Friday, 2016-08-19

« Thursday, 2016-08-18 Index Saturday, 2016-08-20 »
*** dikonoor has joined #openstack-keystone00:02
*** arunkant_ has quit IRC00:07
*** itisha has joined #openstack-keystone00:08
*** xenogear has joined #openstack-keystone00:10
*** jamielennox is now known as jamielennox|away00:33
*** jamielennox|away is now known as jamielennox00:46
*** su_zhang has quit IRC00:47
*** gyee has quit IRC00:48
*** Ephur has joined #openstack-keystone00:50
*** tqtran has quit IRC00:54
*** spzala has joined #openstack-keystone01:18
*** wangqun has joined #openstack-keystone01:20
*** spzala has quit IRC01:23
*** chlong has joined #openstack-keystone01:24
*** code-R has joined #openstack-keystone01:31
*** EinstCrazy has joined #openstack-keystone01:32
*** richm has quit IRC01:35
*** lamt_ has left #openstack-keystone01:57
*** lamt has joined #openstack-keystone01:59
*** davechen has joined #openstack-keystone02:03
*** jamielennox is now known as jamielennox|away02:04
*** code-R_ has joined #openstack-keystone02:10
*** EinstCrazy has quit IRC02:11
*** EinstCrazy has joined #openstack-keystone02:12
*** code-R has quit IRC02:13
stevemarbreton: thanks for the new patch!02:18
*** EinstCra_ has joined #openstack-keystone02:19
*** EinstCrazy has quit IRC02:23
*** jamielennox|away is now known as jamielennox02:26
*** chlong has quit IRC02:29
*** asettle has joined #openstack-keystone02:30
*** asettle has quit IRC02:35
*** chlong has joined #openstack-keystone02:46
*** spzala has joined #openstack-keystone02:51
*** code-R_ has quit IRC03:01
*** code-R has joined #openstack-keystone03:01
*** ayoung has quit IRC03:22
*** woodster_ has quit IRC03:29
*** eandersson_ has joined #openstack-keystone03:30
*** spzala has quit IRC03:34
*** eandersson_ has quit IRC03:37
*** chlong has quit IRC03:39
*** code-R has quit IRC03:40
*** code-R has joined #openstack-keystone03:48
*** su_zhang has joined #openstack-keystone03:49
*** chlong has joined #openstack-keystone03:52
*** chlong has quit IRC04:10
*** links has joined #openstack-keystone04:15
*** chlong has joined #openstack-keystone04:23
*** code-R has quit IRC04:26
*** dims has quit IRC04:38
stevemarrderose: hmm, are the ldap users supposed to be shadowed now?04:42
stevemaris it only on auth?04:42
stevemarprobably, makes sense04:42
*** dims has joined #openstack-keystone04:43
*** code-R has joined #openstack-keystone04:46
*** awayne_ has joined #openstack-keystone04:50
*** awayne has quit IRC04:50
*** awayne_ is now known as awayne04:50
*** GB21 has joined #openstack-keystone04:57
*** chlong has quit IRC05:12
mrhillsmancan someone help me understand why openstack client is trying to use http when i have set the endpoint to https?05:15
*** code-R_ has joined #openstack-keystone05:16
mrhillsmanopenstack endpoint list always comes back saying it cannot hit the http url05:16
*** code-R has quit IRC05:19
*** sdake_ has quit IRC05:24
*** chlong has joined #openstack-keystone05:26
*** GB21 has quit IRC05:29
*** Ephur has quit IRC05:34
*** Ephur has joined #openstack-keystone05:34
*** Ephur has quit IRC05:39
*** GB21 has joined #openstack-keystone05:47
*** chlong has quit IRC05:52
*** sdake has joined #openstack-keystone05:59
*** su_zhang has quit IRC06:05
*** sdake has quit IRC06:08
*** ravelar has joined #openstack-keystone06:18
*** chlong has joined #openstack-keystone06:21
*** ravelar has quit IRC06:22
*** adriant has quit IRC06:35
*** itisha has quit IRC06:40
openstackgerritJamie Lennox proposed openstack/keystoneauth: Allow specifying client and service info to user_agent  https://review.openstack.org/35763306:40
*** rcernin has joined #openstack-keystone06:41
openstackgerritJamie Lennox proposed openstack/keystoneauth: Allow specifying client and service info to user_agent  https://review.openstack.org/35763306:44
*** jaosorior has joined #openstack-keystone06:55
*** tesseract- has joined #openstack-keystone06:56
*** marekd2 has joined #openstack-keystone07:16
*** jaosorior has quit IRC07:17
*** marekd2_ has joined #openstack-keystone07:18
*** marekd2_ has quit IRC07:18
*** marekd2_ has joined #openstack-keystone07:19
*** marekd2 has quit IRC07:20
*** jaosorior has joined #openstack-keystone07:22
*** GB21 has quit IRC07:28
*** pnavarro has joined #openstack-keystone07:42
*** dkehn_ has quit IRC07:46
*** zhangjl has joined #openstack-keystone07:57
*** zhangjl has left #openstack-keystone07:58
*** dkehn_ has joined #openstack-keystone07:59
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add return-request-id-to-caller function(v2_0)  https://review.openstack.org/26744908:00
*** openstackgerrit has quit IRC08:03
*** openstackgerrit has joined #openstack-keystone08:03
*** GB21 has joined #openstack-keystone08:04
*** aloga has quit IRC08:30
*** aloga has joined #openstack-keystone08:30
*** markvoelker has quit IRC08:30
*** asettle has joined #openstack-keystone08:36
*** Trixboxer has quit IRC08:40
*** eandersson_ has joined #openstack-keystone08:41
*** hoonetorg has quit IRC08:43
*** asettle has quit IRC08:53
*** hoonetorg has joined #openstack-keystone08:53
*** asettle has joined #openstack-keystone08:53
*** chlong has quit IRC09:03
*** davechen has left #openstack-keystone09:03
*** EinstCra_ has quit IRC09:08
*** EinstCrazy has joined #openstack-keystone09:10
samueldmqjamielennox: hi, you around ?09:12
samueldmqjamielennox: nisha and  I want to test the tokens manager (https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v3/tokens.py)09:14
samueldmqjamielennox: but we are not sure what's the best way to get a token _id or accessinfo for an arbitrary user (given its username/passwd) and a v3 client instance09:14
samueldmqdo you have any recommendation?09:14
samueldmqjamielennox: I was thinking about instantiating another client using the passwd plugin, then get the token_id or accessinfo from there somehow09:19
samueldmqbut maybe there is a easier way09:19
samueldmqstevemar: you might know something too ^09:19
samueldmq:-)09:19
bretonstevemar: shadow users get shadowed only on auth, yes09:19
*** markvoelker has joined #openstack-keystone09:31
*** markvoelker has quit IRC09:36
*** jaosorior has quit IRC09:54
*** GB21 has quit IRC09:58
*** EinstCra_ has joined #openstack-keystone10:00
*** EinstCrazy has quit IRC10:02
*** EinstCra_ has quit IRC10:07
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843510:10
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843510:10
*** jaosorior has joined #openstack-keystone10:14
*** markvoelker has joined #openstack-keystone10:32
*** mnikolaenko_ has joined #openstack-keystone10:32
odyssey4meWe're looking for a backport review urgently which is blocking upgrade tests from Liberty to Mitaka. Anyone around other than stevemar (who's already voted) to review? https://review.openstack.org/#/c/35741510:34
patchbotodyssey4me: patch 357415 - keystone (stable/mitaka) - Add dummy domain_id column to cached role10:34
*** markvoelker has quit IRC10:36
JehaneHi, I'm trying to setup an ldap domain for keystone and I have an issue with groups11:03
Jehanewe are using groupOfMembers as describe in https://tools.ietf.org/html/draft-howard-rfc2307bis-0211:03
Jehaneis this supported ? The primary group is set by an attribute in the user DN11:04
*** wangqun has quit IRC11:06
-openstackstatus- NOTICE: Precise tests on OSIC provider are currently failing, please stop your checks until the issue is resolved.11:16
-openstackstatus- NOTICE: DSVM jobs on OSIC currently failing because of IP collisions, fix is in the gate - https://review.openstack.org/#/c/357764/ - please hold rechecks until merged11:21
*** woodburn has quit IRC11:25
*** woodburn has joined #openstack-keystone11:26
*** code-R_ has quit IRC11:28
openstackgerrithenry-nash proposed openstack/keystone: Fix issue of password created_at being left as nullable  https://review.openstack.org/35778911:31
*** markvoelker has joined #openstack-keystone11:32
*** markvoelker has quit IRC11:37
openstackgerrithenry-nash proposed openstack/keystone: Fix issue of password created_at being left as nullable  https://review.openstack.org/35778911:38
*** jaosorior has quit IRC11:41
*** jaosorior has joined #openstack-keystone11:42
openstackgerritBoris Bobrov proposed openstack/keystone: Add mapping_populate command  https://review.openstack.org/34302811:48
-openstackstatus- NOTICE: OSIC has burned through the problematic IP range with failures, things should be back to normal now.11:49
*** lamt has quit IRC11:51
*** julim has quit IRC11:57
*** amoralej is now known as amoralej|lunch11:58
*** dmellado is now known as dmellado|lunch12:02
*** dmellado|lunch is now known as dmellado12:02
*** jpena is now known as jpena|lunch12:05
*** rodrigods has quit IRC12:08
*** rodrigods has joined #openstack-keystone12:08
*** edmondsw has joined #openstack-keystone12:08
*** code-R has joined #openstack-keystone12:17
*** raildo has joined #openstack-keystone12:23
jamielennoxsamueldmq: i'm just quickly checking this on my way to bed, but i wouldn't use the token manager for that at all12:23
jamielennoxif you do auth_plugin.get_auth_ref(session) it'll give you an access info12:24
jamielennoxauth_plugin.get_token_id() as well12:24
*** lamt has joined #openstack-keystone12:24
*** gordc has joined #openstack-keystone12:24
jamielennoxthe only thing i know that uses the token manager is the auth_token middleware doing a validate - but even that i want to just make a direct call12:25
jamielennoxanyway - hope that helps12:25
jamielennoxnight12:25
*** asettle has quit IRC12:26
*** mordred_ has joined #openstack-keystone12:27
*** asettle has joined #openstack-keystone12:28
*** pauloewerton has joined #openstack-keystone12:31
*** mordred_ is now known as sadmordred12:31
*** markvoelker has joined #openstack-keystone12:33
*** sdake has joined #openstack-keystone12:35
lbragstadmorning12:35
dikonoordstanek:hi12:37
*** markvoelker has quit IRC12:38
dikonoordstanek:I checked on what we discussed yesterday and for ldap/custom users (and I feel this should be happening for federated and sql users) there are entries made to 3 tables12:38
dstanekdikonoor: ?12:39
dolphmrderose: ^12:39
dstanekdikonoor: what are you seeing happening and what are you expecting?12:41
dikonoordstanek: I didnot really follow your ? ..so let me proceed..This is on the shadow user discussion we had yesterday. When a user is authenticated, the authenticate method tries to insert the user entry into the nolocal_user table and then calls this >> https://github.com/openstack/keystone/blob/master/keystone/identity/shadow_backends/sql.py#L91-L10412:41
dikonoordstanek: From the model of the User table , (if you see the setter method for domain_id) >>https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L2812:42
*** amakarov_away is now known as amakarov12:42
dikonoordstanek: it looks like the user table keeps only id and project_id info , the nonlocal_user table keeps the domain_id, user_id etc..However, as per what you mentioned yesterday, for ldap/custom users there should be entries only in user and nonlocal_user tables and not in the local_user table12:43
dstanekare you getting records in local_user for ldap authentications?12:44
dikonoordstanek: yes12:44
dstaneki would not expect that. maybe a bug?12:45
dstaneki'll have to wait for rderose to comment since he has been implementing this. not sure it that's intentional or not.12:46
dikonoordstanek: all 3 tables are populated. I think whenever one inserts an entry into the User table, there would be an entry added in the local_user table as well ..https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L14712:46
dolphmdikonoor: that should depend on the type of authentication12:46
dolphmhenrynash: around?12:47
dstanekdolphm: it looks to me like accessing certain properties of User will always cause a local_user to be created if we are using a write cursor12:49
*** lamt has quit IRC12:49
dikonoordstanek: I took a look at rderose's changesets and he has not made any changes to cause this..meaning the code around User and it's orm relationship with local_user table has probably been existing for a long time.12:49
*** markvoelker has joined #openstack-keystone12:49
dstanekdikonoor: no, that is all his code from last cycle12:49
dolphmshadow users (and most of those tables) were introduced in mitaka12:50
dikonoordstanek:dolphm: I think this is the changeset https://review.openstack.org/#/c/323602/12:50
patchbotdikonoor: patch 323602 - keystone - Shadow LDAP and custom driver users (MERGED)12:50
dolphmdikonoor: that patch will be new for newton12:51
nk2527Good morning all...I registered my first blueprint (https://blueprints.launchpad.net/keystone/+spec/x-auth-region-header) but not sure what next steps are.  Can anyone point me in the right direction?12:52
dikonoordolphm: Let me pull the mitaka patch.12:52
dolphmnk2527: sure, because blueprints are basically useless on their own :)12:52
dolphmnk2527: is this something you wanted to work on?12:52
dolphmnk2527: or a feature you wanted to request / make a use case for?12:53
nk2527something I wanted to work on12:53
dikonoordolphm:dstanek: https://review.openstack.org/#/c/279162/12:53
patchbotdikonoor: patch 279162 - keystone - Shadow users - Shadow federated users (MERGED)12:53
dolphmnk2527: okay, then you'll need a blueprint, but first...12:54
dolphmnk2527: new features are proposed and documented here first: http://specs.openstack.org/openstack/keystone-specs/12:54
nk2527Gotcha...assuming this would go in backlog then?12:54
dikonoordolphm:dstanek: I see only one change for mitaka which is the above..and that's primarily for the federated users12:55
dolphmnk2527: usually you'll propose to the next release (ocata), but you can also propose to backlog if it's not something you want to work on immediately (or aren't going to work on yourself)12:55
*** nishaYadav has joined #openstack-keystone12:55
dstaneknk2527: that's interesting. so in that model regions can't validate each others tokens?12:55
dikonoordolphm:dstanek: and the one merged for Newton is for ldap and custom driver users12:55
dolphmnk2527: the actual repo you'll propose a spec against https://github.com/openstack/keystone-specs/12:55
nk2527great, thank you!12:55
dstaneknk2527: it would be useful to pitch your idea at one of the keystone meetings too12:55
nk2527got it12:55
nishaYadavO/12:56
dolphmdstanek: nk2527: ++ the more you can socialize it, and find other people that might be interested in the same feature, the better12:57
nk2527understood, thanks for the tip12:58
dstaneknk2527: when you write the spec talk about where the data lives. it sounds like each region is it's own self contained cluster, but i'm not sure after reading the blueprint12:59
nk2527will do12:59
dikonoordstanek:dolphm:None of the specs - both in Mitaka or Newton are very specific about into which tables the entries are going to be in .. so I am trying to understand if the current behavior is as expected or a bug13:00
dstanekdikonoor: i've not see extra local records created, but i can test for it later this weekend13:01
dikonoordstanek: sure. I tried it multiple times and I see it every time.13:03
dolphmdikonoor: in the mean time, can you file a bug against keystone with steps to reproduce? direct queries showing the result would be appreciated13:04
dolphmdikonoor: https://bugs.launchpad.net/keystone13:04
dikonoordolphm: yeah..Let me do that.Thanks13:04
*** fifieldt has quit IRC13:07
openstackgerritAlexander Makarov proposed openstack/keystone: Pre-cache new tokens  https://review.openstack.org/30914613:08
*** jpena|lunch is now known as jpena13:10
*** amoralej|lunch is now known as amoralej13:12
*** asettle has quit IRC13:13
*** asettle has joined #openstack-keystone13:14
*** fifieldt has joined #openstack-keystone13:17
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Follow up patch for Improve docs for v3 domains  https://review.openstack.org/35786713:20
*** pauloewerton has quit IRC13:20
*** BjoernT has joined #openstack-keystone13:21
*** pauloewerton has joined #openstack-keystone13:26
henrynashdolphm: hi13:27
*** ayoung has joined #openstack-keystone13:28
*** ChanServ sets mode: +v ayoung13:28
*** julim has joined #openstack-keystone13:31
stevemaro/13:34
*** gagehugo_ has joined #openstack-keystone13:38
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Follow up patch for Improve docs for v3 services  https://review.openstack.org/35788513:39
bretonstevemar: > the lookup eventually timed out but that was expected13:41
bretonstevemar: re: https://review.openstack.org/#/c/343028/13:41
patchbotbreton: patch 343028 - keystone - Add mapping_populate command13:41
bretonstevemar: did you get any error?13:41
stevemarbreton: yeah, same one i normally get when i call list_users13:42
stevemar+ your message'13:42
henrynashdolphm: be back on later13:42
dolphmhenrynash: ack13:42
bretonstevemar: what message? And what error do you normally get on list_users?13:46
stevemarbreton: http://paste.openstack.org/show/561337/13:52
*** woodster_ has joined #openstack-keystone13:53
*** catintheroof has joined #openstack-keystone13:54
*** catintheroof has quit IRC14:01
rderosestevemar: working on PCI docs, will have them by Newton-3; most likely sooner14:01
stevemarrderose: ;)14:01
dolphmrderose: scroll back to the discussion with dikonoor14:02
bretonstevemar: huh. Have you tried enabling paging? "[ldap]page_size = 10000" for example14:02
rderosedikonoor14:03
rderosethat was supposed to be a find :)14:03
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Follow up patch for Improve docs for v3 policies  https://review.openstack.org/35790114:03
stevemarbreton: nope, i think you need username/password for that?14:03
stevemarbreton: and the user must have privileges14:04
bretonstevemar: :( i don't understand why fetching users is much slower than using ldapsearch14:04
stevemarbreton: you and me both :(14:04
dstanekrderose: is the extra local_user intentional?14:04
rderosedstanek: duplicate local_user?14:07
rderosedstanek: what's the error?14:07
*** eandersson_ has quit IRC14:07
openstackgerritMerged openstack/python-keystoneclient: Reuse Domain and Project resouce definitions  https://review.openstack.org/35736714:08
*** eandersson_ has joined #openstack-keystone14:08
stevemardolphm: want to give https://review.openstack.org/#/c/343028/ a look at? i've reviewed it for 12 patch sets and tried it on my own ldap14:08
patchbotstevemar: patch 343028 - keystone - Add mapping_populate command14:08
dolphmstevemar: interesting14:09
dolphmrderose: should check that out too ^14:09
dstanekrderose: dikonoor found that when authenticating with an ldap account that a record is created in user, remote_user and local_user.14:10
dstaneki didn't expect the local_user record14:10
openstackgerritMerged openstack/python-keystoneclient: Add auth functional tests  https://review.openstack.org/35604114:11
*** chlong has joined #openstack-keystone14:13
*** nishaYadav has quit IRC14:14
rderosedstanek: yeah, that shouldn't happen14:14
rderosedolphm: yeah, saw that patch, just haven't had a chance to review it. I'll take a look today.14:17
*** richm has joined #openstack-keystone14:21
*** afred312_ has quit IRC14:21
dstanekrderose: that's what i thought. i'm going to look into it this weekend14:22
rderosedstanek: so this was running against master?14:23
*** afred312 has joined #openstack-keystone14:23
dolphmrderose: i believe so14:24
*** ankur-gupta-f has left #openstack-keystone14:24
rderosedolphm dstanek: I think the error is here: https://github.com/openstack/keystone/blob/master/keystone/identity/shadow_backends/sql.py#L7414:26
dolphmrderose: that might do it14:26
dolphmdstanek: is that the attribute you were looking at earlier?14:26
rderosedolphm dstanek: he must have turned on PCI disable inactive users though14:26
edmondswstevemar I see keystone and python-keystoneclient at https://translate.openstack.org/project/list but not keystonemiddleware or keystoneauth... were these overlooked?14:27
dolphmdikonoor: are you using [security_compliance] disable_user_account_days_inactive ?14:27
dstanekrderose: for the local_user problem?14:27
rderosedolphm dstanek: otherwise, it wouldn't have set local_user14:27
dolphmdstanek: yes14:27
dstanekthat's not creating a LocalUser though14:27
dstanekrderose: dolphm: https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L14714:28
dolphmisn't last_active_at on local users...14:28
stevemaredmondsw: hmm14:28
dstanekset User.domain_id and get a LocalUser14:28
rderosedstanek dolphm: yeah, that is what I was thinking14:29
edmondswstevemar noticed that this isn't being translated, for example... and thought we could just add _() there but now I'm thinking there will be more to it https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/__init__.py#L573-L58214:29
stevemaredmondsw: we probably dont want keystoneauth translated, that brings in oslo stuff14:29
dolphmdstanek: or a name14:29
stevemaredmondsw: some stuff in ksm is translated https://github.com/openstack/keystonemiddleware/blob/0f426e7f9e86385cab698f73d6ecb1d8e6b4898a/keystonemiddleware/auth_token/_signing_dir.py#L3414:30
stevemarwell, MARKED for translation anyway14:30
stevemarjust no zanata job14:30
edmondswstevemar right14:30
stevemaredmondsw: you can certainly add it14:30
dstanekdolphm: for some things like name i can understand, but we should have domain_id set for ldap and federated users without a local record14:31
edmondswstevemar how? not really familiar with zanata14:31
stevemaredmondsw: i was hoping your eagerness meant that you are :)14:31
edmondswI can add the _() :)14:31
rderosedstanek dolphm: you are right, it's updating the user table (surprised... I thought for sure this was in the local_user table...)14:31
openstackgerritGraham Hayes proposed openstack/keystone: Get ready for os-api-ref sphinx theme change  https://review.openstack.org/35792314:33
rderosedolphm dstanek: I think the error must be happening here then: https://github.com/openstack/keystone/blob/master/keystone/identity/shadow_backends/sql.py#L10014:35
*** michauds has joined #openstack-keystone14:36
rderosedolphm dstanek: when it creates a user from dict, the local user is getting created (I think)14:36
rderosedolphm dstanek: I'll prove this out and if that is the case, put in a fix14:36
dolphmrderose: appreciated!14:36
rderosedolphm dstanek: is there a bug filed?14:36
dolphmrderose: i hope this isn't an issue in mitaka :-/14:36
dikonoordolphm:No14:36
dolphmrderose: not yet14:36
dolphmdikonoor: i'm keeping an eye out though :)14:37
dstanekrderose: so, should nonlocal_user have a dommain_id, should user have a domain_id or something else?14:38
rderosenonlocal_user would have a domain_id; not user14:38
dstanekwhat about federated user?14:38
dstaneki'm guessing that there is probably something similar there14:39
rderosedstanek: yes, thought of that too14:39
*** ezpz has joined #openstack-keystone14:39
rderosedstanek: will check that as well14:39
stevemaredmondsw: sure :)14:40
dstanekrderose: sounds great....now i need to keep pushing on14:40
rderosedstanek: cool and thanks :)14:40
stevemaredmondsw: you could work with ajaeger to set things up, he knows the details14:40
*** tonytan4ever has joined #openstack-keystone14:40
stevemarhttps://wiki.openstack.org/wiki/Translations14:41
edmondswtx14:42
*** asettle has quit IRC14:42
dstanekrderose: dikonoor did the research and i think filed a bug.14:43
dikonoordstanek: just in the process of filing..14:44
dstanekdikonoor: thanks!14:44
stevemaredmondsw: i think you just need to do a change like: https://review.openstack.org/#/c/182998/14:45
patchbotstevemar: patch 182998 - openstack-infra/project-config - Switch on docs and publish jobs for magnum (MERGED)14:45
odyssey4mestevemar how do we progress https://review.openstack.org/357415 ?14:45
stevemaredmondsw: http://paste.openstack.org/show/561351/14:46
stevemaredmondsw: Setup of projects in Zanata is done automatically after adding in the file gerrit/projects.yaml the with the "translate" option to the repository.14:46
stevemarso just one change and we're done14:46
stevemarodyssey4me: lookin14:46
edmondswcool14:46
stevemarodyssey4me: you need the change merged for a deployment?14:46
edmondswdikonoor do you want to do this or should I?14:47
odyssey4mestevemar It doesn't need to be force merged or anything - we just need an ETA for when it may merge... and ideally it should be by the end of next week.14:47
dikonooredmondsw: just opened https://bugs.launchpad.net/keystone/+bug/1614994 for the translation thing14:47
openstackLaunchpad bug 1614994 in OpenStack Identity (keystone) "keystonemiddleware 401 authentication string is not translated" [Undecided,New] - Assigned to Divya K Konoor (dikonoor)14:47
stevemarodyssey4me: i'm but one lowly stable reviewer, you should contact our buddy dolphm about it :D14:47
dikonooredmondsw: now opening for the local_user problem14:48
* stevemar pokes dolphm aggressively 14:48
odyssey4mestevemar It was an issue that came up in terms of Liberty->Mitaka deployments... so the sooner the better :)14:48
* dolphm shanks stevemar gently14:48
stevemarodyssey4me: i understand, it should be merged soon14:48
stevemarit was affecting a lot of folks, tricky bug to resolve14:48
rderosedikonoor: thanks!14:48
* dolphm is reading back14:49
odyssey4melol, ok I'm out - thanks all - have a great weekend!14:49
stevemarodyssey4me: enjoy the weekend14:49
dolphmoh, this issue - didn't know we had a fix in review14:49
dolphmodyssey4me: ++14:49
stevemardolphm: aye, merged to master and everything, verified by mfisch14:50
*** spedione|AWAY is now known as spedione14:51
dolphmodyssey4me: stevemar: clean backport, gating!14:51
stevemaryay14:51
stevemardikonoor: edmondsw meh, i have a few minutes, i'll pump it out14:53
edmondswstevemar, if you like... tx14:53
rderosedstanek: just an fyi, this wouldn't be an error with federated users14:55
stevemaredmondsw: dikonoor https://review.openstack.org/#/c/357949/14:55
patchbotstevemar: patch 357949 - openstack-infra/project-config - setup translation job for keystonemiddleware14:55
stevemaredmondsw: dikonoor oh i meant only adding the job... not marking the strings, you can still do that :P14:56
edmondswstevemar sure :)14:56
rderosedikonoor: let me know when you open the bug for the local_user problem, I'll take that one14:57
dikonoorrderose: https://bugs.launchpad.net/keystone/+bug/161500014:57
openstackLaunchpad bug 1615000 in OpenStack Identity (keystone) "Entry to User table creates entries in local_user table for ldap and custom driver users" [Undecided,New]14:57
openstackgerritRodrigo Duarte proposed openstack/keystone: Fix credential update to ec2 type  https://review.openstack.org/35795014:57
rderosedikonoor: thanks!14:57
lbragstaddolphm ok - i think i hacked around the cases where a credential blob is a dict14:58
lbragstaddolphm i'll push a new patch of all the encrypted cred stuff to get some eyes on it14:58
dolphmlbragstad: link?14:58
lbragstaddolphm running tests now14:58
lbragstaddolphm correct me if I'm wrong but, I think the blob can't only be a dictionary if credential type is ec214:59
dolphmlbragstad: can't?14:59
lbragstaddolphm sorry - can*14:59
lbragstadthe blob can only be a dictionary if the credential type is ec214:59
dolphmlbragstad: there's an open bug that you can mutate the credential type after the fact, so ... it wouldn't be a safe assumption15:00
lbragstadawwww15:00
lbragstaddamn15:00
*** hockeynut has joined #openstack-keystone15:00
dolphmlbragstad: you can create a dict via the ec2 api, then change the credential type to "make-lbragstad's-life-harder"15:00
openstackgerritRodrigo Duarte proposed openstack/keystone: Fix credential update to ec2 type  https://review.openstack.org/35795015:00
openstackgerritBoris Bobrov proposed openstack/keystone: Add mapping_populate command  https://review.openstack.org/34302815:00
*** nishaYadav has joined #openstack-keystone15:00
dolphmlbragstad: or vice versa, create a regular credential, then change the type to "ec2"15:00
lbragstaddolphm can we make credential type immutable?15:00
dolphmlbragstad: that was my thought too -- i don't know why you'd want to mutate it15:01
dolphmlbragstad: it'd be a 2 cycle deprecation policy though15:01
rodrigodsdolphm, really?15:01
rodrigods^ tried to fix that with the patch above15:01
dolphmrodrigods: we'd be changing a public API, so ... yes15:02
openstackgerritKristi Nikolla proposed openstack/keystone: WIP: Devstack plugin for Federation  https://review.openstack.org/32062315:02
dolphmrodrigods: and, actually, permanently breaking a currently-working API path15:02
rodrigodsthought this would be considered a bug? like you said... mutate is very unlikely15:02
*** hockeynut has quit IRC15:02
dolphmrodrigods: never underestimate users15:02
rodrigodsthat's true15:03
rodrigodswhat happens if i update to ec2 and then try to use it?15:03
dolphmrodrigods: perhaps unlikely to have a reasonable use case, but not unlikely to abuse the API15:03
dolphmrodrigods: i assume you'll get a 500 from the ec2 controller15:03
rodrigodsdolphm, so is a broken API path anyway?15:03
dolphmlbragstad: in case you missed it, https://review.openstack.org/#/c/357950/15:03
patchbotdolphm: patch 357950 - keystone - Fix credential update to ec2 type15:03
*** dikonoor has quit IRC15:05
dolphmrodrigods: i'd suggest making a release note at the very least15:05
lbragstadah - nice15:05
rodrigodsdolphm, yeah, considered that yoo15:05
rodrigodstoo*15:05
rodrigodsthink we can go by failing the request and then making it immutable15:05
rodrigodswith the proper release cycle15:06
rodrigodsmakes sense?15:06
*** su_zhang has joined #openstack-keystone15:06
dolphmi'll punt to stevemar15:07
lbragstaddolphm I got a NoSuchTableError when running - keystone.tests.unit.test_sql_banned_operations.TestKeystoneExpandSchemaMigrationsSQLite.test_walk_versions15:10
rodrigodsdolphm, writing this down in the bug15:10
lbragstadis that related to the upgrade issues henrynash was seeing?15:10
rodrigodslbragstad, btw, not related: i've added a PR to your keystone-perf repo15:10
dolphmlbragstad: i don't think so -- what happens when you run the whole class?15:10
dolphmlbragstad: sqlite?15:10
lbragstaddolphm not sure - checking... it failed the first time when running the whole test suits locally15:11
dolphmlbragstad: bad pyc files or something?15:11
lbragstaddolphm hmm - nope...15:12
lbragstaddolphm let me push for review and mark as wip15:13
stevemararu?15:13
stevemardolphm: what i miss now?15:14
dolphmstevemar: keystone is broken15:14
rodrigodslol15:14
*** nishaYadav has quit IRC15:14
rodrigodshttps://review.openstack.org/#/c/357950/15:14
patchbotrodrigods: patch 357950 - keystone - Fix credential update to ec2 type15:14
stevemardolphm: duh15:14
rodrigodsstevemar, ^15:14
dolphmstevemar: we're waiting for you to fix it15:15
stevemarit's *how* is it broken today?15:15
stevemartires falling off is much worse than your a broken headlight15:15
rodrigodsstevemar, check the bug description/comments15:16
dolphmstevemar: it's appreciably broken15:16
stevemarcredential without project id, okay, that seems bad already15:16
rodrigodsmy comment makes sense?15:16
*** Ephur has joined #openstack-keystone15:17
*** ravelar has joined #openstack-keystone15:18
stevemarah the bug makes sense15:18
stevemardidn't we just introduce the credentials schema last release?15:18
stevemarso before i could: create non-ec2 cred with no project, and update it to ec2 and now its project-less and not usable15:20
stevemarnow we'll block the update15:20
rodrigodsstevemar, correct15:20
openstackgerritLance Bragstad proposed openstack/keystone: Implement encryption of credentials at rest  https://review.openstack.org/35561815:20
stevemarcould the user ever *create* an ec2 cred with no project?15:20
stevemari think the schema stops that correct?15:21
rodrigodsyes, the schema prevents that15:21
stevemarand is the credential usable (in the old scenario)?15:21
lbragstaddolphm new patch ^15:21
rodrigodsstevemar, usable with the ec2 type and without a project?15:22
stevemaryes15:22
rodrigodsdon't think so?15:22
rodrigodsdolphm's guess is that would fail with a 500 or something15:22
stevemarrodrigods: then let's block that nonsense15:22
stevemarrodrigods: include a release note15:23
rodrigods++15:23
rodrigodsgoing to have lunch and will update the patch once i'm back15:23
*** rcernin has quit IRC15:24
*** jed56 has joined #openstack-keystone15:26
*** pcaruana has quit IRC15:26
openstackgerritKristi Nikolla proposed openstack/keystone: WIP: Devstack plugin for Federation  https://review.openstack.org/32062315:29
*** ezpz has quit IRC15:31
*** gyee has joined #openstack-keystone15:31
*** marekd2_ has quit IRC15:33
*** woodburn has quit IRC15:34
*** tonytan_brb has joined #openstack-keystone15:34
*** haplo37__ has joined #openstack-keystone15:34
*** ezpz has joined #openstack-keystone15:35
*** tonytan4ever has quit IRC15:37
openstackgerritKristi Nikolla proposed openstack/keystone: WIP: Devstack plugin for Federation  https://review.openstack.org/32062315:37
*** ayoung has quit IRC15:39
*** woodburn has joined #openstack-keystone15:40
*** ametts has joined #openstack-keystone15:41
*** ametts has quit IRC15:47
*** links has quit IRC15:49
openstackgerritRon De Rose proposed openstack/keystone: Shadowing a nonlocal_user incorrectly creates a local_user  https://review.openstack.org/35797915:49
stevemarkeystoners, did you all want more fishbowl or meeting rooms at the next summit?15:51
*** code-R_ has joined #openstack-keystone15:51
*** ametts has joined #openstack-keystone15:51
stevemari was thinking of having the same amount 5 fishbowls, 8 working rooms -- for the contributor meetup i am on the fence for a full day meetup15:53
dolphmstevemar: it's a 4 day summit, right?15:53
dolphmstevemar: do we have 3 days for design summit, or 4?15:53
*** code-R has quit IRC15:53
henrynashdolphm: thanks for adding those bugs on upgrades - I was going to grab them all and work on them (unless you were already doing them)?15:54
stevemardolphm: like 2.5 :\15:54
dolphmhenrynash: i'm not planning to tackle them at the moment - but that's all i was going to poke you about, just wanted to let you know i was opening them15:54
openstackgerritGraham Hayes proposed openstack/keystone: Get ready for os-api-ref sphinx theme change  https://review.openstack.org/35792315:54
henrynashdolphm: cool...I'm on them15:54
dolphmhenrynash: awesome, happy to provide reviews when you're ready15:55
stevemar- Ops summit on Tuesday morning until 4pm15:55
stevemar- Cross-project workshops from Tuesday 4pm to Wednesday 4pm15:55
stevemar- Fishbowl/Workroom sessions from Wednesday 4pm to Friday noon15:55
stevemar- Contributors meetups on Friday afternoon15:55
stevemarOne consequence of the squeeze is that "contributors meetups" will be maximum half-a-day long and will be on Friday *afternoon*.15:55
stevemari question if it's worth having the meetup at all if its going to be on a friday afternoon15:56
bretonstevemar: what's next sammit? Barcelona?15:56
stevemarbreton: yep15:56
dolphmstevemar: well, that's fast15:56
stevemardolphm: yeah, it's also a much shorter dev cycle15:56
dolphmstevemar: i could go either way on the full contributor meetup, too. lots of people will be traveling early, i'm sure, due to international15:57
stevemarso don't expect many large features to be approved :S15:57
dolphmstevemar: but it's also a cramped schedule otherwise, so maybe we'll want the time15:57
dolphmstevemar: that's true15:57
dolphmstevemar: maybe just say a full day is a nice-to-have, but not necessary for us?15:58
stevemardolphm: well we can ask for it15:58
dolphmstevemar: in case there ends up being space & time constraints for other groups15:58
stevemardolphm: the maximum is a half way15:58
dolphmstevemar: oh, we can't get a full day anyway?15:58
stevemardolphm: correcet15:58
dolphmstevemar: oh, well then what's the question?15:58
stevemarOne consequence of the squeeze is that "contributors meetups" will be maximum half-a-day long and will be on Friday *afternoon*.15:58
dolphmstevemar: 0 or 0.5 day contributor meetup?15:58
stevemardolphm: if we even want *that*15:58
stevemar0 or 0.5 day (in the afternoon)15:59
*** nishaYadav has joined #openstack-keystone15:59
dolphmstevemar: maybe poll the people that have already made travel plans and see if they'll even be around for it?15:59
stevemari guess we can ask for it anyway, worse case scenario is that it's just me hanging out in a giant room :P15:59
stevemarwe basically have thursday and friday morning for design summit stuff16:00
dolphmstevemar: do you need to know before the tuesday meeting? could hold a quick #poll then to check for friday afternoon attendance16:00
stevemarfor *keystone* specific design summit stuff16:00
stevemardolphm: we have time16:00
stevemarresponse needed by end of month16:01
dolphmstevemar: cool16:01
* dolphm goes to lunch16:01
stevemarif the last few summits have been any indicator, everyone bails on friday afternoon16:01
stevemarenjoy16:01
*** jaosorior has quit IRC16:04
*** su_zhang has quit IRC16:05
*** su_zhang has joined #openstack-keystone16:06
amakarovstevemar, good day! What release pre-cached tokens will be targeted to? The thing looks working and I have a demo gist...16:07
*** su_zhang has quit IRC16:10
*** ezpz has quit IRC16:13
openstackgerritRodrigo Duarte proposed openstack/keystone: Fix credential update to ec2 type  https://review.openstack.org/35795016:14
*** nisha_ has joined #openstack-keystone16:16
openstackgerritRon De Rose proposed openstack/keystone: Shadowing a nonlocal_user incorrectly creates a local_user  https://review.openstack.org/35797916:17
*** nishaYadav has quit IRC16:19
openstackgerritAlexander Oughton proposed openstack/keystoneauth: Disables setting of TCP_KEEPCNT when running under the Windows Subsystem for Linux.  https://review.openstack.org/35745216:21
openstackgerritMerged openstack/python-keystoneclient: Follow up patch for Add ec2 functional tests  https://review.openstack.org/35742016:21
openstackgerritRodrigo Duarte proposed openstack/keystone: Fix credential update to ec2 type  https://review.openstack.org/35795016:23
*** tonytan_brb has quit IRC16:25
openstackgerritBoris Bobrov proposed openstack/keystone: Faster id mapping lookup  https://review.openstack.org/33929416:26
*** tonytan4ever has joined #openstack-keystone16:26
*** spedione is now known as spedione|AWAY16:27
*** nisha_ is now known as nishaYadav16:27
stevemaramakarov: i was going to test it out today, it's still targetted for N unless someone says otherwise :)16:38
amakarovstevemar, got it, thanks!16:39
* stevemar goes to refuel (aka get some lunch)16:39
*** krotscheck is now known as the_other_clarkb16:42
*** the_other_clarkb is now known as krotscheck16:43
*** ayoung has joined #openstack-keystone16:44
*** ChanServ sets mode: +v ayoung16:44
*** roxanaghe has joined #openstack-keystone16:51
*** tesseract- has quit IRC16:53
*** julim has quit IRC16:56
openstackgerritRodrigo Duarte proposed openstack/keystone: Fix credential update to ec2 type  https://review.openstack.org/35795016:59
krotscheckAnyone have a sec to explain an auth request for me?17:02
krotscheckTl/DR: I'm using the clouds.yaml file from devstack, to auth against devstack.17:02
krotscheckA basic password auth request, using the provided username, passwor, and domainId works like a charm.17:02
krotscheckAlso, an unscoped request works.17:02
krotscheckHowever, as soon as I add the scope, it fails17:03
*** Ephur has quit IRC17:03
krotscheckAh wait, figured it out. I was passing the project name in the 'id' parameter.17:04
krotscheckSorry for bothering everyone17:04
openstackgerritLance Bragstad proposed openstack/keystone: Document the fernet credential provider  https://review.openstack.org/35449717:05
*** su_zhang has joined #openstack-keystone17:06
openstackgerritLance Bragstad proposed openstack/keystone: Document credential encryption  https://review.openstack.org/35449717:07
*** roxanaghe has quit IRC17:07
*** roxanaghe has joined #openstack-keystone17:15
dstanekdo we have anywhere in our code where we mockout entrypoints?17:18
*** Ephur has joined #openstack-keystone17:25
*** spedione|AWAY is now known as spedione17:26
*** jaugustine has joined #openstack-keystone17:31
*** Gorian|work has joined #openstack-keystone17:34
*** BjoernT is now known as Bjoern_zZzZzZzZ17:35
lbragstadalright - breaking for lunch17:38
*** amoralej is now known as amoralej|pto17:39
stevemardstanek: not sure17:42
dstaneki think i found a way around it17:42
*** su_zhang has quit IRC17:45
*** su_zhang has joined #openstack-keystone17:46
*** su_zhang has quit IRC17:49
*** su_zhang has joined #openstack-keystone17:49
*** julim has joined #openstack-keystone17:50
*** amakarov is now known as amakarov_away17:54
*** tqtran has joined #openstack-keystone18:01
*** Bjoern_zZzZzZzZ is now known as BjoernT18:05
*** BjoernT is now known as Bjoern_zZzZzZzZ18:05
*** tonytan4ever has quit IRC18:06
*** Bjoern_zZzZzZzZ is now known as BjoernT18:06
*** tonytan4ever has joined #openstack-keystone18:06
*** tonytan4ever has quit IRC18:08
*** tonytan4ever has joined #openstack-keystone18:16
*** sadmordred has quit IRC18:18
*** nisha_ has joined #openstack-keystone18:22
*** nishaYadav has quit IRC18:23
*** nisha_ is now known as nishaYadav18:23
*** tqtran has quit IRC18:29
*** tonytan4ever has quit IRC18:30
*** code-R_ has quit IRC18:30
*** tonytan4ever has joined #openstack-keystone18:31
*** tqtran has joined #openstack-keystone18:33
stevemaramakarov_away: hmm not seeing much of an improvement!18:37
stevemaramakarov_away: oh wait18:38
stevemarduh18:38
stevemarbknudson: interested in testing out https://review.openstack.org/#/c/309146/ ?18:39
patchbotstevemar: patch 309146 - keystone - Pre-cache new tokens18:39
bknudsonstevemar: we're switching our performance testing to a different system and so I have no means of doing performance testing at this point.18:40
stevemarbknudson: okie doke18:41
bknudsonI left my comment on patch set 4 and was not addressed - This code needs to be refactored before we do this. We need to have a single path so that if they use v2 or v3 or fernet the token gets cached.18:41
bknudsonwe continue adding technical debt on top of technical debt and this is leading to bugs.18:42
*** jdennis has quit IRC18:47
nishaYadavstevemar, can you please review this if you get time, https://review.openstack.org/#/c/357136/18:51
patchbotnishaYadav: patch 357136 - python-keystoneclient - Improve docs for v3 tokens18:51
*** su_zhang has quit IRC18:54
nishaYadavthanks stevemar :)18:55
stevemarnishaYadav: np18:55
*** tqtran has quit IRC18:59
*** jed56 has quit IRC19:05
*** fifieldt has quit IRC19:07
*** tqtran has joined #openstack-keystone19:13
*** fifieldt has joined #openstack-keystone19:18
*** nishaYadav has quit IRC19:18
*** su_zhang has joined #openstack-keystone19:24
openstackgerritLance Bragstad proposed openstack/keystone: Add key repository uniqueness check to doctor  https://review.openstack.org/35808319:27
*** asettle has joined #openstack-keystone19:27
*** spzala has joined #openstack-keystone19:28
openstackgerritMerged openstack/keystone: Replace the content type with correct one  https://review.openstack.org/34924919:28
lbragstaddolphm ^19:28
*** su_zhang has quit IRC19:29
*** roxanaghe has quit IRC19:32
openstackgerritMerged openstack/python-keystoneclient: Follow up patch for Improve docs for v3 domains  https://review.openstack.org/35786719:32
*** roxanaghe has joined #openstack-keystone19:36
*** asettle has quit IRC19:38
*** sdake has quit IRC19:41
*** pnavarro has quit IRC19:41
rderoserodrigods: just responded to 35795019:43
rderoserodrigods: take a look and let me know if you still disagree19:44
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/35687219:47
*** gordc has left #openstack-keystone19:47
*** ametts has quit IRC19:48
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/35694019:52
*** gagehugo_ has quit IRC19:55
openstackgerritMerged openstack/python-keystoneclient: Follow up patch for Improve docs for v3 services  https://review.openstack.org/35788519:57
stevemarbknudson: well you will get your wish next release20:04
stevemarbknudson: it's so short that no features will land20:04
stevemarwe can pay down all sorts of techincal debt20:05
bknudsonI want features to land20:05
bknudsonseems like the only way to get developers to work on t.d. is to force it to be done for features.20:06
bknudsonwithout features to land there will be no t.d. work done either.20:06
*** jdennis has joined #openstack-keystone20:09
*** ravelar has quit IRC20:15
*** edmondsw has quit IRC20:15
*** su_zhang has joined #openstack-keystone20:16
*** roxanaghe has quit IRC20:17
*** jdennis has quit IRC20:18
*** ravelar has joined #openstack-keystone20:21
bknudsonalso, this is why I think keystone should switch from the integrated release to release on demand. Then we can land features whenever we want.20:22
*** jdennis has joined #openstack-keystone20:25
stevemarwe can propose that for the next release20:25
stevemarwe should make a list of technical debt we want to pay down next release20:25
stevemari'm more than happy to not land any big features for O since it's a short release20:26
openstackgerritMerged openstack/python-keystoneclient: Follow up patch for Improve docs for v3 policies  https://review.openstack.org/35790120:26
openstackgerritMerged openstack/python-keystoneclient: Improve docs for v3 tokens  https://review.openstack.org/35713620:26
openstackgerritLance Bragstad proposed openstack/keystone: Implement encryption of credentials at rest  https://review.openstack.org/35561820:28
openstackgerritAlexander Oughton proposed openstack/keystoneauth: Disables setting of TCP_KEEPCNT when running under the Windows Subsystem for Linux.  https://review.openstack.org/35745220:33
*** roxanaghe has joined #openstack-keystone20:38
gsilvisI just asked a question in #openstack-oslo about oslo.cache that some keystone core may be able to help with---it looks like keystone is one of the biggest oslo.cache users, and I think you must have run into the problem20:39
dstanekgsilvis: what's the problem? i've been working on fixing several issues with it20:45
gsilvisdstanek: when we run 'get_memoization_decorator' before we've loaded our config file, the decorator doesn't respect the options in the config file20:45
openstackgerritRon De Rose proposed openstack/keystone: Relax the requirement for mappings to result in group memberships.  https://review.openstack.org/35811120:46
dstanekgsilvis: are you calling configure_region at some point?20:47
gsilvisdstanek: yup20:47
*** spzala has quit IRC20:47
dstanekthat's very odd. is it code i can look at?20:47
gsilvissure20:47
knikolladstanek: this is wat our conf looks like http://paste.openstack.org/show/bvRWmnJ4DoD3bY5WXIVN/20:47
*** lamt has joined #openstack-keystone20:47
*** spzala has joined #openstack-keystone20:48
dstanekkeystone used get_memoization_decorator before it calls configure_region20:48
dstaneks/used/uses/20:48
gsilvishuh, I thought you had to do that in the other order20:48
openstackgerritRon De Rose proposed openstack/keystone: Relax the requirement for mappings to result in group memberships  https://review.openstack.org/35811120:48
* gsilvis tries it20:48
gsilvisyup, that sure works20:49
gsilvisthanks!20:49
dstanek:-)20:49
dstaneknp20:49
gsilvisand now to modify the docuemntation update that I proposed for oslo.cache ...20:49
dstanekkeystone creates the decorators at import time and later configures the region right before teh server starts20:49
*** spzala has quit IRC20:51
*** spzala has joined #openstack-keystone20:51
openstackgerritLance Bragstad proposed openstack/keystone: Document credential encryption  https://review.openstack.org/35449720:58
openstackgerritLance Bragstad proposed openstack/keystone: Add key repository uniqueness check to doctor  https://review.openstack.org/35808320:59
*** pnavarro has joined #openstack-keystone21:01
bknudsondstanek: luckily they don't know about all the bugs.21:04
*** raildo has quit IRC21:04
*** clenimar has quit IRC21:05
dstanekbknudson: then i'll not say any more21:06
*** su_zhang has quit IRC21:12
*** jdennis has quit IRC21:15
*** haplo37__ has quit IRC21:19
*** lamt has quit IRC21:22
*** michauds has quit IRC21:30
*** marekd2 has joined #openstack-keystone21:31
*** roxanaghe has quit IRC21:32
*** roxanaghe has joined #openstack-keystone21:35
*** sdake has joined #openstack-keystone21:35
*** sdake has quit IRC21:37
*** sdake has joined #openstack-keystone21:38
*** code-R has joined #openstack-keystone21:40
*** marekd2 has quit IRC21:41
*** su_zhang has joined #openstack-keystone21:41
*** code-R_ has joined #openstack-keystone21:41
*** marekd2 has joined #openstack-keystone21:41
rodrigodsrderose, hmm, yeah, makes sense to put in the manager since we do that in other places21:44
rodrigodswith that change, adding tests to verify the exception raised makes sense21:44
*** code-R has quit IRC21:44
*** marekd2 has quit IRC21:46
*** code-R_ has quit IRC21:46
*** code-R has joined #openstack-keystone21:46
*** roxanaghe has quit IRC21:47
*** spzala has quit IRC21:53
*** spzala has joined #openstack-keystone21:54
openstackgerritayoung proposed openstack/keystone-specs: Flag to bypass expiry and revocation check on token validation  https://review.openstack.org/35813121:54
*** pnavarro has quit IRC21:55
*** spzala has quit IRC21:58
*** BjoernT has quit IRC21:59
*** code-R has quit IRC22:02
*** spedione is now known as spedione|AWAY22:26
*** Ephur has quit IRC22:32
*** spzala has joined #openstack-keystone22:48
*** spzala has quit IRC22:49
*** spzala has joined #openstack-keystone22:49
*** jdennis has joined #openstack-keystone22:54
*** sshen has quit IRC23:00
*** spzala has quit IRC23:00
*** sshen has joined #openstack-keystone23:00
*** jdennis has quit IRC23:01
*** asettle has joined #openstack-keystone23:02
*** asettle has quit IRC23:06
*** AndyWojo has quit IRC23:12
*** boris-42 has quit IRC23:12
*** raddaoui has quit IRC23:12
*** dkehn_ has quit IRC23:17
*** ravelar has quit IRC23:18
*** raddaoui has joined #openstack-keystone23:18
*** boris-42 has joined #openstack-keystone23:19
*** AndyWojo has joined #openstack-keystone23:20
*** Gorian|work has quit IRC23:30
*** dkehn_ has joined #openstack-keystone23:30
rderoserodrigods: cool, have a nice weekend23:30
*** jdennis has joined #openstack-keystone23:34
*** jdennis has quit IRC23:35
*** BlackDex has quit IRC23:39
*** dkehn_ has quit IRC23:42
*** gyee has quit IRC23:48
*** su_zhang has quit IRC23:50
« Thursday, 2016-08-18 Index Saturday, 2016-08-20 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!