Friday, 2014-04-18

« Thursday, 2014-04-17 Index Saturday, 2014-04-19 »
*** praneshp_ has joined #openstack-keystone00:02
*** praneshp has quit IRC00:04
*** praneshp_ is now known as praneshp00:04
*** ilives has joined #openstack-keystone00:13
morganfainbergayoung-afk, yes we can drop the need for sevice users to validate a token00:16
morganfainbergayoung-afk, but i bet we will have other cases to keep service users00:16
morganfainbergayoung-afk, sorry was in meetings just getting back to things.00:17
*** ilives has quit IRC00:17
*** ilives has joined #openstack-keystone00:17
*** praneshp has quit IRC00:17
*** praneshp has joined #openstack-keystone00:19
*** gokrokve has joined #openstack-keystone00:21
*** stevemar has joined #openstack-keystone00:34
*** dstanek has quit IRC00:43
*** dstanek has joined #openstack-keystone00:44
*** ayoung-afk is now known as ayoung00:51
*** stevemar has quit IRC00:51
ayoungmorganfainberg, No prob, was in Family mode.  Ok, lets plan this out00:51
ayoung1.  we need to be able to do certain operations without a user:00:52
ayoungthat means fetching certificates and the revocation evetns00:52
ayoungis there any other reason that we need a service user besides those calls?00:52
*** gokrokve_ has joined #openstack-keystone00:53
openstackgerritwanghong proposed a change to openstack/keystone: delete association when delete proj or endpoint  https://review.openstack.org/8755100:56
*** gokrokve has quit IRC00:56
ayoungendpoint?00:58
*** marcoemorais has quit IRC01:00
*** stevemar has joined #openstack-keystone01:03
morganfainbergayoung, hmm01:03
morganfainbergayoung, catalog01:04
ayoungmorganfainberg, right now that is in the token01:04
ayoungyou are thinking of your optimization, right?01:04
morganfainbergayoung, but we should also support getting the catalog w/o a token01:04
ayoungIDs only tokens01:04
ayoungand role list01:04
morganfainbergayoung, yeah roles too01:04
morganfainbergayoung, and yes for the optimisation, but also because it doesn't hurt to provide the catalog in general01:05
morganfainbergayoung, i think that is most of it.  it's a relatively small surface area01:06
*** dims has quit IRC01:08
morganfainbergayoung, hopefully i can wade out of these meetings and get back to writing code, about to start working on unifying the token data (json -> something consistent) while internal to keystone (prior to emitting)01:10
morganfainbergshould make working with the token better inside keystone and make it version agnostic internally01:10
*** wchrisj has joined #openstack-keystone01:15
*** browne has quit IRC01:20
*** dims has joined #openstack-keystone01:20
*** wchrisj has quit IRC01:21
ayoungmorganfainberg, part of the token pipeline refactor?01:28
morganfainbergayoung, yeah it'll be used for that01:29
ayoungmorganfainberg, https://review.openstack.org/#/c/71181/  oh happy day!  Compressed tokens work, pep8, p27 p33  and Tempest01:29
*** dstanek has quit IRC01:34
*** topol has joined #openstack-keystone01:38
ayoungmorganfainberg, so, we need a rule in policy that says "you can call this function without a token" and we don't have that yet01:42
morganfainbergayoung, hm isn't that just not decorating with the @protected method?01:43
morganfainbergayoung, or you mean it should support needing a token if a deployer wants?01:43
*** dstanek has joined #openstack-keystone01:43
ayoungmorganfainberg, policy should control whether or not.  It should not require a code change01:44
ayoungmaking that happen would mean processing the policy before unpacking the token,01:44
ayoungwhich is not what is done now01:44
morganfainbergayoung, hmm.01:45
ayoungmorganfainberg, I want to move the policy parsing and enforcement all into keystone client, too, so we can share the goodness.01:45
ayoungand..I want an API where we can fetch policy by the endpoint id.01:45
ayoungall of those should probably be tokenless.01:46
morganfainbergayoung, i'm not sure we want policy involved with these "no token needed" methods01:46
ayoungthey go hand in glove01:46
morganfainbergayoung, rather give people too much rope to hang themselves vs. prevent the hanging from misconfiguration?01:47
morganfainbergayoung, my thought was if these are expected to be public, why is policy involved at all?01:48
ayoungmorganfainberg, I say, lets make it possible to run without service users, not a hard and fast requirment01:48
ayoungno, I mean policy fetch  needs to be public, too01:48
morganfainbergoh oh01:48
morganfainbergyeah01:48
morganfainbergso if you want to require authentication you can enforce it?01:49
morganfainbergi'd argue somethings need to be unauthenticated, but maybe not all?01:49
morganfainbergand always no-auth01:49
ayoungwe need an "unauthenticated" policy call, and then things get interested01:49
ayounginteresting01:49
morganfainbergi'll need to stew on that on.01:51
morganfainbergnot saying i disagree01:51
morganfainbergjust need to let that one rattle around a bit01:51
ayoungyeah....01:52
ayoungwhat would it take to make a call unauthenticated....let's see01:56
topolpretty quiet night on the keystone channel02:02
ayoungmorganfainberg, I'm guessing it would need to  be a hardcoded check here:  https://github.com/openstack/keystone/blob/master/keystone/common/controller.py#L16402:04
ayoungsomething like02:05
openstackgerritA change was merged to openstack/keystone: Don't re-raise instance  https://review.openstack.org/8714902:05
morganfainbergayoung, possibly02:05
morganfainbergayoung, that looks about right02:05
ayoungif action.bypass_authorization():02:05
ayoungreturn02:05
morganfainbergayoung, yeah02:08
*** richm has quit IRC02:09
morganfainbergayoung, i'll play around with that as well.02:11
morganfainbergayoung, hopefully have time soon for it02:11
morganfainbergayoung, topol, catch you guys later.02:14
ayounglater02:14
*** rwsu has quit IRC02:22
*** jsidhu has quit IRC02:24
*** amcrn has quit IRC02:32
*** harlowja is now known as harlowja_away02:49
*** ayoung is now known as ayoung_afk02:52
*** mberlin1 has joined #openstack-keystone02:54
*** mberlin has quit IRC02:56
*** gokrokve_ has quit IRC02:58
*** gyee has quit IRC02:59
*** gokrokve has joined #openstack-keystone03:05
*** gokrokve has quit IRC03:09
openstackgerritwanghong proposed a change to openstack/keystone: delete association when delete proj or endpoint  https://review.openstack.org/8755103:16
*** chandan_kumar has joined #openstack-keystone03:20
*** dstanek has quit IRC03:26
*** stevemar has quit IRC03:26
*** stevemar has joined #openstack-keystone03:28
*** gokrokve has joined #openstack-keystone03:29
*** gokrokve_ has joined #openstack-keystone03:31
*** gokrokv__ has joined #openstack-keystone03:33
*** gokrokve has quit IRC03:34
*** gokrokve_ has quit IRC03:35
*** lnxnut has quit IRC03:37
*** gokrokv__ has quit IRC03:37
*** lnxnut has joined #openstack-keystone03:39
*** wchrisj has joined #openstack-keystone03:41
*** stevemar has quit IRC03:51
*** browne has joined #openstack-keystone03:55
*** browne has quit IRC03:55
*** lbragstad has joined #openstack-keystone03:58
*** zhiyan_ is now known as zhiyan04:04
*** praneshp has quit IRC04:05
*** wchrisj has quit IRC04:08
*** david-lyle has joined #openstack-keystone04:08
*** praneshp has joined #openstack-keystone04:08
*** topol has quit IRC04:18
*** lnxnut has quit IRC04:22
*** dstanek has joined #openstack-keystone04:28
*** gokrokve has joined #openstack-keystone04:32
*** dstanek has quit IRC04:33
*** gokrokve has quit IRC04:37
*** david-lyle has quit IRC04:37
*** zhiyan is now known as zhiyan_04:41
*** praneshp has quit IRC04:54
*** gokrokve has joined #openstack-keystone05:32
*** gokrokve has quit IRC05:37
*** zhiyan_ is now known as zhiyan05:42
*** derek_c has quit IRC05:48
*** derek_c has joined #openstack-keystone05:51
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/8850306:01
*** tomoiaga has joined #openstack-keystone06:12
*** gokrokve has joined #openstack-keystone06:32
*** gokrokve has quit IRC06:36
openstackgerritSergey Nikitin proposed a change to openstack/keystone: Cleanup of ldap backends  https://review.openstack.org/8851706:43
openstackgerritSergey Nikitin proposed a change to openstack/keystone: Cleanup of ldap backends  https://review.openstack.org/8851706:46
*** chandan_kumar has quit IRC06:57
*** chandan_kumar has joined #openstack-keystone07:05
*** praneshp has joined #openstack-keystone07:18
*** dstanek has joined #openstack-keystone07:31
*** gokrokve has joined #openstack-keystone07:32
*** morganfainberg is now known as morganfainberg_Z07:32
*** dstanek has quit IRC07:35
*** gokrokve has quit IRC07:37
*** leseb has joined #openstack-keystone08:03
*** dstanek has joined #openstack-keystone08:31
*** gokrokve has joined #openstack-keystone08:32
*** dstanek has quit IRC08:36
*** gokrokve has quit IRC08:36
*** derek_c has quit IRC08:37
*** gokrokve has joined #openstack-keystone09:32
*** gokrokve has quit IRC09:37
*** praneshp has quit IRC10:03
*** henrynash has joined #openstack-keystone10:20
*** gokrokve has joined #openstack-keystone10:32
*** gokrokve has quit IRC10:37
*** gokrokve has joined #openstack-keystone11:32
*** gokrokve has quit IRC11:37
*** lnxnut has joined #openstack-keystone12:08
*** dstanek has joined #openstack-keystone12:11
*** dstanek has quit IRC12:24
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Sync test_migrations  https://review.openstack.org/8061812:26
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Redundant unique constraint  https://review.openstack.org/8444712:26
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Corresponding `nullable` value.  https://review.openstack.org/8444612:26
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Migration DB_INIT_VERSION in common place  https://review.openstack.org/8801612:26
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Compatible server default value in the models.  https://review.openstack.org/8444512:26
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Explicit foreign key indexes.  https://review.openstack.org/8444412:26
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Sync on-demand database schemas  https://review.openstack.org/8444812:26
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Comparision of database models and migrations.  https://review.openstack.org/8063012:27
*** gokrokve has joined #openstack-keystone12:32
*** gokrokve has quit IRC12:37
*** Anju_ has joined #openstack-keystone12:38
*** dstanek has joined #openstack-keystone12:39
*** bvandenh has joined #openstack-keystone12:42
*** rediskin has joined #openstack-keystone12:48
rediskinhi all12:52
rediskindolphm: please take a look at my comment: https://bugs.launchpad.net/python-keystoneclient/+bug/130918012:52
uvirtbotLaunchpad bug 1309180 in python-keystoneclient "nothing works when only externalURL available" [Undecided,Invalid]12:52
rediskindolphm: all works when i set `endpoint'. even with port 3535712:52
*** bach has joined #openstack-keystone12:56
*** dims has quit IRC13:09
*** bach has quit IRC13:13
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Sync test_migrations  https://review.openstack.org/8061813:15
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Sync on-demand database schemas  https://review.openstack.org/8444813:15
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Comparision of database models and migrations.  https://review.openstack.org/8063013:15
*** dims has joined #openstack-keystone13:22
*** topol has joined #openstack-keystone13:22
*** gokrokve has joined #openstack-keystone13:32
*** bach has joined #openstack-keystone13:32
*** gokrokve has quit IRC13:37
*** bknudson has joined #openstack-keystone13:38
*** chandan_kumar has quit IRC13:42
*** wchrisj has joined #openstack-keystone13:47
*** bvandenh has quit IRC14:01
*** vhoward has joined #openstack-keystone14:02
*** daneyon has joined #openstack-keystone14:03
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Comparision of database models and migrations.  https://review.openstack.org/8063014:05
*** gokrokve has joined #openstack-keystone14:32
*** lbragstad has quit IRC14:34
*** gokrokve has quit IRC14:37
*** lbragstad has joined #openstack-keystone14:37
*** ilives has quit IRC14:40
*** thedodd has joined #openstack-keystone14:46
*** RockKuo_TW has joined #openstack-keystone14:46
*** gokrokve has joined #openstack-keystone14:54
*** Anju_ has quit IRC15:01
*** tomoiaga has quit IRC15:14
*** daneyon has quit IRC15:18
*** daneyon has joined #openstack-keystone15:19
*** stevemar has joined #openstack-keystone15:24
*** browne has joined #openstack-keystone15:34
*** david-lyle has joined #openstack-keystone15:35
*** RockKuo_TW has quit IRC15:46
*** zhiyan is now known as zhiyan_15:50
*** chandan_kumar has joined #openstack-keystone15:51
*** stevemar has quit IRC16:03
*** gokrokve has quit IRC16:13
*** shakamunyi has joined #openstack-keystone16:18
openstackgerritFlorent Flament proposed a change to openstack/python-keystoneclient: Allow keystone_authtoken middleware to use v3 API  https://review.openstack.org/8862016:22
openstackgerritChristina Darretta proposed a change to openstack/keystone: Removed duplication with list_user_ids_for_project  https://review.openstack.org/8862116:23
*** tomoiaga has joined #openstack-keystone16:25
openstackgerritFlorent Flament proposed a change to openstack/python-keystoneclient: Allow keystone_authtoken middleware to use v3 API  https://review.openstack.org/8862016:25
*** tomoiaga has quit IRC16:29
*** bknudson has quit IRC16:32
*** gyee has joined #openstack-keystone16:33
*** bach has quit IRC16:38
*** branen has joined #openstack-keystone16:56
*** harlowja_away is now known as harlowja16:58
*** gokrokve has joined #openstack-keystone16:58
*** gokrokve has quit IRC17:03
*** leseb has quit IRC17:17
*** gokrokve has joined #openstack-keystone17:17
*** leseb has joined #openstack-keystone17:18
*** leseb has quit IRC17:22
*** bknudson has joined #openstack-keystone17:28
*** Anju_ has joined #openstack-keystone17:31
*** dstanek has quit IRC17:33
*** amcrn has joined #openstack-keystone17:42
*** topol has quit IRC17:43
*** EmilienM has quit IRC17:50
*** EmilienM has joined #openstack-keystone17:50
openstackgerritChristina Darretta proposed a change to openstack/keystone: Removed duplication with list_user_ids_for_project  https://review.openstack.org/8862117:54
*** leseb has joined #openstack-keystone17:58
*** wchrisj_ has joined #openstack-keystone17:58
*** wchrisj has quit IRC18:02
*** daneyon has quit IRC18:07
*** leseb has quit IRC18:10
*** bach has joined #openstack-keystone18:15
*** dstanek has joined #openstack-keystone18:25
*** topol has joined #openstack-keystone18:42
*** dims is now known as dims-openstack18:58
openstackgerritA change was merged to openstack/keystone: Enhance tests for user extra attribute mapping  https://review.openstack.org/8104619:09
*** derek_c has joined #openstack-keystone19:10
*** dims-openstack is now known as dims19:24
*** shakamunyi has quit IRC19:27
*** derek_c has quit IRC19:27
*** shakayumi has joined #openstack-keystone19:27
*** derek_c has joined #openstack-keystone19:27
*** amcrn has quit IRC19:44
*** dstanek has quit IRC19:46
*** nekron99_ has joined #openstack-keystone19:50
*** amcrn has joined #openstack-keystone20:02
*** chandan_kumar has quit IRC20:21
*** Anju_ has quit IRC20:21
*** henrynash has quit IRC20:34
*** david_lyle_ has joined #openstack-keystone20:40
*** dklyle has joined #openstack-keystone20:41
*** david-lyle has quit IRC20:43
*** david_lyle_ has quit IRC20:45
*** daneyon has joined #openstack-keystone20:47
*** daneyon has quit IRC20:48
*** daneyon has joined #openstack-keystone20:50
*** harlowja is now known as harlowja_away20:50
*** dklyle has quit IRC20:57
*** wchrisj_ has quit IRC20:58
*** david-lyle has joined #openstack-keystone21:04
*** harlowja_away is now known as harlowja21:41
*** gokrokve has quit IRC21:58
openstackgerritBrant Knudson proposed a change to openstack/keystone: Sync with oslo-incubator 74ae271  https://review.openstack.org/8798022:08
*** derek_c has quit IRC22:08
*** thedodd has quit IRC22:11
*** nekron99_ has quit IRC22:13
*** rediskin has left #openstack-keystone22:13
openstackgerritBrant Knudson proposed a change to openstack/keystone: Stronger assertion for test_user_extra_attribute_mapping  https://review.openstack.org/8714522:22
openstackgerritBrant Knudson proposed a change to openstack/keystone: WIP: Remove fixtures from oslo config  https://review.openstack.org/8870622:26
*** daneyon has quit IRC22:28
openstackgerritBrant Knudson proposed a change to openstack/keystone: More efficient DN list for LDAP role delete  https://review.openstack.org/8715122:35
*** bach has quit IRC22:41
*** david-lyle has quit IRC22:55
*** topol has quit IRC23:05
*** Chicago has quit IRC23:08
*** wchrisj has joined #openstack-keystone23:13
*** dims has quit IRC23:15
*** bach has joined #openstack-keystone23:24
*** dims has joined #openstack-keystone23:42
*** derek_c has joined #openstack-keystone23:54
« Thursday, 2014-04-17 Index Saturday, 2014-04-19 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!