Monday, 2016-06-27

« Sunday, 2016-06-26 Index Tuesday, 2016-06-28 »
*** spzala has joined #openstack-keystone00:09
*** spzala has quit IRC00:14
*** spzala has joined #openstack-keystone00:47
*** markvoelker has joined #openstack-keystone00:51
*** markvoelker has quit IRC00:56
*** anush__ has joined #openstack-keystone01:01
*** KevinE has joined #openstack-keystone01:01
*** KevinE has joined #openstack-keystone01:02
*** anush__ has quit IRC01:15
*** spzala has quit IRC01:35
*** TxGVNN has joined #openstack-keystone01:41
*** trey has quit IRC01:41
*** EinstCrazy has joined #openstack-keystone01:45
*** markvoelker has joined #openstack-keystone01:52
*** markvoelker has quit IRC01:57
*** anush__ has joined #openstack-keystone01:59
*** EinstCra_ has joined #openstack-keystone02:04
*** EinstCrazy has quit IRC02:06
*** anush__ has quit IRC02:17
*** EinstCrazy has joined #openstack-keystone02:21
*** sdake_ has quit IRC02:23
*** EinstCra_ has quit IRC02:24
*** davechen has joined #openstack-keystone02:26
*** KevinE has quit IRC02:33
*** KevinE has joined #openstack-keystone02:49
*** markvoelker has joined #openstack-keystone02:53
*** markvoelker has quit IRC02:57
*** roxanaghe has joined #openstack-keystone03:06
*** KevinE has joined #openstack-keystone03:06
openstackgerrityangweiwei proposed openstack/keystone: Error in get revoke_list  https://review.openstack.org/33376503:06
*** roxanaghe has quit IRC03:07
*** roxanaghe has joined #openstack-keystone03:07
*** spzala has joined #openstack-keystone03:10
*** pleia2_ is now known as pleia203:15
*** phalmos has joined #openstack-keystone03:23
*** freerunner has quit IRC03:23
*** robcresswell has quit IRC03:24
*** Tridde has quit IRC03:24
*** Trident has joined #openstack-keystone03:25
*** Daviey has quit IRC03:25
*** Daviey has joined #openstack-keystone03:26
*** robcresswell has joined #openstack-keystone03:27
*** phalmos has quit IRC03:28
*** freerunner has joined #openstack-keystone03:29
*** markvoelker has joined #openstack-keystone03:54
*** markvoelker has quit IRC03:58
*** spzala has quit IRC04:05
*** roxanaghe has quit IRC04:15
*** links has joined #openstack-keystone04:15
*** roxanaghe has joined #openstack-keystone04:28
*** KevinE has quit IRC04:30
*** roxanaghe has quit IRC04:32
*** markvoelker has joined #openstack-keystone04:54
*** markvoelker has quit IRC04:59
*** davechen has quit IRC05:05
openstackgerritMerged openstack/keystone: Moves auth plugin test setup closer to its use  https://review.openstack.org/33405805:11
openstackgerritMerged openstack/keystone: Remove unused test code  https://review.openstack.org/33405905:12
*** KevinE has joined #openstack-keystone05:31
*** KevinE has quit IRC05:35
*** lunarlamp is now known as mariusv05:36
*** davechen has joined #openstack-keystone05:38
*** mariusv has quit IRC05:43
*** TxGVNN has quit IRC05:47
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Break out the API piece into its own file  https://review.openstack.org/33429005:50
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Extract a common notifier pattern  https://review.openstack.org/33429105:50
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Refactor create_event onto the api object.  https://review.openstack.org/33429205:50
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Refactor audit api tests into their own file  https://review.openstack.org/33429305:50
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Refactor API tests to not run middleware  https://review.openstack.org/33429405:50
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Use a test notifier to record notifications  https://review.openstack.org/33429505:50
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Extract oslo_messaging specific audit tests  https://review.openstack.org/33429605:50
*** KevinE has joined #openstack-keystone05:52
*** pgreg has joined #openstack-keystone05:52
*** markvoelker has joined #openstack-keystone05:55
*** pgreg has quit IRC05:57
*** KevinE has quit IRC05:57
*** KevinE has joined #openstack-keystone05:58
*** EinstCrazy has quit IRC05:59
*** markvoelker has quit IRC06:00
*** spzala has joined #openstack-keystone06:05
*** spzala has quit IRC06:10
openstackgerrityangweiwei proposed openstack/keystone: Error in get revoke_list  https://review.openstack.org/33376506:11
*** KevinE has quit IRC06:16
*** EinstCrazy has joined #openstack-keystone06:24
*** rcernin has joined #openstack-keystone06:27
*** M00nr41n has joined #openstack-keystone06:33
*** KevinE has joined #openstack-keystone06:37
*** pcaruana has joined #openstack-keystone06:41
*** KevinE has quit IRC06:42
*** EinstCrazy has quit IRC06:44
*** markvoelker has joined #openstack-keystone06:56
*** EinstCrazy has joined #openstack-keystone06:56
*** d0ugal has joined #openstack-keystone06:58
*** d0ugal has quit IRC06:59
*** tesseract- has joined #openstack-keystone06:59
*** d0ugal has joined #openstack-keystone07:00
*** d0ugal has quit IRC07:00
*** d0ugal has joined #openstack-keystone07:00
*** markvoelker has quit IRC07:01
*** jamielennox is now known as jamielennox|away07:01
*** belmoreira has joined #openstack-keystone07:09
*** jed56 has joined #openstack-keystone07:11
*** sheel has joined #openstack-keystone07:12
*** roxanaghe has joined #openstack-keystone07:16
*** rvba has joined #openstack-keystone07:20
*** rvba has quit IRC07:20
*** rvba has joined #openstack-keystone07:20
*** roxanaghe has quit IRC07:20
*** ebarrera has joined #openstack-keystone07:23
*** dmk0202 has joined #openstack-keystone07:31
*** TxGVNN has joined #openstack-keystone07:41
*** pnavarro has joined #openstack-keystone07:51
*** permalac has joined #openstack-keystone07:56
*** davechen has left #openstack-keystone07:58
*** KevinE has joined #openstack-keystone07:59
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:02
*** KevinE has quit IRC08:04
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843508:10
*** bjornar_ has joined #openstack-keystone08:16
*** rudolfvriend has joined #openstack-keystone08:21
openstackgerrithenry-nash proposed openstack/keystone-specs: Support nested domains to provide additional project namespaces  https://review.openstack.org/33294008:28
*** itisha has joined #openstack-keystone08:28
openstackgerrithenry-nash proposed openstack/keystone-specs: Support nested domains to provide additional project namespaces  https://review.openstack.org/33294008:30
*** vgridnev_ has joined #openstack-keystone08:31
openstackgerrithenry-nash proposed openstack/keystone-specs: Support nested domains to provide additional project namespaces  https://review.openstack.org/33294008:35
*** fawadkhaliq has joined #openstack-keystone08:39
*** bjornar_ has quit IRC08:39
*** vgridnev_ has quit IRC08:52
*** rudolfvriend has quit IRC08:54
*** roxanaghe has joined #openstack-keystone09:05
*** spzala has joined #openstack-keystone09:05
*** spzala has quit IRC09:10
*** roxanaghe has quit IRC09:14
*** sheel has quit IRC09:15
openstackgerrithenry-nash proposed openstack/keystone-specs: Gate inherited assignements from parent  https://review.openstack.org/33436409:16
*** KevinE has joined #openstack-keystone09:21
*** KevinE has quit IRC09:25
openstackgerritAlvaro Lopez Garcia proposed openstack/keystoneauth: WIP - oidc: fix OpenID Connect authorization code grant_type  https://review.openstack.org/33000609:26
openstackgerritAlvaro Lopez Garcia proposed openstack/keystoneauth: oidc: add discovery document support  https://review.openstack.org/33046409:26
openstackgerritAlvaro Lopez Garcia proposed openstack/keystoneauth: oidc: remove grant_type argument  https://review.openstack.org/33046509:26
*** jamielennox|away is now known as jamielennox09:26
alogajamielennox: I've tried to address your comments in https://review.openstack.org/33046409:31
jamielennoxaloga: oh, right - yea that one will be useful, i'm not sure why it wasn't done that way initially09:31
jamielennoxaloga: stupid gerrit UI - i'm not sure where in the patch order that one is09:32
alogait is after the WIP one, as this one introduced the "authorization_endpoint" parameter09:34
alogaI can move it so that it does not depend on the WIP though09:34
*** mdavidson has joined #openstack-keystone09:44
*** nisha has joined #openstack-keystone09:46
jamielennoxaloga: ok, i added a few comments that i saw quickly09:50
jamielennoxnothing serious i don't think09:50
*** dims has quit IRC10:14
*** dims has joined #openstack-keystone10:20
*** fawadkhaliq has quit IRC10:39
openstackgerrithenry-nash proposed openstack/keystone-specs: Gate inherited assignments from parent  https://review.openstack.org/33436410:39
*** KevinE has joined #openstack-keystone10:42
*** links has quit IRC10:43
*** GB21 has joined #openstack-keystone10:45
*** EinstCrazy has quit IRC10:45
*** KevinE has quit IRC10:47
*** daemontool has joined #openstack-keystone10:50
*** TxGVNN has quit IRC10:53
*** roxanaghe has joined #openstack-keystone10:53
*** links has joined #openstack-keystone10:55
*** roxanaghe has quit IRC10:58
*** markvoelker has joined #openstack-keystone10:59
*** samueldmq has joined #openstack-keystone11:01
*** ChanServ sets mode: +v samueldmq11:01
samueldmqmorning keystone11:01
*** markvoelker has quit IRC11:03
dstaneksamueldmq: o/ good mornig11:04
samueldmqdstanek: o/11:05
henrynashmorning…and today I shall be typing from Liechtenstein11:05
samueldmqhenrynash: o/11:06
samueldmqhenrynash: in a tour aroung the world ?11:06
samueldmq:)11:06
henrynashsamueldmq: indeed, trying to keep my european credentials alive11:06
samueldmqhenrynash: nice11:09
*** amakarov_away is now known as amakarov11:10
* samueldmq does to do coffee in a moka pot11:11
samueldmqhttps://en.wikipedia.org/wiki/Moka_pot11:11
* samueldmq goes*11:12
henrynashhas run out of cofee. eeek! off to buy coffee11:12
samueldmq++11:12
*** bj0rnar has quit IRC11:16
*** nisha has quit IRC11:16
*** stian_ has quit IRC11:17
*** stian_ has joined #openstack-keystone11:19
*** bj0rnar has joined #openstack-keystone11:19
*** fawadkhaliq has joined #openstack-keystone11:20
openstackgerritAlvaro Lopez Garcia proposed openstack/keystoneauth: WIP - oidc: fix OpenID Connect authorization code grant_type  https://review.openstack.org/33000611:24
openstackgerritAlvaro Lopez Garcia proposed openstack/keystoneauth: oidc: add discovery document support  https://review.openstack.org/33046411:24
openstackgerritAlvaro Lopez Garcia proposed openstack/keystoneauth: oidc: remove grant_type argument  https://review.openstack.org/33046511:24
*** jefrite has quit IRC11:31
*** jefrite has joined #openstack-keystone11:35
*** GB21 has quit IRC11:35
openstackgerritAlvaro Lopez Garcia proposed openstack/keystoneauth: move release note into the correct location  https://review.openstack.org/33442511:35
*** gordc has joined #openstack-keystone11:36
*** nisha has joined #openstack-keystone11:41
nishasamueldmq, hi11:41
samueldmqnisha: hi, good morning, how are you ?11:43
nishasamueldmq, I am good, was working on roles11:43
nishasamueldmq, regarding the projects, we still have some issue, the patches failed automated test11:44
nishasamueldmq, can you please help me fix them?11:44
*** agireud has quit IRC11:45
samueldmqnisha: I can help you finding the issue11:45
samueldmqnisha: first, go to the change https://review.openstack.org/#/c/332871/11:46
patchbotsamueldmq: patch 332871 - python-keystoneclient - Add project functional tests11:46
samueldmqnisha: click on the gate that is failing ( gate-keystoneclient-dsvm-functional ) and then click on console11:46
samueldmqnisha: looking at the logs, you will see a test failed11:49
samueldmqnisha: keystoneclient.tests.functional.v3.test_users.UsersTestCase.test_update_user11:49
nishasamueldmq, looking11:50
samueldmqnisha: and that test is not related to your patch, so it's an unrelated failure; in those cases you may try leaving a "recheck" message as a comment in the patch11:50
samueldmqnisha: then the jobs will re-run11:50
samueldmqnisha: but in this case, the issue will be fixed when https://review.openstack.org/#/c/333919/ merges11:51
patchbotsamueldmq: patch 333919 - keystone - Fixes failure when password is null11:51
samueldmqstevemar: dstanek: (other cores): ^ would be nice to get this in, this is causing some gates to fail (e.g keystoneclient functional)11:52
dstaneksamueldmq: looking at some capstone reviews....once i'm done i'll look at that11:52
samueldmqdstanek: thanks11:53
nishasamueldmq, got it11:54
nishasamueldmq, thanks11:54
samueldmqnisha: :)11:56
*** raildo-a` is now known as raildo11:56
*** GB21 has joined #openstack-keystone11:58
*** KevinE has joined #openstack-keystone12:04
*** daemontool has quit IRC12:05
*** daemontool has joined #openstack-keystone12:05
*** rodrigods has quit IRC12:06
*** rodrigods has joined #openstack-keystone12:06
*** nisha_ has joined #openstack-keystone12:07
*** KevinE has quit IRC12:10
*** amoralej is now known as amoralej|lunch12:11
*** nisha has quit IRC12:11
*** markvoelker has joined #openstack-keystone12:14
*** agireud has joined #openstack-keystone12:16
*** nisha_ has quit IRC12:28
*** sigmavirus24_awa is now known as sigmavirus2412:30
*** fawadkhaliq has quit IRC12:31
*** fawadkhaliq has joined #openstack-keystone12:32
*** GB21 has quit IRC12:35
*** fawadkhaliq has quit IRC12:37
henrynashHenry’s latest attempts to get round the project naming constraints can be seen at: https://review.openstack.org/#/c/332940/ and https://review.openstack.org/#/c/33436412:37
patchbothenrynash: patch 332940 - keystone-specs - Support nested domains to provide additional proje...12:37
*** nisha has joined #openstack-keystone12:41
nishasamueldmq, do I need to add doc for create_implied, check_implied , get_implied ,delete_implied, list_role_inferences,  too for roles?12:42
nishasamueldmq, Also are there any existing docs on them which I can use here for the above methods reference?12:53
*** amoralej|lunch is now known as amoralej12:56
*** nisha has quit IRC12:58
*** nisha has joined #openstack-keystone12:58
*** real56 has joined #openstack-keystone13:00
*** edmondsw has joined #openstack-keystone13:01
*** wanghua has joined #openstack-keystone13:05
*** spzala has joined #openstack-keystone13:06
*** fawadkhaliq has joined #openstack-keystone13:09
*** sdake has joined #openstack-keystone13:10
*** spzala has quit IRC13:10
*** fawadkhaliq has quit IRC13:12
*** setuid has joined #openstack-keystone13:14
setuidhas anyone managed to get keystone working under liberty on Ubuntu 14.04? I've tried about 40 times across multiple types of hardware, clean installs, etc. and it just dies with '*config-changed*', while all the other nodes are up, but I can't log into horizon, because keystone is DOA.13:15
setuidI can ssh into the keystone node, restart keystone, etc. but it just never completes the init during install13:16
*** EinstCrazy has joined #openstack-keystone13:16
*** joaotargino has quit IRC13:19
*** spzala has joined #openstack-keystone13:19
*** sdake_ has joined #openstack-keystone13:20
*** jsavak has joined #openstack-keystone13:21
*** sdake has quit IRC13:21
*** KevinE has joined #openstack-keystone13:26
*** richm has joined #openstack-keystone13:27
*** gagehugo has joined #openstack-keystone13:28
*** KevinE has quit IRC13:30
*** belmoreira has quit IRC13:31
openstackgerritDavid Stanek proposed openstack/keystone: Group test_backend_ldap skips for readability  https://review.openstack.org/33406113:35
dstaneksetuid: what do you mean by dies with config-changed?13:40
*** _d34dh0r53_ is now known as d34dh0r5313:45
*** woodburn has quit IRC13:49
*** gagehugo has quit IRC13:49
*** woodburn has joined #openstack-keystone13:49
*** rudolfvriend has joined #openstack-keystone13:52
stevemarmorning!13:52
stevemarsamueldmq: that was a major regression so i want to make sure we don't muck things up so far only 2 gate failures (heat and keystoneclient)13:53
*** ghugo has joined #openstack-keystone13:54
samueldmqstevemar: yes, fyi it's been approved13:56
samueldmqnisha: so, yes ... let me find the docs you may be based on13:56
*** M00nr41n has quit IRC13:56
samueldmqnisha: CRUD of implied roles' docs starting ehre https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3.rst#create-role-inference-rule13:57
stevemarsamueldmq: migration errors make me sad :(13:59
samueldmqstevemar: yes, me too13:59
samueldmqstevemar: did you see my problem description in the bug report ?13:59
*** ametts has joined #openstack-keystone14:00
samueldmqstevemar: if we create a test to make sure the result of migrations always correspond to the current model, we would avoid hitting that issue again14:00
*** EinstCrazy has quit IRC14:00
* samueldmq still hates how gerrit shows patch dependencies, it looks to be broken sometimes14:03
*** mfisch has joined #openstack-keystone14:06
*** rderose has joined #openstack-keystone14:06
*** mfisch has quit IRC14:06
*** mfisch has joined #openstack-keystone14:06
*** spzala has quit IRC14:09
*** spzala has joined #openstack-keystone14:10
nishasamueldmq, still not getting much :/14:13
*** spzala has quit IRC14:14
nishasamueldmq, what does it mean when it a role implied another role?14:14
nishaimplies*14:14
samueldmqnisha: so, roles go in the user's token14:16
samueldmqnisha: and define authorization (what API calls that user can perform)14:16
samueldmqnisha: if we have Role A implies on both Role B and C, when user requests a  token, he/she will get roles B and C14:17
*** GB21 has joined #openstack-keystone14:17
samueldmqnisha: rather than A, and it would also apply if B and C had impled roles, and so on14:17
samueldmqnisha: it makes managing role assignments easier and more powerful, given you only assign 1 role and get many :)14:18
nishasamueldmq, hmm, thanks14:19
*** mkoderer__ has quit IRC14:21
*** woodster_ has joined #openstack-keystone14:22
*** ayoung has joined #openstack-keystone14:22
*** ChanServ sets mode: +v ayoung14:22
*** ghugo has left #openstack-keystone14:29
openstackgerritMerged openstack/keystone: Fixes failure when password is null  https://review.openstack.org/33391914:29
*** ghugo has joined #openstack-keystone14:29
*** ddieterly has joined #openstack-keystone14:30
*** TxGVNN has joined #openstack-keystone14:31
*** ebarrera has quit IRC14:34
*** ghugo has quit IRC14:34
*** gagehugo has joined #openstack-keystone14:35
nishasamueldmq, what is the type of role_inference ?14:36
samueldmqnisha: in keystoneclient side ?14:37
nishayeah14:37
nishasamueldmq, e.g. when we call create_implied(...)14:38
samueldmqnisha: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v3/roles.py#L3714:38
samueldmqnisha: thus keystoneclient.v3.roles.InferenceRule14:38
nishaoh, thanks14:38
nisha:)14:38
samueldmqnisha: np14:39
*** nisha has quit IRC14:41
*** nisha has joined #openstack-keystone14:42
*** jaugustine has joined #openstack-keystone14:44
*** KevinE has joined #openstack-keystone14:47
*** ayoung_ has joined #openstack-keystone14:48
*** belmoreira has joined #openstack-keystone14:50
*** david-lyle_ has joined #openstack-keystone14:51
*** KevinE has quit IRC14:55
*** david-lyle has quit IRC14:55
*** crinkle_ is now known as crinkle14:55
*** slberger has joined #openstack-keystone14:59
*** spzala has joined #openstack-keystone14:59
*** ddieterly is now known as ddieterly[away]14:59
*** sdake has joined #openstack-keystone15:01
*** KevinE has joined #openstack-keystone15:01
*** spzala has quit IRC15:01
*** spzala has joined #openstack-keystone15:01
ayoung_stevemar, notmorgan bknudson_ dolphm samueldmq rodrigods https://etherpad.openstack.org/p/troubleshoot-keystone15:01
*** jistr is now known as jistr|mtg15:01
ayoung_lets collect up what we tell people to do every time and post it there15:01
*** KevinE has quit IRC15:02
ayoung_lbragstad, you too15:02
*** mvk_ has quit IRC15:02
*** KevinE has joined #openstack-keystone15:02
lbragstadayoung_ sweet - I'll take a look at it in a few minutes15:02
ayoung_lbragstad, its pretty empty15:02
ayoung_just...we get asked the same questions time and again...lets crowdsource the solutions15:03
*** sdake_ has quit IRC15:03
openstackgerritAlexander Makarov proposed openstack/keystone: Add failed auth attempts logic to meet PCI-DSS  https://review.openstack.org/32402915:03
rodrigodsayoung_, ++ this can be pushed as a doc later15:05
*** krotscheck is now known as krotscheck_dcm15:05
ayoung_rodrigods, right.  for now, we need something flexible to gather the data15:05
*** pgbridge has joined #openstack-keystone15:09
*** david-lyle_ is now known as david-lyle15:09
*** ddieterly[away] is now known as ddieterly15:09
stevemarayoung_: I like the idea15:09
*** ayoung has quit IRC15:09
*** ayoung_ is now known as ayoung15:09
ayoungit should be mostly pointers to other documents.  But should be the "here's how to get started"15:10
*** belmoreira has quit IRC15:10
*** ebarrera has joined #openstack-keystone15:13
*** jistr|mtg is now known as jistr15:16
*** raddaoui has joined #openstack-keystone15:21
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Disable inactive users requirements  https://review.openstack.org/32844715:24
*** jorge_munoz has joined #openstack-keystone15:25
openstackgerritMerged openstack/keystoneauth: move release note to correct directory  https://review.openstack.org/33414115:25
*** BjoernT has joined #openstack-keystone15:26
*** ebarrera has quit IRC15:28
*** dmk0202 has quit IRC15:30
henrynashrderose: hi15:33
rderosehenrynash: hi15:33
henrynashrderose: did you see my comment on the rolling upgrade case? Do you think it is a real issue, or do we handle it somehow already15:34
henrynashon: https://review.openstack.org/#/c/328447/15:35
patchbothenrynash: patch 328447 - keystone - PCI-DSS Disable inactive users requirements15:35
rderosehenrynash: no it is a real issue15:35
rderosehenrynash: I'm thinking of handling it with a release note that says to check and ensure the value is set after a rolling upgrade.15:36
*** roxanaghe has joined #openstack-keystone15:36
henrynashrderose: althoug how would a user fix it?15:36
henrynashrderose: I don’t think we want to requite peopel to get the sql editors out15:36
rderosehenrynash: run a sql script to update the column with the current date15:37
rderosehenrynash: or, if it's not set, I can set it.  but that will lead us down a slippery slope in my opinion15:38
henrynashrderose: if you like, I’ll write a keystone-manage framwork that would hold this….and then you could add teh actuall fix? In fact, if you like, I’ll fix https://review.openstack.org/#/c/328447/ with such a tool, and then you caould add your code in a follow on patch?15:38
patchbothenrynash: patch 328447 - keystone - PCI-DSS Disable inactive users requirements15:38
henrynashdorry, wrong link15:38
*** pcaruana has quit IRC15:38
henrynashhttps://bugs.launchpad.net/keystone/+bug/159650015:38
openstackLaunchpad bug 1596500 in OpenStack Identity (keystone) "Passwords created_at attribute could remain unset during rolling upgrade" [Undecided,New]15:38
henrynashThe idea of rolling upgrades was to always have this [service]-manage “end of migration” command that an admin would run when all the nodes of that service had been upgraded….we’ve just never written it before!15:39
*** tesseract- has quit IRC15:40
*** M00nr41n has joined #openstack-keystone15:41
rderosehenrynash: that sounds great!15:43
henrynashrderose: ok, I’m on it15:43
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Disable inactive users requirements  https://review.openstack.org/32844715:44
rderosehenrynash: just uploaded the latest15:44
*** pnavarro has quit IRC15:44
*** daemontool has quit IRC15:44
*** tonytan4ever has joined #openstack-keystone15:44
*** rudolfvriend has quit IRC15:45
*** darosale has joined #openstack-keystone15:46
*** GB21 has quit IRC15:46
*** ddieterly is now known as ddieterly[away]15:52
*** links has quit IRC15:52
samueldmqayoung: nice, great idea15:54
samueldmqayoung: I've been thinking of a FAQ docs for keystone15:54
samueldmqayoung: that's really useful15:54
*** BjoernT has quit IRC15:54
setuiddstanek, that's the only message I see in the curses gui during install15:54
setuidStays like that for days15:55
setuidI kill it, re-run openstack-install, does the same, over and over about 40 times I've tried this weekend15:55
setuidat one point, keystone looked green, but neutron had the same error ("*config-changed*"), and I could go no further15:55
*** rderose has quit IRC15:55
dstaneksetuid: oh, i've never used any of those install tools.15:56
*** ddieterly[away] is now known as ddieterly15:56
dstanekthat may be an issue specific to the tool you are using15:56
setuidI haven't yet had a single successful openstack install after about 50-60 attempts, using bare metal, virtualbox, vmware, kvm/qemu on my Linux desktop, juju, conjure-up, etc.15:56
setuidI didn't realize going into this, that it was in such a fragile/alpha state as a framework15:57
*** rderose has joined #openstack-keystone15:57
dstaneksetuid: openstack in general?15:57
setuidYes15:57
lbragstaddstanek links to your test patches?15:58
dstaneksetuid: i've been able to install using both OSA and RDO without issue. what tools have you been using to install?15:58
lbragstaddstanek any specific ones to look at?15:58
setuiddstanek, All of the Ubuntu-specific tools, as that's what I'm required to use15:59
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 roles  https://review.openstack.org/33454615:59
dstaneklbragstad: https://review.openstack.org/#/c/334060/3 may be a good place to start16:00
patchbotdstanek: patch 334060 - keystone - Adds a backend test fixture16:00
nishasamueldmq, have a look please ^16:00
dstaneksetuid: what is the tool? i'd like to try to run it16:00
setuidopenstack-install on 14.04, conjure-up on 16.04, or use maas or juju 'raw' commands16:00
samueldmqhenrynash: I have a suggestion for naming ... change 33436416:00
samueldmqhenrynash: :)16:00
samueldmqnisha: looking now16:01
openstackgerritMerged openstack/keystone: Allow user to get themself and their domain  https://review.openstack.org/33351616:04
*** tqtran has joined #openstack-keystone16:05
dstaneksetuid: just created a 14.04. where does openstack-install come from?16:10
setuiddstanek, apt-get install openstack && openstack-install16:10
dstanekhmmm...that package doesn't seem to be on the rackspace mirrors16:11
*** BjoernT has joined #openstack-keystone16:13
*** BjoernT is now known as Bjoern_zZzZzZzZ16:13
setuidMight be in a ppa16:15
*** nisha has quit IRC16:16
*** ayoung has quit IRC16:16
*** nisha has joined #openstack-keystone16:16
dstaneksetuid: yeah, i was able to get it installed16:16
samueldmqnisha: done, see suggestions inline16:17
*** pauloewerton has joined #openstack-keystone16:17
dstaneksetuid: the tools is pretty cruddy. i was able to break it almost on the first try so now i have to rebuild my vm16:17
nishasamueldmq, sure, thanks16:17
dstaneksetuid: no idea. i select single install and then nothing happens16:20
setuidMake sure you're not using vbox, because kvm DOES NOT work in vbox (vbox devs refuse to support it, going on 7 years now)16:20
dstaneksetuid: i'm using a cloud node at Rackspace16:21
*** Bjoern_zZzZzZzZ is now known as BjoernT16:23
*** slberger has quit IRC16:24
*** diazjf has joined #openstack-keystone16:26
dstaneksetuid: are you just trying to install to experiment, make a production cloud, or ?16:26
samueldmqdstanek: see this http://paste.openstack.org/show/523613/16:27
samueldmqdstanek: without and with your patches for reducing running time of unit tests16:28
dstaneksamueldmq: nice16:28
dstaneksamueldmq: how is is the box you are running on?16:28
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation model  https://review.openstack.org/20848816:29
samueldmqdstanek: it's a 6-core intel xeon @ 2.40GHz16:30
samueldmqdstanek: 16gm ram16:30
*** ayoung has joined #openstack-keystone16:31
*** ChanServ sets mode: +v ayoung16:31
samueldmqdstanek: so 12-core when virtualized, so I guess parallel run is helping me to run those fast16:31
dstaneksamueldmq: much beefier than my current instance. i want to work my way down to a smaller one though16:32
samueldmqdstanek: it's a z640 workstation16:33
samueldmqdstanek: yes I think we have much to do there16:33
*** timcline has joined #openstack-keystone16:33
dstanekmy really aggressive patches don't apply at all anymore.16:33
*** timcline has quit IRC16:34
lbragstaddstanek reviewed your test changes, mostly just questions inline. I'm going to break for lunch to get a run in, should be back within the hour though16:34
samueldmqdstanek: I'd like to see how is the dependency graph of our test classes ... I believe it's a mess (specially for LDAP tests)16:34
*** jsavak has quit IRC16:34
*** timcline has joined #openstack-keystone16:34
*** jsavak has joined #openstack-keystone16:35
setuiddstanek, I am trying to be conversant at an engineering level with openstack16:35
*** GB21 has joined #openstack-keystone16:35
setuidI understand all of the underlying tech, but the dozens of versions of openstack and hundreds of different (most of them broken) tools out there to install, configure and manage it are confusing16:35
setuidQuite literally N-O-T-H-I-N-G works16:35
dstaneksetuid: you should try one of the tools supported by openstack, like ansible or puppet stuff16:37
setuidNo can do, have to use the tools provided by the mother ship16:38
dstaneksetuid: have you engaged them to see why they don't work?16:38
setuidYes, but it's apparently all me :)16:38
*** ddieterly is now known as ddieterly[away]16:39
*** TxGVNN has quit IRC16:40
dstaneksetuid: that's what they said?16:40
dstaneksetuid: if you are trying to understand at the engineering level then you should just use devstack16:42
*** nisha has quit IRC16:42
*** nisha has joined #openstack-keystone16:42
*** ddieterly[away] is now known as ddieterly16:43
samueldmqaloga:  hi16:46
samueldmqaloga: could you see my comment on patch 333850 ?16:46
patchbotsamueldmq: https://review.openstack.org/#/c/333850/ - keystoneauth - oidc: add tests for plugin loader16:46
*** slberger has joined #openstack-keystone16:46
*** gyee has joined #openstack-keystone16:51
*** ChanServ sets mode: +v gyee16:51
samueldmqaloga: nvm, I figured it out, see comment in the review16:51
*** fawadkhaliq has joined #openstack-keystone16:59
*** belmoreira has joined #openstack-keystone17:00
*** slberger has quit IRC17:01
dstanekrderose: how safe is it to start reviewing PCI stuff? looks like there has been a lot of churn recently17:02
openstackgerritAlexander Makarov proposed openstack/keystone: Allow test migration by module name  https://review.openstack.org/33456817:02
*** belmoreira has quit IRC17:03
amakarovdstanek, hi! What do you think of this idea? ^17:04
*** real56 has quit IRC17:05
*** ayoung has quit IRC17:06
*** amoralej is now known as amoralej|off17:06
*** slberger has joined #openstack-keystone17:08
*** woodster_ has quit IRC17:09
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 roles  https://review.openstack.org/33454617:10
dstanekamakarov: what does it change?17:10
amakarovdstanek, it allows upgrading sql using name rather than version number17:11
amakarovin tests17:11
*** jsavak has quit IRC17:11
amakarovdstanek, so one don't need to update version numbers in migration tests on every rebase17:12
nishasamueldmq, did all the changes you suggested :)17:13
dstanekamakarov: the self.upgrade(#) statements?17:14
amakarovdstanek, yes17:15
dstanekamakarov: those don't have to be updated do they?17:15
amakarovdstanek, the second one should be changed to self.upgrade_by_name17:16
amakarovdstanek, I'll rebase one patch atop of it and use it as an example17:17
dstanekamakarov: but does anything actually need to get updated for each release or do you really just like the name better?17:17
*** slberger has quit IRC17:17
amakarovdstanek, I very often run into situation: I have NNN_add_some_stuff.py migration17:18
*** slberger has joined #openstack-keystone17:18
amakarovand by the time it's reviewed several other changes are merged17:18
*** samueldmq has quit IRC17:18
stevemardstanek: i'm also confused by that patch :)17:19
amakarovso I have to upgrade it to NNN+X_add_some_stuff.py17:19
amakarovso I have to upgrade tests too17:19
stevemaramakarov: ah, you guys have some internal migrations you run?17:19
amakarovchange self.upgrade(NNN) to self.upgrade(NNN+X)17:19
amakarovstevemar, yes17:20
*** itisha has quit IRC17:20
*** samueldmq has joined #openstack-keystone17:20
*** ChanServ sets mode: +v samueldmq17:20
stevemaramakarov: i see. and those need to be in the keystone repo?17:20
samueldmqnisha: looking again17:20
stevemaramakarov: we used to have extensions live in their own module if you recall17:21
amakarovstevemar, to be used - yes17:21
*** ayoung has joined #openstack-keystone17:22
*** ChanServ sets mode: +v ayoung17:22
samueldmqamakarov: dstanek: stevemar: unless there is a way to get version +1 by name too, I think calling by version number explicitly is good17:22
amakarovstevemar, why not have it in our internal test toolset?17:22
stevemaramakarov: just trying to understand the problem :)17:22
amakarovsamueldmq, and upgrade the numbers on every rebase?17:22
amakarovstevemar, ok, I'm planning to update closure table patch for performance testing - let me use it as an example :)17:23
samueldmqamakarov: in what scenario ? in the tests ?17:23
stevemaramakarov: coolio17:23
amakarovsamueldmq, yep17:23
samueldmqamakarov: I've never seen the need to update version numbers in the tests17:24
samueldmqamakarov: they never change after merge17:24
amakarovsamueldmq, imagine the case: you add a table. You have numbered migration for that. And tests17:24
*** harlowja has quit IRC17:25
stevemaramakarov: there's also nothing to prevent me from doing 101_add_column and 102_add_column :)17:25
dstanekah i see. so you are reusing our numbers in your tests?17:25
amakarovyou hone it, address everybody's -1's, and occasionally see, that somebody's numbeerd migration landed17:25
dstanekstevemar: ++ the # is the unique part17:25
dstanekamakarov: can you start using reserved #s?17:26
amakarovdstanek, it would be great, but I still can't figure out how it works :)17:27
*** samueldmq has quit IRC17:28
amakarovdstanek, can you point me some doc or ML related?17:28
dstanekamakarov: is there any way to run run your migrations separately?17:28
dstanekML related to reserved #s?17:28
amakarovdstanek, ++17:28
stevemardstanek: amakarov: i was thinking you guys would do something like this: https://github.com/openstack/keystone/tree/kilo-eol/keystone/contrib/oauth1/migrate_repo/versions17:29
*** ddieterly is now known as ddieterly[away]17:29
amakarovdstanek, looks like I've missed a big part... AFAIK I have to add my migration in the chain to be able to test it17:29
dstanekamakarov: i don't think so... like steve's link you should be able to do it like an extension17:30
*** jsavak has joined #openstack-keystone17:30
*** slberger has quit IRC17:30
dstanekthose were always somewhat separate17:30
stevemaramakarov: i think dstanek is talking about the 095_placeholder files as the "reserved" numbers17:30
stevemardstanek: indeed they were17:30
dstanekstevemar: amakarov: yes. the s/reserved/placeholder/ numbers can be used as a last resort since we don't really use them. but i don't know how they would work if you need a migration that depends on one of ours17:31
stevemardstanek: except we've used 2 of them this time around :|17:32
dstanekamakarov: are you actually creating your own migrations that change the keystone schema or are these your own tables?17:32
dstanekstevemar: yeah, but that's pretty rare17:32
dstanekcertainly much less than up using up more and more numbers17:32
*** harlowja has joined #openstack-keystone17:33
amakarovdstanek, what do you mean by "own tables"? I need to add table to keystone database17:33
*** nisha has quit IRC17:35
amakarovdstanek, can you please help me with this change https://review.openstack.org/#/c/285521/ ?17:35
patchbotamakarov: patch 285521 - keystone - Closure table for HMT17:35
amakarov105 is already landed, so I have to update it17:35
amakarovdstanek, after that patch will hang around for some time gathering +'es and -'es, and meanwhile 106 will land, so I'll have to update all versions and loose all reviews17:36
dstanekamakarov: ah, so you are just talking about upstream changes landing first and using that number? it sounded like you had your own migrations17:37
amakarovdstanek, ++17:37
dstanekamakarov: i'm not sure if there is a good way to solve that unless you somehow enforce that migrations names are unique17:38
*** samueldmq has joined #openstack-keystone17:39
*** ChanServ sets mode: +v samueldmq17:39
*** jaugustine has quit IRC17:40
amakarovdstanek, well, will it be enough to check if the requested upgrade name is unique?17:41
samueldmqdstanek: amakarov: I am no sure you got my last messages (I got disconnected)17:41
dstanekamakarov: how would you do that?17:42
samueldmqwhat about having a test class per migration ? so we'd have a base class with migration_number as a property + pre_migration_checks() and post_migration_checks() as abstract methods17:42
samueldmqso every subclass override them17:42
*** jaugustine has joined #openstack-keystone17:42
*** jbell8 has joined #openstack-keystone17:42
dstanekamakarov: the only time you really need to change that number is when you rebase right? how often have you had to do that?17:42
samueldmqand the super class would do the upgrade_to -1 -> check_pre -> upgrade -> check_post dance17:43
samueldmqdstanek: amakarov ^17:43
samueldmqdstanek: ++ yes I agree the motivation is not right to make such change17:43
openstackgerritMerged openstack/keystoneauth: oidc: add tests for plugin loader  https://review.openstack.org/33385017:44
amakarovsamueldmq, interesting idea, though I fear it will increase complexity (my idea is also questionable :))17:44
*** slberger has joined #openstack-keystone17:44
amakarovdstanek, usually about 10 time per patch related to db change17:45
dstaneksamueldmq: that won't stop him from having to keep updating the patch though right?17:45
amakarovtimes*17:45
samueldmqamakarov: dstanek: I think it'd make it clearer (as individual test cases only would need to focus on the checks)17:46
samueldmqdstanek: yes you're right, it doesn't solve that "issue"17:46
samueldmqamakarov: 10 times ? you get 10 migrations getting merged before your migration patch does ?17:46
dstanekamakarov: that's quite a lot. how long does it take for your patches to merge?17:46
amakarovsamueldmq, dstanek: usually less than a dozen gets merged per cycle17:48
samueldmqamakarov: so your migration patch takes more than a cycle to get merged ?17:49
samueldmqamakarov: you only need to rebase and update the migration number when a patch merges using the migration number you're currently setting in your patch too17:49
dstaneksamueldmq: not even for everyone....just when you need to rebase or at the very end17:51
dstanekamakarov: if you be the +2s and the only change that needs to be made to merge is bumping the number then the +A would be very easy to get17:51
samueldmqdstanek: ++17:52
*** tonytan4ever has quit IRC17:52
amakarovdstanek, samueldmq, not only: on every merge conflict I have to remember it too. because after rebase and conflist resolution I have to bump versions or tests will fail17:53
openstackgerritMerged openstack/keystoneauth: oidc: fix OpenID Connect scope option  https://review.openstack.org/33326117:55
samueldmqamakarov: if tests fail, you don't need to remember it yourself; failing tests will tell you so17:55
samueldmq:)17:55
amakarovsamueldmq, "Manual sunset" that is :)17:57
*** tonytan4ever has joined #openstack-keystone18:00
stevemardstanek dolphm lbragstad is http://specs.openstack.org/openstack/keystone-specs/specs/keystone/newton/credential-encryption.html for storing fernet keys?18:02
*** jaugustine has quit IRC18:04
*** diazjf1 has joined #openstack-keystone18:06
*** jaugustine has joined #openstack-keystone18:06
*** diazjf has quit IRC18:10
*** nkinder has quit IRC18:13
*** amoralej|off is now known as amoralej18:15
*** samueldmq has quit IRC18:16
*** samueldmq has joined #openstack-keystone18:19
*** ChanServ sets mode: +v samueldmq18:19
raildostevemar: ping, needs your shades knowledge here, this is one of the jobs that are breaking with the keystone v3-only env: https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/shade.yaml#L16, since it explicity execute this job in a keystone v2 env18:20
raildostevemar: shoud talk with infra team to remove this job?18:21
*** diazjf has joined #openstack-keystone18:21
raildostevemar: add a new one with v3?18:21
dstanekraildo: is that a test for shade itself?18:23
raildodstanek: yes, every shade patch runs this job18:24
dstanekraildo: that would be a good question for mordred18:24
*** diazjf1 has quit IRC18:25
raildodstanek: as you can see here: https://review.openstack.org/#/c/315713/ this gate-shade-dsvm-functional-keystone218:25
patchbotraildo: patch 315713 - openstack-infra/shade - Add floating IPs to server dict ourselves18:25
lbragstadstevemar no - I don't think so18:26
*** iurygregory_ has joined #openstack-keystone18:26
lbragstadstevemar that was for the encryption of the totp mechanism18:26
lbragstadnonameentername ^18:26
dstaneklbragstad: stevemar: ++ is was TOTP18:26
*** ayoung has quit IRC18:27
*** tonytan4ever has quit IRC18:28
*** ddieterly[away] has quit IRC18:29
*** rcernin has quit IRC18:34
dstanekok, now it really is lunch time!18:34
samueldmqdstanek: bon apetit18:34
*** diazjf has quit IRC18:37
*** ddieterly has joined #openstack-keystone18:37
*** tonytan4ever has joined #openstack-keystone18:38
openstackgerritAlexander Makarov proposed openstack/keystone: Closure table for HMT  https://review.openstack.org/28552118:40
*** amoralej is now known as amoralej|off18:40
*** mwheckmann has joined #openstack-keystone18:42
mordreddstanek: I didn't do it18:43
mordredraildo: hiya!18:43
raildomordred: :D18:43
mordredraildo: so - shade will always want a devstack with keystone v2 enabled18:43
*** bjornar_ has joined #openstack-keystone18:43
mordredbecause shade's purpose in life is to make sure that end-users can use openstack no matter what the deployment is - and there are still public clouds out there that do not have keystone v318:44
mordredso it's important that shade work with v218:44
samueldmqmordred: ++18:44
mordredit's entirely possible that we'll need to update the job config for that job in some way18:44
samueldmqraildo: I think you should just set V2_ENABLED flag (or whatever it's named) to True explicitly for that job18:45
samueldmqmordred:  ^18:45
raildomordred: hum... got it. So I think we have to change a little this job. to use this flag as True18:45
raildohttps://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/nova.yaml#L2918:45
raildosamueldmq: ++18:45
nonameenternameI'm currently working on updating encryption for totp18:47
openstackgerritAlexander Makarov proposed openstack/keystone: Allow test migration by module name  https://review.openstack.org/33456818:49
*** ddieterly is now known as ddieterly[away]18:50
openstackgerritAlexander Makarov proposed openstack/keystone: Closure table for HMT  https://review.openstack.org/28552118:54
*** diazjf has joined #openstack-keystone18:57
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation model  https://review.openstack.org/20848819:00
*** slberger1 has joined #openstack-keystone19:02
*** rcernin has joined #openstack-keystone19:04
*** slberger has quit IRC19:04
*** adu has joined #openstack-keystone19:12
*** ddieterly[away] is now known as ddieterly19:13
openstackgerritwerner mendizabal proposed openstack/keystone: Support encryption of credentials in Keystone  https://review.openstack.org/31716919:16
openstackgerritMerged openstack/keystonemiddleware: Pop oslo_config_config before doing paste convert  https://review.openstack.org/33373419:19
openstackgerritMerged openstack/keystonemiddleware: Break out the API piece into its own file  https://review.openstack.org/33429019:20
*** slberger1 has quit IRC19:20
openstackgerritAlexander Makarov proposed openstack/keystone: Add failed auth attempts logic to meet PCI-DSS  https://review.openstack.org/32402919:23
*** pnavarro has joined #openstack-keystone19:28
*** jsavak has quit IRC19:31
*** jsavak has joined #openstack-keystone19:31
*** pnavarro has quit IRC19:32
*** slberger has joined #openstack-keystone19:35
*** harlowja has quit IRC19:36
*** jefrite has quit IRC19:37
*** sdake has quit IRC19:38
*** sdake has joined #openstack-keystone19:40
*** ayoung has joined #openstack-keystone19:42
*** ChanServ sets mode: +v ayoung19:42
rderoselbragstad: you there?19:49
*** fawadkhaliq has quit IRC19:51
*** julim has joined #openstack-keystone19:51
*** fawadkhaliq has joined #openstack-keystone19:51
*** harlowja has joined #openstack-keystone19:52
lbragstadrderose yep19:55
rderoselbragstad: just responded to your comment; want to make sure I'm not missing something, but sounds reasonable to me that the user would be disabled.19:56
*** fawadkhaliq has quit IRC19:56
lbragstadrderose yeah - I think so too19:56
lbragstaddstanek dolphm ^19:56
rderoselbragstad: cool19:56
*** ravelar159 has joined #openstack-keystone20:00
*** slberger has quit IRC20:01
*** ravelar159 has quit IRC20:01
*** slberger has joined #openstack-keystone20:03
*** amakarov is now known as amakarov_away20:06
*** jsavak has quit IRC20:07
*** jsavak has joined #openstack-keystone20:07
*** woodster_ has joined #openstack-keystone20:08
*** seldenr has joined #openstack-keystone20:12
*** jbell8 has quit IRC20:14
*** ddieterly is now known as ddieterly[away]20:15
*** GB21 has quit IRC20:16
*** samueldmq has quit IRC20:17
stevemarhenrynash: oof https://bugs.launchpad.net/keystone/+bug/1596500 is ugly20:18
openstackLaunchpad bug 1596500 in OpenStack Identity (keystone) "Passwords created_at attribute could remain unset during rolling upgrade" [Undecided,New] - Assigned to Henry Nash (henry-nash)20:18
*** sdake_ has joined #openstack-keystone20:19
stevemarhenrynash: also http://lists.openstack.org/pipermail/openstack-dev/2016-June/098255.html eww20:20
*** sdake has quit IRC20:22
*** ravelar159 has joined #openstack-keystone20:22
*** ddieterly[away] is now known as ddieterly20:22
*** ravelar_159 has joined #openstack-keystone20:27
*** ravelar159 has quit IRC20:28
*** adu has quit IRC20:32
*** jsavak has quit IRC20:32
*** jsavak has joined #openstack-keystone20:33
*** ravelar_159 has quit IRC20:34
*** GB21 has joined #openstack-keystone20:34
*** fawadkhaliq has joined #openstack-keystone20:39
*** fawadkhaliq has quit IRC20:39
*** fawadkhaliq has joined #openstack-keystone20:40
*** slberger has quit IRC20:41
*** ravelar159 has joined #openstack-keystone20:41
*** slberger has joined #openstack-keystone20:42
*** ravelar159 has quit IRC20:44
*** fawadkhaliq has quit IRC20:45
*** sdake has joined #openstack-keystone20:49
dstaneklbragstad: ?20:50
*** jlk has quit IRC20:51
stevemarlbragstad: give https://review.openstack.org/#/c/334060/ another look please20:51
patchbotstevemar: patch 334060 - keystone - Adds a backend test fixture20:51
dstanekstevemar: woot. it passed!20:52
*** jlk has joined #openstack-keystone20:52
*** edmondsw has quit IRC20:52
*** jlk has quit IRC20:52
*** jlk has joined #openstack-keystone20:52
*** sdake_ has quit IRC20:53
stevemardstanek: whats your response here: https://review.openstack.org/#/c/334061/4/keystone/tests/unit/test_backend_ldap.py20:53
patchbotstevemar: patch 334061 - keystone - Group test_backend_ldap skips for readability20:53
dstaneklbragstad: i'm looking at some of the tests in the patch that depends on that one20:53
dstanekstevemar: ^20:53
dstanekit's possible that they can be deleted, but many of them appear to only be skipped in certain setups20:53
stevemardstanek: otay20:54
*** catintheroof has joined #openstack-keystone20:55
*** diazjf has quit IRC20:58
dstanekstevemar: lbragstad: commented and looking to see if another patch is necessary20:58
dstanekunwinding those tests into logic patches was hard enough :-(20:59
lbragstaddstanek makes sense21:00
*** mvk_ has joined #openstack-keystone21:01
*** fawadkhaliq has joined #openstack-keystone21:01
*** mkrcmari__ has joined #openstack-keystone21:05
*** raildo is now known as raildo-afk21:07
*** mvk has joined #openstack-keystone21:07
*** diazjf has joined #openstack-keystone21:08
*** mvk_ has quit IRC21:09
*** mkrcmari__ has quit IRC21:10
*** sdake_ has joined #openstack-keystone21:12
*** sdake has quit IRC21:13
*** rderose has quit IRC21:15
*** sdake has joined #openstack-keystone21:16
*** sdake_ has quit IRC21:17
openstackgerritDolph Mathews proposed openstack/keystone: Improve keystone.conf [assignment] documentation  https://review.openstack.org/33466721:17
openstackgerritDolph Mathews proposed openstack/keystone: Improve keystone.conf [auth] documentation  https://review.openstack.org/33466821:17
openstackgerritDolph Mathews proposed openstack/keystone: Improve keystone.conf [DEFAULT] documentation  https://review.openstack.org/33466921:18
*** fawadkhaliq has quit IRC21:24
openstackgerritLance Bragstad proposed openstack/keystone: Allow id string validation to be configurable  https://review.openstack.org/33467321:24
stevemarlbragstad: i love that ^ <321:25
*** mvk_ has joined #openstack-keystone21:35
*** permalac_ has joined #openstack-keystone21:35
*** pauloewerton has quit IRC21:35
*** permalac has quit IRC21:36
stevemardolphm: s/entrypoint/Entry point/g21:38
*** mvk has quit IRC21:38
*** fawadkhaliq has joined #openstack-keystone21:39
*** mkrcmari__ has joined #openstack-keystone21:41
*** gagehugo has quit IRC21:43
*** mkrcmari__ has quit IRC21:43
*** fawadkhaliq has quit IRC21:43
*** mvk has joined #openstack-keystone21:44
*** jaugustine has quit IRC21:44
openstackgerritMerged openstack/keystonemiddleware: Extract a common notifier pattern  https://review.openstack.org/33429121:44
openstackgerritMerged openstack/keystonemiddleware: Refactor create_event onto the api object.  https://review.openstack.org/33429221:44
*** mvk_ has quit IRC21:44
openstackgerritMerged openstack/keystonemiddleware: Refactor audit api tests into their own file  https://review.openstack.org/33429321:44
*** ddieterly is now known as ddieterly[away]21:45
*** fawadkhaliq has joined #openstack-keystone21:45
*** fawadkhaliq has quit IRC21:49
*** bjornar_ has quit IRC21:52
*** ddieterly[away] is now known as ddieterly21:53
*** catintheroof has quit IRC21:55
*** ddieterly is now known as ddieterly[away]21:58
openstackgerritMerged openstack/keystone: Adds a backend test fixture  https://review.openstack.org/33406022:01
*** diazjf has quit IRC22:03
*** spzala has quit IRC22:05
*** ddieterly[away] is now known as ddieterly22:06
*** spzala has joined #openstack-keystone22:07
*** jsavak has quit IRC22:08
*** fawadkhaliq has joined #openstack-keystone22:10
*** slberger has left #openstack-keystone22:11
*** spzala has quit IRC22:12
*** fawadkhaliq has quit IRC22:14
*** raddaoui has quit IRC22:17
*** jamielennox is now known as jamielennox|away22:21
*** ddieterly has quit IRC22:27
*** ametts has quit IRC22:28
*** spzala has joined #openstack-keystone22:31
ayoungSomeone went to town on the troubleshooting doc22:33
ayoungnow we need to figure out how to organize it22:33
*** spzala has quit IRC22:36
*** ametts has joined #openstack-keystone22:41
*** KevinE has quit IRC22:43
*** darosale has quit IRC22:43
*** BjoernT has quit IRC22:43
*** julim has quit IRC22:46
*** ametts has quit IRC22:48
openstackgerritDolph Mathews proposed openstack/keystone: Improve keystone.conf [credential] documentation  https://review.openstack.org/33470222:51
*** dan_nguyen has joined #openstack-keystone22:57
*** mvk_ has joined #openstack-keystone22:58
*** tonytan4ever has quit IRC23:02
*** mvk has quit IRC23:02
*** gordc has quit IRC23:16
*** walharthi has joined #openstack-keystone23:21
*** raddaoui has joined #openstack-keystone23:23
*** walharthi has quit IRC23:26
*** dan_nguyen has quit IRC23:27
*** bj0rnar has quit IRC23:28
*** stian_ has quit IRC23:29
*** dan_nguyen has joined #openstack-keystone23:30
*** fawadkhaliq has joined #openstack-keystone23:30
mwheckmanndavid-lyle, jamielennox: I'm trying to use Horizon with v3 cloud sample Keystone policy.json so that I can have a domain admin user. Problem is that I get an error on login: 'Token' object has no attribute '__getitem__'. It seems like the policy enforcement code that Horizon uses is looking for 'is_admin_project' to be set in the token. I've configured it in my Keystone conf and applied some23:31
mwheckmann of the recent patches to set the value even if we *aren't* in the admin much project, but to no avail.. is this supposed to be working?23:31
*** dan_nguyen has left #openstack-keystone23:31
*** fawadkhaliq has quit IRC23:35
*** pgbridge has quit IRC23:35
*** bj0rnar has joined #openstack-keystone23:37
*** mwheckmann has quit IRC23:37
*** stian_ has joined #openstack-keystone23:38
*** jamielennox|away is now known as jamielennox23:43
*** timcline has quit IRC23:48
*** timcline has joined #openstack-keystone23:48
openstackgerritSam Leong proposed openstack/keystoneauth: Auth plugin for X.509 tokenless authentication  https://review.openstack.org/28390523:49
*** seldenr has quit IRC23:50
*** timcline has quit IRC23:53
*** rderose has joined #openstack-keystone23:56
« Sunday, 2016-06-26 Index Tuesday, 2016-06-28 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!