Thursday, 2016-03-17

« Wednesday, 2016-03-16 Index Friday, 2016-03-18 »
*** timcline has quit IRC00:01
*** darrenc_ has joined #openstack-keystone00:06
*** rm_work has quit IRC00:06
*** mjb has quit IRC00:06
*** darrenc has quit IRC00:07
*** gus has quit IRC00:07
*** rm_work has joined #openstack-keystone00:08
*** mjb has joined #openstack-keystone00:08
*** gus has joined #openstack-keystone00:08
*** mylu has joined #openstack-keystone00:08
*** dims has joined #openstack-keystone00:08
*** dims_ has quit IRC00:09
*** lhcheng has quit IRC00:10
*** dims has quit IRC00:10
*** fawadkhaliq has quit IRC00:20
*** fawadkhaliq has joined #openstack-keystone00:21
*** furface has quit IRC00:23
*** arunkant has joined #openstack-keystone00:25
*** darrenc_ is now known as darrenc00:25
*** furface has joined #openstack-keystone00:26
*** spandhe has quit IRC00:29
*** tellesnobrega_af is now known as tellesnobrega00:37
*** jasonsb has joined #openstack-keystone00:46
*** fawadkhaliq has quit IRC00:51
*** fawadkhaliq has joined #openstack-keystone00:51
*** dims has joined #openstack-keystone00:52
*** chlong has joined #openstack-keystone00:55
*** timcline has joined #openstack-keystone00:57
*** ebalduf has joined #openstack-keystone00:58
*** timcline has quit IRC01:02
*** odyssey4me has quit IRC01:04
*** mylu has quit IRC01:05
*** odyssey4me has joined #openstack-keystone01:06
*** mylu has joined #openstack-keystone01:09
*** ChanServ sets mode: +v samueldmq01:11
*** EinstCrazy has joined #openstack-keystone01:18
*** chlong has quit IRC01:18
*** sdake has quit IRC01:22
*** henrynash has joined #openstack-keystone01:24
*** ChanServ sets mode: +v henrynash01:24
*** henrynash has quit IRC01:30
*** henrynash has joined #openstack-keystone01:30
*** ChanServ sets mode: +v henrynash01:30
*** chlong has joined #openstack-keystone01:31
*** alex_xu has quit IRC01:42
*** alex_xu has joined #openstack-keystone01:44
*** __zouyee has joined #openstack-keystone01:45
stevemarjamielennox: we could always revert01:45
*** __zouyee has quit IRC01:45
jamielennoxstevemar: i'd prefer to have some more logging info around it, but it's ok, also added the nit01:46
*** jorge_munoz has quit IRC01:46
*** tqtran-afk has quit IRC01:48
*** alex_xu has quit IRC01:51
*** fawadkhaliq has quit IRC01:52
*** dan_nguyen has quit IRC01:52
*** alex_xu has joined #openstack-keystone01:53
*** fawadkhaliq has joined #openstack-keystone01:53
*** woodster_ has quit IRC01:57
*** fawadkhaliq has quit IRC01:58
*** fawadkhaliq has joined #openstack-keystone01:58
*** timcline has joined #openstack-keystone01:58
*** henrynash has quit IRC01:59
*** browne has quit IRC02:03
*** timcline has quit IRC02:03
*** tobe has joined #openstack-keystone02:05
*** fawadkhaliq has quit IRC02:15
*** fawadkhaliq has joined #openstack-keystone02:16
*** ngupta- has quit IRC02:18
*** ngupta has joined #openstack-keystone02:18
*** odyssey4me has quit IRC02:19
*** darrenc has quit IRC02:19
*** dave-mccowan has quit IRC02:19
*** ankur has quit IRC02:19
*** josecastroleon1 has quit IRC02:19
*** nkinder has quit IRC02:19
*** sileht has quit IRC02:19
*** jraim has quit IRC02:19
*** mtreinish has quit IRC02:19
*** ctracey has quit IRC02:19
*** dansmith has quit IRC02:19
*** dims has quit IRC02:20
*** dan_nguyen has joined #openstack-keystone02:21
*** dan_nguyen has quit IRC02:24
*** odyssey4me has joined #openstack-keystone02:25
*** darrenc has joined #openstack-keystone02:25
*** dave-mccowan has joined #openstack-keystone02:25
*** ankur has joined #openstack-keystone02:25
*** josecastroleon1 has joined #openstack-keystone02:25
*** nkinder has joined #openstack-keystone02:25
*** sileht has joined #openstack-keystone02:25
*** jraim has joined #openstack-keystone02:25
*** mtreinish has joined #openstack-keystone02:25
*** ctracey has joined #openstack-keystone02:25
*** dansmith has joined #openstack-keystone02:25
*** fawadkhaliq has quit IRC02:26
*** fawadkhaliq has joined #openstack-keystone02:26
*** EinstCra_ has joined #openstack-keystone02:34
*** EinstCrazy has quit IRC02:37
*** fawadkhaliq has quit IRC02:38
*** fawadkhaliq has joined #openstack-keystone02:38
*** fawadkhaliq has quit IRC02:43
*** mylu_ has joined #openstack-keystone02:59
*** timcline has joined #openstack-keystone02:59
*** mylu has quit IRC02:59
*** timcline has quit IRC03:03
*** lhcheng has joined #openstack-keystone03:07
*** ChanServ sets mode: +v lhcheng03:07
*** GB21 has joined #openstack-keystone03:09
*** GB21 has quit IRC03:15
*** markvoelker has quit IRC03:15
*** lhcheng has quit IRC03:18
*** lhcheng has joined #openstack-keystone03:36
*** ChanServ sets mode: +v lhcheng03:36
*** lhcheng_ has joined #openstack-keystone03:37
*** lhcheng has quit IRC03:40
*** links has joined #openstack-keystone03:45
*** timcline has joined #openstack-keystone04:00
*** dave-mccowan has quit IRC04:00
*** fawadkhaliq has joined #openstack-keystone04:01
*** timcline has quit IRC04:04
*** browne has joined #openstack-keystone04:39
*** mylu_ has quit IRC04:55
*** mylu has joined #openstack-keystone04:55
*** mylu has quit IRC04:58
*** timcline has joined #openstack-keystone05:00
*** timcline has quit IRC05:05
*** ebalduf has quit IRC05:09
*** markvoelker has joined #openstack-keystone05:15
*** markvoelker has quit IRC05:21
*** fawadkhaliq has quit IRC05:21
*** GB21 has joined #openstack-keystone05:22
*** lhcheng has joined #openstack-keystone05:29
*** ChanServ sets mode: +v lhcheng05:29
*** lhcheng_ has quit IRC05:29
*** lupine has quit IRC05:30
*** GB21 has quit IRC05:31
*** GB21 has joined #openstack-keystone05:33
*** lupine has joined #openstack-keystone05:38
*** lhcheng has quit IRC05:43
*** rk4n has joined #openstack-keystone05:43
*** sdake has joined #openstack-keystone05:44
*** sdake_ has joined #openstack-keystone05:45
*** sdake has quit IRC05:49
*** GB21 has quit IRC05:51
*** GB21 has joined #openstack-keystone05:51
*** sdake_ is now known as sdake05:51
*** GB21 has quit IRC05:57
*** GB21 has joined #openstack-keystone05:59
*** Nirupama has joined #openstack-keystone05:59
*** timcline has joined #openstack-keystone06:01
*** tobe has quit IRC06:02
*** timcline has quit IRC06:06
*** chlong has quit IRC06:08
*** roxanagh_ has joined #openstack-keystone06:17
*** GB21 has quit IRC06:19
*** chlong has joined #openstack-keystone06:21
*** GB21 has joined #openstack-keystone06:21
*** roxanagh_ has quit IRC06:22
*** tobe has joined #openstack-keystone06:29
*** tobe has quit IRC06:31
*** BigWillie has joined #openstack-keystone06:33
*** BigWillie has quit IRC06:34
*** rk4n has quit IRC06:38
*** GB21 has quit IRC06:49
*** GB21 has joined #openstack-keystone06:49
*** markvoelker has joined #openstack-keystone06:52
*** markvoelker has quit IRC06:58
*** jaosorior has joined #openstack-keystone06:58
*** timcline has joined #openstack-keystone07:02
*** timcline has quit IRC07:07
*** alex_xu has quit IRC07:10
*** alex_xu has joined #openstack-keystone07:12
*** GB21 has quit IRC07:13
*** GB21 has joined #openstack-keystone07:13
*** tesseract has joined #openstack-keystone07:15
*** tesseract is now known as Guest5718207:15
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Handle cache invalidate outside cache object  https://review.openstack.org/26866207:21
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Use oslo_config in auth_token middleware  https://review.openstack.org/26866407:21
*** GB21 has quit IRC07:24
*** bjornar has joined #openstack-keystone07:24
*** rcernin has joined #openstack-keystone07:39
*** belmoreira has joined #openstack-keystone07:52
*** rk4n has joined #openstack-keystone07:54
*** chlong has quit IRC07:57
*** bjornar has quit IRC07:57
*** GB21 has joined #openstack-keystone08:00
*** browne has quit IRC08:02
*** timcline has joined #openstack-keystone08:03
*** timcline has quit IRC08:07
*** GB21 has quit IRC08:15
*** GB21 has joined #openstack-keystone08:15
*** pcaruana has joined #openstack-keystone08:24
*** GB21 has quit IRC08:28
*** timcline has joined #openstack-keystone08:28
*** GB21 has joined #openstack-keystone08:30
*** timcline has quit IRC08:32
*** mhickey has joined #openstack-keystone08:34
*** sdake has quit IRC08:43
*** sdake has joined #openstack-keystone08:44
*** sdake has quit IRC08:50
*** mhickey has quit IRC08:51
*** links has quit IRC08:53
*** GB21 has quit IRC09:04
*** d0ugal has quit IRC09:13
*** d0ugal has joined #openstack-keystone09:14
*** henrynash has joined #openstack-keystone09:20
*** ChanServ sets mode: +v henrynash09:20
*** jistr has joined #openstack-keystone09:26
*** GB21 has joined #openstack-keystone09:28
*** timcline has joined #openstack-keystone09:28
*** timcline has quit IRC09:33
*** GB21 has quit IRC09:44
*** henrynash has quit IRC09:53
*** dims has joined #openstack-keystone09:57
*** henrynash has joined #openstack-keystone09:59
*** ChanServ sets mode: +v henrynash09:59
*** rk4n_ has joined #openstack-keystone10:03
*** rk4n_ has quit IRC10:06
*** rk4n has quit IRC10:06
*** GB21 has joined #openstack-keystone10:11
*** daemontool has joined #openstack-keystone10:14
*** jaosorior has quit IRC10:14
*** jaosorior has joined #openstack-keystone10:15
*** henrynash has quit IRC10:19
*** bradjones has quit IRC10:27
*** links has joined #openstack-keystone10:29
*** timcline has joined #openstack-keystone10:29
*** daemontool has quit IRC10:31
*** timcline has quit IRC10:34
*** bradjones has joined #openstack-keystone10:36
*** bradjones has quit IRC10:36
*** bradjones has joined #openstack-keystone10:36
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Zanata  https://review.openstack.org/29394010:40
*** aj1 has joined #openstack-keystone10:41
*** rk4n has joined #openstack-keystone10:44
*** e0ne has joined #openstack-keystone10:50
*** rodrigods has quit IRC10:51
*** rodrigods has joined #openstack-keystone10:51
*** GB21 has quit IRC10:52
*** GB21 has joined #openstack-keystone10:52
*** GB21 has quit IRC10:58
*** GB21 has joined #openstack-keystone10:58
openstackgerritDina Belova proposed openstack/keystone: Integrate OSprofiler in Keystone  https://review.openstack.org/10336811:02
*** GB21 has quit IRC11:07
*** GB21 has joined #openstack-keystone11:08
*** boris-42 has joined #openstack-keystone11:14
*** timcline has joined #openstack-keystone11:30
*** timcline has quit IRC11:35
*** wxy has quit IRC11:40
*** aj1 has quit IRC11:42
*** EinstCra_ has quit IRC11:45
*** aj1 has joined #openstack-keystone11:47
*** GB21 has quit IRC11:47
*** chlong has joined #openstack-keystone11:48
*** openstackgerrit has quit IRC11:48
*** openstackgerrit has joined #openstack-keystone11:48
*** GB21 has joined #openstack-keystone11:48
*** dave-mccowan has joined #openstack-keystone11:53
*** GB21 has quit IRC11:53
*** GB21 has joined #openstack-keystone11:55
*** aj1 has quit IRC11:58
*** aj1 has joined #openstack-keystone12:01
*** GB21 has quit IRC12:01
*** GB21 has joined #openstack-keystone12:03
*** raildo-afk is now known as raildo12:14
*** gordc has joined #openstack-keystone12:18
*** edmondsw has joined #openstack-keystone12:18
*** lupine has quit IRC12:20
*** lupine has joined #openstack-keystone12:20
*** GB21 has quit IRC12:24
*** trown|outtypewww is now known as trown12:25
*** dims has quit IRC12:25
*** timcline has joined #openstack-keystone12:31
dstanekamakarov: you probably need to ask the operators about oauth112:34
dstanekamakarov: how much work is it to keep it up to date?12:34
*** timcline has quit IRC12:35
amakarovdstanek, hi! At first glance: split assess and request tokens, then use unified delegation to store request tokens. Don't know what to do with access tokens - they are just like keystone persistent tokens we are trying to replace with Fernet now12:37
ayoungamakarov, persistent stay around for the moment12:42
ayoungthey are, as I see it, a proxy for authentication, not authorization12:42
ayoungwait...12:43
*** ninag has joined #openstack-keystone12:43
amakarovayoung, request token has requested resource12:43
ayoungrequest tokens are become a delegation, right?12:43
* ayoung needs a refresher on oauth12:43
amakarovayoung, right12:44
*** dikonoor has joined #openstack-keystone12:44
ayoungamakarov, access tokens are really like unscoped tokens, no?12:45
ayounghmmm...ok let me go refresh myself on the flow....12:45
ayoungone sec12:45
amakarovayoung, not exactly: they have a scope12:45
*** real56 has joined #openstack-keystone12:45
*** dikonoor has quit IRC12:46
*** dikonoor has joined #openstack-keystone12:46
ayoungrequest tokens are really just like the keystone token that a user would request to do anything against Keystone.  Just...the ya re the OAUTH specific tokens, right?12:46
ayoungis there any reason a request token could not be just a standard Keystone token?12:46
*** dikonoor has quit IRC12:47
ayoungOK I'm off12:47
ayoung"Request Token:    Used by the Consumer to ask the User to authorize access to the Protected Resources. "12:47
amakarovayoung, request token looks like an assignment to me12:47
ayoungamakarov, more like a request for a delegation, no?12:48
ayoungrodrigods, ask that here.12:48
amakarovayoung, the difference in the push-pull direction: delegation is granted by somebody12:48
amakarovrequest token is a delegation that is requested to be granted12:49
ayoungamakarov, ok...I think the concept of a request token is something we don't have in Keystone right now12:49
ayoungit would be the equivalent of a user saying "Please grant me role R on proejct P"  in a formal manner, right?12:49
amakarovso approved request token works as a delegation12:49
ayoungand then, the access token would be the assignment12:50
amakarovayoung, ++12:50
amakarovayoung, things are even more complicated ))12:50
ayoungso, could we do a request token using Fernet?  I don't see any reason why they would need to be persisted, just validated12:50
*** Nirupama has quit IRC12:51
amakarovrequest token just has the boolean field: "authorized"12:51
amakarovayoung, we have GET /users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id}12:52
amakarovayoung, we have GET /users/{user_id}/OS-OAUTH1/access_tokens12:52
amakarovthat should return list of user access tokens12:52
ayoungamakarov, pending, or just authorized access tokens?12:53
amakarovayoung, q.filter_by(authorizing_user_id=user_id)12:54
amakarovthese are tokens authorized by the user12:54
amakarovayoung, I think to sort the mess out I should look at oauth1 spec more closely12:55
amakarovthus the question: why support oauth1 if there is oauth2 already?12:55
*** real56 has quit IRC12:56
*** Trident has quit IRC12:57
*** richm has joined #openstack-keystone12:59
*** pauloewerton has joined #openstack-keystone13:07
*** markvoelker has joined #openstack-keystone13:11
*** Trident has joined #openstack-keystone13:12
*** real56 has joined #openstack-keystone13:13
ayoungamakarov, they are two entirely different specs13:15
ayoungoauth1 is a more forgiving spec, and is more used13:16
ayoungbut, I think we can say that GET /users/{user_id}/OS-OAUTH1/access_tokens  would get a set of delegations, so we can still support that.13:16
amakarovayoung, I know, the question is what's used more. So it's oauth113:16
ayoungamakarov, yeah, and we've had no call to support oauth213:17
amakarovayoung, but access token is not a delegation13:18
ayoungamakarov, squint at it.  I think it is13:18
stevemardstanek: amakarov ayoung i forwarded the note to the ops list13:19
amakarovayoung, oauth1 workflow: create and then authorize request token once to allow consumer instantiate a new access token on every action13:20
amakarovayoung, do you suggest faking the access token list or store short living access token along with long living request token?13:22
amakarovayoung, hmm, I've read about oauth1 more closely... It looks like request token shouldn't live long too and it's not a delegation, but a delegation derivative13:26
amakarovfor example it cannot be redelegated any further, and delegation chain is needed to validate access token in RBAC13:28
*** links has quit IRC13:28
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Generate swagger  https://review.openstack.org/28749913:36
*** aj1 has quit IRC13:38
ayoungamakarov, as I under stand it, the request token is created in a call from the consumer to the oauth server, and is in an un-approved mode.  The consumer then passes this to the user, who sends it back to oauth to approve.  I always liked this aspect of the protocol13:39
ayoungit would be like calling nova server create with no token and getting back "here is the list of roles you need for this project in order to complete it"13:39
amakarovayoung, I like this explanation: http://hueniverse.com/2007/10/15/beginners-guide-to-oauth-part-ii-protocol-workflow/13:40
ayounglooking amakarov13:40
amakarovI'm more focused on the part "exchanges request token for access token" so I wonder is it event legal to place the request token in the delegation table at all13:41
amakarovs/event/even/13:41
ayoung" Beppa requests from Faji a Request Token."13:41
amakarov"While Jane waits, Beppa uses the authorized Request Token and exchanges it for an Access Token"13:42
ayoungamakarov, so the approved request token might have fewer permissions than initially requested, such as the one hour limitation that Faji puts on it13:43
ayoungso once the request token is approved, it is a delegation.  Until then, it can be just a Fernet based token request.13:44
ayoungIt can actually be larger than the fernet tokens, as it is not passed in a header13:44
ayoungamakarov, make sense?13:44
amakarovayoung, I have to look at the code. Not sure if we can reconstruct request token to complete authorization13:46
*** sigmavirus24_awa is now known as sigmavirus2413:47
*** EinstCrazy has joined #openstack-keystone13:48
*** knikolla has joined #openstack-keystone13:50
amakarovayoung, we should store request token. Only its ID is passed in authZ request URL13:51
ayoungamakarov, that ID could be a Fernet body.13:51
ayoungmeans we need to keep them under 255 bytes, I think, though13:51
ayoungcan we do that?13:51
amakarovayoung, hmm...13:51
amakarovconsidering the restriction, I think we can13:52
ayoungamakarov, otherwise, we have "unapproved delegations" in our database....13:52
ayoungrestriction is "one role"13:52
amakarovayoung, we don't want that13:52
ayoungI do13:52
ayoungbut I'm funny that way13:52
ayounghttp://www.leasticoulddo.com/comic/20160317/13:52
*** dims has joined #openstack-keystone13:53
amakarovayoung, so the next step in the workflow: access token. I'm curios if these can be Fernet too? Can we just return empty list as a result to access token list request?13:55
ayoungamakarov, OOhh...I'd like that.13:56
amakarovayoung, ok, I need use cases for this list then13:57
* amakarov goes away digging13:57
*** e0ne has quit IRC13:59
*** e0ne has joined #openstack-keystone14:00
*** slberger has joined #openstack-keystone14:07
ayoungstevemar, it appears sdague does not approve of our change to the API:  https://review.openstack.org/#/c/285541/714:09
patchbotayoung: patch 285541 - tempest - Add parent_id to create_project14:09
*** mylu has joined #openstack-keystone14:10
*** timcline has joined #openstack-keystone14:10
*** dims has quit IRC14:19
*** dims has joined #openstack-keystone14:22
*** mylu has quit IRC14:23
*** dims has quit IRC14:25
*** GB21 has joined #openstack-keystone14:25
*** mylu has joined #openstack-keystone14:27
*** pcaruana has quit IRC14:28
amakarovayoung, According to http://oauthbible.com/ we use 3-legged auth and I was unable to find where access token list request is used. Looks like we don't need any backend for oauth1 at all ))14:36
ayoungamakarov, good to know.14:37
*** mylu has quit IRC14:37
amakarovayoung, it looks like just yet another auth strategy rather then something to unify14:38
*** mylu has joined #openstack-keystone14:38
ayoung++14:38
amakarovmaybe it's better be done as a separate blueprint14:38
amakarov?14:38
*** sdake has joined #openstack-keystone14:39
*** sigmavirus24 is now known as sigmavirus24_awa14:40
ayoungamakarov, yes, but only if we can;t deprecate.  Deal?14:40
*** sigmavirus24_awa is now known as sigmavirus2414:41
amakarovayoung, well, I'll wait for the results of my little survey in ML :)14:41
*** mylu has quit IRC14:41
*** jaosorior is now known as jaosorior_away14:43
*** jorge_munoz has joined #openstack-keystone14:47
stevemarayoung: i wouldn't say sdague doesn't like it, he is just looking for an audit trail14:50
*** jorge_munoz has quit IRC14:50
*** pushkaru has joined #openstack-keystone14:52
ayoungstevemar, am I right, though, in saying this is something that was unspecified in the past and that we have now changed legally, or have we really broken our contract here14:52
*** lhinds_ has joined #openstack-keystone14:52
*** csoukup has joined #openstack-keystone14:54
*** jorge_munoz has joined #openstack-keystone14:58
stevemarayoung: i think the crux of it is that the API change is additive14:58
stevemarso it should be alright14:58
ayoungstevemar, ++14:59
*** belmoreira has quit IRC14:59
*** jorge_munoz_ has joined #openstack-keystone15:01
*** jorge_munoz has quit IRC15:02
*** jorge_munoz_ is now known as jorge_munoz15:03
*** zqfan has joined #openstack-keystone15:03
*** josecastroleon1 has quit IRC15:04
*** alejandrito has joined #openstack-keystone15:05
amakarovdolphm, hi! Will you remove -2 on materialized path field patch if I want to use it just to store id chains without indexing?15:07
amakarovdolphm, https://review.openstack.org/#/c/251445/15:07
patchbotamakarov: patch 251445 - keystone - SQLAlchemy column type for materialized path15:07
*** jorge_munoz has quit IRC15:07
dstanekamakarov: i think he's out the rest of this week15:15
*** GB21 has quit IRC15:15
amakarovdstanek, thank you, will be bothering him afterwards ))15:15
*** browne has joined #openstack-keystone15:22
stevemarthis doesn't sound too good https://bugs.launchpad.net/manila/+bug/1555093 :\15:22
openstackLaunchpad bug 1555093 in Manila "Keystone v3 support broken (all clients)" [High,In progress] - Assigned to Marc Koderer (m-koderer)15:22
*** EinstCrazy has quit IRC15:31
bknudsonbut this looks awesome -- https://review.openstack.org/#/c/290511/13/manila/compute/nova.py15:31
patchbotbknudson: patch 290511 - manila - Fix keystone v3 issues for all clients15:31
openstackgerritRodrigo Duarte proposed openstack/keystone-specs: Add note on conflict in idp registration  https://review.openstack.org/29409915:33
rodrigodsstevemar, ayoung, ^15:34
ayoungamakarov, lets not push on materialized path.  I really don't like the idea.15:37
ayoungits premature optimization15:37
amakarovayoung, ok15:37
rodrigodsayoung, ++, but it is beautiful15:37
rodrigods:)15:37
ayoungamakarov, I won;t hold it up if it is "must have"15:37
ayoungrodrigods, I prefer normalized data15:37
rodrigodshow normalized data can help there?15:38
ayoungrodrigods, materialized path means you always have the whole path...will not support subtrees.  So then you hae to parse...its just something the database itself should be qable to support, even if SQL does not...15:39
ayoungbut...when we get there.15:39
amakarovayoung, I'd say it doesn't support DAG :)15:44
*** spzala has joined #openstack-keystone15:46
openstackgerritRodrigo Duarte proposed openstack/keystone-specs: Add note on conflict in idp handling  https://review.openstack.org/29409915:52
rodrigodsayoung, missed the update ^15:52
rodrigodsit is easy to figure out my current task, right? :P15:52
ayoungrodrigods, Dilligence....15:54
*** shangxdy_ has joined #openstack-keystone16:02
*** agrebennikov has joined #openstack-keystone16:04
agrebennikovhey marekd16:04
agrebennikovI was told you may provide a lot of useful info regarding keystone idp implementation through saml16:04
*** dan_nguyen has joined #openstack-keystone16:07
*** mylu has joined #openstack-keystone16:09
*** mylu has quit IRC16:11
openstackgerritMerged openstack/keystone-specs: Add note on conflict in idp handling  https://review.openstack.org/29409916:20
*** pcaruana has joined #openstack-keystone16:22
ayoungdstanek, I took another stab at Dependcy injection in Python. when you have a moment, http://adam.younglogic.com/2016/03/di-python-ossipee/16:22
*** doug-fish has quit IRC16:22
*** doug-fish has joined #openstack-keystone16:23
*** doug-fish has quit IRC16:27
*** browne has quit IRC16:29
*** ninag has quit IRC16:29
*** real56_ has joined #openstack-keystone16:29
*** ninag has joined #openstack-keystone16:29
*** real56 has quit IRC16:30
*** real56_ is now known as real5616:30
*** ninag_ has joined #openstack-keystone16:30
*** ninag_ has quit IRC16:32
*** ninag_ has joined #openstack-keystone16:33
*** ninag has quit IRC16:34
*** aimeeU has joined #openstack-keystone16:35
*** doug-fish has joined #openstack-keystone16:38
*** doug-fish has quit IRC16:38
*** doug-fish has joined #openstack-keystone16:38
*** real56 has quit IRC16:38
*** mhickey has joined #openstack-keystone16:44
*** ninag_ has quit IRC16:44
*** ninag has joined #openstack-keystone16:44
*** sigmavirus24 is now known as sigmavirus24_awa16:45
*** sigmavirus24_awa is now known as sigmavirus2416:45
*** doug-fish has quit IRC16:45
*** doug-fish has joined #openstack-keystone16:46
*** doug-fish has quit IRC16:46
*** doug-fish has joined #openstack-keystone16:46
*** yarkot_ has joined #openstack-keystone16:48
*** alejandrito has quit IRC16:49
*** ninag has quit IRC16:49
*** timcline has quit IRC16:51
*** alejandrito has joined #openstack-keystone16:51
*** timcline has joined #openstack-keystone16:51
*** timcline has quit IRC16:55
*** real56 has joined #openstack-keystone16:56
*** spzala has quit IRC17:00
*** spzala has joined #openstack-keystone17:01
*** pnavarro has joined #openstack-keystone17:01
*** alejandrito has quit IRC17:01
*** jasonsb has quit IRC17:02
*** spzala has quit IRC17:05
*** ninag has joined #openstack-keystone17:08
*** real56 has quit IRC17:08
*** lhcheng has joined #openstack-keystone17:14
*** ChanServ sets mode: +v lhcheng17:14
*** browne has joined #openstack-keystone17:15
*** fawadkhaliq has joined #openstack-keystone17:16
gsilvisIs there currently CI for K2K federation?  If there isn't, I might look into making that17:16
*** pnavarro has quit IRC17:18
*** spzala has joined #openstack-keystone17:19
*** yarkot_ has quit IRC17:19
*** fawadkhaliq has quit IRC17:20
*** fawadkhaliq has joined #openstack-keystone17:21
openstackgerritTom Cocozzello proposed openstack/keystone: Add `patch_cover` to keystone  https://review.openstack.org/29418917:22
morgangsilvis: not really17:22
morgangsilvis: adding it would be fantastic17:22
gsilvismorgan: cool, I'll talk to infra then17:23
morgangsilvis: bleh, i wish i could take a few years off and get a PhD.17:23
morgangsilvis: at this point.17:23
morgangsilvis: since i am now looking for a new employer. but alas... don't have that much spare money :P17:23
*** spzala has quit IRC17:23
morgangsilvis: i figured you'd appreciate the sentiment though :P17:24
gsilvismorgan: well, some phd programs have stipends!17:24
gsilvismorgan: but yeah, I definitely understand the feeling17:24
morgangsilvis: unfortunately, I don't have a BS17:24
morganor a degree in CS, so getting accepted into masters/phd program is hard17:24
gsilvismorgan: hm, that complicates it, yeah17:24
*** timcline has joined #openstack-keystone17:24
* morgan has a BA in Theatre and Film17:24
*** marcusrafael has joined #openstack-keystone17:24
morganand getting the BS in CS is a *real* challenge because... it's sooooooo boring to go back and deal with being "taught" things I do every day - and also paying for it.17:25
morgangsilvis: :P ah well.17:25
morganmaybe i should just go play with TensorFlow for fun17:26
gsilvisoh yeah---90% of the classes would suck, and the rest would be math17:26
morganyep.17:26
*** jistr has quit IRC17:27
*** e0ne has quit IRC17:27
*** timcline has quit IRC17:29
*** mhickey has quit IRC17:31
*** ninag has quit IRC17:34
*** ninag has joined #openstack-keystone17:35
*** ninag has quit IRC17:36
*** ninag has joined #openstack-keystone17:36
*** Guest57182 has quit IRC17:36
openstackgerritRodrigo Duarte proposed openstack/keystone: Add conflict validation for idp update  https://review.openstack.org/29420117:38
*** ninag has quit IRC17:39
*** ninag has joined #openstack-keystone17:39
rodrigodsdstanek, do we need a bp/spec for tempest plugins?17:40
rodrigodsmaybe just a bp is enough, right?17:41
*** spzala has joined #openstack-keystone17:42
*** shangxdy_ has quit IRC17:42
*** ninag has quit IRC17:43
dstanekrodrigods: not sure. i don't really know what we'll need to do yet17:43
dstanekrodrigods: i'm going to create a plugin after this meeting to start experimenting17:44
rodrigodsdstanek, ++17:44
*** fawadkhaliq has quit IRC17:46
*** spzala has quit IRC17:47
*** spandhe has joined #openstack-keystone17:47
*** fawadkhaliq has joined #openstack-keystone17:48
*** dims has joined #openstack-keystone17:50
*** rcernin has quit IRC17:55
*** tqtran-afk has joined #openstack-keystone17:56
*** spzala has joined #openstack-keystone17:56
*** sigmavirus24 is now known as sigmavirus24_awa18:00
*** doug-fish has quit IRC18:00
*** doug-fish has joined #openstack-keystone18:00
rodrigodsdstanek, found an example: https://github.com/openstack/manila/tree/master/manila_tempest_tests18:04
*** lhcheng_ has joined #openstack-keystone18:05
*** doug-fish has quit IRC18:05
dstanekrodrigods: yeah, writing one now. looks pretty interesting18:06
rodrigodsdstanek, the test itself is just like a regular tempest test18:07
*** gordc has quit IRC18:07
*** slberger1 has joined #openstack-keystone18:07
*** lhcheng has quit IRC18:08
dstanekrodrigods: nice. did you push a fix?18:09
*** slberger has quit IRC18:09
rodrigodsdstanek, fix to what? the bug i've found?18:09
*** bjornar has joined #openstack-keystone18:10
*** tqtran-afk is now known as tqtran18:13
*** jaosorior_away has quit IRC18:14
dstanekrodrigods: yes18:15
*** jaosorior_away has joined #openstack-keystone18:15
rodrigodsdstanek, https://review.openstack.org/#/c/294201/18:15
patchbotrodrigods: patch 294201 - keystone - Add conflict validation for idp update18:15
dstanekrodrigods: coolio, got a plugin working :-)18:15
rodrigodsdstanek, nice18:15
dstanekrodrigods: do you still have some work you need to do on it?18:15
openstackgerritBrant Knudson proposed openstack/keystone: Enables the notification tests in py3  https://review.openstack.org/28067118:17
*** ninag has joined #openstack-keystone18:17
rodrigodsdstanek, i didn't run the test :)18:17
rodrigodswas having some packages issues18:18
*** pcaruana has quit IRC18:18
rodrigodsrunning it right now18:18
*** e0ne has joined #openstack-keystone18:18
rodrigodsdstanek, it worked! so will remove the WIP18:18
dstanekrodrigods: nice, i'll star it a take a look in a bit18:19
rodrigodsthanks dstanek18:19
dstanekbknudson: thx ^ :-)18:20
bknudsondstanek: no problem18:20
dstaneki think i get signed out of gerrit about once an hour now18:20
rodrigodsthat's annoying18:21
dstanekbknudson: i have a few more py3 reviews on their way!18:21
bknudsonok18:21
*** jaosorior_away has quit IRC18:26
*** sigmavirus24_awa is now known as sigmavirus2418:28
*** pcaruana has joined #openstack-keystone18:30
ayoungbknudson, morgan dstanek are we pretty much agreed that ldap3 is the right library for getting us out of the python ldap 2 trap?  Is there another viable option?18:32
bknudsonayoung: I can't think of a better way to do it.18:32
dstanekayoung: i hope not. i started playing with ldap3 last weekend :-)18:32
ayoungdstanek, good to hear18:33
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation assignment driver  https://review.openstack.org/29131818:34
dstanekayoung: tbh i spent most of the time just playing with it to understand ldap better. this is my reason to really dig in a grok it18:34
ayoungdstanek, I started an etherpad for the Outreachy effort: https://etherpad.openstack.org/p/Keystone-LDAP-Cleanup if you want to contirbute notes.18:36
*** gordc has joined #openstack-keystone18:44
*** doug-fish has joined #openstack-keystone18:45
*** doug-fish has quit IRC18:45
*** doug-fish has joined #openstack-keystone18:45
mkoderer___jamielennox: if you have a short look again: https://review.openstack.org/#/c/290511/13 hope I addressed your findings18:47
patchbotmkoderer___: patch 290511 - manila - Fix keystone v3 issues for all clients18:47
dstanekayoung: cool, i'll take a look18:48
*** doug-fish has quit IRC18:50
*** doug-fish has joined #openstack-keystone18:51
*** ninag has quit IRC18:56
morganayoung: ID say yes ladp3 us right18:58
ayoungmorgan, I'll call that a Quorum then18:58
morganIs*18:59
*** ninag has joined #openstack-keystone19:00
*** ninag has quit IRC19:05
rodrigodsstevemar, dstanek, not used yet with legacy drivers http://logs.openstack.org/01/294201/1/check/gate-keystone-tox-db-legacy_drivers/792e01d/console.html19:08
rodrigodswhere do i fix this?19:09
*** satwant has joined #openstack-keystone19:09
*** ninag has joined #openstack-keystone19:10
morganayoung: also ldap3 is far far far more pythonic. it also eliminates the need for a special library just for the "pool connection" (and i think we get to drop a number of system deps since we aren't building python-ldap). so ++ on it :)19:11
dstanekrodrigods: it's a bit complicated. i didn't realize that change our break backward compat.19:12
dstanekrodrigods: you have to either fix the wrapper or change the fix to be backward compatible19:12
rodrigodsdstanek, think it is better to fix the wrapper?19:12
dstanekrodrigods: probably if you can19:13
*** fawadkhaliq has quit IRC19:13
rodrigodsdstanek, where is the wrapper? heh19:13
rodrigodsdstanek, found it19:17
*** atiwari has joined #openstack-keystone19:23
satwantHello ayoung I am Satwant Kaur from India I wanted to apply for Outreachy round 12 I am interested in the project Keystone- LDAP Cleanup19:23
*** e0ne has quit IRC19:24
ayoungsatwant, excellent. I don't know if there is any formal process, but this is a good start19:24
ayoungsatwant, we were discussing it a little earlier:19:24
*** atiwari has quit IRC19:24
ayoungsatwant, I started an etherpad for the Outreachy effort: https://etherpad.openstack.org/p/Keystone-LDAP-Cleanup19:24
openstackgerritTom Cocozzello proposed openstack/keystone: Add py3 debugging  https://review.openstack.org/29424519:24
satwantok ayoung19:25
openstackgerritTom Cocozzello proposed openstack/keystone: Add py3.4 debugging  https://review.openstack.org/29424519:26
satwantayoung can i start working with the bugs ?19:26
ayoungsatwant Which bugs do you mean?  You mean filing bugs?19:27
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Opportunistic SQL testing  https://review.openstack.org/29424619:27
satwantayoung i suppose solving bugs in keystone19:28
ayoungsatwant, that is the idea.  Have you run Keystone before?19:28
satwantayoung i have setup the development environment19:29
ayoungsatwant, excellent.  For this stuff, you are going to want an LDAP server to work with, too.19:29
satwantOk ayoung19:29
ayoungIf you look in devstack, there is support for openldap, thanks to topol19:29
ayoungsatwant, but I have no idea if it still works.  Are you running devstack?19:30
satwantyes ayoung19:30
ayoungsatwant, ok, look here: https://github.cohttps://github.com/openstack-dev/devstack/blob/master/lib/ldap19:31
ayoungI am pretty sure the right way to kick that off is by adding the LDAP server to the list of supported services and restarting devstack.  You also don't need 90% of the services19:31
satwantok ayoung i shall do that19:32
ayoungI would recommend runningwith mysql, keystone, glance, and ldap. and   Rabbit MQ19:32
ayoungTHere mighte be some other docs  there too19:33
satwantayoung how do i add LDAP server to the list of supported services19:33
satwant?19:33
openstackgerritTom Cocozzello proposed openstack/keystone: Add py3 debugging  https://review.openstack.org/29424519:33
ayoungsatwant, in the devstack folder there should be a local.conf file.  DO you have that?19:33
*** gangadhar has quit IRC19:33
satwantyes19:34
ayoungsatwant, the set of services can be determined by the line ENABLED_SERVICES19:34
dstanekayoung: satwant: you also have to set KEYSTONE_IDENTITY_BACKEND and LDAP_PASSWORD i think19:34
ayoungfor example, I have a compute node with19:34
ayoungENABLED_SERVICES=n-cpu,n-net,n-api-meta,c-vol19:34
ayoungso I think it is19:34
* ayoung might still have a copy..checks19:34
dstanekat least that what i am doing in my ansible role19:35
ayoungENABLED_SERVICES=key,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-crt,n-cauth,g-api,g-reg,c-sch,c-api,c-vol,horizon,rabbit,tempest,mysql,dstat19:35
ayoungdstanek, you are correct19:35
satwantthanks a lot dstanek19:35
ayoungsatwant, you don;t need all of those19:35
satwantok ayoung what all should i have ?19:35
ayoungENABLED_SERVICES=key,g-api,g-reg,rabbit,mysql,ldap19:36
ayoungsatwant, I'm going to suggest you try that list19:36
ayoungkey is keystone, the two g-s are glance, so you have something to test19:36
ayoungrabbit is for notifcation, not really needed, but does not hurt19:36
ayoungand mysql and ldap for backend storage19:36
satwantok ayoung19:37
ayoungsatwant, if that works, please write notes on the etherpad so others can replicate19:37
ayoungwrite notes if it doesn't work, too19:37
*** lhinds_ has quit IRC19:37
satwantok ayoung sure19:37
satwantayoung i restart devstack with ./stack.sh right ?19:38
ayoungsatwant, frist unstack.sh19:38
ayoungfirst19:38
*** doug-fish has quit IRC19:38
stevemarayoung: will ldap even work any more? with bootstrap being used now?19:38
ayoungstevemar, No idea19:40
ayoungstevemar, if it does not, would that be considered a regression?19:40
satwantayoung i am trying19:40
stevemarayoung: i don't think so, it was never tested continuously in devstack or our gate19:41
ayoungstevemar, so, devstack does writable LDAP. I would actually expect that to work.19:42
ayoungthe only identity operation is to create a user.  Should work with the default domain.19:42
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Opportunistic SQL testing  https://review.openstack.org/29424619:42
knikollaprobably very minor, but should this be renamed to 'valid interface types'? https://github.com/openstack/keystoneauth/blob/f21def70615f079a5791da61cdb0fc6166b47c37/keystoneauth1/access/service_catalog.py#L17819:42
ayoungsatwant, if it does not work, you have your first bug to fix!19:42
stevemarknikolla: yep19:43
*** ninag has quit IRC19:43
stevemarknikolla: fix it up19:43
*** timcline has joined #openstack-keystone19:43
dstanekb 2919:43
andrewbogottWhy does the default keystone policy restrict access to endpoints and services (e.g. "identity:list_endpoints": "admin_required") when any keystone user can get the complete catalog which contains all of the above?  Is there some subtle difference I'm missing?19:43
dstanekoops19:44
andrewbogott(interrupting, sorry)19:44
rodrigodsdstanek, and the config for the job https://github.com/openstack/manila/blob/master/contrib/ci/post_test_hook.sh19:44
stevemarandrewbogott: you're not interrupting at all19:44
rodrigodskeystone ones should be much simpler19:44
satwantayoung but if it does not work how can i fix that19:44
andrewbogottstevemar: ok :)19:44
andrewbogottI'm about to change my policy to "" for the endpoint and services apis, but wondering if that's some kind of security gaffe19:45
stevemarandrewbogott: let me check the source code...19:45
stevemarandrewbogott: please don't make it "" for the create/delete/update calls :)19:46
andrewbogottah, yes, just list and get :)19:46
*** Krenair has joined #openstack-keystone19:47
stevemarandrewbogott: so the bits that go in the token are generated from https://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L459-L47019:49
stevemarcatalog_api.get_v3_catalog(user_id, project_id)19:49
stevemarwhich calls ^19:49
openstackgerritKristi Nikolla proposed openstack/keystoneauth: Renamed endpoint to interface in docstring  https://review.openstack.org/29426019:50
andrewbogottstevemar: so the catalog may be restricted based on roles?19:50
stevemarandrewbogott: nah, i think it just formats certain endpoints with the project id19:50
andrewbogottI mean, we may get a subset?19:50
stevemari don't think so19:50
andrewbogottok19:50
openstackgerritNavid Pustchi proposed openstack/keystoneauth: Keystoneauth Authentication Plugin doc typo  https://review.openstack.org/29426219:51
stevemarandrewbogott: only if you are using the endpoint-filter mechanism19:51
stevemarandrewbogott: http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-ep-filter-ext.html19:51
stevemarandrewbogott: but not too many folks are using it, so i doubt that19:51
andrewbogottwow, ok, definitely not using that19:51
andrewbogottbut that feature is an argument against changing the official upstream policy.json since it /might/ be filtered19:52
ayoungsatwant, lets see what happens first.  If it does fail, we'll get a sense of what is broken19:52
stevemarandrewbogott: it definitely muddies the water19:52
andrewbogottstevemar: I'll just change my local policies and not worry about it.19:52
stevemarandrewbogott: sure19:53
*** doug-fish has joined #openstack-keystone19:53
Krenairwhy do some people use the endpoint-filter mechanism?19:58
*** doug-fish has quit IRC20:07
*** rk4n has quit IRC20:13
*** doug-fish has joined #openstack-keystone20:13
*** spzala has quit IRC20:16
*** pcaruana has quit IRC20:17
*** fawadkhaliq has joined #openstack-keystone20:19
*** e0ne has joined #openstack-keystone20:21
stevemarKrenair: they will create an endpoint/service that only folks with access to a particular project can access20:25
stevemarKrenair: kinda like if something was a beta service20:25
*** pcaruana has joined #openstack-keystone20:30
openstackgerritMerged openstack/keystone: Enables the notification tests in py3  https://review.openstack.org/28067120:32
*** ninag has joined #openstack-keystone20:34
knikollastevemar, say I have a federated scenario where I have IdentityProvider1, ServiceProvider1, and ServiceProvider2. The user makes a SAML assertion and gets a token to SP1 and makes the call, however SP1 needs to make a federated call to SP2 on behalf of the user.20:38
knikollawould the user need to get a token to SP2 and provide it to SP1?20:38
*** ametts has joined #openstack-keystone20:42
stevemarknikolla: oooof20:44
stevemarknikolla: sp1 and sp2 are keystones?20:45
stevemarknikolla: i think you could set it up like that20:45
stevemarbasically sp1 will have to act as an idp to sp220:45
knikollastevemar, i wouldn't like to have more than 1 IdP.20:47
knikollayes. sp1 and sp2 are both keystones.20:47
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Opportunistic SQL testing  https://review.openstack.org/29424620:47
openstackgerritBrant Knudson proposed openstack/keystone: Cleanup migration tests  https://review.openstack.org/29428020:47
openstackgerritSteve Martinelli proposed openstack/keystone: add placeholder migrations for mitaka  https://review.openstack.org/29428120:51
stevemarbknudson: ayoung ^20:51
stevemarbknudson: i like SqlUpgradeTests220:53
stevemarvery good naming convention20:53
bknudsonstevemar: it's twice as good.20:53
stevemarevidently20:53
bknudsonI'm going to try to switch to using SqlUpgradeTests but it was too confusing have that many tests failing already20:53
*** spzala has joined #openstack-keystone20:54
*** trown is now known as trown|PTO20:54
bknudsonwill be interesting to see if those new tests are run by the gate since I think they make the DB available for us.20:54
stevemarbknudson: yeah, thanks to ajaeger and his work there20:55
*** spzala has quit IRC20:55
bknudsongit rm keystone/tests/unit/test_sql_livetest.py20:55
stevemarpretty much20:55
navidpstevemar, I think some of the auth plugins are not included in this doc and needs to be updated, what do you think?20:57
navidpstevemar, http://docs.openstack.org/developer/keystoneauth/authentication-plugins.html20:57
openstackgerritTom Cocozzello proposed openstack/keystone: Add py3 debugging  https://review.openstack.org/29424520:58
navidpstevemar, and if there is a need for a doc to explain loading plugin?20:58
stevemarnavidp: you're better off asking jamielennox, but in general the more docs the better...20:58
navidpstevemar, ok sure20:58
stevemarnavidp: there is a mention of loading here: http://docs.openstack.org/developer/keystoneauth/authentication-plugins.html#loading-plugins-by-name20:59
jamielennoxnavidp: a bunch of plugins are not in the doc, there was talk about a sphinx plugin from dhellmann that would let us go through the plugins registered in setup.cfg and document them all at once20:59
jamielennoxi don't know how far that got20:59
*** fawadkhaliq has quit IRC21:00
jamielennoxi'd love to put some sort of table together as to which plugins take which options21:00
jamielennoxalong side their entrypoint name, rather than the class name as it is now21:00
bknudsonseveral oslo projects are documenting their plugins using the sphinx thing21:02
stevemarjamielennox: we use the sphinx thing in osc21:03
stevemarhttp://docs.openstack.org/developer/python-openstackclient/plugin-commands.html21:03
stevemarit's not very pretty though21:03
jamielennoxstevemar, bknudson: yep, i had heard it was being used but i hadn't done it21:03
*** spandhe has quit IRC21:04
*** e0ne has quit IRC21:04
navidp stevemar bknudson jamielennox, do you agree on doc about plugins loading in ksa?21:07
bknudsonall the behavior of ksa should be documented.21:07
navidpbknudson, ok then21:09
openstackgerritTom Cocozzello proposed openstack/keystone: Add `patch_cover` to keystone  https://review.openstack.org/29418921:12
jamielennox++21:12
*** spandhe has joined #openstack-keystone21:15
*** fawadkhaliq has joined #openstack-keystone21:15
morgangyee should totally get a bouncer.21:18
*** knikolla has quit IRC21:20
*** timcline has quit IRC21:23
*** timcline has joined #openstack-keystone21:24
*** gordc has quit IRC21:25
stevemarmorgan: yes he should21:27
*** timcline has quit IRC21:28
*** sdake has quit IRC21:28
*** Krenair has left #openstack-keystone21:29
*** lhcheng has joined #openstack-keystone21:30
*** ChanServ sets mode: +v lhcheng21:30
*** satwant has quit IRC21:30
*** sdake has joined #openstack-keystone21:31
*** lhcheng_ has quit IRC21:33
*** pauloewerton has quit IRC21:34
*** doug-fish has quit IRC21:35
bjornarpip3 complaints here about Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7'21:39
*** doug-fis_ has joined #openstack-keystone21:40
*** ninag has quit IRC21:44
*** sdake has quit IRC21:45
*** doug-fis_ has quit IRC21:45
*** doug-fish has joined #openstack-keystone21:45
*** fawadkhaliq has quit IRC21:46
openstackgerritMerged openstack/keystoneauth: Renamed endpoint to interface in docstring  https://review.openstack.org/29426021:49
*** raildo is now known as raildo-afk21:49
*** doug-fish has quit IRC21:50
openstackgerritColleen Murphy proposed openstack/keystone: Update dev docs and sample script for v3/bootstrap  https://review.openstack.org/29089721:55
*** doug-fish has joined #openstack-keystone21:56
*** fawadkhaliq has joined #openstack-keystone21:57
*** dims has quit IRC22:01
*** dims_ has joined #openstack-keystone22:01
*** zqfan has quit IRC22:02
*** nkinder has quit IRC22:04
openstackgerritMerged openstack/keystoneauth: Keystoneauth Authentication Plugin doc typo  https://review.openstack.org/29426222:04
*** fawadkhaliq has quit IRC22:04
*** nkinder has joined #openstack-keystone22:04
*** mylu has joined #openstack-keystone22:04
*** fawadkhaliq has joined #openstack-keystone22:04
openstackgerritRon De Rose proposed openstack/keystone: Move project name validation out of the driver  https://review.openstack.org/29430522:05
openstackgerritRon De Rose proposed openstack/keystone: Move project name validation out of the driver  https://review.openstack.org/29430522:06
openstackgerritRon De Rose proposed openstack/keystone: Move project name validation out of the driver  https://review.openstack.org/29430522:07
*** csoukup has quit IRC22:08
*** csoukup has joined #openstack-keystone22:10
*** ametts has quit IRC22:14
openstackgerritRon De Rose proposed openstack/keystone: Change EMPHEMERAL user type to FEDERATED  https://review.openstack.org/29307122:16
*** woodster_ has joined #openstack-keystone22:20
*** dims has joined #openstack-keystone22:23
*** dims_ has quit IRC22:26
*** mylu has quit IRC22:27
*** jasonsb has joined #openstack-keystone22:36
*** sigmavirus24 is now known as sigmavirus24_awa22:40
*** mylu has joined #openstack-keystone22:47
*** itlinux has joined #openstack-keystone22:49
*** slberger1 has left #openstack-keystone22:54
*** tqtran is now known as tqtran-afk22:54
*** csoukup has quit IRC22:57
*** tqtran-afk has quit IRC23:01
*** aimeeU has quit IRC23:07
*** dims has quit IRC23:08
*** pushkaru has quit IRC23:09
*** itlinux has quit IRC23:15
*** furface_ has joined #openstack-keystone23:15
*** furface has quit IRC23:16
*** pushkaru has joined #openstack-keystone23:19
*** jasonsb has quit IRC23:22
*** mylu has quit IRC23:22
*** sdake has joined #openstack-keystone23:24
*** mylu has joined #openstack-keystone23:24
*** dims has joined #openstack-keystone23:28
*** fawadkhaliq has quit IRC23:31
*** fawadk has joined #openstack-keystone23:31
*** pushkaru has quit IRC23:32
*** dims has quit IRC23:32
*** Trident has quit IRC23:40
*** Trident has joined #openstack-keystone23:40
*** alex_xu has quit IRC23:41
*** roxanaghe has quit IRC23:44
*** alex_xu has joined #openstack-keystone23:50
*** mylu has quit IRC23:54
*** markvoelker has quit IRC23:54
« Wednesday, 2016-03-16 Index Friday, 2016-03-18 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!