Tuesday, 2017-04-18

« Monday, 2017-04-17 Index Wednesday, 2017-04-19 »
*** stingaci has quit IRC00:02
*** stingaci has joined #openstack-keystone00:03
*** ngupta has quit IRC00:11
openstackgerritAnthony Washington proposed openstack/keystone master: Move ec2 credential policies to DocumentedRuleDefault  https://review.openstack.org/44923500:12
*** rderose has quit IRC00:14
*** faizy_ has quit IRC00:15
*** stingaci_ has joined #openstack-keystone00:19
*** stingaci has quit IRC00:22
*** stingaci has joined #openstack-keystone00:24
*** stingaci_ has quit IRC00:26
*** thorst has quit IRC00:27
*** stingaci has quit IRC00:27
*** zhurong has joined #openstack-keystone00:42
*** ngupta has joined #openstack-keystone01:12
*** thorst has joined #openstack-keystone01:12
*** shuyingya has joined #openstack-keystone01:14
*** guoshan has joined #openstack-keystone01:14
*** MasterOfBugs has quit IRC01:16
*** liujiong has joined #openstack-keystone01:28
*** ngupta has quit IRC01:33
*** ngupta has joined #openstack-keystone01:33
*** MasterOfBugs has joined #openstack-keystone01:40
ayounglbragstad, any idea how the sql filters work?01:58
ayoungwas that all bknudson?02:00
ayoungor some of it was henrynash02:00
ayoungdamn Keystone devs have turned over02:00
ayoungsamueldmq, you did some of the filter work, right?02:01
*** thorst has joined #openstack-keystone02:13
*** thorst has quit IRC02:18
*** antwash has quit IRC02:38
dstanekayoung: lol.03:02
dstanekayoung: what are you looking to know about filters?03:03
*** zhurong has quit IRC03:03
*** lamt has joined #openstack-keystone03:04
*** rajpatel has joined #openstack-keystone03:04
*** dave-mccowan has quit IRC03:05
*** nicolasbock has quit IRC03:05
*** ngupta has quit IRC03:10
*** zhurong has joined #openstack-keystone03:13
*** thorst has joined #openstack-keystone03:14
*** lamt has quit IRC03:18
*** thorst has quit IRC03:18
*** lamt has joined #openstack-keystone03:19
*** links has joined #openstack-keystone03:40
SamYapledstanek: i think ayoung was just trying to ping alot of people all nonchalant03:42
*** Dinesh_Bhor has joined #openstack-keystone03:44
*** lamt has quit IRC03:45
*** lamt has joined #openstack-keystone03:51
*** zhurong has quit IRC04:00
*** lamt has quit IRC04:00
*** guoshan has quit IRC04:04
*** lamt has joined #openstack-keystone04:07
*** ngupta has joined #openstack-keystone04:10
*** lamt has quit IRC04:13
*** lamt has joined #openstack-keystone04:14
*** thorst has joined #openstack-keystone04:15
*** lamt has quit IRC04:15
*** gyee has quit IRC04:17
*** zhurong has joined #openstack-keystone04:18
*** thorst has quit IRC04:19
*** zhurong has quit IRC04:25
*** shuyingya has quit IRC04:29
*** shuyingy_ has joined #openstack-keystone04:29
*** namnh has joined #openstack-keystone04:32
*** zhurong has joined #openstack-keystone05:00
*** rocky is now known as xuhaigang05:01
*** jamielennox is now known as jamielennox|away05:12
*** thorst has joined #openstack-keystone05:15
*** jamielennox|away is now known as jamielennox05:17
*** shuyingy_ has quit IRC05:17
*** shuyingya has joined #openstack-keystone05:17
*** rajpatel has quit IRC05:20
*** thorst has quit IRC05:20
*** adriant has quit IRC05:36
*** richm has quit IRC05:44
*** pradeep has joined #openstack-keystone05:54
bretonayoung: i know how they work06:01
*** arturb has joined #openstack-keystone06:04
*** rcernin has joined #openstack-keystone06:06
*** thorst has joined #openstack-keystone06:16
*** ngupta_ has joined #openstack-keystone06:32
*** ngupta has quit IRC06:34
*** Shunli has joined #openstack-keystone06:34
*** Shunli has quit IRC06:35
*** thorst has quit IRC06:36
*** Shunli has joined #openstack-keystone06:36
*** Shunli has quit IRC06:37
*** Shunli has joined #openstack-keystone06:38
*** tesseract has joined #openstack-keystone06:40
*** pradeep has quit IRC06:52
*** voelzmo has joined #openstack-keystone06:59
*** pcaruana has joined #openstack-keystone06:59
*** voelzmo has quit IRC07:08
*** shuyingya has quit IRC07:17
*** shuyingya has joined #openstack-keystone07:17
*** aojea has joined #openstack-keystone07:29
*** aojea_ has joined #openstack-keystone07:30
*** thorst has joined #openstack-keystone07:32
*** aojea has quit IRC07:33
*** jamielennox is now known as jamielennox|away07:34
*** thorst has quit IRC07:37
*** faizy has joined #openstack-keystone07:41
*** shuyingy_ has joined #openstack-keystone07:48
*** shuyingya has quit IRC07:51
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** jaosorior has joined #openstack-keystone08:03
*** zhurong has quit IRC08:09
*** MasterOfBugs has quit IRC08:19
*** dmk0202 has joined #openstack-keystone08:22
*** zhurong has joined #openstack-keystone08:26
*** jamielennox|away is now known as jamielennox08:28
*** openstackgerrit has quit IRC08:33
*** shuyingy_ has quit IRC08:55
*** shuyingya has joined #openstack-keystone08:55
*** Aqsa has joined #openstack-keystone09:04
*** shuyingy_ has joined #openstack-keystone09:13
*** shuyingya has quit IRC09:17
*** thorst has joined #openstack-keystone09:34
*** thorst has quit IRC09:38
*** zhurong has quit IRC09:42
*** davechen has quit IRC10:00
*** davechen has joined #openstack-keystone10:00
*** xuhaigang has quit IRC10:03
*** nicolasbock has joined #openstack-keystone10:04
*** liujiong has quit IRC10:09
*** richm has joined #openstack-keystone10:14
*** xuhaigang has joined #openstack-keystone10:18
*** thorst has joined #openstack-keystone10:34
*** thorst has quit IRC10:39
*** ArchiFleKs has joined #openstack-keystone10:48
samueldmqmorning keystone10:51
*** jaosorior has quit IRC10:55
*** shuyingy_ has quit IRC11:00
*** shuyingya has joined #openstack-keystone11:00
*** shuyingya has quit IRC11:00
*** shuyingya has joined #openstack-keystone11:00
*** jaosorior has joined #openstack-keystone11:01
ArchiFleKsHi I'm a noob in python and I'm trying to use the get_url function here : https://review.openstack.org/#/c/455353/3/magnum/drivers/heat/template_def.py but it seems to always picked up the publicURL, can someone help ?11:10
*** mugsie has joined #openstack-keystone11:10
*** mugsie has quit IRC11:10
*** mugsie has joined #openstack-keystone11:10
*** zhurong has joined #openstack-keystone11:12
*** xuhaigang has quit IRC11:12
ayoungdstanek, you up now, or was that last night?11:26
ayoungbreton, same question11:27
ayoungsamueldmq, good morning11:28
samueldmqayoung: o/11:29
ayoungsamueldmq, hey, wiring up a new API, and the filters seem likethey are set up, but not working11:29
ayoungspecifically. the routes stuff, need to filter on service11:29
samueldmqayoung: the filter logic is all here https://github.com/openstack/keystone/blob/master/keystone/common/sql/core.py#L29411:30
ayoungsamueldmq, yeah, and I think that is all set11:30
samueldmqayoung: in the SQL layer. if a filter is honored, it will be removed from the list11:30
*** med_ has joined #openstack-keystone11:30
ayoungsamueldmq, the SQL driver is pretty simple11:30
samueldmqayoung: the controller will ultimately have the list of filters not honored so far, and then will have the opportunity to do so11:30
*** med_ is now known as Guest4551211:30
ayoungsamueldmq, so I tested this way:11:31
ayoung curl -H"X-Auth-Token:$TOKEN"  http://192.168.122.180/identity/v3/routes?service=identity11:31
ayoungand it returns the same list as  curl -H"X-Auth-Token:$TOKEN"  http://192.168.122.180/identity/v3/routes11:31
ayoungnothing in the routers, controllers, or sql makes explicit use of the filters, but they are passed along11:32
samueldmqayoung: ah, let me look11:32
ayoungI lie11:32
ayounghttps://review.openstack.org/#/c/401808/19/keystone/assignment/controllers.py11:32
ayoungsamueldmq, I think I need to add the filters to the parameter list there?11:32
samueldmqayoung: exactly11:33
ayoungsamueldmq, look at tghe list_routes call11:33
ayoungOK...11:33
samueldmqayoung: in the protected() thing11:33
ayoungah11:33
ayoungfilter_protected11:33
ayoungI have a bunch of code to remove from that review, too.  I was trying to do too much11:33
samueldmqayoung: yes, like this https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L223-L22511:33
ayoungsamueldmq, thanks.  I knew I was missing something simple11:34
samueldmqayoung: ++ it's a bit painful to review, too big, would be nice to decouple it a bit11:34
samueldmqayoung: no problem, glad I was able to help11:34
ayoungsamueldmq, I was trying to make business logic for setting the whole set of rules at once.11:34
ayoungI think that we can defer that, or even drop it11:34
ayoungit is not going to happen that often11:35
*** voelzmo has joined #openstack-keystone11:37
*** thorst has joined #openstack-keystone11:43
*** rocky_ has joined #openstack-keystone11:45
*** guoshan has joined #openstack-keystone11:46
bretoni see you've figured things out. Good.11:46
*** edmondsw has joined #openstack-keystone11:52
dstanekayoung: both11:52
dstanekg'morn samueldmq11:52
*** openstackgerrit has joined #openstack-keystone11:54
openstackgerritayoung proposed openstack/keystone master: Route based RBAC Management Interface  https://review.openstack.org/40180811:54
samueldmqayoung: agreed, starting simple is not a bad idea12:05
samueldmqdstanek: morning12:05
*** dave-mccowan has joined #openstack-keystone12:09
*** chlong has joined #openstack-keystone12:13
ayoungdstanek, is devstack no longer doing the screen thing?12:15
*** Aqsa has quit IRC12:15
*** Aqsa has joined #openstack-keystone12:17
ayoungsamueldmq, in a devstack on Fedora, how do they expect a keystone restart?  systemd?12:18
ayoungAh...good.12:21
ayoungTHat worked12:21
*** guoshan has quit IRC12:24
*** guoshan has joined #openstack-keystone12:25
samueldmqayoung: I had no idea :)12:26
*** ngupta_ has quit IRC12:27
*** ngupta has joined #openstack-keystone12:27
*** stingaci has joined #openstack-keystone12:29
*** guoshan has quit IRC12:29
*** guoshan has joined #openstack-keystone12:30
dstanekayoung: afaik it still uses screen12:32
dstanekare you seeing something different?12:32
bretondstanek: servce httpd restart12:34
bretoni guess12:34
*** stingaci has quit IRC12:34
openstackgerritPeter Sabaini proposed openstack/keystone master: Make flushing tokens more robust  https://review.openstack.org/45435112:42
*** ngupta has quit IRC12:43
*** lamt has joined #openstack-keystone12:44
*** guoshan has quit IRC12:45
*** zhurong has quit IRC12:45
*** lamt has quit IRC12:46
chrome0samueldmq : hopefully managed to fiddle my micropatch in place with the ^^. I promise I'll try to torture gerrit less next time.12:49
*** namnh has quit IRC12:50
samueldmqchrome0: hey. that's okay, I also learned to use gerrit by making mistakes :)12:51
chrome0cheers, and thanks for reviewing12:51
samueldmqchrome0: no problem, thank you! feel free to ask/discuss and fix bugs at any time :)12:55
chrome0Hehe12:56
dstanekchrome0: you can't possilbly torture gerrit more than i have in the past :-)12:56
chrome0dstanek : I know my way around python, but the git + gerrit combo is ... hard for me :-)12:59
*** shuyingya has quit IRC13:00
*** Shunli has quit IRC13:03
*** dougshelley66 has left #openstack-keystone13:06
*** jaosorior has quit IRC13:06
*** aojea has joined #openstack-keystone13:08
*** ngupta has joined #openstack-keystone13:09
*** aojea_ has quit IRC13:11
*** ngupta has quit IRC13:14
*** jaosorior has joined #openstack-keystone13:14
*** shuyingya has joined #openstack-keystone13:24
*** pcaruana has quit IRC13:27
*** shuyingya has quit IRC13:28
*** aojea_ has joined #openstack-keystone13:30
*** mpjetta has joined #openstack-keystone13:31
*** aojea has quit IRC13:34
*** links has quit IRC13:35
*** mpjetta has quit IRC13:38
openstackgerritRodrigo Duarte proposed openstack/keystone master: Small refactoring in tests development docs  https://review.openstack.org/45764013:40
*** rojo16 has joined #openstack-keystone13:41
rodrigodslbragstad, restored this one: https://review.openstack.org/#/c/420893/13:43
lbragstadrodrigods cool - thanks13:43
lbragstadrodrigods we need to follow up with dstanek and morgan on that one13:43
rodrigodslbragstad, ++13:43
lbragstadrodrigods thanks for doing that and keeping the ball rolling13:44
rojo16Hey I'm trying to get Keystone federation to work with Openid connect. I need to boot a vm using my google credentials (or external idp creds). The keystoneauth1.identity oidc stuff don't seem to work. Can someone help me out?13:44
rodrigodslbragstad, np, we think that backporting the fix for that is important13:44
*** rojo16_ has joined #openstack-keystone13:48
*** lamt has joined #openstack-keystone13:48
dstanekrodrigods: keep is abandoned :-P13:50
rodrigodsdstanek, why? :(13:51
rodrigodsdstanek, it is not the fix that drops the FKs13:51
*** rojo16_ has quit IRC13:53
dstanekrodrigods: no not the one you just restore....the one i don't like was abandoned with a 'for now' comment13:53
rodrigodsdstanek, ahh :)13:53
dstanekjust having fun13:55
*** lamt has quit IRC14:02
*** shuyingya has joined #openstack-keystone14:03
*** ngupta has joined #openstack-keystone14:04
*** ngupta has quit IRC14:04
*** ngupta has joined #openstack-keystone14:05
*** lamt has joined #openstack-keystone14:05
*** Guest45512 is now known as med_14:05
*** med_ has quit IRC14:05
*** med_ has joined #openstack-keystone14:05
*** pcaruana has joined #openstack-keystone14:10
*** rajpatel has joined #openstack-keystone14:15
*** dave-mccowan has quit IRC14:24
rojo16has anyone implemented keystone federation with openid connect, specifically authenticating through python keystoneclient14:28
rojo16?14:28
*** mpjetta has joined #openstack-keystone14:31
*** rojo16 has quit IRC14:35
*** aojea_ has quit IRC14:40
*** dave-mccowan has joined #openstack-keystone14:44
*** richm has quit IRC14:50
knikollao/15:02
knikollasuch emptiness in todays agenda15:04
*** rcernin has quit IRC15:09
*** edtubill has joined #openstack-keystone15:11
*** ngupta has quit IRC15:11
*** ngupta has joined #openstack-keystone15:13
*** catintheroof has joined #openstack-keystone15:22
*** rajpatel has quit IRC15:24
*** mvk has quit IRC15:28
*** rajpatel has joined #openstack-keystone15:33
*** shuyingya has quit IRC15:38
*** pcaruana has quit IRC15:41
*** phalmos has joined #openstack-keystone15:42
*** ngupta has quit IRC15:46
*** ngupta has joined #openstack-keystone15:46
*** aojea has joined #openstack-keystone15:59
*** richm has joined #openstack-keystone16:00
*** ngupta has quit IRC16:02
*** ngupta has joined #openstack-keystone16:04
*** voelzmo has quit IRC16:05
*** ngupta has quit IRC16:06
*** voelzmo has joined #openstack-keystone16:06
*** ngupta has joined #openstack-keystone16:06
*** gyee has joined #openstack-keystone16:09
*** voelzmo has quit IRC16:10
*** Aqsa has quit IRC16:13
*** stingaci has joined #openstack-keystone16:22
*** aojea has quit IRC16:36
*** aojea has joined #openstack-keystone16:37
*** aojea has quit IRC16:41
*** dave-mccowan has quit IRC16:41
*** jaosorior has quit IRC16:43
*** phalmos has quit IRC16:44
*** dave-mccowan has joined #openstack-keystone16:45
*** harlowja_ has joined #openstack-keystone16:50
*** harlowja has quit IRC16:52
*** dmk0202 has quit IRC16:52
*** rderose has joined #openstack-keystone17:15
*** Aqsa has joined #openstack-keystone17:18
*** luisnho223 has joined #openstack-keystone17:19
luisnho223hey guys. I'm new to Openstack and I like to understand how authentication with REST API works. Documentation from Openstack is not much clear to me and i don't know how to POST a request for authentication17:21
luisnho223i know i have to send a POST request to http://url:5000/identity/v3/auth/tokens but don't know how to send it17:22
luisnho223i already installed advanced rest client but don't know how to get the token17:22
lbragstadluisnho223 you can use any number of utilities, from curl (https://www.lifewire.com/curl-definition-2184508) to postman (https://www.getpostman.com/)17:23
luisnho223well I know that but i don't know how to to insert in the POST JSON form to receive th sucessful response17:25
luisnho223with curl and even with REST API17:26
lbragstadwith curl you're going to have to build a request and use curl to send it  - let me find an example that will help explain this a little better17:27
lbragstadluisnho223 https://docs.openstack.org/developer/keystone/devref/api_curl_examples.html17:27
lbragstadluisnho223 have you seen ^ those yet?17:28
luisnho223@lbragstad i was looking for this! Every api example i found on internet was out of date17:29
luisnho223and i can use this also with advanced rest client17:30
luisnho223one more question: the url to send the request is http://localhost:5000/v3/auth/tokens or http://localhost:5000/identity/v3/auth/tokens?17:31
luisnho223it seems different17:32
lbragstadluisnho223 it depends on the deployment configuration of the cloud you're interacting with17:32
luisnho223and in my devstack i have the /identity/ in the compute APIs17:32
lbragstadluisnho223 then you should use /identity/v3/auth/tokens/17:33
lbragstadusing anther path might result in a 404 since the path won't resolve17:33
luisnho223ok ty for all the help! It really helped me a lot... Sorry for being newbie xD17:33
lbragstadluisnho223 anytime - let us know if you have any more questions17:36
lbragstadluisnho223 FYI - the token will be in the header17:36
luisnho223it is represented by audit_id?17:37
lbragstadluisnho223 nope - when you authenticate17:38
lbragstadupon successful authentication you'll get a token back in the response header17:38
lbragstadX-Subject-Token: <token>17:38
luisnho223oh... with advanced rest client I'm not getting that :/17:39
lbragstadluisnho223 what client are you using?17:40
ayoungluisnho223, there is a whole curl set of examples online17:40
luisnho223nvm... just found it on details17:40
lbragstadayoung https://docs.openstack.org/developer/keystone/devref/api_curl_examples.html right?17:40
lbragstadayoung or do we have another set of examples somewhere else?17:40
luisnho223thank you for the help :) yes im using that examples17:41
ayounghttps://docs.openstack.org/developer/keystone/devref/api_curl_examples.html    yep looks like the  same link17:41
luisnho223i just found out the tokens :)17:41
lbragstadluisnho223 good deal17:41
ayoungluisnho223, I also wrote up: http://adam.younglogic.com/2013/09/keystone-v3-api-examples/  a while ago17:41
*** dougshelley66 has joined #openstack-keystone17:41
ayoungbut I don't think it is any better than the official docs17:41
ayoungluisnho223, also, if you call `openstack token issue` from the CLI you get back a token.  Add in --debug and you can see what it passes back and forth17:42
luisnho223i found out your blog and i tried with that json file but no success17:42
luisnho223but now i know how to do it17:42
luisnho223i just need to parse the header17:42
luisnho223and save the token17:43
*** luisnho223 has quit IRC17:49
*** nicolasbock has quit IRC18:01
*** faizy has quit IRC18:11
knikollaayoung: let's resync up on the rbac work18:16
dstaneklbragstad: what time is the policy hangout again?18:17
lbragstadtomorrow at 11 dstanek18:19
dstanekok, so 12 EST18:20
dstaneki thought that was at the same time as our rax mtg18:20
lbragstaddstanek oh - let me double check18:21
lbragstaddstanek i'm seeing our rax meeting at 10am central18:21
dstanekhmmm...i wonder why my gcal is messed up18:22
*** tesseract has quit IRC18:22
dstanekyeah, somehome my google calendar is wrong. i see it find through outlook18:23
lbragstaddstanek interesting - i see it at 10am and out policy hangout is at 11am, so that should be good (unless i missed a meeting update, but i just checked my email and i don't see one)18:25
bretonayoung: have you already made the pitch? :)18:25
bretonayoung: i accidently ran into it when was googling novnc18:26
*** nicolasbock has joined #openstack-keystone18:27
dstaneklbragstad: i removed and readded by work calendar to my google calendar and in now shows correctly as 11EST18:30
lbragstaddstanek awesome18:30
*** edtubill has quit IRC18:30
*** ngupta_ has joined #openstack-keystone18:31
*** ngupta has quit IRC18:35
*** phalmos has joined #openstack-keystone18:44
*** rajpatel has quit IRC18:45
*** ngupta has joined #openstack-keystone18:47
openstackgerritRodrigo Duarte proposed openstack/keystone master: Basic overview of tempest and devstack plugins  https://review.openstack.org/45776818:47
rodrigodslbragstad, ^18:47
rodrigodsi'll be adding these docs in small chunks, to ease the reviews18:48
openstackgerritRodrigo Duarte proposed openstack/keystone master: Basic overview of tempest and devstack plugins  https://review.openstack.org/45776818:49
openstackgerritKristi Nikolla proposed openstack/keystone master: Remove LDAP delete logic and associated tests  https://review.openstack.org/42434418:50
*** ngupta_ has quit IRC18:51
*** rajpatel has joined #openstack-keystone18:52
lbragstadrodrigods that's perfect, thanks for doing that18:54
rm_workdid you guys have a release today?19:04
rm_workor merge something possibly breaking?19:04
rm_worklooks like no merges today19:04
*** dave-mccowan has quit IRC19:06
*** antwash has joined #openstack-keystone19:12
rm_workkk found the issue I think, devstack change w/r/t keystone wsgi19:16
*** phalmos has quit IRC19:25
*** phalmos has joined #openstack-keystone19:29
*** dave-mccowan has joined #openstack-keystone19:32
*** phalmos has quit IRC19:35
bretonrm_work: i saw that something changed today19:35
rm_workyeah we just figured it out19:35
rm_workkeystone changed to run without a port19:35
rm_workand our devstack config had it hardcoded19:36
bretonrm_work: https://review.openstack.org/#/c/456344/ this19:36
rm_workyep19:36
rm_workthat was it19:36
rm_workthanks for looking! :)19:36
*** rderose has quit IRC19:38
*** aojea has joined #openstack-keystone19:49
*** david-lyle has joined #openstack-keystone19:53
*** Adobeman has joined #openstack-keystone20:04
*** mvk has joined #openstack-keystone20:15
*** openstackgerrit has quit IRC20:33
*** ngupta has quit IRC20:36
*** stingaci has quit IRC20:46
*** stingaci has joined #openstack-keystone20:46
*** adriant has joined #openstack-keystone20:47
*** david-lyle has quit IRC20:49
*** stingaci has quit IRC20:53
ayoungknikolla, I'm back...was on kid duty for abit21:01
ayoungand dog duty21:01
ayoungbreton, pitch?  I think you are thinking of the meeting tomorrow21:02
ayoungthat is the video chat21:02
knikollaayoung: o/21:02
ayoungknikolla, right now I need to figure out how to do the matching21:02
ayoung I think I want to use route.mapping21:02
ayoungroutes that is21:02
ayoungknikolla,  I have some sample code though for showing proof of concept stuff:21:03
ayoungI have a devstack setup with the keystone server change applied, and using your kc changes I can create & list routes21:03
ayoungknikolla, let me paste:21:05
ayoungknikolla, http://paste.openstack.org/show/607052/  will read a json file and create the routes21:06
ayounghere is the simplistic one for identity21:06
ayounghttp://paste.openstack.org/show/607053/21:06
ayoungthat only has a catch all rule21:06
ayounghere is an exhaustive one for compute, generated from the compute API21:07
ayounghttps://da.gd/mfU5a -> https://paste.fedoraproject.org/paste/xhygXLW7b0E9Jpos9mihpF5M1UNdIGYhyRLivL9gydE=/21:07
ayoungknikolla, to list roles:21:07
ayoungmake that routes https://paste.fedoraproject.org/paste/qqwbWLV41WGoDxnyxeIa1V5M1UNdIGYhyRLivL9gydE=/21:08
ayoungand delete21:08
ayounghttps://da.gd/Ann7 -> https://paste.fedoraproject.org/paste/oRf7FWylKOSas67DE-Qtwl5M1UNdIGYhyRLivL9gydE=/21:08
ayoungso now we need somthing that will take the URL, break off the parts we don't care about, and say: here is the matching rule21:09
knikollaand plug that in to ksm21:09
*** david-lyle has joined #openstack-keystone21:10
*** edmondsw has quit IRC21:11
knikollaayoung: quick question. will the matching be done in ksm or keystone server? in other words, will ksm send the route to the server and let the server match it, or will ksm have the routes/roles and do it itself?21:11
*** dmk0202 has joined #openstack-keystone21:11
ayoung ksm21:11
ayoungknikolla, I want it as a function in kc called from ksm21:11
ayoungksm will fetch what it needs and make the call21:11
*** thorst has quit IRC21:11
ayoungand cache whatever it can21:11
*** edmondsw has joined #openstack-keystone21:11
ayoungknikolla, right now I see it making 2 calls:  list_routes and list_roles21:12
ayoungthat assumes that role_inference is expanded in the tokens21:12
ayoungwe might want to add a helper API to get the data in the right form for enforcement, but that can be done after we have a working proof of concept21:13
ayoungI actually pulled it out of the current server patch to simplify things21:13
knikollai see21:13
ayoungknikolla, one more errand, back in a bit.  Take a loot at the code I posted and we can talk in about 1521:13
knikollaayoung: ok21:14
*** edmondsw has quit IRC21:16
*** chris_hultin|AWA is now known as chris_hultin21:18
*** antwash has quit IRC21:18
knikollarodrigods: u there?21:25
knikollarodrigods: FYI this broke the devstack plugin in the functional gate https://review.openstack.org/#/c/456344/21:26
*** rderose has joined #openstack-keystone21:26
bretonayoung: the pitch about RBAC :)21:27
bretonayoung: RBAC-Middleware-pitch21:27
*** Aqsa has quit IRC21:28
*** openstackgerrit has joined #openstack-keystone21:30
openstackgerritPeter Sabaini proposed openstack/keystone master: Make flushing tokens more robust  https://review.openstack.org/45435121:30
*** thorst has joined #openstack-keystone21:32
ayoungbreton, so that is tomorrow, but knikolla and I are talking through it now.21:36
*** rajpatel has quit IRC21:37
*** thorst has quit IRC21:37
*** aojea has quit IRC21:39
*** ngupta has joined #openstack-keystone21:40
*** rderose has quit IRC21:41
*** aojea has joined #openstack-keystone21:44
*** aojea has quit IRC21:45
knikollaayoung: i'll be heading off soon.21:51
knikollaany tasks you want me to work on?21:51
ayoungknikolla, yeah, can you address the code review comments on the server piece?21:52
ayoungget the API doc started?21:52
knikollaayoung: yes. will do that.21:52
knikollawas waiting to sync up with you to prevent conflicts on the server piece.21:52
ayoungknikolla, I'm going to get a Proof of concept working with the route matching, and I'd like to hand it off to you from there.  Maybe tomorrow afternoon?21:52
ayoungI think the server is functional enough for now21:53
knikollaayoung: sounds good.21:53
*** thorst has joined #openstack-keystone21:53
*** MasterOfBugs has joined #openstack-keystone21:55
*** david-lyle has quit IRC21:55
*** rderose has joined #openstack-keystone21:56
*** rderose has quit IRC21:57
*** thorst has quit IRC21:58
*** dmk0202 has quit IRC21:59
*** catintheroof has quit IRC22:01
*** ianw_pto is now known as ianw22:12
*** aojea has joined #openstack-keystone22:27
*** aojea has quit IRC22:33
*** thorst has joined #openstack-keystone22:41
*** thorst has quit IRC22:43
*** thorst has joined #openstack-keystone22:43
*** thorst has quit IRC22:47
*** stingaci has joined #openstack-keystone22:53
*** david-lyle has joined #openstack-keystone22:53
*** david-lyle has quit IRC22:56
*** aloga has quit IRC22:57
*** phalmos has joined #openstack-keystone22:59
*** aloga has joined #openstack-keystone23:03
*** phalmos has quit IRC23:04
openstackgerritayoung proposed openstack/python-keystoneclient master: WIP - Client functions for Routes  https://review.openstack.org/45289323:06
openstackgerritayoung proposed openstack/python-keystoneclient master: DO NOT MERGE: proof of concept for RBAC matching  https://review.openstack.org/45781823:06
ayoungknikolla, all the POC code is in the review.  Including how to do the matching23:06
*** chris_hultin is now known as chris_hultin|AWA23:09
*** Aqsa has joined #openstack-keystone23:11
*** thorst has joined #openstack-keystone23:15
*** ngupta has quit IRC23:23
*** ngupta has joined #openstack-keystone23:24
*** ngupta has quit IRC23:28
*** d0ugal has quit IRC23:32
*** aojea has joined #openstack-keystone23:33
*** aloga has quit IRC23:37
*** aojea has quit IRC23:38
*** lamt has quit IRC23:40
*** d0ugal has joined #openstack-keystone23:41
*** aloga has joined #openstack-keystone23:41
*** Nakato has joined #openstack-keystone23:46
« Monday, 2017-04-17 Index Wednesday, 2017-04-19 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!