Wednesday, 2019-04-17

« Tuesday, 2019-04-16 Index Thursday, 2019-04-18 »
*** gyee has quit IRC00:08
*** jamesmcarthur has joined #openstack-keystone00:15
*** aning_ has joined #openstack-keystone00:30
*** jamesmcarthur has quit IRC00:31
*** jamesmcarthur has joined #openstack-keystone00:31
*** aning has quit IRC00:32
*** jamesmcarthur has quit IRC00:35
*** nicolasbock has quit IRC00:39
*** aning has joined #openstack-keystone00:45
*** aning_ has quit IRC00:47
openstackgerritColleen Murphy proposed openstack/keystone master: Replace support matrix ext with common library  https://review.openstack.org/52780801:09
openstackgerritColleen Murphy proposed openstack/keystone master: Uncap jsonschema  https://review.openstack.org/65318001:09
*** threestrands has joined #openstack-keystone01:24
*** whoami-rajat has joined #openstack-keystone01:31
*** ileixe has quit IRC01:55
*** ileixe has joined #openstack-keystone01:58
*** itlinux has joined #openstack-keystone02:09
*** lbragstad has quit IRC02:30
*** itlinux has quit IRC02:52
*** itlinux has joined #openstack-keystone02:54
*** erus has quit IRC02:54
*** erus has joined #openstack-keystone02:55
*** ileixe has quit IRC03:25
*** ileixe has joined #openstack-keystone03:31
eanderssonhttps://review.openstack.org/#/c/653233/2/ironicclient/common/http.py03:33
eanderssonCan someone confirm that this is correct?03:33
cmurphyeandersson: hmm i don't think so, endpoint_override is its own parameter of the Session request() https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.html#module-keystoneauth1.session03:40
eanderssoncmurphy, the odd thing is that the override works with that patch03:42
cmurphyhmm03:43
eanderssone.g.03:43
eandersson> base_url = self.get_endpoint(auth, allow=allow, **endpoint_filter)03:43
*** itlinux has quit IRC03:43
eandersson> if 'endpoint_override' in kwargs: return kwargs['endpoint_override']03:43
eanderssonYou see ^03:44
eanderssonhttps://github.com/openstack/keystoneauth/blob/master/keystoneauth1/session.py#L113403:44
eanderssonhttps://github.com/openstack/keystoneauth/blob/master/keystoneauth1/session.py#L72603:44
eanderssonWhile you are right, I don't understand why it does not work in this case.03:45
eandersson> base_url = endpoint_override % _StringFormatter(self, auth)03:46
eanderssonhttps://github.com/openstack/keystoneauth/blob/master/keystoneauth1/session.py#L72203:46
eanderssonNot sure if I understand that logic at all03:46
eanderssonbecause both should work03:50
cmurphyhmm it might be something wonky with how the adapter is instantiated03:59
eanderssonYea - something is off04:03
cmurphybecause i think it's here https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/adapter.py#L191-L192 where endpoint_override should be working04:05
*** imacdonn has quit IRC04:07
*** erus has quit IRC04:07
*** imacdonn has joined #openstack-keystone04:07
*** erus has joined #openstack-keystone04:08
*** david-lyle has joined #openstack-keystone04:13
*** dklyle has quit IRC04:16
eanderssoncmurphy, you are right https://github.com/openstack/python-ironicclient/commit/8071d5de57c728ce09d25d04c8c9fe48cd7db42e04:16
cmurphyeandersson: oh so you were testing this with not-master?04:21
eanderssonYea - I honestly didn't realize.04:21
cmurphycool, the best bugs are the ones that are already fixed04:22
eanderssonThe Ironic team is gonna take a look to make sure that path is solid, but at the very least I have a path forward.04:22
*** ileixe has quit IRC04:31
*** sapd1 has quit IRC04:50
*** ileixe has joined #openstack-keystone05:02
*** vishakha has joined #openstack-keystone05:09
*** ileixe has quit IRC05:55
*** ileixe has joined #openstack-keystone05:58
*** erus has quit IRC05:58
*** erus has joined #openstack-keystone05:59
*** pcaruana has joined #openstack-keystone06:11
*** erus has quit IRC06:11
*** erus has joined #openstack-keystone06:11
*** starborn has joined #openstack-keystone06:47
*** erus has quit IRC06:47
*** erus has joined #openstack-keystone06:48
*** ileixe has quit IRC06:57
*** ileixe has joined #openstack-keystone07:02
*** shyamb has joined #openstack-keystone07:37
openstackgerritzhufl proposed openstack/keystone master: Pass kwargs to exception to get better format of error message  https://review.openstack.org/65334207:44
*** awalende has joined #openstack-keystone07:52
awalendeHi there, we upgraded our openstack from queens to rocky and have problems with openid, which worked flawless with the old deprecated auth plugin from stevedore. After using the new method "openid", we get an unauthorized error in horizon. The Keystone log shows the following error:07:57
awalendeERROR keystone.federation.controllers [req-6502caa6-769a-468c-b070-c030ac098124 - - - - -] Missing entity ID from environment07:58
awalendeWhat is meant with the entity ID?07:58
*** Emine has joined #openstack-keystone07:59
*** rcernin has quit IRC08:13
*** tkajinam has quit IRC08:17
*** rcernin has joined #openstack-keystone08:27
*** shyamb has quit IRC08:30
*** shyamb has joined #openstack-keystone08:31
*** vishakha has quit IRC08:33
*** threestrands has quit IRC09:36
*** erus has quit IRC09:36
*** erus has joined #openstack-keystone09:36
*** shyamb has quit IRC09:46
*** awalende has quit IRC10:32
*** awalende has joined #openstack-keystone10:32
*** awalende has quit IRC10:36
*** nicolasbock has joined #openstack-keystone10:38
*** awalende has joined #openstack-keystone10:42
*** erus has quit IRC10:42
*** erus has joined #openstack-keystone10:43
*** awalende has quit IRC10:56
*** awalende has joined #openstack-keystone10:57
*** raildo has joined #openstack-keystone11:48
*** shyamb has joined #openstack-keystone11:48
fricklercmurphy: kmalloc: for some reason I'd need a requirements bump in order for my patch to remove the identity admin endpoint from keystonemiddleware. could you review the patch please before I proceed and submit a matching reqs change? https://review.openstack.org/65179011:49
frickler"... in order for my patch to pass the lower-constraints job ..."11:51
*** awalende has quit IRC11:52
*** awalende has joined #openstack-keystone11:53
*** awalende has quit IRC11:53
*** awalende has joined #openstack-keystone11:54
*** awalende has quit IRC11:54
*** awalende has joined #openstack-keystone11:54
*** awalende has quit IRC11:55
*** awalende has joined #openstack-keystone11:56
*** awalende has quit IRC11:56
*** awalende has joined #openstack-keystone11:57
*** awalende has quit IRC11:58
*** awalende has joined #openstack-keystone12:08
*** pcaruana has quit IRC12:30
*** erus has quit IRC12:30
*** erus has joined #openstack-keystone12:30
*** shyamb has quit IRC12:37
*** pcaruana has joined #openstack-keystone12:53
*** lbragstad has joined #openstack-keystone12:56
*** ChanServ sets mode: +o lbragstad12:56
*** erus has quit IRC12:56
*** erus has joined #openstack-keystone12:57
*** vishakha has joined #openstack-keystone12:57
*** shyamb has joined #openstack-keystone12:58
*** mchlumsky has joined #openstack-keystone13:26
*** erus has quit IRC13:26
*** erus has joined #openstack-keystone13:26
cmurphyfrickler: will look today, why does it need a requirements bump though?13:33
cmurphyawalende: the entity ID is the identifier for the IdP that gets passed in the apache service provider headers, keystone uses a key defined by remote_id_attribute in keystone.conf to look up the entity ID13:35
cmurphyawalende: if remote_id_attribute isn't defined or is defined in the wrong place then keystone can't find the entity ID13:36
awalendeye, we managed to fix that a few hours ago. We now get a different error but I think it has something to do with our recycled mapping...13:37
awalendeWARNING keystone.federation.utils [req-07437bb9-b8af-42b6-96da-0307e69adb75 - - - - -] Could not map any federated user properties to identity values. Check debug logs or the mapping used for additional details.: Unauthorized: The request you have made requires authentication.13:37
awalendeWhen I enable debug, I see that identity values are empty:13:37
awalendeidentity_values: [] process /usr/lib/python2.7/dist-packages/keystone/federation/utils.py:54113:38
awalendehowever it seems to pick up my rules: rules: [{u'remote': [{u'type': u'HTTP_OIDC_SUB'}], u'local': [{u'user': {u'domain': {u'name': u'elixir'}, u'type': u'local', u'name': u'{0}'}}]}] process /usr/lib/python2.7/dist-packages/keystone/federation/utils.py:52113:38
cmurphyawalende: looks okay to me, but you're using type:local, does a user with a username matching the HTTP_OIDC_SUB value already exist in the keystone db?13:42
awalendeyes, we have a designated service for this which syncs the user list13:43
cmurphyhmm not sure then13:44
cmurphyis HTTP_OIDC_SUB appearing in the assertion in the debug logs?13:46
awalendelet me check...13:47
awalendeassertion data: {'HTTP_OIDC_ISS': u'https://login.elixir-czech.org/oidc/'} process /usr/lib/python2.7/dist-packages/keystone/federation/utils.py:51513:49
awalendeassertion: {'HTTP_OIDC_ISS': [u'https://login.elixir-czech.org/oidc/']} process /usr/lib/python2.7/dist-packages/keystone/federation/utils.py:51813:49
awalendeaha!13:49
awalendeweird that it only shows HTTP_OIDC_ISS in the data....when I intercept the oidc token... I find much more fields, like my wanted HTTP_OIDC_SUB13:52
fricklercmurphy: something in keystoneauth1 changed, see the errors on the previous PS. I tested locally to identify 3.6.0 as the first working version, current lower bound is 3.4.0. http://logs.openstack.org/90/651790/6/check/openstack-tox-lower-constraints/6e8204d/testr_results.html.gz13:54
fricklercmurphy: if you can see a solution that fixes the tests without needing the bump, I'd be fine with that, too ;)13:57
*** awalende has quit IRC14:06
*** awalende has joined #openstack-keystone14:06
cmurphyfrickler: eh probably worthwhile to bump it, we won't backport this anyway14:06
*** awalende_ has joined #openstack-keystone14:11
*** awalende has quit IRC14:11
*** awalende_ has quit IRC14:16
*** itlinux has joined #openstack-keystone14:19
*** itlinux has quit IRC14:22
*** markvoelker has joined #openstack-keystone14:35
*** david-lyle is now known as dklyle14:35
openstackgerritGage Hugo proposed openstack/keystone master: Move list projects from ids to manager and cache  https://review.openstack.org/47829314:41
gagehugoo/14:47
cmurphyo/14:47
lbragstad\o14:49
*** dustinc has quit IRC14:56
*** dustinc has joined #openstack-keystone14:56
*** dustinc is now known as dustinc_away14:56
kmalloc\o/15:34
kmalloc /o\15:34
*** itlinux has joined #openstack-keystone15:35
*** adriant has quit IRC15:51
*** adriant has joined #openstack-keystone15:53
*** erus has quit IRC15:53
*** erus has joined #openstack-keystone15:53
*** gyee has joined #openstack-keystone15:58
*** shyamb has quit IRC16:06
*** dims has quit IRC16:07
knikollao/16:23
*** david-lyle has joined #openstack-keystone16:24
*** erus has quit IRC16:24
*** erus has joined #openstack-keystone16:25
*** ileixe has quit IRC16:25
*** dklyle has quit IRC16:27
*** idlemind has joined #openstack-keystone16:51
*** dims has joined #openstack-keystone16:54
*** dims has quit IRC16:59
*** dims has joined #openstack-keystone17:01
*** erus has quit IRC17:01
*** erus has joined #openstack-keystone17:02
openstackgerritKristi Nikolla proposed openstack/keystone-specs master: Repropose federated attributes in the user API for Train  https://review.openstack.org/65349217:05
knikollaayoung: ^^ this should fit right in with your predictable ids direction17:05
*** markvoelker has quit IRC17:31
*** markvoelker has joined #openstack-keystone17:31
*** markvoelker has quit IRC17:35
*** david-lyle is now known as dklyle17:55
*** vishakha has quit IRC18:56
*** raildo has quit IRC19:05
*** raildo has joined #openstack-keystone19:20
openstackgerritColleen Murphy proposed openstack/keystonemiddleware master: Bump memcached minimum version  https://review.openstack.org/65354219:46
*** starborn has quit IRC19:51
cmurphycycle schedule proposal https://review.openstack.org/65354419:54
*** raildo has quit IRC20:02
gagehugolgtm20:08
kmallocwfm20:36
*** raildo has joined #openstack-keystone20:40
*** erus has quit IRC20:40
*** erus has joined #openstack-keystone20:41
*** pcaruana has quit IRC20:43
*** whoami-rajat has quit IRC21:01
*** mchlumsky has quit IRC21:29
*** logan- has quit IRC21:34
*** logan- has joined #openstack-keystone21:37
*** Emine has quit IRC21:51
openstackgerritColleen Murphy proposed openstack/keystonemiddleware master: Bump memcached minimum version  https://review.openstack.org/65354221:57
openstackgerritMerged openstack/keystone master: Fix unscoped federated token formatter  https://review.openstack.org/65252022:19
openstackgerritMerged openstack/keystone master: Uncap jsonschema  https://review.openstack.org/65318022:19
*** erus has quit IRC22:30
*** lbragstad has quit IRC22:33
*** lbragstad has joined #openstack-keystone22:35
*** ChanServ sets mode: +o lbragstad22:35
*** erus has joined #openstack-keystone22:46
*** tkajinam has joined #openstack-keystone22:54
*** zigo has quit IRC22:58
*** efried has joined #openstack-keystone23:03
efriedHey 'stoners, can I propose a ksa release to pick up https://review.openstack.org/#/c/644251/ please?23:04
efriedcmurphy, lbragstad: ^23:04
cmurphyefried: sure, if you propose I'll +123:06
efriedcmurphy: Thanks :)23:06
*** raildo has quit IRC23:07
*** jamesmcarthur has joined #openstack-keystone23:07
efriedcmurphy: https://review.openstack.org/65362623:12
*** jamesmcarthur has quit IRC23:23
*** itlinux has quit IRC23:26
*** itlinux has joined #openstack-keystone23:44
*** itlinux has quit IRC23:44
« Tuesday, 2019-04-16 Index Thursday, 2019-04-18 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!