it worked :)23:18
morganstevemar: cool23:18
*** spzala has quit IRC23:18
*** spzala has joined #openstack-keystone23:19
rderosedolphm yeah, I accidently push a bad patch (38) and had to revert back23:20
rderosedolphm it should be correct23:20
rderosenow23:20
dolphmrderose: got everything sorted? last patchset i pulled of the federation patch was failing py2723:20
*** lhcheng has quit IRC23:20
*** lhcheng has joined #openstack-keystone23:21
*** ChanServ sets mode: +v lhcheng23:21
dolphmrderose: looks like the check job passed on 3923:21
dolphmerr 4023:21
rderosedolphm okay, comparing 39 to 40 now23:22
*** lhcheng has quit IRC23:23
*** lhcheng has joined #openstack-keystone23:23
*** ChanServ sets mode: +v lhcheng23:23
*** spzala has quit IRC23:23
*** pushkaru has quit IRC23:24
*** pushkaru has joined #openstack-keystone23:25
openstackgerritguang-yee proposed openstack/keystone: Create notification when invalid user name provided  https://review.openstack.org/28099423:25
rderosedolphm: 39 and 40 should be exactly the same23:25
rderosedolphm: after I reverted "Separate user identities" back and did a rebase on "Shadow federated users" patch23:26
rderosedolphm: but I'm not seeing any differences23:26
dolphmrderose: cool23:26
*** pushkaru has quit IRC23:30
*** mylu has quit IRC23:30
*** rderose has quit IRC23:32
stevemarbknudson: you're always a life saver23:32
*** gordc has quit IRC23:35
*** rk4n has quit IRC23:37
stevemargyee: yeah, the test failures are related to deprecations23:37
stevemargyee: let's just fix the tests like we did in https://review.openstack.org/#/c/261706/23:38
patchbotstevemar: patch 261706 - keystonemiddleware (stable/liberty) - ignore deprecation calls in test_audit_middleware (MERGED)23:38
stevemargyee: can you relay that to haneef -- oh there he is o/23:38
gyeestevemar, sure, thanks for looking into it23:39
*** mylu has joined #openstack-keystone23:39
gyeestevemar, if you haven't start, I can work on fix the test failures23:40
stevemargyee: sure23:40
stevemargyee: haven't started yet23:40
gyeethey are all mind baby!23:40
stevemargyee: i just saw the test output and saw "deprecations fail", i just commented23:41
*** slberger has left #openstack-keystone23:42
bknudsonwe can disable the deprecation check in stable branches23:43
*** jorge_munoz has quit IRC23:48
*** jorge_munoz has joined #openstack-keystone23:49
*** subscope has quit IRC23:50
*** roxanaghe has joined #openstack-keystone23:53
*** mylu has quit IRC23:54
*** mylu has joined #openstack-keystone23:56
*** jorge_munoz has quit IRC23:59
« Sunday, 2016-02-21 Index Tuesday, 2016-02-23 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!