| *** gyee has quit IRC | 00:42 | |
| *** itlinux is now known as itlinux-away | 01:09 | |
| *** fungi has quit IRC | 01:18 | |
| *** fungi has joined #openstack-keystone | 01:18 | |
| *** imacdonn has quit IRC | 01:18 | |
| *** imacdonn has joined #openstack-keystone | 01:19 | |
| *** odyssey4me has quit IRC | 01:19 | |
| *** zioproto has quit IRC | 01:19 | |
| *** odyssey4me has joined #openstack-keystone | 01:20 | |
| *** itlinux-away is now known as itlinux | 01:21 | |
| *** itlinux is now known as itlinux-away | 01:22 | |
| *** itlinux-away is now known as itlinux | 01:24 | |
| *** itlinux is now known as itlinux-away | 01:24 | |
| *** itlinux-away is now known as itlinux | 01:27 | |
| *** itlinux is now known as itlinux-away | 01:27 | |
| *** itlinux-away is now known as itlinux | 01:28 | |
| *** itlinux is now known as itlinux-away | 01:29 | |
| openstackgerrit | Gage Hugo proposed openstack/keystone master: DNM/WIP Convert domains api to flask https://review.openstack.org/597350 | 01:37 |
|---|---|---|
| *** Dinesh_Bhor has joined #openstack-keystone | 01:45 | |
| openstackgerrit | Merged openstack/oslo.policy master: Docs: Remove references to JSON format https://review.openstack.org/592170 | 01:48 |
| *** pas-ha has quit IRC | 01:49 | |
| *** eglute has quit IRC | 01:49 | |
| *** ianw has quit IRC | 01:49 | |
| *** andreykurilin has quit IRC | 01:49 | |
| *** zigo has quit IRC | 01:49 | |
| *** spsurya has quit IRC | 01:49 | |
| *** jamielennox has quit IRC | 01:49 | |
| *** rm_work has quit IRC | 01:49 | |
| *** andreykurilin has joined #openstack-keystone | 01:49 | |
| *** itlinux-away is now known as itlinux | 01:51 | |
| *** itlinux is now known as itlinux-away | 01:51 | |
| *** ianw has joined #openstack-keystone | 01:53 | |
| *** jamielennox has joined #openstack-keystone | 01:53 | |
| *** rm_work has joined #openstack-keystone | 01:55 | |
| *** Dinesh_Bhor has quit IRC | 01:58 | |
| *** itlinux-away is now known as itlinux | 02:01 | |
| *** ianw has quit IRC | 02:03 | |
| *** ianw has joined #openstack-keystone | 02:04 | |
| *** vishakha has quit IRC | 02:08 | |
| *** Dinesh_Bhor has joined #openstack-keystone | 02:09 | |
| *** itlinux is now known as itlinux-away | 02:11 | |
| *** itlinux-away is now known as itlinux | 02:29 | |
| *** itlinux is now known as itlinux-away | 02:29 | |
| *** sapd1 has joined #openstack-keystone | 02:34 | |
| *** openstack has joined #openstack-keystone | 02:51 | |
| *** jhesketh has quit IRC | 02:51 | |
| *** zzzeek has joined #openstack-keystone | 02:52 | |
| *** ChanServ sets mode: +o openstack | 02:52 | |
| *** itlinux-away is now known as itlinux | 02:53 | |
| *** itlinux is now known as itlinux-away | 02:53 | |
| *** itlinux-away is now known as itlinux | 02:54 | |
| *** jhesketh has joined #openstack-keystone | 02:57 | |
| *** openstackstatus has joined #openstack-keystone | 03:00 | |
| *** ChanServ sets mode: +v openstackstatus | 03:00 | |
| *** spsurya has joined #openstack-keystone | 03:52 | |
| *** Dinesh_Bhor has quit IRC | 03:52 | |
| *** nicolasbock has quit IRC | 03:58 | |
| *** Dinesh_Bhor has joined #openstack-keystone | 04:31 | |
| *** ykarel has joined #openstack-keystone | 05:28 | |
| *** itlinux has quit IRC | 05:31 | |
| *** ykarel has quit IRC | 05:42 | |
| *** ykarel has joined #openstack-keystone | 05:52 | |
| *** shyamb has joined #openstack-keystone | 06:05 | |
| *** BlackDex has joined #openstack-keystone | 06:05 | |
| *** ykarel has quit IRC | 06:23 | |
| *** markvoelker has joined #openstack-keystone | 06:39 | |
| *** pcaruana has joined #openstack-keystone | 06:50 | |
| *** shyamb has quit IRC | 06:52 | |
| *** shyamb has joined #openstack-keystone | 06:53 | |
| *** ykarel has joined #openstack-keystone | 06:55 | |
| *** vishakha has joined #openstack-keystone | 06:57 | |
| *** rcernin has quit IRC | 07:00 | |
| *** ykarel has quit IRC | 07:05 | |
| vishakha | wxy-xiyuan: Hi, https://bugs.launchpad.net/keystone/+bug/1724685 . The bug seems invalid as with a invalid role name error 404 should return. It isn't a bad request which should return 400. Pl confirm | 07:05 |
| openstack | Launchpad bug 1724685 in OpenStack Identity (keystone) "HTTP 404 creating trust with role that you don't have" [Low,Confirmed] - Assigned to Vishakha Agarwal (vishakha.agarwal) | 07:05 |
| wxy-xiyuan | vishakha: it should return 400, not 404 see api guide: http://git.openstack.org/cgit/openstack/api-sig/tree/guidelines/http/response-codes.rst#n79 | 07:10 |
| *** ykarel has joined #openstack-keystone | 07:10 | |
| *** ykarel has quit IRC | 07:10 | |
| wxy-xiyuan | vishakha: IIRC, some other APIs have this issue as well. But we need microversion support for API change. it's the reason why this bug is blocked. | 07:13 |
| *** dolly has quit IRC | 07:16 | |
| *** takamatsu has quit IRC | 07:16 | |
| *** shyamb has quit IRC | 07:19 | |
| *** shyamb has joined #openstack-keystone | 07:20 | |
| *** shyamb has quit IRC | 07:25 | |
| *** shyamb has joined #openstack-keystone | 07:37 | |
| *** shyamb has quit IRC | 07:44 | |
| *** threestrands has quit IRC | 07:50 | |
| *** zigo has joined #openstack-keystone | 07:57 | |
| *** Emine has joined #openstack-keystone | 07:58 | |
| *** shyamb has joined #openstack-keystone | 08:30 | |
| vishakha | wxy-xiyuan: Thanks for the update. | 08:39 |
| *** Dinesh_Bhor has quit IRC | 08:51 | |
| *** Dinesh_Bhor has joined #openstack-keystone | 08:56 | |
| *** josecastroleon has quit IRC | 08:57 | |
| openstackgerrit | Vishakha Agarwal proposed openstack/keystone master: Incorrect use of translation _() https://review.openstack.org/596683 | 09:29 |
| *** shyamb has quit IRC | 09:34 | |
| *** shyamb has joined #openstack-keystone | 10:11 | |
| *** dave-mccowan has joined #openstack-keystone | 10:51 | |
| vishakha | Hi wxy-xiyuan . I have updated a patch for https://review.openstack.org/596683 | 10:51 |
| vishakha | wxy-xiyuan: having a little doubt that code for logging translated string is done https://github.com/openstack/keystone/blob/master/keystone/tests/hacking/checks.py#L287-L300 | 10:59 |
| *** d0ugal has quit IRC | 11:03 | |
| *** Dinesh_Bhor has quit IRC | 11:08 | |
| *** nicolasbock has joined #openstack-keystone | 11:11 | |
| *** ykarel has joined #openstack-keystone | 11:12 | |
| *** shyamb has quit IRC | 11:16 | |
| *** shyamb has joined #openstack-keystone | 11:16 | |
| *** d0ugal has joined #openstack-keystone | 11:17 | |
| *** viks__ has quit IRC | 11:17 | |
| *** Dinesh_Bhor has joined #openstack-keystone | 11:31 | |
| *** Dinesh_Bhor has quit IRC | 11:31 | |
| openstackgerrit | Merged openstack/keystone master: Trivial: Add missing space in exception https://review.openstack.org/595002 | 11:42 |
| openstackgerrit | Merged openstack/keystone master: Trivial: Remove app_conf kwarg from testing setup https://review.openstack.org/595271 | 11:42 |
| *** shyamb has quit IRC | 11:44 | |
| *** raildo has joined #openstack-keystone | 11:50 | |
| *** shyamb has joined #openstack-keystone | 12:16 | |
| *** ykarel_ has joined #openstack-keystone | 12:20 | |
| *** shyamb has quit IRC | 12:22 | |
| *** ykarel has quit IRC | 12:22 | |
| *** shyamb has joined #openstack-keystone | 12:24 | |
| *** mchlumsky has joined #openstack-keystone | 12:35 | |
| *** ykarel_ is now known as ykarel | 12:36 | |
| ildikov | lbragstad: if you happen to be around, there's an OPNFV Edge Cloud meeting call in 5 minutes where we will talk about a demo including Keystone federation and the guys might have some questions to sort out | 12:55 |
| ildikov | lbragstad: I've realized a little late that we have that call today, will figure out the schedule better onward | 12:55 |
| *** pcaruana has quit IRC | 13:04 | |
| *** shyamb has quit IRC | 13:07 | |
| lbragstad | ildikov: sorry about that - i'll add a meeting notice to my calendar | 13:35 |
| lbragstad | was it recorded? | 13:35 |
| ildikov | lbragstad: it's ok, I pinged you late, figured it out this morning | 13:36 |
| ildikov | lbragstad: we're trying to figure out the demo content and the guys who're working on it had some struggle with tokens and config | 13:36 |
| ildikov | Colleen joins usually, but she's on vacation this week | 13:37 |
| lbragstad | sounds like you figured out the issue though? | 13:43 |
| lbragstad | i think i misread the original comment, was there a demo in the meeting today or was it just a discussion about a demo? | 13:43 |
| *** markvoelker has quit IRC | 13:53 | |
| *** lbragstad has quit IRC | 13:56 | |
| *** raildo_ has joined #openstack-keystone | 14:00 | |
| *** raildo has quit IRC | 14:01 | |
| *** knikolla has joined #openstack-keystone | 14:01 | |
| *** rmascena__ has joined #openstack-keystone | 14:03 | |
| *** raildo_ has quit IRC | 14:05 | |
| *** lbragstad has joined #openstack-keystone | 14:07 | |
| *** ChanServ sets mode: +o lbragstad | 14:07 | |
| knikolla | o/ | 14:07 |
| *** ykarel is now known as ykarel|afk | 14:11 | |
| *** ykarel|afk has quit IRC | 14:15 | |
| *** rmascena__ has quit IRC | 14:16 | |
| *** raildo has joined #openstack-keystone | 14:17 | |
| *** raildo has quit IRC | 14:19 | |
| *** raildo has joined #openstack-keystone | 14:20 | |
| gagehugo | o/ | 14:35 |
| *** markvoelker has joined #openstack-keystone | 14:44 | |
| *** pcaruana has joined #openstack-keystone | 14:50 | |
| *** ykarel has joined #openstack-keystone | 14:57 | |
| *** N3l1x has joined #openstack-keystone | 15:02 | |
| *** raildo_ has joined #openstack-keystone | 15:14 | |
| *** knikolla has quit IRC | 15:14 | |
| *** knikolla has joined #openstack-keystone | 15:15 | |
| *** raildo has quit IRC | 15:17 | |
| *** dklyle has quit IRC | 15:22 | |
| *** dklyle has joined #openstack-keystone | 15:23 | |
| *** ykarel has quit IRC | 15:25 | |
| *** ykarel has joined #openstack-keystone | 15:27 | |
| *** Emine has quit IRC | 15:27 | |
| *** ykarel_ has joined #openstack-keystone | 15:39 | |
| *** ykarel has quit IRC | 15:42 | |
| *** shyamb has joined #openstack-keystone | 15:46 | |
| *** r-daneel has joined #openstack-keystone | 15:48 | |
| *** markvoelker has quit IRC | 15:48 | |
| *** shyamb has quit IRC | 16:03 | |
| *** raildo_ has quit IRC | 16:04 | |
| *** raildo has joined #openstack-keystone | 16:05 | |
| *** ykarel_ is now known as ykarel|away | 16:16 | |
| lbragstad | FYI - http://lists.openstack.org/pipermail/openstack-dev/2018-August/133982.html | 16:22 |
| lbragstad | just another note for everyone | 16:38 |
| lbragstad | i've volunteered keystone for the py3 community goal | 16:39 |
| lbragstad | dhellmann will be generating a bunch of patches to get that started for us | 16:39 |
| *** r-daneel has quit IRC | 16:40 | |
| gagehugo | ack | 16:45 |
| *** ykarel|away has quit IRC | 16:46 | |
| *** gyee has joined #openstack-keystone | 16:59 | |
| *** zul has quit IRC | 17:06 | |
| *** Emine has joined #openstack-keystone | 17:44 | |
| *** GregWaines has joined #openstack-keystone | 18:04 | |
| kmalloc | lbragstad: shouldn't be too bad | 18:59 |
| kmalloc | memcache is an issue =/ | 19:00 |
| lbragstad | pymemcached? | 19:01 |
| *** Emine has quit IRC | 19:08 | |
| *** pcaruana has quit IRC | 19:09 | |
| *** mchlumsky has quit IRC | 19:09 | |
| kmalloc | yah we need to look at moving to it | 19:15 |
| kmalloc | python-memcache is ick | 19:15 |
| kmalloc | same for ksm | 19:15 |
| kmalloc | it's writing a driver for dogpile | 19:15 |
| kmalloc | really | 19:15 |
| lbragstad | so those might be things we hit this release doing the community goal | 19:26 |
| kmalloc | it's pretty straight forward | 19:30 |
| kmalloc | the hard part is ensuring we have a clear analogue for the way the multiple memcache servers are specified in config | 19:31 |
| kmalloc | lbragstad: also, i should revisit/fix the stupid config thing for oslo.cache | 19:31 |
| kmalloc | it's a long running bug at this point | 19:31 |
| lbragstad | yeah | 19:39 |
| lbragstad | but... there is a documented workaround | 19:39 |
| *** GregWaines has quit IRC | 19:47 | |
| kmalloc | "work around" | 19:56 |
| kmalloc | *eyeroll* | 19:56 |
| kmalloc | it's not a good workaround | 19:56 |
| *** r-daneel has joined #openstack-keystone | 20:01 | |
| openstackgerrit | Doug Hellmann proposed openstack/keystone master: import zuul job settings from project-config https://review.openstack.org/597652 | 20:10 |
| openstackgerrit | Doug Hellmann proposed openstack/keystone master: switch documentation job to new PTI https://review.openstack.org/597653 | 20:10 |
| openstackgerrit | Doug Hellmann proposed openstack/keystone master: add python 3.6 unit test job https://review.openstack.org/597654 | 20:10 |
| openstackgerrit | Doug Hellmann proposed openstack/keystoneauth master: import zuul job settings from project-config https://review.openstack.org/597655 | 20:10 |
| openstackgerrit | Doug Hellmann proposed openstack/keystoneauth master: switch documentation job to new PTI https://review.openstack.org/597656 | 20:10 |
| openstackgerrit | Doug Hellmann proposed openstack/keystoneauth master: add python 3.6 unit test job https://review.openstack.org/597657 | 20:10 |
| openstackgerrit | Doug Hellmann proposed openstack/keystoneauth master: add lib-forward-testing-python3 test job https://review.openstack.org/597658 | 20:10 |
| openstackgerrit | Doug Hellmann proposed openstack/keystonemiddleware master: import zuul job settings from project-config https://review.openstack.org/597659 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/keystonemiddleware master: switch documentation job to new PTI https://review.openstack.org/597660 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/keystonemiddleware master: add python 3.6 unit test job https://review.openstack.org/597661 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/keystonemiddleware master: add lib-forward-testing-python3 test job https://review.openstack.org/597662 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/keystone-specs master: import zuul job settings from project-config https://review.openstack.org/597663 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/keystone-tempest-plugin master: import zuul job settings from project-config https://review.openstack.org/597664 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/ldappool master: import zuul job settings from project-config https://review.openstack.org/597665 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/ldappool master: add python 3.6 unit test job https://review.openstack.org/597666 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/pycadf master: import zuul job settings from project-config https://review.openstack.org/597667 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/pycadf master: switch documentation job to new PTI https://review.openstack.org/597668 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/pycadf master: add python 3.6 unit test job https://review.openstack.org/597669 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/pycadf master: add lib-forward-testing-python3 test job https://review.openstack.org/597670 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/python-keystoneclient master: import zuul job settings from project-config https://review.openstack.org/597671 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/python-keystoneclient master: switch documentation job to new PTI https://review.openstack.org/597672 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/python-keystoneclient master: add python 3.6 unit test job https://review.openstack.org/597673 | 20:11 |
| openstackgerrit | Doug Hellmann proposed openstack/python-keystoneclient master: add lib-forward-testing-python3 test job https://review.openstack.org/597674 | 20:11 |
| lbragstad | bah - we forgot to write a release note for https://bugs.launchpad.net/keystone/+bug/1779205 | 20:19 |
| openstack | Launchpad bug 1779205 in OpenStack Identity (keystone) rocky "[OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)" [Critical,Fix released] - Assigned to Lance Bragstad (lbragstad) | 20:19 |
| *** mgagne has joined #openstack-keystone | 20:20 | |
| *** raildo has quit IRC | 20:41 | |
| *** markvoelker has joined #openstack-keystone | 20:48 | |
| *** markvoelker has quit IRC | 20:55 | |
| lbragstad | kmalloc shouldn't https://github.com/openstack/keystone/blob/master/keystone/common/rbac_enforcer/enforcer.py#L114-L124 protect against http://paste.openstack.org/show/729089/ if I'm doing https://review.openstack.org/#/c/594547/7/keystone/api/credentials.py@82 ? | 21:10 |
| lbragstad | the test_user_cannot_list_credentials_for_other_users testcase in that diff fails with the implementation currently in review ^ | 21:11 |
| *** mchlumsky has joined #openstack-keystone | 21:11 | |
| lbragstad | this is the failure i'm getting locally - http://paste.openstack.org/show/729090/ | 21:12 |
| lbragstad | wait... | 21:16 |
| lbragstad | maybe i just wrote that test wrong | 21:17 |
| lbragstad | i suppose if userA calls GET /v3/credentials?user_id=userB it shouldn't return a 403, should it? | 21:17 |
| lbragstad | but they *should* get an empty list | 21:17 |
| lbragstad | because they are attempting to filter as a user that isn't them | 21:18 |
| *** mchlumsky has quit IRC | 21:44 | |
| *** rcernin has joined #openstack-keystone | 21:49 | |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Fix db model inconsistency for FederatedUser https://review.openstack.org/566242 | 21:57 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Enable Foreign keys for sql backend unit test https://review.openstack.org/558029 | 21:57 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Enable foreign keys for unit test https://review.openstack.org/558193 | 21:57 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Make policy file support in fixture optional https://review.openstack.org/595279 | 21:57 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Move loadapp to a generic place https://review.openstack.org/595371 | 21:57 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Add test case for expanding implied roles in system tokens https://review.openstack.org/596356 | 21:57 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Expand implied roles in system-scoped tokens https://review.openstack.org/596357 | 21:57 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Loosen the assertion for logging scope type warnings https://review.openstack.org/597186 | 21:57 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials https://review.openstack.org/594547 | 21:57 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Remove obsolete credential policies https://review.openstack.org/597187 | 21:57 |
| lbragstad | wxy-xiyuan i cleaned up the merge conflict i created ^ | 21:57 |
| *** r-daneel_ has joined #openstack-keystone | 22:05 | |
| *** r-daneel has quit IRC | 22:05 | |
| *** r-daneel_ is now known as r-daneel | 22:05 | |
| openstackgerrit | Merged openstack/keystone master: Address nits https://review.openstack.org/596506 | 22:07 |
| *** threestrands has joined #openstack-keystone | 22:19 | |
| *** threestrands has quit IRC | 22:19 | |
| *** threestrands has joined #openstack-keystone | 22:22 | |
| kmalloc | lbragstad: so... that is tricky | 22:37 |
| kmalloc | you can either have a 403 (nope, can't filter for another user because you're not allowed) or an empty list | 22:37 |
| kmalloc | i am inclined to say 403 if the user isn't allowed | 22:37 |
| kmalloc | for old code, keep consistent behavior | 22:38 |
| *** markvoelker has joined #openstack-keystone | 22:46 | |
| *** r-daneel has quit IRC | 22:56 | |
| *** clarkb has joined #openstack-keystone | 23:06 | |
| clarkb | hello keystone, github suggests that we update pysaml2 to pysaml2 ~> 4.5.0 and that our current global requirement value is insecure. I believe this is an opitonal dep for keystone api things so figured I'd let you all know | 23:06 |
| *** markvoelker has quit IRC | 23:12 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!