Thursday, 2018-05-17

« Wednesday, 2018-05-16 Index Friday, 2018-05-18 »
*** felipemonteiro has joined #openstack-keystone00:05
*** felipemonteiro has quit IRC00:14
*** liuzz has quit IRC00:17
*** liuzz has joined #openstack-keystone00:19
*** panbalag has joined #openstack-keystone00:25
*** oikiki has quit IRC00:26
*** oikiki has joined #openstack-keystone00:27
*** r-daneel has quit IRC00:29
*** panbalag has quit IRC00:30
*** david-lyle has quit IRC00:34
*** oikiki has quit IRC00:36
*** Dinesh_Bhor has joined #openstack-keystone00:39
*** panbalag has joined #openstack-keystone00:48
*** annp has quit IRC00:53
*** annp has joined #openstack-keystone00:53
*** oikiki has joined #openstack-keystone00:56
*** oikiki has quit IRC01:01
*** oikiki has joined #openstack-keystone01:02
*** edmondsw has quit IRC01:19
*** markvoelker_ has quit IRC01:34
*** panbalag has quit IRC01:38
*** markvoelker has joined #openstack-keystone01:38
*** namnh has joined #openstack-keystone01:40
*** panbalag has joined #openstack-keystone01:43
*** oikiki has quit IRC01:45
*** oikiki has joined #openstack-keystone01:46
*** oikiki has quit IRC01:46
*** panbalag has left #openstack-keystone01:58
*** itlinux has joined #openstack-keystone02:02
*** Dinesh_Bhor has quit IRC02:09
*** Dinesh_Bhor has joined #openstack-keystone02:11
*** itlinux has quit IRC02:30
*** itlinux has joined #openstack-keystone02:38
*** lbragstad has quit IRC02:39
*** itlinux has quit IRC02:46
*** masber has quit IRC02:49
*** dave-mcc_ has quit IRC02:52
*** masber has joined #openstack-keystone02:52
*** edmondsw has joined #openstack-keystone02:59
*** edmondsw has quit IRC03:04
*** itlinux has joined #openstack-keystone03:08
*** nicolasbock has quit IRC03:23
bhagyashriscmurphy: mordred: pooja_jadhav03:31
bhagyashriscmurphy: mordred: currently neha_alhat is working on providing split_looger functionality in different client03:33
*** itlinux has quit IRC03:34
*** sonuk has joined #openstack-keystone03:54
*** masuberu has joined #openstack-keystone03:56
*** gyankum has joined #openstack-keystone03:59
*** masber has quit IRC04:00
*** masber has joined #openstack-keystone04:02
*** masuberu has quit IRC04:05
*** germs has quit IRC04:10
*** links has joined #openstack-keystone04:24
*** gyee has quit IRC04:26
*** gongysh has joined #openstack-keystone04:32
*** prashkre has joined #openstack-keystone04:44
openstackgerritMerged openstack/keystone master: Limit description support  https://review.openstack.org/55313204:44
*** edmondsw has joined #openstack-keystone04:48
*** prashkre has quit IRC04:53
*** edmondsw has quit IRC04:53
*** Dinesh__Bhor has joined #openstack-keystone04:59
*** Dinesh_Bhor has quit IRC04:59
*** liuzz has quit IRC05:47
*** liuzz has joined #openstack-keystone05:48
*** prashkre has joined #openstack-keystone06:12
*** liuzz_ has joined #openstack-keystone06:15
*** liuzz has quit IRC06:16
*** Dinesh__Bhor has quit IRC06:17
*** Dinesh__Bhor has joined #openstack-keystone06:17
*** liuzz_ has quit IRC06:20
*** liuzz has joined #openstack-keystone06:21
*** liuzz has quit IRC06:23
openstackgerritwangxiyuan proposed openstack/keystone master: Unified limit update APIs Refactor  https://review.openstack.org/55955206:24
*** liuzz has joined #openstack-keystone06:25
*** gongysh has quit IRC06:25
openstackgerritwangxiyuan proposed openstack/keystone master: Unified limit update APIs Refactor  https://review.openstack.org/55955206:30
*** liuzz_ has joined #openstack-keystone06:32
*** liuzz has quit IRC06:33
*** oikiki has joined #openstack-keystone06:45
*** martinus__ has joined #openstack-keystone06:54
*** gongysh has joined #openstack-keystone06:55
*** ispp has joined #openstack-keystone06:59
*** tesseract has joined #openstack-keystone07:01
*** Dinesh__Bhor has quit IRC07:02
*** oikiki has quit IRC07:10
*** prashkre has quit IRC07:12
*** prashkre has joined #openstack-keystone07:13
*** ispp has quit IRC07:17
*** gongysh has quit IRC07:27
*** ispp has joined #openstack-keystone07:30
*** AlexeyAbashkin has joined #openstack-keystone07:47
*** ispp has quit IRC07:54
*** prashkre has quit IRC07:57
*** rcernin has quit IRC08:12
*** gongysh has joined #openstack-keystone08:18
*** ispp has joined #openstack-keystone08:20
*** edmondsw has joined #openstack-keystone08:24
*** edmondsw has quit IRC08:29
*** links has quit IRC08:32
openstackgerritwangxiyuan proposed openstack/keystone master: Unified limit update APIs Refactor  https://review.openstack.org/55955208:33
*** gyankum has quit IRC08:33
Shilpalbragstad: Hi08:34
Shilpalbragstad[m]: Hi08:35
*** links has joined #openstack-keystone08:49
*** prashkre has joined #openstack-keystone08:51
*** d0ugal__ has quit IRC08:51
*** d0ugal has joined #openstack-keystone08:51
*** d0ugal has quit IRC08:51
*** d0ugal has joined #openstack-keystone08:51
*** gyankum has joined #openstack-keystone09:04
*** gyankum has quit IRC09:08
*** gongysh has quit IRC09:09
*** ispp has quit IRC09:15
*** gongysh has joined #openstack-keystone09:17
*** dims has quit IRC09:20
*** gongysh has quit IRC09:24
*** gyankum has joined #openstack-keystone09:46
*** gyankum has quit IRC09:50
*** AlexeyAbashkin has quit IRC09:53
*** gyankum has joined #openstack-keystone09:56
*** namnh has quit IRC10:00
*** ispp has joined #openstack-keystone10:01
openstackgerritwangxiyuan proposed openstack/oslo.limit master: Init repo  https://review.openstack.org/55674410:06
*** dims has joined #openstack-keystone10:07
openstackgerritwangxiyuan proposed openstack/keystone master: Unified limit update APIs Refactor  https://review.openstack.org/55955210:10
*** edmondsw has joined #openstack-keystone10:13
*** annp has quit IRC10:15
*** edmondsw has quit IRC10:17
*** dims has quit IRC10:17
*** nicolasbock has joined #openstack-keystone10:30
*** ispp has quit IRC10:40
*** hoonetorg has quit IRC10:43
*** edmondsw has joined #openstack-keystone10:52
*** AlexeyAbashkin has joined #openstack-keystone10:54
*** hoonetorg has joined #openstack-keystone11:00
*** jaosorior has quit IRC11:01
*** jaosorior has joined #openstack-keystone11:05
*** dave-mccowan has joined #openstack-keystone11:08
*** sonuk has quit IRC11:10
*** gyan_ has joined #openstack-keystone11:14
*** gyankum has quit IRC11:16
*** links has quit IRC11:16
*** prashkre has quit IRC11:22
*** prashkre has joined #openstack-keystone11:28
*** links has joined #openstack-keystone11:29
*** ispp has joined #openstack-keystone11:30
*** panbalag has joined #openstack-keystone11:31
*** panbalag has left #openstack-keystone11:32
*** lbragstad has joined #openstack-keystone11:33
*** ChanServ sets mode: +o lbragstad11:33
*** bhagyashri_s has joined #openstack-keystone11:42
*** bhagyashri_s has quit IRC11:43
*** bhagyashri_s has joined #openstack-keystone11:44
*** bhagyashri_s has quit IRC11:45
*** bhagyashris has quit IRC11:46
*** bhagyashri_s has joined #openstack-keystone11:46
*** pooja-jadhav has joined #openstack-keystone11:48
*** pooja_jadhav has quit IRC11:50
*** liuzz_ has quit IRC11:57
doxaCreate a TOTP credential¶ - doesn't work for me. Any thoughts ? https://docs.openstack.org/keystone/queens/advanced-topics/auth-totp.html#create-a-totp-credential12:00
*** pooja_jadhav has joined #openstack-keystone12:02
lbragstaddoxa: what error are you getting?12:02
*** bhagyashris_ has joined #openstack-keystone12:03
*** prashkre_ has joined #openstack-keystone12:04
doxalbragstad: Eror I receive is {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}12:05
*** pooja-jadhav has quit IRC12:06
*** bhagyashri_s has quit IRC12:06
*** prashkre has quit IRC12:06
lbragstadare you able to authenticate against keystone?12:06
doxalbragstad: with nomal auth works fine12:09
*** prashkre_ has quit IRC12:09
*** jaosorior has quit IRC12:12
lbragstadis the token you're passing in that request for the user in the request?12:15
*** bhagyashri_s has joined #openstack-keystone12:15
*** ShilpaSD has joined #openstack-keystone12:16
*** bhagyashris_ has quit IRC12:18
*** Shilpa has quit IRC12:18
*** jaosorior has joined #openstack-keystone12:19
doxalbragstad: I am using the example from mentioned webpage. I have just changed the user ID.12:19
doxalbragstad: TOTP works independent from user/password auth or together ?12:20
doxalbragstad: is there any alternative way to setup totp blob beside curl method ?12:22
*** ispp has quit IRC12:23
*** belmoreira has joined #openstack-keystone12:24
*** ShilpaSD has quit IRC12:24
*** ispp has joined #openstack-keystone12:25
*** bhagyashris has joined #openstack-keystone12:25
*** Shilpa has joined #openstack-keystone12:26
Shilpalbragstad: Hi12:28
*** bhagyashri_s has quit IRC12:28
lbragstaddoxa: you need a token in order to authenticate yourself and make that API call12:29
lbragstadShilpa: hi12:29
*** raildo has joined #openstack-keystone12:31
doxalbragstad: do you mean the base 64 secret ?12:33
lbragstaddoxa: no - you need to pass a token in the request headers to prove who you are to keystone in order for keystone to authorize you to make that API call12:34
*** sapd_ has quit IRC12:34
*** sapd_ has joined #openstack-keystone12:34
*** sapd_ has quit IRC12:35
*** sapd_ has joined #openstack-keystone12:35
*** sapd_ has quit IRC12:36
doxalbragstad: please send me an example12:36
*** sapd_ has joined #openstack-keystone12:36
*** panbalag has joined #openstack-keystone12:37
lbragstadhere are a bunch of examples using curl12:37
lbragstadhttps://docs.openstack.org/keystone/latest/api_curl_examples.html12:37
*** panbalag has left #openstack-keystone12:37
lbragstadif you look at this specific example https://docs.openstack.org/keystone/latest/api_curl_examples.html#domains12:37
lbragstadyou can see that the X-Auth-Token header is being set12:38
lbragstadyou'll need to do that for the request you're making to create a TOTP credential12:38
lbragstadthe $OS_TOKEN in that example is a token from keystone that you've authenticated for12:38
*** bhagyashri_s has joined #openstack-keystone12:41
*** pooja_jadhav has quit IRC12:41
*** Shilpa has quit IRC12:42
*** bhagyashris has quit IRC12:42
*** pooja_jadhav has joined #openstack-keystone12:42
*** Shilpa has joined #openstack-keystone12:42
*** dims has joined #openstack-keystone12:43
doxalbragstad: I'm looking into it now.12:45
*** bhagyashri_s has quit IRC12:48
doxalbragstad: I'm sorry to bother. Where do I get that token ? I've used command "openstack token issue" and there I get 3 params id, project_id and user_id12:49
doxalbragstad: The problem is that the ID field is huge as length - 2 rows12:49
*** pooja-jadhav has joined #openstack-keystone12:49
*** bhagyashri_s has joined #openstack-keystone12:49
lbragstadthe ID in that response is a token12:49
Shilpalbragstad: basic query, i am on python novaclient and getting successful result for CLI 'nova --os-auth-type password --os-password admin list' command12:50
doxalbragstad: I'll make a curl test with that ID12:50
lbragstadwhen you use `openstack token issue` the openstack client is taking your credentials (e.g. a user ID + password) and presenting them to keystone, if successful, keystone will return to you a token12:50
Shilpabut for CLI 'nova --os-auth-type v3password --os-password admin list' and 'nova --os-auth-type v2password --os-password admin list', getting issue 'ERROR (AttributeError): 'Namespace' object has no attribute 'os_project_domain_id'12:51
ShilpaFor this i have made changes in python-novaclient in shell.py12:51
ShilpaAnd able to overcome above said error12:51
*** pooja_jadhav has quit IRC12:52
ShilpaBut now facing error for v2Password 'ERROR (NotFound): (http://10.232.48.204/identity/tokens): The resource could not be found. (HTTP 404)'12:52
*** belmoreira has quit IRC12:52
ShilpaAnd for v3Password 'ERROR (NotFound): (http://10.232.48.204/identity/auth/tokens): The resource could not be found. (HTTP 404)'12:52
ShilpaDid i am missing any configuration here?12:52
*** bhagyashris_ has joined #openstack-keystone12:53
lbragstadShilpa: you might need to make sure you have apache or uwsgi configured properly12:53
ShilpaIMO its properly configured, for 'nova --os-auth-type password --os-password admin list' its Success, list is getting displyed on CLI12:54
*** gyan_ has quit IRC12:54
lbragstaddo you have access to the keystone logs?12:55
Shilpayes12:55
*** bhagyashri_s has quit IRC12:55
lbragstadmaybe try checking those if you haven't already?12:56
ShilpaMay 17 18:24:54 shilpa-VirtualBox devstack@keystone.service[9497]: [pid: 9502|app: 0|req: 65/129] 10.232.48.204 () {62 vars in 1415 bytes} [Thu May 17 18:24:54 2018] GET /identity/v3/auth/tokens => generated 4149 bytes in 44 msecs (HTTP/1.1 200) 6 headers in 380 bytes (1 switches on core 0)12:56
*** jmlowe has quit IRC12:56
lbragstadif that was a 200 - then it looks like your path wasn't properly configured12:57
lbragstadyou're getting a 404 because the path you're using is /identity/auth/tokens as opposed to /identity/v3/auth/tokens12:57
*** ispp has quit IRC12:58
ShilpaSorry, it was for success, here are failure logs May 17 18:30:07 shilpa-VirtualBox devstack@keystone.service[9497]: [pid: 9502|app: 0|req: 67/133] 10.232.48.204 () {62 vars in 1075 bytes} [Thu May 17 18:30:07 2018] POST /identity/tokens => generated 133 bytes in 1 msecs (HTTP/1.1 404) 4 headers in 118 bytes (2 switches on core 0)13:00
*** goofie has joined #openstack-keystone13:02
Shilpalbragstad: for v2 implementation in keystoneauth, path takes http://10.232.48.204/identity/tokens and for v3, it takes 'http://10.232.48.204/identity/auth/tokens'13:02
lbragstadthe implementation will pull the endpoint values depending on the auth url you have specified13:03
lbragstadwhich is usually in an rc file, environment variable, or clouds.yaml depending on how/where you're storing that information13:03
lbragstadif you find where that is, you can try and update OS_AUTH_URL to use 'http://10.232.48.204/identity/v3/auth/tokens'13:05
*** links has quit IRC13:09
doxalbragstad: No luck with that long ID. I've tried now with master token taken from keystone.conf.  I still get the authentication error.13:12
doxalbragstad: I am using Openstack queen with RDO install on centos13:12
*** mchlumsky has joined #openstack-keystone13:17
*** panbalag has joined #openstack-keystone13:18
*** panbalag has left #openstack-keystone13:20
lbragstaddoxa: do you have access to the keystone logs?13:20
Shilpalbragstad: checked auth url is correct i.e. http://<ip address>/identity, but at keystoneauth side it should append '/v3/auth/tokens', but currently its appending only '/auth/token', so why this happening?13:28
*** gongysh has joined #openstack-keystone13:29
lbragstadShilpa: i'm not sure, it likely depends on how you're configuring keystoneauth13:29
lbragstadso you'll probably need to start by looking at your environment variables or an rc file that holds credentials13:30
*** belmoreira has joined #openstack-keystone13:31
Shilpais it possible fo ryou to check in your environment and help me to find this where exactly i am missing, u need to run at python-novaclient, 'nova --os-auth-type v2password --os-password admin list and 'nova --os-auth-type v3password --os-password admin list'13:37
*** jmlowe has joined #openstack-keystone13:38
lbragstadi use clouds.yaml, but this is what i have in dev currently13:38
hrybackicmurphy: kmalloc not sure if this is related to what y'all were discussing yesterday but I saw they changed sphinx requirement revert being discussed: https://review.openstack.org/#/c/568248/13:38
*** felipemonteiro has joined #openstack-keystone13:39
lbragstadShilpa: http://paste.openstack.org/raw/721166/13:39
ShilpaThank you, i have compared only diff is that i am missing section 'devstack-system-admin:', is it required?13:41
lbragstadno - it's not required, it just a profile that i define13:42
lbragstadit's*13:42
*** felipemonteiro has quit IRC13:46
lbragstadunless the python-novaclient bit is doing something with the auth url?13:48
*** ispp has joined #openstack-keystone13:50
*** panbalag has joined #openstack-keystone13:52
*** panbalag has left #openstack-keystone13:55
Shilpathat i am looking into, but as of now observed that at keystonauth side at https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/identity/v3/base.py#L73 and https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/identity/v2.py#L51, URL get created13:59
*** belmorei_ has joined #openstack-keystone14:00
*** belmoreira has quit IRC14:01
*** panbalag has joined #openstack-keystone14:02
*** ispp has quit IRC14:31
*** ispp has joined #openstack-keystone14:32
*** spilla has joined #openstack-keystone14:46
*** dklyle has joined #openstack-keystone14:54
cmurphyhrybacki: it's a different error but that revert might be why we saw it magically resolve itself14:57
*** panbalag has quit IRC15:03
*** panbalag has joined #openstack-keystone15:07
hrybackicmurphy: interesting. Well hopefully that data point is of use :)15:08
*** AlexeyAbashkin has quit IRC15:12
*** AlexeyAbashkin has joined #openstack-keystone15:15
hrybackiknikolla: ping regarding default roles spec15:16
*** panbalag has left #openstack-keystone15:17
openstackgerritMerged openstack/oslo.policy master: Include deprecated_reason when deprecated_rule is set  https://review.openstack.org/56868715:22
*** cz2 has quit IRC15:24
cmurphyfyi early bird pricing for the next ptg is ending today already http://lists.openstack.org/pipermail/openstack-dev/2018-May/130548.html15:27
*** panbalag has joined #openstack-keystone15:30
*** ispp has quit IRC15:31
*** germs has joined #openstack-keystone15:34
*** germs has quit IRC15:34
*** germs has joined #openstack-keystone15:34
*** panbalag has quit IRC15:35
*** ispp has joined #openstack-keystone15:37
*** germs has quit IRC15:39
*** germs has joined #openstack-keystone15:40
*** germs has quit IRC15:40
*** gyee has joined #openstack-keystone15:41
*** germs has joined #openstack-keystone15:41
*** germs has quit IRC15:41
*** germs has joined #openstack-keystone15:41
*** ispp has quit IRC15:41
*** fiddletw_ has joined #openstack-keystone15:43
*** fiddletw_ has quit IRC15:43
*** fiddletwix has joined #openstack-keystone15:43
*** dklyle has quit IRC15:43
*** gongysh has quit IRC15:44
*** dklyle has joined #openstack-keystone15:48
*** fiddletwix has quit IRC15:49
*** panbalag has joined #openstack-keystone15:50
*** panbalag has left #openstack-keystone15:50
*** cz2 has joined #openstack-keystone15:52
*** germs has quit IRC15:57
*** germs has joined #openstack-keystone15:58
*** germs has quit IRC15:58
*** germs has joined #openstack-keystone15:58
*** germs has quit IRC15:58
*** germs has joined #openstack-keystone15:59
*** germs has quit IRC15:59
*** germs has joined #openstack-keystone15:59
*** felipemonteiro has joined #openstack-keystone16:02
openstackgerritFelipe Monteiro proposed openstack/keystone-specs master: Patrole (RBAC) Keystone Gating  https://review.openstack.org/46467816:03
lbragstadcmurphy: good call - thanks for the reminder16:05
*** felipemonteiro has quit IRC16:12
*** jrist has quit IRC16:24
kmallocAlready bought the ticket.16:28
kmalloc;)16:28
knikollahrybacki: o/16:29
gagehugotempted to grab a room on the off-chance they run out16:29
gagehugoI don't think there was another hotel nearby16:29
knikollagagehugo: in denver?16:30
gagehugoyea16:30
knikollathere's a holiday inn 2 mins away16:30
* gagehugo memory is terrible16:30
gagehugoah ok16:31
knikollaif it's the same venue as last time, let me double check16:31
* lbragstad takes lunch real quick16:32
knikollaquality inn* not holiday inn16:33
gagehugooh yeah16:33
kmallocThe hotel, if cancellation is good should be worth it.16:33
gagehugothere was the shopping area next to it16:33
kmallocThis far out should be ok.16:33
gagehugoI'm still scarred from walking 30 mins in the snow in dublin16:34
*** tesseract has quit IRC16:38
*** dklyle has quit IRC16:42
hrybackiknikolla o/ I just wanted to confirm that update_project_tags is or is not also an admin api?16:55
*** belmorei_ has quit IRC17:02
*** AlexeyAbashkin has quit IRC17:04
*** oikiki has joined #openstack-keystone17:08
knikollahrybacki: it is an admin api https://github.com/openstack/keystone/blob/master/keystone/common/policies/project.py#L127-L13017:16
*** oikiki has quit IRC17:24
*** oikiki has joined #openstack-keystone17:31
*** rmascena has joined #openstack-keystone17:33
*** raildo has quit IRC17:35
*** neha_alhat_ has joined #openstack-keystone17:41
hrybackiack knikolla thanks17:54
*** felipemonteiro has joined #openstack-keystone17:54
neha_alhat_modred Hi17:57
*** links has joined #openstack-keystone17:58
neha_alhat_mordred: Hi17:59
neha_alhat_mordred: Thanks for this patch: https://review.openstack.org/#/c/568878. I was making same changes for registering 'split_loggers' conf option in keystoneauth18:02
*** fiddletw_ has joined #openstack-keystone18:04
*** neha_alhat_ has quit IRC18:07
*** links has quit IRC18:35
openstackgerritLance Bragstad proposed openstack/keystone master: Decouple bootstrap from cli module  https://review.openstack.org/55890318:38
openstackgerritLance Bragstad proposed openstack/keystone master: Introduce new TokenModel object  https://review.openstack.org/55912918:38
lbragstadkmalloc: oh - most of the new code added in that model should be tested with the exception of oauth tokens and a case with app creds ^18:39
lbragstadi'm wondering if the usability of the new model is headed in the right direction though18:39
*** dklyle has joined #openstack-keystone18:56
*** pcichy has joined #openstack-keystone19:01
*** felipemonteiro__ has joined #openstack-keystone19:04
*** felipemonteiro has quit IRC19:08
kmalloclbragstad: cool19:15
kmalloclbragstad: thanks!19:15
devxare there any requirements for running keystone with ADFS? ie  does it require Apache or Nginx modules? or does it use python bindings? (sorry if my question is not clear)19:21
kmallocmordred: NIT on the timing code, a NamedTuple would have been my preference instead of a new object def.19:22
kmallocmordred: however... +2.19:22
kmalloclbragstad: ^ cc19:22
kmallocdevx: there is a bunch of config needed to make it work, see https://docs.openstack.org/security-guide/identity/federated-keystone.html#enabling-federation as the starting point.19:23
kmallocdevx: there are some folks here very familiar with SAML and ADFS with Keystone if you're running into stumbling blocks.19:23
devxThanks! and sorry i should of gone there first.. i'll be back when I get stuck :)19:24
kmallocdevx: ADFS is (mostly) a SAML2 provider19:24
kmallocdevx: no worries! I'd rather you ask than wander off frustrated. We're here to help19:24
kmallocif you find issues with the documentation, also let us know -- we'd like to make sure the docs are fixed if they are broken.19:25
kmallocor unclear.19:25
devxI will, it's not a priority so it might take a me a bit to get through this setup :)19:25
*** jmlowe has quit IRC19:27
kmallocdevx: sounds good! :)19:29
kmallocdevx: and good luck!19:29
kmallocmordred: https://review.openstack.org/#/c/568877/2 if you want to make that a NamedTuple, we can do so before release.19:36
kmallocmordred: if not, we can just let it ride as an object19:36
*** jrist has joined #openstack-keystone19:36
lbragstadkmalloc: no problem - just curious about the ergonomics of the whole model...19:36
lbragstadit feels pretty heavy19:36
lbragstad(not sure if that is the right word)19:36
lbragstadbut at the same time, it's modeling a pretty complex object19:37
kmallocyeah19:37
lbragstadso maybe that's ok?19:37
kmalloci would love to simplify it.19:37
kmallocthat said, we have a ${HISTORY} that makes it impossible19:37
lbragstadidk - like the whole token.user_id when using a trust for example and having token.trustee19:37
kmallocyeah, it's tough.19:38
lbragstadalso19:39
*** felipemonteiro__ has quit IRC19:39
lbragstadwe have a mint() method19:39
*** felipemonteiro has joined #openstack-keystone19:39
lbragstadbut i wonder if there is a better way to expose methods that make the interactions with the model flow better?19:39
lbragstadyou wouldn't re-mint a method in the validation process19:39
lbragstads/method/token/19:40
kmallocwell validate implicitly mints by supplying the needed information19:41
lbragstadyeah19:43
*** jrist has quit IRC19:48
*** jrist has joined #openstack-keystone19:51
cmurphykmalloc: don't link the security guide docs, they're super out of date :( devx: try this https://docs.openstack.org/keystone/latest/advanced-topics/federation/federated_identity.html19:51
kmalloccmurphy: ah crap, wrong link.19:54
kmalloccmurphy: thanks19:54
kmalloccmurphy: can we make a bug to fix that19:54
kmalloc:P19:54
kmalloci had both open19:54
kmallocclicked the wrong one w/ control+c :)19:54
cmurphythey also come up first in google searches19:55
kmallocyeah.19:55
kmallocwe should fix that, maybe a 301 or some such19:55
kmallocor at least get the security docs to point to the right place19:55
cmurphyya figuring out what needs to be done to fix it is somewhere deep in my todo list...19:56
kmalloccool. lets make sure we get a bug open in LP ;)19:56
kmallocmaybe someone else will jump on it19:56
kmallocdoc bugs are funny like that19:56
*** pcichy has quit IRC19:57
*** jmlowe has joined #openstack-keystone19:57
cmurphykmalloc: here https://bugs.launchpad.net/ossn/+bug/177188420:03
openstackLaunchpad bug 1771884 in OpenStack Security Notes "Keystone guide is out of date" [Undecided,New]20:03
kmalloccmurphy: ++ THANKS! :)20:08
kmalloccmurphy: you rock20:08
*** jmlowe has quit IRC20:22
*** rmascena has quit IRC20:44
openstackgerritMerged openstack/keystoneauth master: Collect timing information for API calls  https://review.openstack.org/56887721:06
openstackgerritMerged openstack/keystoneauth master: Add oslo.config option for split-loggers  https://review.openstack.org/56887821:06
openstackgerritMerged openstack/keystoneauth master: Expose version_between as a real function  https://review.openstack.org/56864021:06
*** martinus__ has quit IRC21:18
*** felipemonteiro has quit IRC21:28
*** felipemonteiro has joined #openstack-keystone21:28
*** felipemonteiro has quit IRC21:28
*** felipemonteiro has joined #openstack-keystone21:28
*** edmondsw has quit IRC21:46
*** rcernin has joined #openstack-keystone22:04
*** felipemonteiro has quit IRC22:20
*** oikiki has quit IRC22:35
*** threestrands has joined #openstack-keystone22:37
openstackgerritLance Bragstad proposed openstack/keystone master: Introduce new TokenModel object  https://review.openstack.org/55912922:37
*** d34dh0r53 has quit IRC22:47
*** d34dh0r53 has joined #openstack-keystone22:47
*** cloudnull has quit IRC22:48
*** eglute has quit IRC22:48
*** cloudnull has joined #openstack-keystone22:48
*** eglute has joined #openstack-keystone22:49
*** spilla has quit IRC22:51
*** spilla has joined #openstack-keystone22:52
*** spilla has quit IRC22:56
*** panbalag has joined #openstack-keystone23:00
*** panbalag has left #openstack-keystone23:00
*** edmondsw has joined #openstack-keystone23:03
*** edmondsw has quit IRC23:08
*** edmondsw has joined #openstack-keystone23:46
« Wednesday, 2018-05-16 Index Friday, 2018-05-18 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!